Received: from malur.postgresql.org ([217.196.149.56]) by arkaria.postgresql.org with esmtps (TLS1.3) tls TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384 (Exim 4.96) (envelope-from ) id 1w43Ef-001osJ-0N for pgsql-hackers@arkaria.postgresql.org; Sat, 21 Mar 2026 20:47:53 +0000 Received: from localhost ([127.0.0.1] helo=malur.postgresql.org) by malur.postgresql.org with esmtp (Exim 4.96) (envelope-from ) id 1w43Eb-00Bdtu-3D for pgsql-hackers@arkaria.postgresql.org; Sat, 21 Mar 2026 20:47:50 +0000 Received: from makus.postgresql.org ([2001:4800:3e1:1::229]) by malur.postgresql.org with esmtps (TLS1.3) tls TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384 (Exim 4.96) (envelope-from ) id 1w43Eb-00Bdtl-1c for pgsql-hackers@lists.postgresql.org; Sat, 21 Mar 2026 20:47:50 +0000 Received: from mail-ej1-x62b.google.com ([2a00:1450:4864:20::62b]) by makus.postgresql.org with esmtps (TLS1.3) tls TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256 (Exim 4.98.2) (envelope-from ) id 1w43EZ-00000000NFh-1yFa for pgsql-hackers@lists.postgresql.org; Sat, 21 Mar 2026 20:47:48 +0000 Received: by mail-ej1-x62b.google.com with SMTP id a640c23a62f3a-b97bca3797dso384892066b.0 for ; Sat, 21 Mar 2026 13:47:46 -0700 (PDT) ARC-Seal: i=1; a=rsa-sha256; t=1774126064; cv=none; d=google.com; s=arc-20240605; b=ZZaTRLguZiGgubU6nreHGpvZ49LwP8GK732hK05W4f7aSd9VaDZvtIBK+Ygy8X+GiR XWt3Eh2qTqVcDciu1GofRoPiVtUv71r2V940aSFFzoIYFP8L3XXWrjrcjnYZRzA9gxx7 8X9PLMiPZd1P2ae4hZb2k4XX8wTW+jvMRsQDmu8JeqpAHImatDO/cHNjA7LaoXldcWQG XArZR8zw13qDDqmKwVTbwzPXRCK8hMCk4/cAedepj0JOl02u5/HtrCymVre/ZMdVimXb avaS5iOIJrPkFZCfw3i6FuSMsjVEZaGIzyXIxq++YFL/ucx97HuxhG3JFci/TNgVSYiF X9yg== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=arc-20240605; h=cc:to:subject:message-id:date:from:in-reply-to:references :mime-version:dkim-signature; bh=QZJ56xB0S08KEegcYNzAX5CGm6uAWJwXWC1iHZcpMco=; fh=CPnr16S5x5GIOa1yU51EdRX6EHc4eM1bSrYtquS+7+0=; b=ckcwvEdHiixfr1jjlYeSHrqEy8hYZjOEISOQ6lIi7o3C/kAnrHm85Yan69tB/D+2nR AovpNWMV3BEdH1mEbmNuOwi85Pq6dRJxgj2Vi9EUJlF4bHfTb3nCph9hi37RJNVV91bi wajMNvrI741joPyzVtq8w1ICj/l5cBeZozc1OtF9zFIMuDUQ74N4jovCXu3PSdjho6DR l69tnbBhEXLj0OgMQZy1BvYdrwHsxviMIn1EyVPZsWz0DPH43dP4JzTNN35RmsysIXrJ vMATZ8dvqMtzOZCQeDDbBGioiHKvdjC7nVsVon++uEA6S+pmX5Bn68yDbBDZkI8bumVM YGJg==; darn=lists.postgresql.org ARC-Authentication-Results: i=1; mx.google.com; arc=none DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20230601; t=1774126064; x=1774730864; darn=lists.postgresql.org; h=cc:to:subject:message-id:date:from:in-reply-to:references :mime-version:from:to:cc:subject:date:message-id:reply-to; bh=QZJ56xB0S08KEegcYNzAX5CGm6uAWJwXWC1iHZcpMco=; b=MFy4lfBcBbm6fcYsAytmmyFYegZjOoyPhUH6IAhB2G7gR5UzPNaUfe6CJtln1fz7r3 8/HfesXhARFZnAnNCq+/Fyac4Tcwthbdky5vQBsz7GidLsVn5fz0E5oGsxS2hfLJLtGg 3NVQ8dOAYKm368zuYH1gD41ywqgPRdyczTRHipHnieHIGHyJ6k7sE6lfbDSYE8+D2H2n jxOjeBvmpCVDvVG/UT5mu0k2OGPT+qAPYlCGmDjojGVPiHti4jbyl3ykwLjbtbXGQ84C ahDa2blhsDsWd20H0oIqHXBXm5RD3tO+0tt/DmSgA5SXUku181BYov4W13DEjsLzuzuX hC3w== X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20251104; t=1774126064; x=1774730864; h=cc:to:subject:message-id:date:from:in-reply-to:references :mime-version:x-gm-gg:x-gm-message-state:from:to:cc:subject:date :message-id:reply-to; bh=QZJ56xB0S08KEegcYNzAX5CGm6uAWJwXWC1iHZcpMco=; b=WKnTT3DeYwfVpm9xZmkZcD8+JFnBtcTth+e4lxJCQu1L4WN9CtiV691sz2q7KTrXby YupXQYFlEossgLW2QSb4BLQS0VEO9G9mB/nw0xFGcGULQcEmTQFu06xczYDNArQ6YdNt x7FL8rJvVUTQTGpZVLwDdb8tyIePkqamRHtD78QNpPHr8ALQH8nXwHzGri72bUDLlAsQ FNh6HPWi2Z90liSOEKQS+AH5S5R7iVKAEJcsu4YrW8TIHEBf3+e1s/2SWTikba2VNHEM R1zudfiemXMob5vrKTCrCPUxPfDcTLWo/HO8CFkc9zFubJDUgSzjQ4LhtQdiB2Ui+W2c dx/g== X-Gm-Message-State: AOJu0YwOLQIAyDtdmPOfK5NE4yq/O6VimGPkHkkm07Gr9RA06z2+igCa mk8k2tcB4xFKM6ZEblINSePrDDJ7ExKdm+14D6fbmQJD0zh10eFM7j4ydgwV01J86ENuBmiB5ST Z2eDbGBnanWqTfj9vU6SQLeCGhTfBPDk= X-Gm-Gg: ATEYQzw8Cc/n1YEkS8sekIcW68qdAhsPXkOQVvpm9YhS08dgrkpMXrakImt2gYynVZZ 972w3hCUr5BVwpMBJZQMVZnu0+yiX9se0LlNjm3xRaYDbYmsh4c+YCETqPxhv5IpO/FNc2jusIJ Dov2zmtkAhkZPRudodLt/AGI1QMxuDOpQyNYKH/ICKvo55GrIpBoGZym7BE088QFJGH+Jevgyf2 AbWS/rQUBQYC4teqxOya6K+r9ECp4ZUlhogq4eC5XPti24+Dhp/6jBpjMChBGcaCDY+fjKgJ9Pl tsxxvo7XApnMJ1v1vOB5dPoDaLvjett6VJagYg== X-Received: by 2002:a17:907:c992:b0:b97:a428:b3c2 with SMTP id