Re: [PATCH] Automatic client certificate selection support for libpq v1

Seth Robertson wrote:
> In message <14727.1241816192@sss.pgh.pa.us>, Tom Lane writes:
> 
>     > It is of course possible to support both at the same time (at
>     > compile-time, if nowhere else).
>     
>     Yes, I suppose we'd not wish to just drop openssl completely.
>     I wonder how much code duplication would ensue from a compile-time
>     choice of which library to use ...
> 
> My only datapoint for you is curl, which is an application I happen to
> have discovered that can use either NSS and OpenSSL.
> 
>  Lines  Words  Chars Filename
>   2508   7890  74682 ssluse.c
>   1331   3708  36411 nss.c

IIRC, they also support gnutls. So we can probably get hints there about
how to get this support if we want to :-)


> I imagine that you would more or less have to provide a different
> be-secure.c and fe-secure.c file for the two different
> libraries--whether as a separate file or via #ifdefs.  It looks like
> there is a small amount of common code present (why *is*
> pg_block_sigpipe() in that file anyway?)

Clearly this would be a good time to fix such abstraction errors if we
decide to go ahead :-)


-- Magnus HaganderSelf: http://www.hagander.net/Work: http://www.redpill-linpro.com/