| From: | Daniel Gustafsson <daniel(at)yesql(dot)se> |
|---|---|
| To: | Jacob Champion <jacob(dot)champion(at)enterprisedb(dot)com> |
| Cc: | Pgsql Hackers <pgsql-hackers(at)lists(dot)postgresql(dot)org> |
| Subject: | Re: Serverside SNI support in libpq |
| Date: | 2024-12-03 13:58:01 |
| Message-ID: | 88986722-5A72-4DEC-8750-BDBF67FF8C01@yesql.se |
| Views: | Raw Message | Whole Thread | Download mbox | Resend email |
| Thread: | |
| Lists: | pgsql-hackers |
> On 25 Jul 2024, at 19:51, Jacob Champion <jacob(dot)champion(at)enterprisedb(dot)com> wrote:
The attached rebased version adds proper list reset, a couple of bugfixes
around cert loading and the ability to set ssl_passhprase_command (and reload)
in the hosts file.
> Matt Caswell appears to be convinced that SSL_set_SSL_CTX() is
> fundamentally broken. So it might just be FUD, but I'm wondering if we
> should instead be using the SSL_ flavors of the API to reassign the
> certificate chain on the SSL pointer directly, inside the callback,
> instead of trying to set them indirectly via the SSL_CTX_ API.
Maybe, but I would feel better about changing if I can could reproduce the
issues (see below).
> Have you seen any weird behavior like this on your end? I'm starting
> to doubt my test setup...
I've not been able to reproduce any behaviour like what you describe.
> On the plus side, I now have a handful of
> debugging patches for a future commitfest.
Do you have them handy for running tests on this version?
--
Daniel Gustafsson
| Attachment | Content-Type | Size |
|---|---|---|
| v2-0001-Serverside-SNI-support-for-libpq.patch | application/octet-stream | 43.2 KB |
| From | Date | Subject | |
|---|---|---|---|
| Next Message | Daniel Gustafsson | 2024-12-03 13:59:25 | Re: Replace current implementations in crypt() and gen_salt() to OpenSSL |
| Previous Message | Alvaro Herrera | 2024-12-03 13:45:22 | Re: Memory leak in WAL sender with pgoutput (v10~) |