> On 28 Jan 2021, at 07:06, Michael Paquier <mich...@paquier.xyz> wrote: > On Wed, Jan 27, 2021 at 06:47:17PM +0000, Jacob Champion wrote:
>> Since SSL is an obsolete term, and the choice of OpenSSL vs NSS vs >> [nothing] affects server operation (such as cryptohash) regardless of >> whether or not connection-level TLS is actually used, what would you >> all think about naming this option --with-crypto? I.e. >> >> --with-crypto=openssl >> --with-crypto=nss > > Looking around, curl has multiple switches for each lib with one named > --with-ssl for OpenSSL, but it needs to be able to use multiple > libraries at run time. To be fair, if we started over in curl I would push back on --with-ssl meaning OpenSSL but that ship has long since sailed. > I can spot that libssh2 uses what you are > proposing. It seems to me that --with-ssl is a bit more popular but > not by that much: wget, wayland, some apache stuff (it uses a path as > option value). Anyway, what you are suggesting sounds like a good in > the context of Postgres. Daniel? SSL is admittedly an obsolete technical term, but it's one that enough people have decided is interchangeable with TLS that it's not a hill worth dying on IMHO. Since postgres won't allow for using libnss or OpenSSL for cryptohash *without* compiling SSL/TLS support (used or not), I think --with-ssl=LIB is more descriptive and less confusing. -- Daniel Gustafsson https://vmware.com/
