| From: | Jacob Champion <pchampion(at)vmware(dot)com> |
|---|---|
| To: | "peter(dot)eisentraut(at)enterprisedb(dot)com" <peter(dot)eisentraut(at)enterprisedb(dot)com>, "pgsql-hackers(at)postgresql(dot)org" <pgsql-hackers(at)postgresql(dot)org> |
| Subject: | Re: SSL SNI |
| Date: | 2021-02-25 18:36:22 |
| Message-ID: | ecb6a57d176a396feb959fbb0c53b3c794e8d8e5.camel@vmware.com |
| Views: | Raw Message | Whole Thread | Download mbox | Resend email |
| Thread: | |
| Lists: | pgsql-hackers |
On Thu, 2021-02-25 at 17:00 +0100, Peter Eisentraut wrote:
> Just as additional data points, it has come to my attention that both
> the Go driver ("lib/pq") and the JDBC environment already send SNI
> automatically. (In the case of JDBC this is done by the Java system
> libraries, not the JDBC driver implementation.)
For the Go case it's only for sslmode=verify-full, and only because the
Go standard library implementation does it for you automatically if you
request the builtin server hostname validation. (I checked both lib/pq
and its de facto replacement, jackc/pgx.) So it may not be something
that was done on purpose by the driver implementation.
--Jacob
| From | Date | Subject | |
|---|---|---|---|
| Next Message | Paul Martinez | 2021-02-25 20:22:58 | Re: [PATCH] Note effect of max_replication_slots on subscriber side in documentation. |
| Previous Message | Álvaro Herrera | 2021-02-25 17:48:51 | Re: libpq debug log |