Re: Serverside SNI support in libpq
Daniel Gustafsson <daniel@yesql.se>
From: Daniel Gustafsson <daniel@yesql.se>
To: Jacob Champion <jacob.champion@enterprisedb.com>
Cc: Pgsql Hackers <pgsql-hackers@lists.postgresql.org>
Date: 2024-12-03T13:58:01Z
Lists: pgsql-hackers
Commits
Same data as JSON:
GET /api/v1/messages/:b64id/commits
the thread's linked commits as JSON, with link sources.
API reference →
-
ssl: Serverside SNI support for libpq
- 4f433025f666 19 (unreleased) landed
-
ssl: Add tests for client CA
- 25e568ba7ce7 19 (unreleased) landed
Attachments
- v2-0001-Serverside-SNI-support-for-libpq.patch (application/octet-stream) patch v2-0001
> On 25 Jul 2024, at 19:51, Jacob Champion <jacob.champion@enterprisedb.com> wrote: The attached rebased version adds proper list reset, a couple of bugfixes around cert loading and the ability to set ssl_passhprase_command (and reload) in the hosts file. > Matt Caswell appears to be convinced that SSL_set_SSL_CTX() is > fundamentally broken. So it might just be FUD, but I'm wondering if we > should instead be using the SSL_ flavors of the API to reassign the > certificate chain on the SSL pointer directly, inside the callback, > instead of trying to set them indirectly via the SSL_CTX_ API. Maybe, but I would feel better about changing if I can could reproduce the issues (see below). > Have you seen any weird behavior like this on your end? I'm starting > to doubt my test setup... I've not been able to reproduce any behaviour like what you describe. > On the plus side, I now have a handful of > debugging patches for a future commitfest. Do you have them handy for running tests on this version? -- Daniel Gustafsson