On 09/18/2017 07:04 PM, Jeff Janes wrote:> You fixed the first issue,
but I still get the second one:
be-secure-gnutls.c: In function 'get_peer_certificate':
be-secure-gnutls.c:667: error: 'GNUTLS_X509_CRT_LIST_SORT' undeclared
(first use in this function)
be-secure-gnutls.c:667: error: (Each u
On Sun, Sep 17, 2017 at 2:17 PM, Andreas Karlsson wrote:
> On 09/15/2017 06:55 PM, Jeff Janes wrote:
>
>> I can't build against gnutls-2.12.23-21.el6.x86_64 from CentOS 6.9
>>
>
> Thanks for testing my patch. I have fixed both these issues plus some of
> the other feedback. A new version of my pa
On 09/15/2017 06:55 PM, Jeff Janes wrote:
I can't build against gnutls-2.12.23-21.el6.x86_64 from CentOS 6.9
Thanks for testing my patch. I have fixed both these issues plus some of
the other feedback. A new version of my patch is attached which should,
at least on theory, support all GnuTLS
On Thu, Aug 31, 2017 at 10:52 AM, Andreas Karlsson
wrote:
>
>
>
> = Work left to do
>
> - Test code with older versions of GnuTLS
>
I can't build against gnutls-2.12.23-21.el6.x86_64 from CentOS 6.9
be-secure-gnutls.c: In function 'be_tls_init':
be-secure-gnutls.c:168: warning: implicit declar
On Thu, Sep 7, 2017 at 10:35 PM, Tom Lane wrote:
> I think we might be best off just playing it straight and providing
> a config file that contains a section along these lines:
>
> # Parameters for OpenSSL. Leave these commented out if not using OpenSSL.
> #
> #ssl_ciphers = 'HIGH:MEDIUM:+3DES:!
Andreas Karlsson writes:
> On 09/07/2017 11:34 PM, Tomas Vondra wrote:
>> Well, people won't be able to set the inactive options, just like you
>> can't set ssl=on when you build without OpenSSL support. But perhaps we
>> could simply not include the inactive options into the config file, no?
> Y
On 09/07/2017 11:34 PM, Tomas Vondra wrote:
I am worried about having 3x version of TLS controls in
postgresql.conf, and only one set being active. Perhaps we need to
break out the TLS config to separate files or something. Anyway, this
needs more thought.
Well, people won't be able to set the
On Thu, Sep 7, 2017 at 2:34 PM, Tomas Vondra
wrote:
> Hi,
>
> On 09/04/2017 04:24 PM, Bruce Momjian wrote:
> > On Fri, Sep 1, 2017 at 12:09:35PM -0400, Robert Haas wrote:
> >> I think that what this shows is that the current set of GUCs is overly
> >> OpenSSL-centric. We created a set of GUCs t
Hi,
On 09/04/2017 04:24 PM, Bruce Momjian wrote:
> On Fri, Sep 1, 2017 at 12:09:35PM -0400, Robert Haas wrote:
>> I think that what this shows is that the current set of GUCs is overly
>> OpenSSL-centric. We created a set of GUCs that are actually specific
>> to one particular implementation but
On Fri, Sep 01, 2017 at 10:33:37PM +0200, Alvaro Herrera wrote:
> Tom Lane wrote:
> > Robert Haas writes:
> > > On Thu, Aug 31, 2017 at 1:52 PM, Andreas Karlsson
> > > wrote:
>
> > >> There are currently two failing SSL tests which at least to me seems more
> > >> like they test specific OpenSS
On Fri, Sep 1, 2017 at 12:09:35PM -0400, Robert Haas wrote:
> I think that what this shows is that the current set of GUCs is overly
> OpenSSL-centric. We created a set of GUCs that are actually specific
> to one particular implementation but named them as if they were
> generic. My idea about t
Tom Lane wrote:
> Robert Haas writes:
> > On Thu, Aug 31, 2017 at 1:52 PM, Andreas Karlsson wrote:
> >> There are currently two failing SSL tests which at least to me seems more
> >> like they test specific OpenSSL behaviors rather than something which need
> >> to be true for all SSL libraries.
> On 01 Sep 2017, at 20:00, Robert Haas wrote:
>
> On Fri, Sep 1, 2017 at 1:10 PM, Tom Lane wrote:
>> Robert Haas writes:
>>> On Thu, Aug 31, 2017 at 1:52 PM, Andreas Karlsson wrote:
I have seen discussions from time to time about OpenSSL and its licensing
issues so I decided to see
On Fri, Sep 1, 2017 at 1:10 PM, Tom Lane wrote:
> Robert Haas writes:
>> On Thu, Aug 31, 2017 at 1:52 PM, Andreas Karlsson wrote:
>>> I have seen discussions from time to time about OpenSSL and its licensing
>>> issues so I decided to see how much work it would be to add support for
>>> another
> On 01 Sep 2017, at 19:10, Tom Lane wrote:
>
> Robert Haas writes:
>> On Thu, Aug 31, 2017 at 1:52 PM, Andreas Karlsson wrote:
>
>>> There are currently two failing SSL tests which at least to me seems more
>>> like they test specific OpenSSL behaviors rather than something which need
>>> to
Robert Haas writes:
> On Thu, Aug 31, 2017 at 1:52 PM, Andreas Karlsson wrote:
>> I have seen discussions from time to time about OpenSSL and its licensing
>> issues so I decided to see how much work it would be to add support for
>> another TLS library, and I went with GnuTLS since it is the li
On Thu, Aug 31, 2017 at 1:52 PM, Andreas Karlsson wrote:
> I have seen discussions from time to time about OpenSSL and its licensing
> issues so I decided to see how much work it would be to add support for
> another TLS library, and I went with GnuTLS since it is the library I know
> best after
Hi,
I have seen discussions from time to time about OpenSSL and its
licensing issues so I decided to see how much work it would be to add
support for another TLS library, and I went with GnuTLS since it is the
library I know best after OpenSSL and it is also a reasonably popular
library.
A
18 matches
Mail list logo
