On 03.02.22 15:53, Daniel Gustafsson wrote:
I see quite a few valid reasons to want an alternative, a few off the top of my
head include:
- Using trust stores like Keychain on macOS with Secure Transport. There is
AFAIK something similar on Windows and NSS has it's certificate databases.
Especially on client side libpq it would be quite nice to integrate with where
certificates already are rather than rely on files on disks.
- Not having to install OpenSSL, Schannel and Secure Transport would make life
easier for packagers.
Those are good reasons for Schannel and Secure Transport, less so for NSS.
- Simply having an alternative. The OpenSSL projects recent venture into
writing transport protocols have made a lot of people worried over their
bandwidth for fixing and supporting core features.
If we want simply an alternative, we had a GnuTLS variant almost done a
few years ago, but in the end people didn't want it enough. It seems to
be similar now.
