| From: | Peter Eisentraut <peter(dot)eisentraut(at)enterprisedb(dot)com> |
|---|---|
| To: | "pgsql-hackers(at)postgresql(dot)org" <pgsql-hackers(at)postgresql(dot)org> |
| Subject: | Re: SSL SNI |
| Date: | 2021-04-07 13:32:55 |
| Message-ID: | 4bf3ae1c-b28e-8960-e89f-c390c5cf01a2@enterprisedb.com |
| Views: | Raw Message | Whole Thread | Download mbox | Resend email |
| Thread: | |
| Lists: | pgsql-hackers |
On 18.03.21 12:27, Peter Eisentraut wrote:
> On 25.02.21 19:36, Jacob Champion wrote:
>> On Thu, 2021-02-25 at 17:00 +0100, Peter Eisentraut wrote:
>>> Just as additional data points, it has come to my attention that both
>>> the Go driver ("lib/pq") and the JDBC environment already send SNI
>>> automatically. (In the case of JDBC this is done by the Java system
>>> libraries, not the JDBC driver implementation.)
>>
>> For the Go case it's only for sslmode=verify-full, and only because the
>> Go standard library implementation does it for you automatically if you
>> request the builtin server hostname validation. (I checked both lib/pq
>> and its de facto replacement, jackc/pgx.) So it may not be something
>> that was done on purpose by the driver implementation.
>
> Here is a new patch with an option to turn it off, and some
> documentation added.
Committed like that. (Default to on, but it's easy to change if there
are any further thoughts.)
| From | Date | Subject | |
|---|---|---|---|
| Next Message | Peter Eisentraut | 2021-04-07 13:35:56 | Re: Increase value of OUTER_VAR |
| Previous Message | Bharath Rupireddy | 2021-04-07 13:25:04 | Re: Why is specifying oids = false multiple times in create table is silently ignored? |