Re: [HACKERS] GnuTLS support
| От | Peter Eisentraut |
|---|---|
| Тема | Re: [HACKERS] GnuTLS support |
| Дата | |
| Msg-id | 503af60d-e183-5c01-f105-627fa7de148d@2ndquadrant.com обсуждение исходный текст |
| Ответ на | Re: [HACKERS] GnuTLS support (Peter Eisentraut <peter.eisentraut@2ndquadrant.com>) |
| Список | pgsql-hackers |
On 3/8/18 20:13, Peter Eisentraut wrote: > In the thread about Secure Transport we agreed to move the consideration > of new SSL libraries to PG12. > > Here is my current patch, after all the refactorings. > > The status is that it works fine and could be used. > > There are two failures in the SSL tests that I cannot explain. The > tests are for some rather obscure configurations, so the changed > behaviors are not obviously wrong, perhaps legitimate implementation > differences. But someone wrote those tests with a purpose (probably), > so we should have some kind of explanation for the regressions. > > Other non-critical, nice-to-have issues: > > - Do something about sslinfo, perhaps fold into pg_stat_ssl view. > - Do something about pgcrypto. > - Add tests for load_dh_file(). > - Implement channel binding tls-server-end-point. Also, ... - Add ssl_passphrase_command support. I'm moving this patch forward to CF 2018-09, since it's not going to be ready for -07, and we're still whacking around some channel binding details, which would potentially interfere with this patch. -- Peter Eisentraut http://www.2ndQuadrant.com/ PostgreSQL Development, 24x7 Support, Remote DBA, Training & Services
В списке pgsql-hackers по дате отправления: