Re: Serverside SNI support in libpq
Daniel Gustafsson <daniel@yesql.se>
From: Daniel Gustafsson <daniel@yesql.se>
To: Michael Paquier <michael@paquier.xyz>,
Jacob Champion <jacob.champion@enterprisedb.com>,
Pgsql Hackers <pgsql-hackers@lists.postgresql.org>
Date: 2025-02-19T23:12:50Z
Lists: pgsql-hackers
Commits
Same data as JSON:
GET /api/v1/messages/:b64id/commits
the thread's linked commits as JSON, with link sources.
API reference →
-
ssl: Serverside SNI support for libpq
- 4f433025f666 19 (unreleased) landed
-
ssl: Add tests for client CA
- 25e568ba7ce7 19 (unreleased) landed
Attachments
- v5-0001-Serverside-SNI-support-for-libpq.patch (application/octet-stream) patch v5-0001
Attached is a rebase which fixes a few smaller things (and a pgperltidy run); and adds a paragraph to the docs about how HBA clientname settings can't be made per certificate set in an SNI config. As discussed with Jacob offlist, there might be a case for supporting that but it will be a niche usecase within a niche feature, so rather than complicating the code for something which might never be used, it's likely better to document it and await feedback. Are there any blockers for getting this in? -- Daniel Gustafsson