| From: | Daniel Gustafsson <daniel(at)yesql(dot)se> |
|---|---|
| To: | Jacob Champion <jacob(dot)champion(at)enterprisedb(dot)com> |
| Cc: | Michael Paquier <michael(at)paquier(dot)xyz>, Pgsql Hackers <pgsql-hackers(at)lists(dot)postgresql(dot)org> |
| Subject: | Re: Serverside SNI support in libpq |
| Date: | 2025-02-27 13:38:24 |
| Message-ID: | 0BC5B9B1-6503-4563-AAC6-33DEF264AE3F@yesql.se |
| Views: | Raw Message | Whole Thread | Download mbox | Resend email |
| Thread: | |
| Lists: | pgsql-hackers |
> On 24 Feb 2025, at 22:51, Jacob Champion <jacob(dot)champion(at)enterprisedb(dot)com> wrote:
>
> On Wed, Feb 19, 2025 at 3:13 PM Daniel Gustafsson <daniel(at)yesql(dot)se> wrote:
>> Are there any blockers for getting this in?
>
>> + SSL_context = ssl_init_context(isServerStart, host);
>
> I'm still not quite following the rationale behind the SSL_context
> assignment. To maybe illustrate, attached are some tests that I
> expected to pass, but don't.
>
> After adding an additional host and reloading the config, the behavior
> of the original fallback host seems to change. Am I misunderstanding
> the designed fallback behavior, have I misdesigned my test, or is this
> a bug?
Thanks for the tests, they did in fact uncover a bug in how fallback was
handled which is now fixed. In doing so I revamped how the default context
handling is done, it now always use the GUCs in postgresql.conf for
consistency. The attached v6 rebase contains this as well as your tests as
well as general cleanup and comment writing etc.
--
Daniel Gustafsson
| Attachment | Content-Type | Size |
|---|---|---|
| v6-0001-Serverside-SNI-support-for-libpq.patch | application/octet-stream | 50.3 KB |
| From | Date | Subject | |
|---|---|---|---|
| Next Message | Greg Sabino Mullane | 2025-02-27 13:54:56 | Re: Logging which local address was connected to in log_line_prefix |
| Previous Message | Ranier Vilela | 2025-02-27 13:23:31 | Re: Small memory fixes for pg_createsubcriber |