> On 01 Sep 2017, at 20:00, Robert Haas <robertmh...@gmail.com> wrote: > > On Fri, Sep 1, 2017 at 1:10 PM, Tom Lane <t...@sss.pgh.pa.us> wrote: >> Robert Haas <robertmh...@gmail.com> writes: >>> On Thu, Aug 31, 2017 at 1:52 PM, Andreas Karlsson <andr...@proxel.se> wrote: >>>> I have seen discussions from time to time about OpenSSL and its licensing >>>> issues so I decided to see how much work it would be to add support for >>>> another TLS library, and I went with GnuTLS since it is the library I know >>>> best after OpenSSL and it is also a reasonably popular library. >> >>> Thanks for working on this. I think it's good for PostgreSQL to have >>> more options in this area. >> >> +1. We also have a patch in the queue to support macOS' TLS library, >> and I suppose that's going to be facing similar issues. It would be >> a good plan, probably, to try to push both of these to conclusion in >> the same development cycle. > > The thing which I think would save the most aggravation - at least for > my employer - is a Windows SSL implementation.
In 53ea546e.6020...@vmware.com, an early version of SChannel support was posted by Heikki. If anyone is keen to pick up the effort that would most likely be a good starting point. > Relying on OpenSSL > means that every time OpenSSL puts out a critical security fix, we've > got to rewrap all the Windows installers to pick up the new version. > If we were relying on what's built into Windows, it would be > Microsoft's problem. Granted, it's not anybody's job to solve > EnterpriseDB's problems except EnterpriseDB, but users might like it > too -- and anyone else who is building Windows installers for > PostgreSQL. > > Depending on macOS TLS instead of OpenSSL has similar advantages, of > course, just for a somewhat less common platform. I think providing alternatives to OpenSSL on platforms where OpenSSL can’t be relied on to be already available (Windows and macOS come to mind) would be a great thing for many users and app developers. cheers ./daniel -- Sent via pgsql-hackers mailing list (pgsql-hackers@postgresql.org) To make changes to your subscription: http://www.postgresql.org/mailpref/pgsql-hackers