a640c23a62f3a-b982f0c7fafmr398729466b.4.1774126064220; Sat, 21 Mar 2026 13:47:44 -0700 (PDT) MIME-Version: 1.0 References: <9C26F7E9-80F4-400C-B5F4-A32992ABDBE0@yesql.se> In-Reply-To: <9C26F7E9-80F4-400C-B5F4-A32992ABDBE0@yesql.se> From: Javier Gutierrez-Maturana sanchez Date: Sat, 21 Mar 2026 21:47:33 +0100 X-Gm-Features: AaiRm50e9lX5ilH5ECXT1p3dHWoUDGP3piCXMVCXcKfFLG6yvXiHKSg--GtlmV0 Message-ID: Subject: Re: Proposal: Implementing Botan as an alternative TLS backend for PostgreSQL To: daniel@yesql.se Cc: PostgreSQL Hackers , Enrique Soriano , Gorka Guardiola Content-Type: multipart/alternative; boundary="000000000000d83d9b064d8ee970" List-Id: List-Help: List-Subscribe: List-Post: List-Owner: List-Archive: Archived-At: Precedence: bulk --000000000000d83d9b064d8ee970 Content-Type: text/plain; charset="UTF-8" Content-Transfer-Encoding: quoted-printable Hi Daniel, =E2=80=8BI appreciate the pointer. You are correct that the abstraction of = the SSL layer is a topic that has surfaced on the mailing list multiple times over the last decade. =E2=80=8BHowever, my intention is not to disregard the project's history, b= ut rather to re-evaluate the technical viability under current architectural conditions. One of the primary historical hurdles for integrating modern libraries like Botan into a C-based project like PostgreSQL has been Botan's reliance on Boost.Asio or C++-centric asynchronous I/O models for communications management. =E2=80=8BTechnical Complexity: The ASIO Integration Challenge =E2=80=8BIn analyzing the current integration, I see several critical point= s that differentiate the current landscape from the debates of ten years ago: =E2=80=8BImpedance Mismatch (ASIO vs. Postgres): Botan=E2=80=99s TLS architecture often defaults to a data-flow model or rel= ies on Boost.Asio for event handling. Mapping this to PostgreSQL=E2=80=99s process= -based, synchronous socket model introduces significant complexity. Bridging a C++-heavy asynchronous event loop into a legacy C codebase without introducing "callback hell" is a non-trivial engineering task. =E2=80=8BSignal and Memory Management: Integrating a C++ runtime requires careful handling of PostgreSQL's custom memory management (palloc) and signal handling (Longjmp-based error recovery), which can conflict with C++ exception handling and ASIO's internal state. =E2=80=8BAI-Assisted Refactoring: A key differentiator today is the advent = of Advanced AI Agents. These tools significantly lower the overhead of large-scale refactorings. Tasks that were previously deemed too labor-intensive=E2=80=94such as abstr= acting be-secure-openssl.c into a generic provider interface=E2=80=94can now be ex= ecuted with much higher precision and consistent boilerplate generation, allowing developers to focus on the high-level architectural integrity. =E2=80=8BWhy Reopen the Discussion Now? =E2=80=8BMy proposal stems from the need to comply with security agency reg= ulations (such as the CCN in Spain), which are beginning to mandate cryptographic agility and Post-Quantum Cryptography (PQC) readiness. Botan offers a native path toward PQC that is currently more complex to maintain solely through OpenSSL patches or oqs providers. =E2=80=8BI have developed a reference model (mentioned in the previous Appe= ndix) using a proxy to mitigate this coupling, but I believe an internal abstraction would benefit the core=E2=80=99s long-term resilience. =E2=80=8BIs there a specific design document or thread from previous attemp= ts that you consider "required reading" so I can avoid repeating past architectural mistakes in a potential patch proposal? =E2=80=8BBest regards, El s=C3=A1b, 21 mar 2026, 21:11, Daniel Gustafsson escrib= i=C3=B3: > > On 21 Mar 2026, at 19:44, Javier Gutierrez-Maturana sanchez < > fj.gutierrezs91@gmail.com> wrote: > > > I would like to start a discussion regarding the feasibility of > decoupling our current TLS implementation to allow for alternative > cryptographic backends, specifically **Botan** (via its C wrapper). > > You should perhaps start by doing basic level research, since we did that > over > a decade ago. > > -- > Daniel Gustafsson > > --000000000000d83d9b064d8ee970 Content-Type: text/html; charset="UTF-8" Content-Transfer-Encoding: quoted-printable
Hi Daniel,

