On 06/09/2014 02:53 PM, Magnus Hagander wrote:
Also, my memory says that SChannel doesn't support the key file format that
we use now, which makes a much bigger break with the supported platforms.
That may have changed of course - have you researched that part?

A quick web search turned up a few discussion forums threads with a recipe for this (e.g https://stackoverflow.com/questions/1231178/load-an-x509-pem-file-into-windows-cryptoapi). There's no direct "read this file" function, but there are low-level functions that can decode the file format once it's read into memory. So it seems possible to make it work.

It's also a question of if we can accept supporting a different set of
libraries on the server vs on the client. It's really on the client that
it's a bigger problem, but in the end I think we want to have "symmetrical
support". But it might be worth doing just the client side initially, and
then move to the server. I think in general, the client side is actually
likely to be *harder* than the server side..

Once we've modified the client to support multiple libraries, it's probably not much extra effort to do the same to the server. I wouldn't like to support different libraries in client and server, if only because it would be more complicated to have separate ./configure options for client and server.

- Heikki


--
Sent via pgsql-hackers mailing list (pgsql-hackers@postgresql.org)
To make changes to your subscription:
http://www.postgresql.org/mailpref/pgsql-hackers

Reply via email to