Re: Serverside SNI support in libpq

Tom Lane <tgl@sss.pgh.pa.us>

From: Tom Lane <tgl@sss.pgh.pa.us>
To: Daniel Gustafsson <daniel@yesql.se>
Cc: Jacob Champion <jacob.champion@enterprisedb.com>, Zsolt Parragi <zsolt.parragi@percona.com>, Jelte Fennema-Nio <postgres@jeltef.nl>, Heikki Linnakangas <hlinnaka@iki.fi>, Dewei Dai <daidewei1970@163.com>, "li.evan.chao" <li.evan.chao@gmail.com>, Michael Paquier <michael@paquier.xyz>, Andres Freund <andres@anarazel.de>, Pgsql Hackers <pgsql-hackers@lists.postgresql.org>
Date: 2026-03-18T18:39:10Z
Lists: pgsql-hackers
Daniel Gustafsson <daniel@yesql.se> writes:
> I've done more testing now and I can only reproduce this with downgraded
> versions of OpenSSL 1.1.1, when running the latest 1.1.1x the error goes away
> and the error is reported as expected.  Can you try to upgrade your machine,
> which I assume isn't running bleeding edge 1.1.1 by the sounds of it.

Nope, it was still on 1.1.1a.  I've now updated it to 3.0.19,
which appears to be the oldest available-to-the-public supported
version.  I doubt that continuing to test 1.1.1-anything is really
useful.

... and longfin is now green.

			regards, tom lane



Commits

Same data as JSON: GET /api/v1/messages/:b64id/commits the thread's linked commits as JSON, with link sources. API reference →
  1. Declare load_hosts() as returning HostsFileLoadResult.

  2. ssl: Skip passphrase reload tests in EXEC_BACKEND builds

  3. ssl: Serverside SNI support for libpq

  4. ssl: Add tests for client CA