<= /div>
=E2=80=8BI appreciate the pointer. You are correct t= hat the abstraction of the SSL layer is a topic that has surfaced on the ma= iling list multiple times over the last decade.
=E2= =80=8BHowever, my intention is not to disregard the project's history, = but rather to re-evaluate the technical viability under current architectur= al conditions. One of the primary historical hurdles for integrating modern= libraries like Botan into a C-based project like PostgreSQL has been Botan= 's reliance on Boost.Asio or C++-centric asynchronous I/O models for co= mmunications management.


=E2=80=8BTechnical Complexity: The ASIO Integr= ation Challenge


=E2=80=8BIn analyzing the current integration, I see se= veral critical points that differentiate the current landscape from the deb= ates of ten years ago:

= =E2=80=8BImpedance Mismatch (ASIO vs. Postgres):
Botan=E2=80=99s TLS architecture often defaults to= a data-flow model or relies on Boost.Asio for event handling. Mapping this= to PostgreSQL=E2=80=99s process-based, synchronous socket model introduces= significant complexity. Bridging a C++-heavy asynchronous event loop into = a legacy C codebase without introducing "callback hell" is a non-= trivial engineering task.


=E2=80=8BSignal and Memory Management:
<= div dir=3D"auto">
Integrating a C++ runtime requ= ires careful handling of PostgreSQL's custom memory management (palloc)= and signal handling (Longjmp-based error recovery), which can conflict wit= h C++ exception handling and ASIO's internal state.


=E2=80=8BAI-Ass= isted Refactoring: A key differentiator today is the advent of Advanced AI = Agents.

These tools sign= ificantly lower the overhead of large-scale refactorings. Tasks that were p= reviously deemed too labor-intensive=E2=80=94such as abstracting be-secure-= openssl.c into a generic provider interface=E2=80=94can now be executed wit= h much higher precision and consistent boilerplate generation, allowing dev= elopers to focus on the high-level architectural integrity.

=E2=80=8BWhy Reopen the Discussion No= w?

=E2=80=8BMy proposal = stems from the need to comply with security agency regulations (such as the= CCN in Spain), which are beginning to mandate cryptographic agility and Po= st-Quantum Cryptography (PQC) readiness. Botan offers a native path toward = PQC that is currently more complex to maintain solely through OpenSSL patch= es or oqs providers.

=E2= =80=8BI have developed a reference model (mentioned in the previous Appendi= x) using a proxy to mitigate this coupling, but I believe an internal abstr= action would benefit the core=E2=80=99s long-term resilience.

=E2=80=8BIs there a specific design d= ocument or thread from previous attempts that you consider "required r= eading" so I can avoid repeating past architectural mistakes in a pote= ntial patch proposal?

= =E2=80=8BBest regards,

El s=C3=A1b, 21 mar 2026, 21:11, Daniel Gustafsson &l= t;d= aniel@yesql.se> escribi=C3=B3:
> On 21 Mar 2026, at 19:44, Javier Gutierrez-Maturana sanchez <fj.gutierrezs91@gmail.com> wrote:

> I would like to start a discussion regarding the feasibility of decoup= ling our current TLS implementation to allow for alternative cryptographic = backends, specifically **Botan** (via its C wrapper).

You should perhaps start by doing basic level research, since we did that o= ver
a decade ago.

--
Daniel Gustafsson

--000000000000d83d9b064d8ee970--