-----Original Message----- From: "Tom Lane"<tgl@xxxxxxxxxxxxx> Sent: 22/04/06 18:23:58 To: "Dave Page"<dpage@xxxxxxxxxxxxxxxxxx> Cc: "kleptog@xxxxxxxxx"<kleptog@xxxxxxxxx>, "pgsql-general@xxxxxxxxxxxxxx"<pgsql-general@xxxxxxxxxxxxxx> Subject: Re: [GENERAL] Debian package for freeradius_postgresql module > Dave, weren't you paying attention to the recent discussion? GnuTLS > support will break anything using PQgetSSL, Yes - it was Martijn's implication that we shouldn't be using the API in the way we are that I objected to. In my last email you'll note that I did ask him to provide an equivalent PQgetssl function in his patch to allow us to work with GnuTls in the same way that we do with OpenSSL. Regards, Dave -----Unmodified Original Message----- "Dave Page" <dpage@xxxxxxxxxxxxxxxxxx> writes: > From: "Martijn van Oosterhout"<kleptog@xxxxxxxxx> >> Well, you need to be careful here. Just installing GnuTLS support as is >> will break the latest release of psqlODBC, because they do things with >> libpq that it wasn't really designed for. > Err, what? It uses PQsocket & PQgetssl, both of which are official, > supported functions that may be being used by countless other apps for > all we know. Dave, weren't you paying attention to the recent discussion? GnuTLS support will break anything using PQgetSSL, because it can't return an OpenSSL struct if the underlying SSL library is GnuTLS. The current thought is to return NULL, so as not to have apps actually crash by trying to pass a GnuTLS struct to OpenSSL routines, but that isn't going to make psqlODBC *work* in such a situation. You'd need to add code that knows how to work with GnuTLS. Martijn is being a bit disingenuous by giving the impression that acceptance of his patch is a done deal. The compatibility issues are serious enough that it's quite possible we'll reject it. regards, tom lane