Re: Serverside SNI support in libpq
Daniel Gustafsson <daniel@yesql.se>
From: Daniel Gustafsson <daniel@yesql.se>
To: Jacob Champion <jacob.champion@enterprisedb.com>
Cc: Michael Paquier <michael@paquier.xyz>,
Andres Freund <andres@anarazel.de>,
Pgsql Hackers <pgsql-hackers@lists.postgresql.org>
Date: 2025-11-24T14:53:31Z
Lists: pgsql-hackers
Commits
Same data as JSON:
GET /api/v1/messages/:b64id/commits
the thread's linked commits as JSON, with link sources.
API reference →
-
ssl: Serverside SNI support for libpq
- 4f433025f666 19 (unreleased) landed
-
ssl: Add tests for client CA
- 25e568ba7ce7 19 (unreleased) landed
Attachments
- v10-0001-Serverside-SNI-support-for-libpq.patch (application/octet-stream) patch v10-0001
> On 12 Nov 2025, at 23:44, Jacob Champion <jacob.champion@enterprisedb.com> wrote: > Did you have any thoughts on my earlier review [2]? The test patch > attached there still fails on my machine with v9. The attached incorporates your tests, fixes them to make them pass. The culprit seemed to be a combination of a bug in the code (the verify callback need to be defined in the default context even if there is no CA for it to be called in an SNI setting because OpenSSL), and that the tests were matching backend errors against frontend messages. The other comments from your review are also addressed, as well as additional cleanup and improved error handling. -- Daniel Gustafsson