Re: Support for NSS as a libpq TLS backend
| От | Andrew Dunstan |
|---|---|
| Тема | Re: Support for NSS as a libpq TLS backend |
| Дата | |
| Msg-id | e3ad96e8-7d2d-6c3d-39c9-fc1fa47a30f0@2ndQuadrant.com обсуждение исходный текст |
| Ответ на | Re: Support for NSS as a libpq TLS backend (Andrew Dunstan <andrew.dunstan@2ndquadrant.com>) |
| Ответы |
Re: Support for NSS as a libpq TLS backend
|
| Список | pgsql-hackers |
On 8/3/20 12:46 PM, Andrew Dunstan wrote: > On 7/31/20 4:44 PM, Andrew Dunstan wrote: >> On 7/15/20 6:18 PM, Daniel Gustafsson wrote: >>>> On 15 Jul 2020, at 20:35, Andrew Dunstan <andrew.dunstan@2ndquadrant.com> wrote: >>>> >>>> On 5/15/20 4:46 PM, Daniel Gustafsson wrote: >>>>> My plan is to keep hacking at this to have it reviewable for the 14 cycle, so >>>>> if anyone has an interest in NSS, then I would love to hear feedback on how it >>>>> works (and doesn't work). >>>> I'll be happy to help, particularly with Windows support and with some >>>> of the callback stuff I've had a hand in. >>> That would be fantastic, thanks! The password callback handling is still a >>> TODO so feel free to take a stab at that since you have a lot of context on >>> there. >>> >>> For Windows, I've include USE_NSS in Solution.pm as Thomas pointed out in this >>> thread, but that was done blind as I've done no testing on Windows yet. >>> >> OK, here is an update of your patch that compiles and runs against NSS >> under Windows (VS2019). >> >> >> In addition to some work that was missing in src/tools/msvc, I had to >> make a few adjustments, including: >> >> >> * strtok_r() isn't available on Windows. We don't use it elsewhere in >> the postgres code, and it seemed unnecessary to have reentrant calls >> here, so I just replaced it with equivalent strtok() calls. >> * We were missing an NSS implementation of >> pgtls_verify_peer_name_matches_certificate_guts(). I supplied a >> dummy that's enough to get it building cleanly, but that needs to be >> filled in properly. >> >> >> There is still plenty of work to go, but this seemed a sufficient >> milestone to report progress on. >> >> > > OK, this version contains pre-generated nss files, and passes a full > buildfarm run including the ssl test module, with both openssl and NSS. > That should keep the cfbot happy :-) > > rebased on current master. cheers andrew -- Andrew Dunstan https://www.2ndQuadrant.com PostgreSQL Development, 24x7 Support, Remote DBA, Training & Services
Вложения
В списке pgsql-hackers по дате отправления: