Re: Serverside SNI support in libpq

Daniel Gustafsson <daniel@yesql.se>

From: Daniel Gustafsson <daniel@yesql.se>
To: Dewei Dai <daidewei1970@163.com>
Cc: "li.evan.chao" <li.evan.chao@gmail.com>, Jacob Champion <jacob.champion@enterprisedb.com>, Michael Paquier <michael@paquier.xyz>, Andres Freund <andres@anarazel.de>, Pgsql Hackers <pgsql-hackers@lists.postgresql.org>
Date: 2025-11-26T14:33:07Z
Lists: pgsql-hackers

Commits

Same data as JSON: GET /api/v1/messages/:b64id/commits the thread's linked commits as JSON, with link sources. API reference →
  1. ssl: Serverside SNI support for libpq

  2. ssl: Add tests for client CA

Attachments

> On 26 Nov 2025, at 10:14, Dewei Dai <daidewei1970@163.com> wrote:
> 
> Hi Daniel,
>    I just reviewed the v11 patch and got a few comments:

Thanks!

> Typo: certficate ->  certificate 

Fixed.

> Typo: hand- shake ->handshake

Fixed.

> Typo: There need to be  -> there needs to be

AFAIK "need to be" is the correct spelling for referring to a singular thing,
and "needs to be" is correct for plural.  I've been thinking about this in a
singular context but maybe "needs to be" is the right wording since the hint is
"at least one".  Changed to "needs to be" just in case.

>    It is recommended to delete pg_hosts.conf.sample during the `make uninstall`  command

Nice catch, fixed.

> In the `be_tls_destroy` function, the context is released, but it is not set to null. 
>          This is similar to the `free_context` function, and it seems that it can be called directly.

That's a good point, be_tls_destroy can just call free_contexts directly and
save some code while making sure it's consistent.  Fixed.

--
Daniel Gustafsson