On 06/09/2014 02:53 PM, Magnus Hagander wrote:
Also, my memory says that SChannel doesn't support the key file format that we use now, which makes a much bigger break with the supported platforms. That may have changed of course - have you researched that part?
A quick web search turned up a few discussion forums threads with a recipe for this (e.g https://stackoverflow.com/questions/1231178/load-an-x509-pem-file-into-windows-cryptoapi). There's no direct "read this file" function, but there are low-level functions that can decode the file format once it's read into memory. So it seems possible to make it work.
It's also a question of if we can accept supporting a different set of libraries on the server vs on the client. It's really on the client that it's a bigger problem, but in the end I think we want to have "symmetrical support". But it might be worth doing just the client side initially, and then move to the server. I think in general, the client side is actually likely to be *harder* than the server side..
Once we've modified the client to support multiple libraries, it's probably not much extra effort to do the same to the server. I wouldn't like to support different libraries in client and server, if only because it would be more complicated to have separate ./configure options for client and server.
- Heikki -- Sent via pgsql-hackers mailing list (pgsql-hackers@postgresql.org) To make changes to your subscription: http://www.postgresql.org/mailpref/pgsql-hackers