| From: | Peter Eisentraut <peter(dot)eisentraut(at)enterprisedb(dot)com> |
|---|---|
| To: | Matthias van de Meent <boekewurm+postgres(at)gmail(dot)com> |
| Cc: | pgsql-hackers <pgsql-hackers(at)postgresql(dot)org> |
| Subject: | Re: SSL SNI |
| Date: | 2021-02-25 15:58:28 |
| Message-ID: | be696d28-36e8-739b-04a9-48f1c374d6a8@enterprisedb.com |
| Views: | Raw Message | Whole Thread | Download mbox | Resend email |
| Thread: | |
| Lists: | pgsql-hackers |
On 15.02.21 15:28, Matthias van de Meent wrote:
> + /*
> + * Set Server Name Indication (SNI), but not if it's a literal IP address.
> + * (RFC 6066)
> + */
> + if (!((conn->pghost[0] >= '0' && conn->pghost[0] <= '9') ||
> strchr(conn->pghost, ':')))
>
> '1one.example.com' is a valid hostname, but would fail this trivial
> test, and thus would not have SNI enabled on its connection.
Here is an updated patch that fixes this. If there are other ideas for
how to tell apart literal IP addresses from host names that are less ad
hoc, I would welcome them.
| Attachment | Content-Type | Size |
|---|---|---|
| v2-0001-Set-SNI-for-SSL-connections-from-the-client.patch | text/plain | 1.5 KB |
| From | Date | Subject | |
|---|---|---|---|
| Next Message | Peter Eisentraut | 2021-02-25 16:00:25 | Re: SSL SNI |
| Previous Message | Peter Eisentraut | 2021-02-25 15:37:02 | Re: cursor sensitivity misunderstanding |