Re: Re: Serverside SNI support in libpq

Dewei Dai <daidewei1970@163.com>

From: "Dewei Dai" <daidewei1970@163.com>
To: "Daniel Gustafsson" <daniel@yesql.se>, li.evan.chao <li.evan.chao@gmail.com>
Cc: "Jacob Champion" <jacob.champion@enterprisedb.com>, "Michael Paquier" <michael@paquier.xyz>, "Andres Freund" <andres@anarazel.de>, "Pgsql Hackers" <pgsql-hackers@lists.postgresql.org>
Date: 2025-11-26T09:14:52Z
Lists: pgsql-hackers

Commits

Same data as JSON: GET /api/v1/messages/:b64id/commits the thread's linked commits as JSON, with link sources. API reference →
  1. ssl: Serverside SNI support for libpq

  2. ssl: Add tests for client CA

Hi Daniel,
   I just reviewed the v11 patch and got a few comments:

1  - commit message
```This adds support for serverside SNI such that certficate/key handling
```
Typo: certficate ->  certificate 

2  -be-secure-openssl.c
```* host/snimode match, but we need something to drive the hand- shake till
```
Typo: hand- shake ->handshake

3 - be-secure-openssl.c
```
errhint("In strict ssl_snimode there need to be at least one entry in pg_hosts.conf."));
there needs to be
```
Typo: There need to be  -> there needs to be

4 - src/backend/makefile
   It is recommended to delete pg_hosts.conf.sample during the `make uninstall`  command

5  - be-secure-openssl.c
```
be_tls_destroy(void)
 {
+ ListCell   *cell;
+
+ foreach(cell, contexts)
+ {
+ HostContext *host_context = lfirst(cell);
+
+ SSL_CTX_free(host_context->context);
+ pfree(host_context);
+ }
`````
In the `be_tls_destroy` function, the context is released, but it is not set to null. 
         This is similar to the `free_context` function, and it seems that it can be called directly.

 Best regards


daidewei1970@163.com