Re: Serverside SNI support in libpq

Daniel Gustafsson <daniel@yesql.se>

From: Daniel Gustafsson <daniel@yesql.se>
To: Michael Paquier <michael@paquier.xyz>
Cc: Andres Freund <andres@anarazel.de>, Jacob Champion <jacob.champion@enterprisedb.com>, Pgsql Hackers <pgsql-hackers@lists.postgresql.org>
Date: 2025-09-02T12:48:43Z
Lists: pgsql-hackers

Commits

Same data as JSON: GET /api/v1/messages/:b64id/commits the thread's linked commits as JSON, with link sources. API reference →
  1. ssl: Serverside SNI support for libpq

  2. ssl: Add tests for client CA

> On 1 Sep 2025, at 03:58, Michael Paquier <michael@paquier.xyz> wrote:
> 
> On Wed, Aug 27, 2025 at 09:49:34PM +0200, Daniel Gustafsson wrote:
>> When looking into why the SNI tests failed on Windows I think I found a
>> pre-existing issue that we didn't have tests for, which my patch added tests
>> for and thus broke.
>> 
>> The test I added was to check restarting and reloading with ssl passphrase
>> commands (which we do have testcoverage for) with a subsequent connection test
>> to ensure it didn't just work to start the cluster.
> 
> Would this part be better if extracted from the main patch and then
> backpatched?  Even if not backpatched, a split would be cleaner on
> HEAD, I assume, leading to less fuzz with the main patch.

Yes, that's my plan, just wanted to float it here first to see if I was
thinking about it all wrong.  I will raise it on its own thread on -hackers.
The backpatchable portion is probably limited to a docs entry clarifying the
behaviour on Windows.

--
Daniel Gustafsson