Re: Direct SSL connection with ALPN and HBA rules
Michael Paquier <michael@paquier.xyz>
From: Michael Paquier <michael@paquier.xyz>
To: Heikki Linnakangas <hlinnaka@iki.fi>
Cc: Jacob Champion <jacob.champion@enterprisedb.com>, Postgres hackers <pgsql-hackers@lists.postgresql.org>
Date: 2024-04-29T12:07:58Z
Lists: pgsql-hackers
On Mon, Apr 29, 2024 at 12:43:18PM +0300, Heikki Linnakangas wrote: > If a caller wants to distinguish between "libpq or the SSL library doesn't > support ALPN at all" from "the server didn't support ALPN", you can tell > from whether PQsslAttribute returns NULL or an empty string. So I think an > empty string is better. Thanks. I would also have used an empty string to differenciate these two cases. -- Michael
Commits
-
Remove option to fall back from direct to postgres SSL negotiation
- fb5718f35ff6 17.0 landed
-
Reject SSL connection if ALPN is used but there's no common protocol
- 17a834a04d5a 17.0 landed
-
libpq: Enforce ALPN in direct SSL connections
- 03a0e0d4bb78 17.0 landed
-
libpq: If ALPN is not used, make PQsslAttribute(conn, "alpn") == ""
- 3c184092651b 17.0 landed
-
Fix documentation and comments on what happens after GSS rejection
- 5c9f35fc48ea 17.0 landed
-
doc: Add note to prevent server spoofing with SCRAM
- d0f4824a5410 16.0 cited