| From: | Jelte Fennema-Nio <postgres(at)jeltef(dot)nl> |
|---|---|
| To: | Heikki Linnakangas <hlinnaka(at)iki(dot)fi> |
| Cc: | Daniel Gustafsson <daniel(at)yesql(dot)se>, Dewei Dai <daidewei1970(at)163(dot)com>, "li(dot)evan(dot)chao" <li(dot)evan(dot)chao(at)gmail(dot)com>, Jacob Champion <jacob(dot)champion(at)enterprisedb(dot)com>, Michael Paquier <michael(at)paquier(dot)xyz>, Andres Freund <andres(at)anarazel(dot)de>, Pgsql Hackers <pgsql-hackers(at)lists(dot)postgresql(dot)org> |
| Subject: | Re: Serverside SNI support in libpq |
| Date: | 2025-12-03 21:27:43 |
| Message-ID: | CAGECzQTWH-bzHcdPo=i09TL_P6_HBBNEkBmr+rpN_J9zVfR2Fw@mail.gmail.com |
| Views: | Whole Thread | Raw Message | Download mbox | Resend email |
| Thread: | |
| Lists: | pgsql-hackers |
On Wed, 3 Dec 2025 at 17:57, Heikki Linnakangas <hlinnaka(at)iki(dot)fi> wrote:
> > I really want to make it possible for anyone who don't want SNI to keep using
> > postgresql.conf and get the exact behavior they've always had. Do you agree
> > with that design goal?
>
> Yeah, that's fair.
What if we make it so that if a pg_hosts.conf file exists, then the
ssl_cert_file/ssl_key_file configs are ignored? And by default initdb
would not create a file (or it would, but with the same default
settings that we have now). Then we don't need the new GUC. Basically
it would be:
1. If the file does not exist, use the "off" behaviour
2. If the file exists, use the "strict" behaviour
| From | Date | Subject | |
|---|---|---|---|
| Next Message | Greg Burd | 2025-12-03 22:06:06 | Re: Expanding HOT updates for expression and partial indexes |
| Previous Message | Peter Geoghegan | 2025-12-03 21:10:44 | Re: Removing BTScanPosUnpinIfPinned idiom from nbtree, simplifying mark/restore support |