On 08.06.21 08:54, Michael Paquier wrote:
On Mon, Jun 07, 2021 at 11:34:24AM -0400, Tom Lane wrote:
Yeah, I'd include the empty-string test just because it's standard
practice in this area of libpq. Whether those tests are actually
triggerable in every case is obscure, but ...
Checking after
On Mon, Jun 07, 2021 at 11:34:24AM -0400, Tom Lane wrote:
> Yeah, I'd include the empty-string test just because it's standard
> practice in this area of libpq. Whether those tests are actually
> triggerable in every case is obscure, but ...
Checking after a NULL string and an empty one is more l
Peter Eisentraut writes:
> Patch attached. Empty host string was handled implicitly by the IP
> detection expression, but I added an explicit check for sanity. (I
> wasn't actually able to get an empty string to this point, but it's
> clearly better to be prepared for it.)
Yeah, I'd include
On 03.06.21 20:14, Tom Lane wrote:
I wrote:
It looks like the immediate problem can be resolved by just adding
a check for conn->pghost not being NULL,
... scratch that. There's another problem here, which is that this
code should not be looking at conn->pghost AT ALL. That will do the
wrong
I wrote:
> It looks like the immediate problem can be resolved by just adding
> a check for conn->pghost not being NULL,
... scratch that. There's another problem here, which is that this
code should not be looking at conn->pghost AT ALL. That will do the
wrong thing with a multi-element host li
I wrote:
> Jacob Champion writes:
>> It looks like this code needs some guards for a NULL conn->pghost. For
>> example when running
>> psql 'dbname=postgres sslmode=require hostaddr=127.0.0.1'
>> with no PGHOST in the environment, psql is currently segfaulting for
>> me.
> Duplicated here:
It l
Jacob Champion writes:
> It looks like this code needs some guards for a NULL conn->pghost. For
> example when running
> psql 'dbname=postgres sslmode=require hostaddr=127.0.0.1'
> with no PGHOST in the environment, psql is currently segfaulting for
> me.
Duplicated here:
Program terminated
On Wed, 2021-04-07 at 15:32 +0200, Peter Eisentraut wrote:
> Committed like that. (Default to on, but it's easy to change if there
> are any further thoughts.)
Hi Peter,
It looks like this code needs some guards for a NULL conn->pghost. For example
when running
psql 'dbname=postgres sslmo
On 18.03.21 12:27, Peter Eisentraut wrote:
On 25.02.21 19:36, Jacob Champion wrote:
On Thu, 2021-02-25 at 17:00 +0100, Peter Eisentraut wrote:
Just as additional data points, it has come to my attention that both
the Go driver ("lib/pq") and the JDBC environment already send SNI
automatically.
On 25.02.21 19:36, Jacob Champion wrote:
On Thu, 2021-02-25 at 17:00 +0100, Peter Eisentraut wrote:
Just as additional data points, it has come to my attention that both
the Go driver ("lib/pq") and the JDBC environment already send SNI
automatically. (In the case of JDBC this is done by the Ja
On Thu, Mar 18, 2021 at 9:31 AM Peter Eisentraut
wrote:
>
> On 26.02.21 23:27, Greg Stark wrote:
> >> Do you mean the IPv6 detection code is not correct? What is the problem?
> >
> > This bit, will recognize ipv4 addresses but not ipv6 addresses:
> >
> > + /*
> > + * Set Server Name Indication (S
On 26.02.21 23:27, Greg Stark wrote:
Do you mean the IPv6 detection code is not correct? What is the problem?
This bit, will recognize ipv4 addresses but not ipv6 addresses:
+ /*
+ * Set Server Name Indication (SNI), but not if it's a literal IP address.
+ * (RFC 6066)
+ */
+ if (!(strspn(con
> Do you mean the IPv6 detection code is not correct? What is the problem?
This bit, will recognize ipv4 addresses but not ipv6 addresses:
+ /*
+ * Set Server Name Indication (SNI), but not if it's a literal IP address.
+ * (RFC 6066)
+ */
+ if (!(strspn(conn->pghost, "0123456789.") == strlen(co
Greetings,
* Peter Eisentraut (peter.eisentr...@enterprisedb.com) wrote:
> A customer asked about including Server Name Indication (SNI) into the SSL
> connection from the client, so they can use an SSL-aware proxy to route
> connections. There was a thread a few years ago where this was briefly
On 26.02.21 03:40, Greg Stark wrote:
This still doesn't seem like it is IPv6-ready.
Do you mean the IPv6 detection code is not correct? What is the problem?
> Is there any harm in> having SNI with an IPv6 address there if it
gets through?
I doubt it.
Hate to be that guy but
This still doesn't seem like it is IPv6-ready. Is there any harm in
having SNI with an IPv6 address there if it gets through?
On Thu, 2021-02-25 at 17:00 +0100, Peter Eisentraut wrote:
> Just as additional data points, it has come to my attention that both
> the Go driver ("lib/pq") and the JDBC environment already send SNI
> automatically. (In the case of JDBC this is done by the Java system
> libraries, not the JDBC
On 17.02.21 00:01, Jacob Champion wrote:
On Mon, 2021-02-15 at 15:09 +0100, Peter Eisentraut wrote:
The question I had was whether this should be an optional behavior, or
conversely a behavior that can be turned off, or whether it should just
be turned on all the time.
Personally I think there
On 15.02.21 15:28, Matthias van de Meent wrote:
+/*
+ * Set Server Name Indication (SNI), but not if it's a literal IP address.
+ * (RFC 6066)
+ */
+if (!((conn->pghost[0] >= '0' && conn->pghost[0] <= '9') ||
strchr(conn->pghost, ':')))
'1one.example.com' is a valid hostname,
On Mon, 2021-02-15 at 15:09 +0100, Peter Eisentraut wrote:
> The question I had was whether this should be an optional behavior, or
> conversely a behavior that can be turned off, or whether it should just
> be turned on all the time.
Personally I think there should be a toggle, so that any user
On 2021-02-15 18:40, Jesse Zhang wrote:
I imagine this also (finally) opens up the possibility for the server
to present a different certificate for each hostname based on SNI.
This eliminates the requirement for wildcard certs where the cluster
is running on a host with multiple (typically two t
Hi Peter,
I imagine this also (finally) opens up the possibility for the server
to present a different certificate for each hostname based on SNI.
This eliminates the requirement for wildcard certs where the cluster
is running on a host with multiple (typically two to three) hostnames
and the clien
On Mon, 15 Feb 2021 at 15:09, Peter Eisentraut
wrote:
>
> A customer asked about including Server Name Indication (SNI) into the
> SSL connection from the client, so they can use an SSL-aware proxy to
> route connections. There was a thread a few years ago where this was
> briefly discussed but n
23 matches
Mail list logo
