Re: [HACKERS] GnuTLS support

On 11/20/2017 02:56 AM, Michael Paquier wrote:
> On Mon, Nov 20, 2017 at 9:42 AM, Tomas Vondra
> <tomas.vondra@2ndquadrant.com> wrote:
>> If I get it right we ignore gnutls and use openssl (as it's the first
>> checked in #ifdefs). Shouldn't we enforce in configure that only one TLS
>> implementation is enabled? Either by some elaborate check, or by
>> switching to something like
>>
>>   --with-ssl=(openssl|gnutls)
> 
> WIth potential patches coming to use macos' SSL implementation or
> Windows channel, there should really be only one implementation
> available at compile time. That's more simple as a first step as well.
> So +1 for the --with-ssl switch.

I have now implemented this in the attached patch (plus added support 
for channel binding and rebased it) but I ran into one issue which I 
have not yet solved. The script for the windows version takes the 
--with-openssl=<path> switch so that cannot just be translated to a 
single --with-ssl switch. Should to have both --with-openssl and 
--with-gnutls or --with-ssl=(openssl|gnutls) and --with-ssl-path=<path>? 
I also do not know the Windows build code very well (or really at all).

Andreas