Peter Eisentraut wrote:
> On Friday 08 May 2009 22:03:56 Tom Lane wrote:
>> I hesitate though to suggest that we think about porting
>> ourselves to NSS --- I'm not sure that there would be benefits to us
>> within the context of Postgres alone.
>
> That could be attractive if we ripped out the OpenSSL code at the same time,
> as the NSS API is purportedly more abstract and presumably would reduce the
> amount and the complexity of the code.
Is NSS available on all the platforms that we are (and that has OpenSSL
today)?
Another thought: if we were to make ourselves support multiple SSL
libraries (that has been suggested before - at that point, people wanted
GnuTLS), we could also add support for Windows SChannel, which I'm sure
some win32 people would certainly prefer - much easier to do SSL
deployments within an existing MS infrastructure...
But no, that certainly wouldn't *reduce* the amount of code...
//Magnus