Robert Haas <robertmh...@gmail.com> writes: > On Thu, Aug 31, 2017 at 1:52 PM, Andreas Karlsson <andr...@proxel.se> wrote: >> I have seen discussions from time to time about OpenSSL and its licensing >> issues so I decided to see how much work it would be to add support for >> another TLS library, and I went with GnuTLS since it is the library I know >> best after OpenSSL and it is also a reasonably popular library.
> Thanks for working on this. I think it's good for PostgreSQL to have > more options in this area. +1. We also have a patch in the queue to support macOS' TLS library, and I suppose that's going to be facing similar issues. It would be a good plan, probably, to try to push both of these to conclusion in the same development cycle. > I think that what this shows is that the current set of GUCs is overly > OpenSSL-centric. We created a set of GUCs that are actually specific > to one particular implementation but named them as if they were > generic. My idea about this would be to actually rename the existing > GUCs to start with "openssl" rather than "ssl", and then add new GUCs > as needed for other SSL implementations. Works for me. >> There are currently two failing SSL tests which at least to me seems more >> like they test specific OpenSSL behaviors rather than something which need >> to be true for all SSL libraries. > I don't know what we should do about these issues. Maybe the SSL test suite needs to be implementation-specific as well. regards, tom lane -- Sent via pgsql-hackers mailing list (pgsql-hackers@postgresql.org) To make changes to your subscription: http://www.postgresql.org/mailpref/pgsql-hackers