> On 9 May 2025, at 02:15, Tom Lane <t...@sss.pgh.pa.us> wrote: > Daniel Gustafsson <dan...@yesql.se> writes:
>> If we were to end up with a >> Libressl libtls implementation in libpq we'd still have to test with Libressl >> against the OpenSSL compat layer in libssl since it could act as both. Not a >> bridge we have to cross today but might be worth at least keeping in mind >> when >> designing something to not make it impossible in the future. > > Right. I think the attached would be amenable to that. It will be a bit awkward to ask "are you libressl" if we ever add support for something not OpenSSL based, but we could always revisit should that happen. > Further down the road, it seems inevitable that we'll need to have a > way of detecting the SSL library version --- for example, assuming > the LibreSSL folk eventually fix their RSA-PSS code, we'll need a > version-dependent test. That could be another new backend method, > I guess. Agreed. -- Daniel Gustafsson
