Greetings, * Michael Paquier (mich...@paquier.xyz) wrote: > On Thu, Dec 17, 2020 at 12:10:22PM -0500, Bruce Momjian wrote: > > Agreed. I think there is serious risk we would do AES in a different > > way than OpenSSL, especially if I did it. ;-) We can add a native AES > > one day if we want, but as stated by Michael Paquier, it has to be > > tested so we are sure it returns exactly the same values as OpenSSL. > > I think that it would be good to put some generalization here, and > look at options that are offered by other SSL libraries, like libnss > so as we don't finish with a design that restricts the use of a given > feature only to OpenSSL.
While I agree with the general idea proposed here, I don't know that we need to push super hard on it to be somehow perfect right now because it simply won't be until we actually add support for another library, and I don't think that's really this patch's responsibility. So, yes, let's lay the groundwork and structure and perhaps spend a bit of time looking at other libraries, but not demand this patch also add support for a second library today, and accept that that means that the structure we put in place may not end up being exactly perfect. Thanks, Stephen
signature.asc
Description: PGP signature
