Seth Robertson wrote: > In message <14727.1241816...@sss.pgh.pa.us>, Tom Lane writes: > > > It is of course possible to support both at the same time (at > > compile-time, if nowhere else). > > Yes, I suppose we'd not wish to just drop openssl completely. > I wonder how much code duplication would ensue from a compile-time > choice of which library to use ... > > My only datapoint for you is curl, which is an application I happen to > have discovered that can use either NSS and OpenSSL. > > Lines Words Chars Filename > 2508 7890 74682 ssluse.c > 1331 3708 36411 nss.c
IIRC, they also support gnutls. So we can probably get hints there about how to get this support if we want to :-) > I imagine that you would more or less have to provide a different > be-secure.c and fe-secure.c file for the two different > libraries--whether as a separate file or via #ifdefs. It looks like > there is a small amount of common code present (why *is* > pg_block_sigpipe() in that file anyway?) Clearly this would be a good time to fix such abstraction errors if we decide to go ahead :-) -- Magnus Hagander Self: http://www.hagander.net/ Work: http://www.redpill-linpro.com/ -- Sent via pgsql-hackers mailing list (pgsql-hackers@postgresql.org) To make changes to your subscription: http://www.postgresql.org/mailpref/pgsql-hackers
