Received: from malur.postgresql.org ([217.196.149.56])
	by arkaria.postgresql.org with esmtps  (TLS1.3) tls
 TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384
	(Exim 4.96)
	(envelope-from <pgsql-hackers-owner+archive@lists.postgresql.org>)
	id 1vIkLd-00CnD0-2c
	for pgsql-hackers@arkaria.postgresql.org;
	Tue, 11 Nov 2025 09:07:32 +0000
Received: from localhost ([127.0.0.1] helo=malur.postgresql.org)
	by malur.postgresql.org with esmtp (Exim 4.96)
	(envelope-from <pgsql-hackers-owner+archive@lists.postgresql.org>)
	id 1vIkLa-0054rs-2L
	for pgsql-hackers@arkaria.postgresql.org;
	Tue, 11 Nov 2025 09:07:30 +0000
Received: from makus.postgresql.org ([2001:4800:3e1:1::229])
	by malur.postgresql.org with esmtps  (TLS1.3) tls
 TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384
	(Exim 4.96)
	(envelope-from <li.evan.chao@gmail.com>)
	id 1vIkLa-0054rk-1N
	for pgsql-hackers@lists.postgresql.org;
	Tue, 11 Nov 2025 09:07:30 +0000
Received: from mail-pl1-x634.google.com ([2607:f8b0:4864:20::634])
	by makus.postgresql.org with esmtps  (TLS1.3) tls
 TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256
	(Exim 4.96)
	(envelope-from <li.evan.chao@gmail.com>)
	id 1vIkLX-006WT7-0U
	for pgsql-hackers@lists.postgresql.org;
	Tue, 11 Nov 2025 09:07:29 +0000
Received: by mail-pl1-x634.google.com with SMTP id
 d9443c01a7336-297e982506fso32129755ad.2
        for <pgsql-hackers@lists.postgresql.org>;
 Tue, 11 Nov 2025 01:07:26 -0800 (PST)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed;
        d=gmail.com; s=20230601; t=1762852046; x=1763456846;
 darn=lists.postgresql.org;
        h=to:references:message-id:content-transfer-encoding:cc:date
         :in-reply-to:from:subject:mime-version:from:to:cc:subject:date
         :message-id:reply-to;
        bh=ndFKzW2Jiqxog1UBuxj1vISRL7AheS+w4tMSNEfEUiM=;
        b=PXTV58Ojk3/9sYn1OVziHrJjiv2D2dmYpl8eK2y6NpOfHd9nkaihQ0bmSmTjePNByo
         HZBeb6PVykHqjfFArE7CuavRWEK31ihByCUikoRqgIhAJLCBg2h+D2ppkCOyQX4i4Nsc
         FtBx24pYtfEvjkNC7JBSEH6itAALThQ7/j9ziVrAh6cX6JbnAtgasNh6BOKimKz4cDg9
         GQFk/NLoZFpRO+nKwnw2US1cc3QReCtxB4SKmh9oXTytaoK6luyKRdv++9j6S+DEIQXj
         6GeLQrrGxvFsi2O/5HIkRH8vgcHoZ89V9cVWTeadszhMYt46hqsO+9f/tvZQdlE98Uqi
         MdQA==
X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed;
        d=1e100.net; s=20230601; t=1762852046; x=1763456846;
        h=to:references:message-id:content-transfer-encoding:cc:date
         :in-reply-to:from:subject:mime-version:x-gm-gg:x-gm-message-state
         :from:to:cc:subject:date:message-id:reply-to;
        bh=ndFKzW2Jiqxog1UBuxj1vISRL7AheS+w4tMSNEfEUiM=;
        b=gOEMmcwkXLUOrgUi6ehyblwSwz3U+d4qpw9Zl4owrDbppXU0jqks0BjJhZ/3D7161E
         yzb5LPt5dngj3jv0+LiXcr3yM0AYnAbh5nrprqc/hE58VzCkbakCeIy3Ue3TaDlkX8zc
         AOcdFoFpUd1hjUN9ubtVxKfw0dmmUYt9GwbvzsdKBOCxT/UhV6GVETuwDVVaW6psu4dY
         PRk9CknTaSHVQFTEVlwUCm4t4ycOIqV2lMnY4c6pLaAc1fdY9DYJDA+bHhJF407GQLgL
         odKHQrXut1B69svNvRLRK6PsdIdebvJOIxJFbqCMjFkHpTZVG3SYqxMDtLqb3REX0N9A
         RclA==
X-Forwarded-Encrypted: i=1;
 AJvYcCUbnpM8PdsGyMGeLfrD6vUAr3bnkCAnW7P3X2yE8t2RtffIlT77EuD3M4bbw2llPdeqQ2VHdsFTYdWVyknD@lists.postgresql.org
X-Gm-Message-State: AOJu0Yya2GyZ3e9zVA2pQM0urC665SOUPYh/BCpQJg7iI+XOONLb32/f
	4D41TA1HrO5VltgpLXaxMPVu3vRMAPy0WOJL7PKltH/WMFM5tJL+1VS+3H1/fZfewKM=
X-Gm-Gg: ASbGncthrqT3X1AcQxei+EEzTxtwczxXUZXjxYWJGU6V6gltPetVcRPc2b/Wzkxpk43
	wFb3esbGt6FxMnYkwaFBOs0QQHMdLY67T3uNRYVwkeyA39BYB5VKdrD7AkfAzFyTaxtiWxueqLG
	3ddZl/EhTJIFVPzjSS2FXAs/Ta1s9PrpjhhvXWiDfAYvhaamNaMoC7V8CGbs4E3MMlSXNW3YO6/
	mYJSHEf18hUOX/JuROHwKP/izASAGhjnY82TjacOnr8UpxlQkIxLnd2mfNNAoz3VTGWEm/v7H61
	qNkVzC00e2SfjPxBxrhaILr0C5a6iK5VjLaSjxifzRfloP6DpQBjyfI7A0hMDiV/ecw6neDGNAf
	zbdgPsf24VSkAUBqw7QEGlzq4mRECSCDgE6m8Bkq0om8ANoWluLYH0pDq0iNTuqDhV7zExY4Xir
	/cygtzPXEq4w==
X-Google-Smtp-Source: 
 AGHT+IE1rRMtSMgQbwjbOhRK7ff9/K/6bAOM7ChkxAO42gb7elTOksEntlFBKgxsinheAhgjZsJCgw==
X-Received: by 2002:a17:903:2b04:b0:298:43f4:cc51 with SMTP id
 d9443c01a7336-29843f4d1afmr16044855ad.60.1762852046084;
        Tue, 11 Nov 2025 01:07:26 -0800 (PST)
Received: from smtpclient.apple ([142.171.105.12])
        by smtp.gmail.com with ESMTPSA id
 d9443c01a7336-29651c8f07csm178102195ad.78.2025.11.11.01.07.23
        (version=TLS1_2 cipher=ECDHE-ECDSA-AES128-GCM-SHA256 bits=128/128);
        Tue, 11 Nov 2025 01:07:25 -0800 (PST)
Content-Type: text/plain;
	charset=utf-8
Mime-Version: 1.0 (Mac OS X Mail 16.0 \(3826.700.81\))
Subject: Re: Serverside SNI support in libpq
From: Chao Li <li.evan.chao@gmail.com>
In-Reply-To: <D9F6F14D-FCB1-48B5-9CBC-AE89FA0AEF4C@yesql.se>
Date: Tue, 11 Nov 2025 17:06:49 +0800
Cc: Michael Paquier <michael@paquier.xyz>,
 Andres Freund <andres@anarazel.de>,
 Jacob Champion <jacob.champion@enterprisedb.com>,
 Pgsql Hackers <pgsql-hackers@lists.postgresql.org>
Content-Transfer-Encoding: quoted-printable
Message-Id: <1C36B747-628D-4B66-B1DC-657CB15F8AEB@gmail.com>
References: <88986722-5A72-4DEC-8750-BDBF67FF8C01@yesql.se>
 <CAOYmi+nYV6Rr9BY4YfYyVdiQ5TzMZray6QPXwiO3pYSaow+-Tg@mail.gmail.com>
 <7E77028B-5A3A-436B-9046-8E9992E9F94A@yesql.se>
 <Z1jeINLtB05YMVOY@paquier.xyz>
 <E51258CD-C7B2-4BB1-AB9C-A3DD2B6592D0@yesql.se>
 <F4222274-15C0-40E4-84FB-8FC1355BB8B2@yesql.se>
 <CAOYmi+mSrV8hRaQkvGDf1Df4cmpv5SeTbTxppyxeonMe6MW8nA@mail.gmail.com>
 <0BC5B9B1-6503-4563-AAC6-33DEF264AE3F@yesql.se>
 <aa7gx3mychf3m2g67mbslzbxjy3if4enpcflstoa5pol3432x5@ugqz45gsvurq>
 <F585452A-1F69-4658-A7E8-D1273AC663ED@yesql.se>
 <aLT9xVsTVp0j3zWy@paquier.xyz>
 <80F4F8F4-8E4F-4B6F-866B-D837057C1192@yesql.se>
 <D9F6F14D-FCB1-48B5-9CBC-AE89FA0AEF4C@yesql.se>
To: Daniel Gustafsson <daniel@yesql.se>
X-Mailer: Apple Mail (2.3826.700.81)
List-Id: <pgsql-hackers.lists.postgresql.org>
List-Help: <https://lists.postgresql.org/manage/>
List-Subscribe: <https://lists.postgresql.org/manage/>
List-Post: <mailto:pgsql-hackers@lists.postgresql.org>
List-Owner: <mailto:pgsql-hackers-owner@lists.postgresql.org>
List-Archive: <https://www.postgresql.org/list/pgsql-hackers>
Archived-At: 
 <https://www.postgresql.org/message-id/1C36B747-628D-4B66-B1DC-657CB15F8AEB%40gmail.com>
Precedence: bulk

Hi Daniel,

I just reviewed the patch and got a few comments:

> On Nov 11, 2025, at 06:32, Daniel Gustafsson <daniel@yesql.se> wrote:
>=20
> Attached is a cleaned up rebase with improved memory handling, =
additional code
> documentation, removed passphrase test (sent as a separate thread), =
and some
> general cleanup and additional testing.
>=20
> --
> Daniel Gustafsson
>=20
> <v9-0001-Serverside-SNI-support-for-libpq.patch>

1 - commit message
```
Experimental support for serverside SNI support in libpq, a new config
file $datadir/pg_hosts.conf is used for configuring which certicate and
```

Typo: certicate -> certificate

2 - be-secure-common.c
```
+run_ssl_passphrase_command(const char *prompt, bool is_server_start, =
char *buf, int size, void *userdata)
 {
 	int			loglevel =3D is_server_start ? ERROR : =
LOG;
 	char	   *command;
 	FILE	   *fh;
 	int			pclose_rc;
 	size_t		len =3D 0;
+	char	   *cmd =3D (char *) userdata;
```

Cmd is only passed to replace_percent_placeholders(), and the function =
take a "const char *=E2=80=9D argument, so we can define cmd as =E2=80=9Cc=
onst char *=E2=80=9D.

2 - be-secure-common.c
```
+	tokenize_auth_file(HostsFileName, file, &hosts_lines, LOG, 0);
+
+	foreach(line, hosts_lines)
+	{
+		TokenizedAuthLine *tok_line =3D (TokenizedAuthLine *) =
lfirst(line);
+
+		if (tok_line->err_msg !=3D NULL)
+		{
+			ok =3D false;
+			continue;
+		}
+
+		if ((newline =3D parse_hosts_line(tok_line, LOG)) =3D=3D =
NULL)
+		{
+			ok =3D false;
+			continue;
+		}
+
+		parsed_lines =3D lappend(parsed_lines, newline);
+	}
+
+	free_auth_file(file, 0);
```

When I read this function, I thought to raise a comment for freeing =
hosts_lines. However, then I read be-secure-openssl.c, I saw the =
load_hosts() is called within a transient hostctx, so it doesn=E2=80=99t =
have to free memory pieces. Can we explain that in the function comment? =
Otherwise other reviewers and future code readers may have the same =
confusion.

3 - be-secure-openssl.c
```
 int
@@ -759,6 +933,9 @@ be_tls_close(Port *port)
 		pfree(port->peer_dn);
 		port->peer_dn =3D NULL;
 	}
+
+	Host_context =3D NULL;
+	SSL_context =3D NULL;
 }
```

Do we need to free_contexts() here? When be_tls_init() is called again, =
contexts will anyway be freed, so I guess earlier free might be better?

4 - guc_parameters.dat
```
+{ name =3D> 'hosts_file', type =3D> 'string', context =3D> =
'PGC_POSTMASTER', group =3D> 'FILE_LOCATIONS',
+  short_desc =3D> 'Sets the server\'s "hosts" configuration file.',
+  flags =3D> 'GUC_SUPERUSER_ONLY',
+  variable =3D> 'HostsFileName',
+  boot_val =3D> 'NULL',
+},

+{ name =3D> 'ssl_snimode', type =3D> 'enum', context =3D> 'PGC_SIGHUP', =
group =3D> 'CONN_AUTH_SSL',
+  short_desc =3D> 'Sets the SNI mode to use for the server.',
+  flags =3D> 'GUC_SUPERUSER_ONLY',
+  variable =3D> 'ssl_snimode',
+  boot_val =3D> 'SSL_SNIMODE_DEFAULT',
+  options =3D> 'ssl_snimode_options',
+},
```
=20
If ssl_snimode is PGC_SIGHUP that allows to reload without a server =
reset, why hosts_file cannot?

Best regards,
--
Chao Li (Evan)
HighGo Software Co., Ltd.
https://www.highgo.com/