Skip to content
Permalink

Comparing changes

Choose two branches to see what’s changed or to start a new pull request. If you need to, you can also or learn more about diff comparisons.

Open a pull request

Create a new pull request by comparing changes across two branches. If you need to, you can also . Learn more about diff comparisons here.
base repository: postgresql-cfbot/postgresql
Failed to load repositories. Confirm that selected base ref is valid, then try again.
Loading
base: cf/4984~1
Choose a base ref
...
head repository: postgresql-cfbot/postgresql
Failed to load repositories. Confirm that selected head ref is valid, then try again.
Loading
compare: cf/4984
Choose a head ref
  • 2 commits
  • 20 files changed
  • 2 contributors

Commits on May 14, 2025

  1. Serverside SNI support for libpq

    Experimental support for serverside SNI support in libpq, a new config
    file $datadir/pg_hosts.conf is used for configuring which certicate and
    key should be used for which hostname. A new GUC, ssl_snimode, is added
    which controls how the hostname TLS extension is handled. The possible
    values are off, default and strict:
    
      - off: pg_hosts.conf is not parsed and the hostname TLS extension is
        not inspected at all. The normal SSL GUCs for certificates and keys
    	are used.
      - default: pg_hosts.conf is loaded as well as the normal GUCs. If no
        match for the TLS extension hostname is found in pg_hosts the cert
    	and key from the postgresql.conf GUCs is used as the default (used
    	as a wildcard host).
      - strict: only pg_hosts.conf is loaded and the TLS extension hostname
        MUST be passed and MUST have a match in the configuration, else the
    	connection is refused.
    
    CRL file(s) are applied from postgresql.conf to all configured hostnames.
    
    Reviewed-by: Cary Huang <cary.huang@highgo.ca>
    Reviewed-by: Jacob Champion <jacob.champion@enterprisedb.com>
    Discussion: https://postgr.es/m/1C81CD0D-407E-44F9-833A-DD0331C202E5@yesql.se
    danielgustafsson authored and Commitfest Bot committed May 14, 2025
    Copy the full SHA
    69b7f47 View commit details
  2. [CF 4984] v6 - Serverside SNI for SSL connections

    This branch was automatically generated by a robot using patches from an
    email thread registered at:
    
    https://commitfest.postgresql.org/patch/4984
    
    The branch will be overwritten each time a new patch version is posted to
    the thread, and also periodically to check for bitrot caused by changes
    on the master branch.
    
    Patch(es): https://www.postgresql.org/message-id/0BC5B9B1-6503-4563-AAC6-33DEF264AE3F@yesql.se
    Author(s): Daniel Gustafsson
    Commitfest Bot committed May 14, 2025
    Copy the full SHA
    015162e View commit details
Loading