On 11/26/17 20:05, Andreas Karlsson wrote: > I have now implemented this in the attached patch (plus added support > for channel binding and rebased it) but I ran into one issue which I > have not yet solved. The script for the windows version takes the > --with-openssl=<path> switch so that cannot just be translated to a > single --with-ssl switch. Should to have both --with-openssl and > --with-gnutls or --with-ssl=(openssl|gnutls) and --with-ssl-path=<path>? > I also do not know the Windows build code very well (or really at all).
This patch appears to work well. As I had mentioned previously, I'm not fond of changing the existing configure flags, and given the above issue, I'd just leave everything as is and add --with-gnutls. The patch contains a purported GUC variable gnutls_priority, but it is not documented or used anywhere. There are some test cases that are marked to be skipped. We should document why that is. I see a potential problem with the SCRAM channel binding support. GnuTLS will not support tls-server-endpoint, so we'll need to check what happens when a client requests that. (That's not the problem of this patch, however.) -- Peter Eisentraut http://www.2ndQuadrant.com/ PostgreSQL Development, 24x7 Support, Remote DBA, Training & Services