Re: Supporting Windows SChannel as OpenSSL replacement
| От | Heikki Linnakangas |
|---|---|
| Тема | Re: Supporting Windows SChannel as OpenSSL replacement |
| Дата | |
| Msg-id | 5395A6CD.3030208@vmware.com обсуждение исходный текст |
| Ответ на | Re: Supporting Windows SChannel as OpenSSL replacement (Magnus Hagander <magnus@hagander.net>) |
| Список | pgsql-hackers |
On 06/09/2014 02:53 PM, Magnus Hagander wrote: > Also, my memory says that SChannel doesn't support the key file format that > we use now, which makes a much bigger break with the supported platforms. > That may have changed of course - have you researched that part? A quick web search turned up a few discussion forums threads with a recipe for this (e.g https://stackoverflow.com/questions/1231178/load-an-x509-pem-file-into-windows-cryptoapi). There's no direct "read this file" function, but there are low-level functions that can decode the file format once it's read into memory. So it seems possible to make it work. > It's also a question of if we can accept supporting a different set of > libraries on the server vs on the client. It's really on the client that > it's a bigger problem, but in the end I think we want to have "symmetrical > support". But it might be worth doing just the client side initially, and > then move to the server. I think in general, the client side is actually > likely to be *harder* than the server side.. Once we've modified the client to support multiple libraries, it's probably not much extra effort to do the same to the server. I wouldn't like to support different libraries in client and server, if only because it would be more complicated to have separate ./configure options for client and server. - Heikki
В списке pgsql-hackers по дате отправления: