<html><head><meta http-equiv="Content-Type" content="text/html charset=us-ascii"></head><body style="word-wrap: break-word; -webkit-nbsp-mode: space; -webkit-line-break: after-white-space;" class="">Hi,<div class=""><br class=""><div><blockquote type="cite" class=""><div class="">On Jun 15, 2016, at 9:26 AM, Andre LaBranche <<a href="mailto:dre@apple.com" class="">dre@apple.com</a>> wrote:</div><br class="Apple-interchange-newline"><div class=""><div class=""><br class=""><blockquote type="cite" class="">On Jun 14, 2016, at 4:46 AM, Axel Rau <<a href="mailto:Axel.Rau@chaos1.de" class="">Axel.Rau@Chaos1.DE</a>> wrote:<br class=""><br class="">Shall I report a bug for this?<br class=""></blockquote><br class="">Yeah, looks like we don't accept tcps.<br class=""></div></div></blockquote><div><br class=""></div><div>I tried the most naive thing I could think of, since I believe none of the parameters we pass down to pg8000 are TLS-aware - I think it's a negotiation that happens at connect time.</div><div><br class=""></div><div><font face="Monaco" class="">Index: txdav/base/datastore/dbapiclient.py<br class="">===================================================================<br class="">--- txdav/base/datastore/dbapiclient.py<span class="Apple-tab-span" style="white-space:pre"> </span>(revision 15694)<br class="">+++ txdav/base/datastore/dbapiclient.py<span class="Apple-tab-span" style="white-space:pre"> </span>(working copy)<br class="">@@ -218,7 +218,7 @@<br class=""> else:<br class=""> self.port = None<br class=""> self.host = None<br class="">- elif self.endpoint.startswith("tcp:"):<br class="">+ elif self.endpoint.startswith("tcp:") or self.endpoint.startswith("tcps:"):<br class=""> self.unixsocket = None<br class=""> self.host = self.endpoint[4:]<br class=""> if ":" in self.host:</font></div><div><br class=""></div><div>However in trying to test this, I realized that we don't build postgres with SSL support. When I added "--with-openssl" to the PG configure args (in bin/_build.sh), it blows up on me because my OS vendor totally doesn't ship openssl headers, and I'm not trying to solve that right now... but maybe I can get it going via Homebrew. In the mean time, feel free to try the above patch and let me know if it 'just works' :)</div><div><br class=""></div><div>-dre</div></div></div></body></html>