Re: SSL SNI - Mailing list pgsql-hackers

From Peter Eisentraut
Subject Re: SSL SNI
Date
Msg-id 4eaa2b56-c3d0-67b6-4716-010d001c7601@enterprisedb.com
Whole thread Raw
In response to SSL SNI  (Peter Eisentraut <peter.eisentraut@enterprisedb.com>)
Responses Re: SSL SNI
List pgsql-hackers
On 25.02.21 19:36, Jacob Champion wrote:
> On Thu, 2021-02-25 at 17:00 +0100, Peter Eisentraut wrote:
>> Just as additional data points, it has come to my attention that both
>> the Go driver ("lib/pq") and the JDBC environment already send SNI
>> automatically.  (In the case of JDBC this is done by the Java system
>> libraries, not the JDBC driver implementation.)
> 
> For the Go case it's only for sslmode=verify-full, and only because the
> Go standard library implementation does it for you automatically if you
> request the builtin server hostname validation. (I checked both lib/pq
> and its de facto replacement, jackc/pgx.) So it may not be something
> that was done on purpose by the driver implementation.

Here is a new patch with an option to turn it off, and some 
documentation added.



Attachment

pgsql-hackers by date:

Previous
From: Amit Kapila
Date:
Subject: Re: Parallel INSERT (INTO ... SELECT ...)
Next
From: Ajin Cherian
Date:
Subject: Re: [HACKERS] logical decoding of two-phase transactions