Hi,
On 2025-02-27 14:38:24 +0100, Daniel Gustafsson wrote:
> The attached v6 rebase contains this as well as your tests as well as
> general cleanup and comment writing etc.
This is not passing CI on windows...
https://cirrus-ci.com/build/4765059278176256
Greetings,
Andres
On Thu, Feb 27, 2025 at 5:38 AM Daniel Gustafsson wrote:
> Thanks for the tests, they did in fact uncover a bug in how fallback was
> handled which is now fixed. In doing so I revamped how the default context
> handling is done, it now always use the GUCs in postgresql.conf for
> consistency. Th
> On 24 Feb 2025, at 22:51, Jacob Champion
> wrote:
>
> On Wed, Feb 19, 2025 at 3:13 PM Daniel Gustafsson wrote:
>> Are there any blockers for getting this in?
>
>> + SSL_context = ssl_init_context(isServerStart, host);
>
> I'm still not quite following the rationale behind the SSL_
On Wed, Feb 19, 2025 at 3:13 PM Daniel Gustafsson wrote:
> Are there any blockers for getting this in?
> + SSL_context = ssl_init_context(isServerStart, host);
I'm still not quite following the rationale behind the SSL_context
assignment. To maybe illustrate, attached are some tests th
Attached is a rebase which fixes a few smaller things (and a pgperltidy run);
and adds a paragraph to the docs about how HBA clientname settings can't be
made per certificate set in an SNI config. As discussed with Jacob offlist,
there might be a case for supporting that but it will be a niche use
> On 11 Dec 2024, at 01:34, Michael Paquier wrote:
>
> On Wed, Dec 04, 2024 at 02:44:18PM +0100, Daniel Gustafsson wrote:
>> No worries, I know you have a big path on your plate right now. The attached
>> v3 fixes a small buglet in the tests and adds silly reload testing to try and
>> stress out
On Wed, Dec 04, 2024 at 02:44:18PM +0100, Daniel Gustafsson wrote:
> No worries, I know you have a big path on your plate right now. The attached
> v3 fixes a small buglet in the tests and adds silly reload testing to try and
> stress out any issues.
Looks like this still fails quite heavily in t
> On 4 Dec 2024, at 01:43, Jacob Champion
> wrote:
>
> On Tue, Dec 3, 2024 at 5:58 AM Daniel Gustafsson wrote:
>>> Have you seen any weird behavior like this on your end? I'm starting
>>> to doubt my test setup...
>>
>> I've not been able to reproduce any behaviour like what you describe.
>
>
On Tue, Dec 3, 2024 at 5:58 AM Daniel Gustafsson wrote:
> > Have you seen any weird behavior like this on your end? I'm starting
> > to doubt my test setup...
>
> I've not been able to reproduce any behaviour like what you describe.
Hm, v2 is different enough that I'm going to need to check my no
> On 25 Jul 2024, at 19:51, Jacob Champion
> wrote:
The attached rebased version adds proper list reset, a couple of bugfixes
around cert loading and the ability to set ssl_passhprase_command (and reload)
in the hosts file.
> Matt Caswell appears to be convinced that SSL_set_SSL_CTX() is
> fund
On Fri, May 24, 2024 at 12:55 PM Cary Huang wrote:
> pg_hosts should also have sslpassword_command just like in the
> postgresql.conf in
> case the sslkey for a particular host is encrypted with a different password.
Good point. There is also the HBA-related handling of client
certificate settin
On Fri, May 10, 2024 at 7:23 AM Daniel Gustafsson wrote:
> The way multiple certificates are handled is that libpq creates one SSL_CTX
> for
> each at startup, and switch to the appropriate one when the connection is
> inspected.
I fell in a rabbit hole while testing this patch, so this review i
The following review has been posted through the commitfest application:
make installcheck-world: not tested
Implements feature: not tested
Spec compliant: not tested
Documentation:not tested
This is an interesting feature on PostgreSQL server side where it can swap th
SNI was brought up the discussions around the ALPN work, and I have had asks
for it off-list, so I decided to dust off an old patch I started around the
time we got client-side SNI support but never finished (until now). Since
there is discussion and thinking around how we handle SSL right now I w
14 matches
Mail list logo
