Re: Support for NSS as a libpq TLS backend

Поиск
Список
Период
Сортировка
От Jacob Champion
Тема Re: Support for NSS as a libpq TLS backend
Дата
Msg-id 80791713766697b7d121baf418940365b2b06b1b.camel@vmware.com
обсуждение исходный текст
Ответ на Re: Support for NSS as a libpq TLS backend  (Andres Freund <andres@anarazel.de>)
Список pgsql-hackers
Дерево обсуждения 
On Wed, 2022-01-26 at 15:59 -0800, Andres Freund wrote:
> > > Do we have a testcase for embedded NULLs in common names?
> > 
> > We don't, neither for OpenSSL or NSS.  AFAICR Jacob spent days trying to get a
> > certificate generation to include an embedded NULL byte but in the end gave up.
> > We would have to write our own tools for generating certificates to add that
> > (which may or may not be a bad idea, but it hasn't been done).
> 
> Hah, that's interesting.

Yeah, OpenSSL just refused to do it, with any method I could find at
least. My personal test suite is using pyca/cryptography and psycopg2
to cover that case.

--Jacob

В списке pgsql-hackers по дате отправления:

Предыдущее
От: Andres Freund
Дата:
Сообщение: Re: Support for NSS as a libpq TLS backend
Следующее
От: Michael Paquier
Дата:
Сообщение: Re: make MaxBackends available in _PG_init