Re: Introducing SNI in TLS handshake for SSL connections

From: Pablo Iranzo Gómez <Pablo(dot)Iranzo(at)redhat(dot)com>
To: pgsql-hackers(at)postgresql(dot)org
Subject: Re: Introducing SNI in TLS handshake for SSL connections
Date: 2018-12-11 14:52:40
Message-ID: 20181211145240.GL20222@redhat.com
Views: Raw Message | Whole Thread | Download mbox
Thread:
Lists: pgsql-hackers

Hi,

> On 4/24/17 22:26, Florin Asavoaie wrote:
> > If there's nobody against this, I can try to do the patch myself,
> > doesn't look too difficult (I expect it to simply work by
> > calling SSL_set_tlsext_host_name(SSL_context, PQhost(conn))) somewhere
> > in initialize_SSL in fe-secure-openssl.c.
>
> I had to look up what SNI is:
> https://en.wikipedia.org/wiki/Server_Name_Indication
>
> This seems useful.
>
> If you have a patch, please add it here:
> https://commitfest.postgresql.org/14/
>
> --
> Peter Eisentraut http://www.2ndQuadrant.com/
> PostgreSQL Development, 24x7 Support, Remote DBA, Training & Services

I came to this old thread while trying to figure out on how to setup postgres replication behind OpenShift/Kubernetes behind a route (which only forwards 80 or 443 traffic), but could work if SNI is supported on the client using it.

I haven't found any further follow-up on this, but based on the number of posts and questions on many sites on accessing postgres on OpenShift/Kubernetes it could be something good to have supported.

Any further information or plans?

Thanks,
Pablo

--

Pablo Iranzo Gómez (Pablo(dot)Iranzo(at)redhat(dot)com) GnuPG: 0x5BD8E1E4
Senior Software Engineer - Solutions Engineering iranzo @ IRC
RHC{A,SS,DS,VA,E,SA,SP,AOSP}, JBCAA #110-215-852 RHCA Level V

Blog: https://iranzo.github.io https://citellus.org

Responses

Browse pgsql-hackers by date

  From Date Subject
Next Message Tom Lane 2018-12-11 14:56:54 Re: Record last password change
Previous Message Tom Lane 2018-12-11 14:47:38 Re: Why not represent "never vacuumed" accurately wrt pg_class.relpages?