| From: | Magnus Hagander <magnus(at)hagander(dot)net> |
|---|---|
| To: | Peter Eisentraut <peter(dot)eisentraut(at)enterprisedb(dot)com> |
| Cc: | Greg Stark <stark(at)mit(dot)edu>, Matthias van de Meent <boekewurm+postgres(at)gmail(dot)com>, pgsql-hackers <pgsql-hackers(at)postgresql(dot)org> |
| Subject: | Re: SSL SNI |
| Date: | 2021-03-18 08:48:57 |
| Message-ID: | CABUevEyHcOR4PNr4kmwSLJW4w+dupgBddFnr9THV0ys9uHbEtA@mail.gmail.com |
| Views: | Raw Message | Whole Thread | Download mbox | Resend email |
| Thread: | |
| Lists: | pgsql-hackers |
On Thu, Mar 18, 2021 at 9:31 AM Peter Eisentraut
<peter(dot)eisentraut(at)enterprisedb(dot)com> wrote:
>
> On 26.02.21 23:27, Greg Stark wrote:
> >> Do you mean the IPv6 detection code is not correct? What is the problem?
> >
> > This bit, will recognize ipv4 addresses but not ipv6 addresses:
> >
> > + /*
> > + * Set Server Name Indication (SNI), but not if it's a literal IP address.
> > + * (RFC 6066)
> > + */
> > + if (!(strspn(conn->pghost, "0123456789.") == strlen(conn->pghost) ||
> > + strchr(conn->pghost, ':')))
> > + {
>
> The colon should recognize an IPv6 address, unless I'm not thinking
> straight.
Yeah, it should.
One could argue you should also check that it's got only valid ipv6
characters in it, but since the colon isn't allowed in a hostname this
shouldn't be a problem. (And we cannot have a <host>:<port> stored in
conn->pghost).
My guess is Greg missed the second part of it that checks for a colon
-- so maybe expand on that a bit in the comment, and on the fact that
we already know the port can't be part of it.
--
Magnus Hagander
Me: https://www.hagander.net/
Work: https://www.redpill-linpro.com/
| From | Date | Subject | |
|---|---|---|---|
| Next Message | tsunakawa.takay@fujitsu.com | 2021-03-18 08:51:02 | RE: libpq debug log |
| Previous Message | Andres Freund | 2021-03-18 08:47:20 | Re: shared-memory based stats collector |