On 03.02.22 15:53, Daniel Gustafsson wrote:
> I see quite a few valid reasons to want an alternative, a few off the top of my
> head include:
>
> - Using trust stores like Keychain on macOS with Secure Transport. There is
> AFAIK something similar on Windows and NSS has it's certificate databases.
> Especially on client side libpq it would be quite nice to integrate with where
> certificates already are rather than rely on files on disks.
>
> - Not having to install OpenSSL, Schannel and Secure Transport would make life
> easier for packagers.
Those are good reasons for Schannel and Secure Transport, less so for NSS.
> - Simply having an alternative. The OpenSSL projects recent venture into
> writing transport protocols have made a lot of people worried over their
> bandwidth for fixing and supporting core features.
If we want simply an alternative, we had a GnuTLS variant almost done a
few years ago, but in the end people didn't want it enough. It seems to
be similar now.