| From: | Heikki Linnakangas <heikki(dot)linnakangas(at)iki(dot)fi> |
|---|---|
| To: | pgsql-committers(at)lists(dot)postgresql(dot)org |
| Subject: | pgsql: Send ALPN in TLS handshake, require it in direct SSL connections |
| Date: | 2024-04-08 01:25:40 |
| Message-ID: | E1rtdlT-001387-J3@gemulon.postgresql.org |
| Views: | Raw Message | Whole Thread | Download mbox | Resend email |
| Thread: | |
| Lists: | pgsql-committers |
Send ALPN in TLS handshake, require it in direct SSL connections
libpq now always tries to send ALPN. With the traditional negotiated
SSL connections, the server accepts the ALPN, and refuses the
connection if it's not what we expect, but connecting without ALPN is
still OK. With the new direct SSL connections, ALPN is mandatory.
NOTE: This uses "TBD-pgsql" as the protocol ID. We must register a
proper one with IANA before the release!
Author: Greg Stark, Heikki Linnakangas
Reviewed-by: Matthias van de Meent, Jacob Champion
Branch
------
master
Details
-------
https://git.postgresql.org/pg/commitdiff/91044ae4baeac2e501e34164a69bd5d9c4976d21
Modified Files
--------------
doc/src/sgml/libpq.sgml | 12 +++++
src/backend/libpq/be-secure-openssl.c | 77 ++++++++++++++++++++++++++++++++
src/backend/tcop/backend_startup.c | 8 ++++
src/bin/psql/command.c | 7 ++-
src/include/libpq/libpq-be.h | 1 +
src/include/libpq/pqcomm.h | 19 ++++++++
src/interfaces/libpq/fe-secure-openssl.c | 35 +++++++++++++++
7 files changed, 157 insertions(+), 2 deletions(-)
| From | Date | Subject | |
|---|---|---|---|
| Next Message | Heikki Linnakangas | 2024-04-08 01:34:36 | pgsql: Silence perlcritic warnings in new libpq tests |
| Previous Message | Thomas Munro | 2024-04-08 01:20:20 | pgsql: Use streaming I/O in ANALYZE. |