| From: | Pablo Iranzo Gómez <Pablo(dot)Iranzo(at)redhat(dot)com> |
|---|---|
| To: | pgsql-hackers(at)postgresql(dot)org |
| Subject: | Re: Introducing SNI in TLS handshake for SSL connections |
| Date: | 2018-12-11 14:52:40 |
| Message-ID: | 20181211145240.GL20222@redhat.com |
| Views: | Raw Message | Whole Thread | Download mbox | Resend email |
| Thread: | |
| Lists: | pgsql-hackers |
Hi,
> On 4/24/17 22:26, Florin Asavoaie wrote:
> > If there's nobody against this, I can try to do the patch myself,
> > doesn't look too difficult (I expect it to simply work by
> > calling SSL_set_tlsext_host_name(SSL_context, PQhost(conn))) somewhere
> > in initialize_SSL in fe-secure-openssl.c.
>
> I had to look up what SNI is:
> https://en.wikipedia.org/wiki/Server_Name_Indication
>
> This seems useful.
>
> If you have a patch, please add it here:
> https://commitfest.postgresql.org/14/
>
> --
> Peter Eisentraut http://www.2ndQuadrant.com/
> PostgreSQL Development, 24x7 Support, Remote DBA, Training & Services
I came to this old thread while trying to figure out on how to setup postgres replication behind OpenShift/Kubernetes behind a route (which only forwards 80 or 443 traffic), but could work if SNI is supported on the client using it.
I haven't found any further follow-up on this, but based on the number of posts and questions on many sites on accessing postgres on OpenShift/Kubernetes it could be something good to have supported.
Any further information or plans?
Thanks,
Pablo
--
Pablo Iranzo Gómez (Pablo(dot)Iranzo(at)redhat(dot)com) GnuPG: 0x5BD8E1E4
Senior Software Engineer - Solutions Engineering iranzo @ IRC
RHC{A,SS,DS,VA,E,SA,SP,AOSP}, JBCAA #110-215-852 RHCA Level V
| From | Date | Subject | |
|---|---|---|---|
| Next Message | Tom Lane | 2018-12-11 14:56:54 | Re: Record last password change |
| Previous Message | Tom Lane | 2018-12-11 14:47:38 | Re: Why not represent "never vacuumed" accurately wrt pg_class.relpages? |