Hi, On 11/02/2017 11:33 PM, Andreas Karlsson wrote: > On 09/18/2017 07:04 PM, Jeff Janes wrote:> You fixed the first issue, > but I still get the second one: >> >> be-secure-gnutls.c: In function 'get_peer_certificate': >> be-secure-gnutls.c:667: error: 'GNUTLS_X509_CRT_LIST_SORT' undeclared >> (first use in this function) >> be-secure-gnutls.c:667: error: (Each undeclared identifier is reported >> only once >> be-secure-gnutls.c:667: error: for each function it appears in.) > > Thanks again for testing the code. I have now rebased the patch and > fixed the second issue. I tested that it works on CentOS 6. > > Work which remains: > > - sslinfo > - pgcrypto > - Documentation > - Decide if what I did with the config is a good idea >
I don't want to be the annoying guy, but this patch no longer applies due to 642bafa0c5f9f08d106a14f31429e0e0c718b603 touching the tests :-( BTW regarding the config, I believe you've kept is static (no hiding of sections based on configure parameters), and you've separated the openssl and gnutls options, right? Seems fine to me. The one thing is that it was proposed to rename the openssl-specific options to start with openssl_ instead of ssl_. One question though. What happens when you do ./configure --with-openssl --with-gnutls If I get it right we ignore gnutls and use openssl (as it's the first checked in #ifdefs). Shouldn't we enforce in configure that only one TLS implementation is enabled? Either by some elaborate check, or by switching to something like --with-ssl=(openssl|gnutls) regards -- Tomas Vondra http://www.2ndQuadrant.com PostgreSQL Development, 24x7 Support, Remote DBA, Training & Services