Re: BUG #17919: "client hello" message / SNI / Openshift Routes

From: Magnus Hagander <magnus(at)hagander(dot)net>
To: Ronald Van de Kuil <ronald(dot)van(dot)de(dot)kuil(at)nl(dot)ibm(dot)com>
Cc: "pgsql-bugs(at)lists(dot)postgresql(dot)org" <pgsql-bugs(at)lists(dot)postgresql(dot)org>
Subject: Re: BUG #17919: "client hello" message / SNI / Openshift Routes
Date: 2023-05-19 17:18:25
Message-ID: CABUevEyckYOLX4ve0=S6jXEWaAaQGtYG9rwozGSd+4Tei6BfDg@mail.gmail.com
Views: Raw Message | Whole Thread | Download mbox | Resend email
Thread:
Lists: pgsql-bugs

On Mon, May 15, 2023 at 12:47 PM Ronald Van de Kuil
<ronald(dot)van(dot)de(dot)kuil(at)nl(dot)ibm(dot)com> wrote:
>
> Openshift uses haproxy. And I have configured a passthrough route for the postgresql service.
>
> In addition, I have managed to make a tcpdump of connecting to the Postgres instance via oc-port-forward, a CLI utility which is not production grade. However, it gives me a chance to understand the postgresql handshake. There I see a Client Hello, then a Client Hello with a change of Cypher Spec, and then the Server hallo.
>
> On this connection that was established, I see the absence of an "Extension: server_name". I see that in connections that are established to the console of Openshift. I would therefore like to believe that some work needs to be done on the PostgreSQL client to send the SNI.

What version of the client are you using? I would expect the host name
extension to be set in clienthello by default - but it does require
the client libpq to be at least version 14. Maybe you have more than
one version of libpq around, and it's picking up the wrong one? (Note
that it is perfectly possible to have different versions of psql and
libpq, and you need to verify the libpq version specifically).

//Magnus

In response to

Responses

Browse pgsql-bugs by date

  From Date Subject
Next Message Tom Lane 2023-05-19 18:50:05 Re: Clause accidentally pushed down ( Possible bug in Making Vars outer-join aware)
Previous Message sulfinu 2023-05-19 17:03:09 Re: Aggregation results with json(b)_agg and array_agg in a SELECT with OUTER JOIN