Re: Experiments with Postgres and SSL

From: Greg Stark <stark(at)mit(dot)edu>
To: Vladimir Sitnikov <sitnikov(dot)vladimir(at)gmail(dot)com>
Cc: Andrey Borodin <amborodin86(at)gmail(dot)com>, PostgreSQL-development <pgsql-hackers(at)postgresql(dot)org>
Subject: Re: Experiments with Postgres and SSL
Date: 2023-03-31 07:14:03
Message-ID: CAM-w4HPL8AJL64gbJZprmN2hKN=k0Vr+HN8U+7mtqjW0AzF+gg@mail.gmail.com
Views: Raw Message | Whole Thread | Download mbox | Resend email
Thread:
Lists: pgsql-hackers

On Mon, 20 Mar 2023 at 16:31, Greg Stark <stark(at)mit(dot)edu> wrote:
>
> Here's a first cut at ALPN support.
>
> Currently it's using a hard coded "Postgres/3.0" protocol

Apparently that is explicitly disrecommended by the IETF folk. They
want something like "TBD" so people don't start using a string until
it's been added to the registry. So I've changed this for now (to
"TBD-pgsql")

Ok, I think this has pretty much everything I was hoping to do.

The one thing I'm not sure of is it seems some codepaths in postmaster
have ereport(COMMERROR) followed by returning an error whereas other
codepaths just have ereport(FATAL). And I don't actually see much
logic in which do which. (I get the principle behind COMMERR it just
seems like it doesn't really match the code).

I realized I had exactly the infrastructure needed to allow pipelining
the SSL ClientHello like Neon wanted to do so I added that too. It's
kind of redundant with direct SSL connections but seems like there may
be reasons to use that instead.

--
greg

Attachment Content-Type Size
v5-0002-Direct-SSL-connections-client-support.patch text/x-patch 7.3 KB
v5-0006-Some-added-docs.patch text/x-patch 3.2 KB
v5-0004-alpn-support.patch text/x-patch 13.2 KB
v5-0005-Allow-pipelining-data-after-ssl-request.patch text/x-patch 3.1 KB
v5-0003-Direct-SSL-connections-documentation.patch text/x-patch 6.1 KB
v5-0001-Direct-SSL-connections-postmaster-support.patch text/x-patch 9.3 KB

In response to

Responses

Browse pgsql-hackers by date

  From Date Subject
Next Message Jeff Davis 2023-03-31 07:36:14 Re: running logical replication as the subscription owner
Previous Message Fujii.Yuki@df.MitsubishiElectric.co.jp 2023-03-31 05:49:21 RE: Partial aggregates pushdown