>>> Personally I'd like to see this patch broken up a bit - it's quite
>>> large. Several of the changes could easily be committed separately, no?
>>
>> Not sure how much of this makes sense committed separately (unless separately
>> means in quick succession), but it could certainly be broken up for the sake of
>> making review easier.
>
> Committing e.g. the pgcrypto pieces separately from the backend code
> seems unproblematic. But yes, I would expect them to go in close to each
> other. I'm mainly concerned with smaller review-able units.
Attached is a v14 where the logical units are separated into individual
commits. I hope this split makes it easier to read.
The 0006 commit were things not really related to NSS at all that can be
submitted to -hackers independently of this work, but they're still there since
this version wasn't supposed to change anything.
Most of the changes to sslinfo in 0005 are really only needed in case OpenSSL
isn't the only TLS library, but I would argue that they should be considered
regardless. There we are still accessing the ->ssl member directly and passing
it to OpenSSL rather than using the be_tls_* API that we have. I can extract
that portion as a separate patch submission unless there are objections.
cheers ./daniel