Re: Support for NSS as a libpq TLS backend
| От | Peter Eisentraut |
|---|---|
| Тема | Re: Support for NSS as a libpq TLS backend |
| Дата | |
| Msg-id | 729e8d0e-6570-6965-6e8b-e76d84cfff99@enterprisedb.com обсуждение исходный текст |
| Ответ на | Re: Support for NSS as a libpq TLS backend (Daniel Gustafsson <daniel@yesql.se>) |
| Ответы |
Re: Support for NSS as a libpq TLS backend
|
| Список | pgsql-hackers |
On 03.02.22 15:53, Daniel Gustafsson wrote: > I see quite a few valid reasons to want an alternative, a few off the top of my > head include: > > - Using trust stores like Keychain on macOS with Secure Transport. There is > AFAIK something similar on Windows and NSS has it's certificate databases. > Especially on client side libpq it would be quite nice to integrate with where > certificates already are rather than rely on files on disks. > > - Not having to install OpenSSL, Schannel and Secure Transport would make life > easier for packagers. Those are good reasons for Schannel and Secure Transport, less so for NSS. > - Simply having an alternative. The OpenSSL projects recent venture into > writing transport protocols have made a lot of people worried over their > bandwidth for fixing and supporting core features. If we want simply an alternative, we had a GnuTLS variant almost done a few years ago, but in the end people didn't want it enough. It seems to be similar now.
В списке pgsql-hackers по дате отправления: