On 18.03.21 12:27, Peter Eisentraut wrote:
On 25.02.21 19:36, Jacob Champion wrote:
On Thu, 2021-02-25 at 17:00 +0100, Peter Eisentraut wrote:
Just as additional data points, it has come to my attention that both
the Go driver ("lib/pq") and the JDBC environment already send SNI
automatically. (In the case of JDBC this is done by the Java system
libraries, not the JDBC driver implementation.)
For the Go case it's only for sslmode=verify-full, and only because the
Go standard library implementation does it for you automatically if you
request the builtin server hostname validation. (I checked both lib/pq
and its de facto replacement, jackc/pgx.) So it may not be something
that was done on purpose by the driver implementation.
Here is a new patch with an option to turn it off, and some
documentation added.
Committed like that. (Default to on, but it's easy to change if there
are any further thoughts.)
