+++ Andreas Karlsson [11/12/18 18:18 +0100]:
On 12/11/18 3:52 PM, Pablo Iranzo Gómez wrote:> I came to this old thread while trying to figure out on how to setuppostgres replication behind OpenShift/Kubernetes behind a route (which only forwards 80 or 443 traffic), but could work if SNI is supported on the client using it.I haven't found any further follow-up on this, but based on the number of posts and questions on many sites on accessing postgres on OpenShift/Kubernetes it could be something good to have supported.Any further information or plans?I am pretty sure nobody is working on this.It seems like it would be easy to implement (basically just call SSL_set_tlsext_host_name() with the right hostname) with the only issue being that we may need to add a new connection string parameter[1] because I doubt all users would want SNI enabled by default since PostgreSQL itself cannot do anything useful with the hostname, only some kind of TLS proxy can. Hopefully there wont be much bike shedding about the new connection parameter. :)Feel free to write a patch if you have the time and submit it to the next commitfest[2] for review.
Unfortunately I do not consider myself a coder, so if there is any way to 'list' this as a 'nice to have' thing so that someone can take the task and move it forward. Thanks, Pablo
Notes: 1. List of current options: https://www.postgresql.org/docs/current/libpq-connect.html#LIBPQ-PARAMKEYWORDS 2. https://wiki.postgresql.org/wiki/CommitFest Andreas
--
Pablo Iranzo Gómez (pablo.ira...@redhat.com) GnuPG: 0x5BD8E1E4
Senior Software Engineer - Solutions Engineering iranzo @ IRC
RHC{A,SS,DS,VA,E,SA,SP,AOSP}, JBCAA #110-215-852 RHCA Level V
Blog: https://iranzo.github.io https://citellus.org
signature.asc
Description: PGP signature
