Re: Serverside SNI support in libpq
Daniel Gustafsson <daniel@yesql.se>
From: Daniel Gustafsson <daniel@yesql.se>
To: Tom Lane <tgl@sss.pgh.pa.us>
Cc: Jacob Champion <jacob.champion@enterprisedb.com>,
Zsolt Parragi <zsolt.parragi@percona.com>,
Jelte Fennema-Nio <postgres@jeltef.nl>,
Heikki Linnakangas <hlinnaka@iki.fi>,
Dewei Dai <daidewei1970@163.com>,
"li.evan.chao" <li.evan.chao@gmail.com>,
Michael Paquier <michael@paquier.xyz>,
Andres Freund <andres@anarazel.de>,
Pgsql Hackers <pgsql-hackers@lists.postgresql.org>
Date: 2026-03-18T17:09:22Z
Lists: pgsql-hackers
> On 18 Mar 2026, at 16:35, Tom Lane <tgl@sss.pgh.pa.us> wrote: > > Daniel Gustafsson <daniel@yesql.se> writes: >> On 18 Mar 2026, at 15:33, Tom Lane <tgl@sss.pgh.pa.us> wrote: >>> IIRC longfin is using some fairly old hand-built openssl installation. > >> Thanks for confirming, that matches with my local repro which required building >> 1.1.1 on macOS. Did you build with Apple clang or a a stock clang/gcc? > > It's been awhile, but I can't imagine that I didn't use Apple's > compiler of the time. [ Checks longfin's host... ] The files > in that openssl tree are all dated Nov 20 2018, so it's probably > due for a refresh in any case. I've done more testing now and I can only reproduce this with downgraded versions of OpenSSL 1.1.1, when running the latest 1.1.1x the error goes away and the error is reported as expected. Can you try to upgrade your machine, which I assume isn't running bleeding edge 1.1.1 by the sounds of it. -- Daniel Gustafsson
Commits
Same data as JSON:
GET /api/v1/messages/:b64id/commits
the thread's linked commits as JSON, with link sources.
API reference →
-
Declare load_hosts() as returning HostsFileLoadResult.
- 93da29736649 19 (unreleased) landed
-
ssl: Skip passphrase reload tests in EXEC_BACKEND builds
- e87ab5049deb 19 (unreleased) landed
-
ssl: Serverside SNI support for libpq
- 4f433025f666 19 (unreleased) landed
-
ssl: Add tests for client CA
- 25e568ba7ce7 19 (unreleased) landed