Quick Links

Re: [PATCH v1] Add ssl_alt_cert_file/ssl_alt_key_file for dual RSA+ECDSA certificate support

From:	Jacob Champion <jacob(dot)champion(at)enterprisedb(dot)com>
To:	Renaud Métrich <rmetrich(at)redhat(dot)com>
Cc:	pgsql-hackers(at)lists(dot)postgresql(dot)org
Subject:	Re: [PATCH v1] Add ssl_alt_cert_file/ssl_alt_key_file for dual RSA+ECDSA certificate support
Date:	2026-06-16 15:17:06
Message-ID:	CAOYmi+=Ww323ceRJWt41NgcAbC_wNxdXux=2UUJa-fT7UTnvQA@mail.gmail.com
Views:	Whole Thread \| Raw Message \| Download mbox \| Resend email
Thread:
Lists:	pgsql-hackers

On Fri, Jun 12, 2026 at 3:05 AM Renaud Métrich <rmetrich(at)redhat(dot)com> wrote:
>
> there is no viable workaround
> — TLS-terminating proxies don't work because PostgreSQL uses an
> in-protocol SSL upgrade rather than raw TLS connections.

(Haven't looked at the patch, but raw TLS connections are possible
since PG17; see sslnegotiation=direct.)

--Jacob

In response to

[PATCH v1] Add ssl_alt_cert_file/ssl_alt_key_file for dual RSA+ECDSA certificate support at 2026-06-12 10:05:24 from Renaud Métrich

Responses

Re: [PATCH v1] Add ssl_alt_cert_file/ssl_alt_key_file for dual RSA+ECDSA certificate support at 2026-06-16 19:49:04 from Renaud Métrich

Browse pgsql-hackers by date

	From	Date	Subject
Next Message	m.litsarev	2026-06-16 15:22:44	Re: Fix warning: ‘startpos’ may be used uninitialized in function ‘results_differ’
Previous Message	Aleksander Alekseev	2026-06-16 15:15:53	Re: Direction for test frameworks: Perl TAP vs. Python/pytest