On 3/8/18 20:13, Peter Eisentraut wrote:
> In the thread about Secure Transport we agreed to move the consideration
> of new SSL libraries to PG12.
>
> Here is my current patch, after all the refactorings.
>
> The status is that it works fine and could be used.
>
> There are two failures in the SSL tests that I cannot explain. The
> tests are for some rather obscure configurations, so the changed
> behaviors are not obviously wrong, perhaps legitimate implementation
> differences. But someone wrote those tests with a purpose (probably),
> so we should have some kind of explanation for the regressions.
>
> Other non-critical, nice-to-have issues:
>
> - Do something about sslinfo, perhaps fold into pg_stat_ssl view.
> - Do something about pgcrypto.
> - Add tests for load_dh_file().
> - Implement channel binding tls-server-end-point.
Also, ...
- Add ssl_passphrase_command support.
I'm moving this patch forward to CF 2018-09, since it's not going to be
ready for -07, and we're still whacking around some channel binding
details, which would potentially interfere with this patch.
--
Peter Eisentraut http://www.2ndQuadrant.com/
PostgreSQL Development, 24x7 Support, Remote DBA, Training & Services