Re: Direct SSL connection with ALPN and HBA rules
Jacob Champion <jacob.champion@enterprisedb.com>
From: Jacob Champion <jacob.champion@enterprisedb.com>
To: Heikki Linnakangas <hlinnaka@iki.fi>
Cc: Michael Paquier <michael@paquier.xyz>, Postgres hackers <pgsql-hackers@lists.postgresql.org>
Date: 2024-04-29T18:51:54Z
Lists: pgsql-hackers
On Mon, Apr 29, 2024 at 11:43 AM Heikki Linnakangas <hlinnaka@iki.fi> wrote: > Note that if the client does not request ALPN at all, the callback is > not called, and the connection is accepted. Old clients still work > because they do not request ALPN. Ugh, sorry for the noise -- I couldn't figure out why all my old clients were failing and then realized it was because I'd left some test code in place for the OpenSSL bug. I'll rebuild everything and keep reviewing. --Jacob
Commits
-
Remove option to fall back from direct to postgres SSL negotiation
- fb5718f35ff6 17.0 landed
-
Reject SSL connection if ALPN is used but there's no common protocol
- 17a834a04d5a 17.0 landed
-
libpq: Enforce ALPN in direct SSL connections
- 03a0e0d4bb78 17.0 landed
-
libpq: If ALPN is not used, make PQsslAttribute(conn, "alpn") == ""
- 3c184092651b 17.0 landed
-
Fix documentation and comments on what happens after GSS rejection
- 5c9f35fc48ea 17.0 landed
-
doc: Add note to prevent server spoofing with SCRAM
- d0f4824a5410 16.0 cited