>> Maybe we can create a lightweight throw-away context in a check hook and >> ensure >> the settings work? > > Yeah, I was envisioning something like that. The main trick would be > to ensure that we can't error out, but given that we'd mostly be > calling OpenSSL code, ensuring that there's no ereport(ERROR) > shouldn't be too hard.
This is sort being added as already as part of the SNI patchset, so I'll see if I can steal something from there in case that seems to miss the v19 train. > But I'd counsel getting the easy bits (1) and (2) out of the way > first. Absolutely, the attached is what I had planned for addressing this. -- Daniel Gustafsson
0002-doc-Add-note-to-ssl_group-config-on-X25519-and-FIPS.patch
Description: Binary data
0001-Avoid-using-the-X25519-curve-in-ssl-tests.patch
Description: Binary data
