Hi Christoph, On Fri, Jun 26, 2020 at 2:51 PM Christoph Berg <m...@debian.org> wrote: > > post it > as a WIP patch on the pgsql-hack...@postgresql.org list
I just did it. > Do you think renaming the types in wolfSSL is feasible? Probably. > I don't even know what "ValidateDate" is Neither do I, but a #define HAVE bracket suggests it's a standard function. Unfortunately, the arguments to the PostgreSQL version look totally different. Maybe we can rename ours, or isolate. It's used less often. > > 1. DH parameters are not currently loaded from a database-internal PEM Fortunately, I don't think it's a seed. The code states: /* * Set DH parameters for generating ephemeral DH keys. The * DH parameters can take a long time to compute, so they must be * precomputed. * * Since few sites will bother to create a parameter file, we also * provide a fallback to the parameters provided by the OpenSSL * project. * * These values can be static (once loaded or computed) since the * OpenSSL library can efficiently generate random keys from the * information provided. */ > Do you mean the module shouldn't use the OpenSSL compat layer? I am not sure. It definitely cannot use the EVP portion, which provides standardized access to cryptographic primitives. Maybe the module should switch to the native interface. > > That is what the routine being mimicked does in wolfSSL. This code comment will help you figure out what I meant: /* This should exactly match OpenSSL's SSL_set_fd except for using my BIO */ Please have good vacation, and get some rest! Kind regards Felix Lechner
