public inbox for [email protected]
help / color / mirror / Atom feedFrom: Andrew Dunstan <[email protected]>
To: Daniel Gustafsson <[email protected]>
Cc: Postgres hackers <[email protected]>
Cc: Stephen Frost <[email protected]>
Subject: Re: Support for NSS as a libpq TLS backend
Date: Fri, 31 Jul 2020 16:44:46 -0400
Message-ID: <[email protected]> (raw)
In-Reply-To: <[email protected]>
References: <[email protected]>
<[email protected]>
<[email protected]>
On 7/15/20 6:18 PM, Daniel Gustafsson wrote:
>> On 15 Jul 2020, at 20:35, Andrew Dunstan <[email protected]> wrote:
>>
>> On 5/15/20 4:46 PM, Daniel Gustafsson wrote:
>>> My plan is to keep hacking at this to have it reviewable for the 14 cycle, so
>>> if anyone has an interest in NSS, then I would love to hear feedback on how it
>>> works (and doesn't work).
>> I'll be happy to help, particularly with Windows support and with some
>> of the callback stuff I've had a hand in.
> That would be fantastic, thanks! The password callback handling is still a
> TODO so feel free to take a stab at that since you have a lot of context on
> there.
>
> For Windows, I've include USE_NSS in Solution.pm as Thomas pointed out in this
> thread, but that was done blind as I've done no testing on Windows yet.
>
OK, here is an update of your patch that compiles and runs against NSS
under Windows (VS2019).
In addition to some work that was missing in src/tools/msvc, I had to
make a few adjustments, including:
* strtok_r() isn't available on Windows. We don't use it elsewhere in
the postgres code, and it seemed unnecessary to have reentrant calls
here, so I just replaced it with equivalent strtok() calls.
* We were missing an NSS implementation of
pgtls_verify_peer_name_matches_certificate_guts(). I supplied a
dummy that's enough to get it building cleanly, but that needs to be
filled in properly.
There is still plenty of work to go, but this seemed a sufficient
milestone to report progress on.
cheers
andrew
--
Andrew Dunstan https://www.2ndQuadrant.com
PostgreSQL Development, 24x7 Support, Remote DBA, Training & Services
view thread (181+ messages) latest in thread
reply
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Reply to all the recipients using the --to and --cc options:
reply via email
To: [email protected]
Cc: [email protected], [email protected], [email protected], [email protected]
Subject: Re: Support for NSS as a libpq TLS backend
In-Reply-To: <[email protected]>
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
This inbox is served by agora; see mirroring instructions
for how to clone and mirror all data and code used for this inbox