Received: from malur.postgresql.org ([217.196.149.56]) by arkaria.postgresql.org with esmtps (TLS1.3) tls TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384 (Exim 4.96) (envelope-from ) id 1vOBca-00DaYo-2S for pgsql-hackers@arkaria.postgresql.org; Wed, 26 Nov 2025 09:15:33 +0000 Received: from localhost ([127.0.0.1] helo=malur.postgresql.org) by malur.postgresql.org with esmtp (Exim 4.96) (envelope-from ) id 1vOBcY-00FIc0-1G for pgsql-hackers@arkaria.postgresql.org; Wed, 26 Nov 2025 09:15:30 +0000 Received: from makus.postgresql.org ([2001:4800:3e1:1::229]) by malur.postgresql.org with esmtps (TLS1.3) tls TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384 (Exim 4.96) (envelope-from ) id 1vOBcX-00FIbr-20 for pgsql-hackers@lists.postgresql.org; Wed, 26 Nov 2025 09:15:30 +0000 Received: from m16.mail.163.com ([117.135.210.4]) by makus.postgresql.org with esmtps (TLS1.3) tls TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384 (Exim 4.96) (envelope-from ) id 1vOBcK-001XkD-2t for pgsql-hackers@lists.postgresql.org; Wed, 26 Nov 2025 09:15:21 +0000 DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=163.com; s=s110527; h=Date:From:To:Subject:Mime-Version:Message-ID: Content-Type; bh=m1F1xwshKLwmCVWw7TzZNZY+95q6zH5hfYgehUKNqZs=; b=kcVQFsXqABhoY8h2q2jJsCrcNgiljQJqjIQJElCQ4vgjav24ZOqtxg9qYA5hkg XhYi2ZzqXzEIcWOAVQ7WO3Yo8S0IX0DSlsgDiNAgS+1ETpxhA2hLinzDJz1zToRX Aa6e7dKg925ZMxq3ep8z8w12hyBJcO81qpL8qqWClBKkc= Received: from dwdai (unknown []) by gzga-smtp-mtada-g1-1 (Coremail) with SMTP id _____wBH730JxSZpmW2uCw--.41323S2; Wed, 26 Nov 2025 17:14:54 +0800 (CST) Date: Wed, 26 Nov 2025 17:14:52 +0800 From: "Dewei Dai" To: "Daniel Gustafsson" , li.evan.chao Cc: "Jacob Champion" , "Michael Paquier" , "Andres Freund" , "Pgsql Hackers" Subject: Re: Re: Serverside SNI support in libpq References: <88986722-5A72-4DEC-8750-BDBF67FF8C01@yesql.se>, , <7E77028B-5A3A-436B-9046-8E9992E9F94A@yesql.se>, , , , , <0BC5B9B1-6503-4563-AAC6-33DEF264AE3F@yesql.se>, , , , <80F4F8F4-8E4F-4B6F-866B-D837057C1192@yesql.se>, , , <0C53C316-C24E-4307-807B-D825CA3F7254@yesql.se>, , <378D83FA-338C-4EA1-BC60-397BE08D0F01@yesql.se> X-Priority: 3 X-GUID: 9316EAED-F4EE-40FA-93EC-E5BC6DE98B7C X-Has-Attach: no X-Mailer: Foxmail 7.2.23.121[cn] Mime-Version: 1.0 Message-ID: <2025112617144938459246@163.com> Content-Type: multipart/alternative; boundary="----=_001_NextPart114062233675_=----" X-CM-TRANSID: _____wBH730JxSZpmW2uCw--.41323S2 X-Coremail-Antispam: 1Uf129KBjvdXoWrur43urW3Wr4kKw1rCr1DAwb_yoWDKrX_ur 97JFZrtw4UZrs7Aa13Ars3ZFZ3KayUJryktw1Iqr4kWry8Aa1kG3Z2vrn29r1rCrWqkrZx K3s8A3yDt347XjkaLaAFLSUrUUUUjb8apTn2vfkv8UJUUUU8Yxn0WfASr-VFAUDa7-sFnT 9fnUUvcSsGvfC2KfnxnUUI43ZEXa7xRu0PfPUUUUU== X-Originating-IP: [111.198.65.190] X-CM-SenderInfo: xgdlvv5zhlimixq6il2tof0z/1tbiWBcSsmkmwkNNtwAAsb List-Id: List-Help: List-Subscribe: List-Post: List-Owner: List-Archive: Archived-At: Precedence: bulk This is a multi-part message in MIME format. ------=_001_NextPart114062233675_=---- Content-Type: text/plain; charset="UTF-8" Content-Transfer-Encoding: base64 SGkgRGFuaWVsLA0KICAgSSBqdXN0IHJldmlld2VkIHRoZSB2MTEgcGF0Y2ggYW5kIGdvdCBhIGZl dyBjb21tZW50czoNCg0KMSAgLSBjb21taXQgbWVzc2FnZQ0KYGBgVGhpcyBhZGRzIHN1cHBvcnQg Zm9yIHNlcnZlcnNpZGUgU05JIHN1Y2ggdGhhdCBjZXJ0ZmljYXRlL2tleSBoYW5kbGluZw0KYGBg DQpUeXBvOiBjZXJ0ZmljYXRlIC0+ICBjZXJ0aWZpY2F0ZSANCg0KMiAgLWJlLXNlY3VyZS1vcGVu c3NsLmMNCmBgYCogaG9zdC9zbmltb2RlIG1hdGNoLCBidXQgd2UgbmVlZCBzb21ldGhpbmcgdG8g ZHJpdmUgdGhlIGhhbmQtIHNoYWtlIHRpbGwNCmBgYA0KVHlwbzogaGFuZC0gc2hha2UgLT5oYW5k c2hha2UNCg0KMyAtIGJlLXNlY3VyZS1vcGVuc3NsLmMNCmBgYA0KZXJyaGludCgiSW4gc3RyaWN0 IHNzbF9zbmltb2RlIHRoZXJlIG5lZWQgdG8gYmUgYXQgbGVhc3Qgb25lIGVudHJ5IGluIHBnX2hv c3RzLmNvbmYuIikpOw0KdGhlcmUgbmVlZHMgdG8gYmUNCmBgYA0KVHlwbzogVGhlcmUgbmVlZCB0 byBiZSAgLT4gdGhlcmUgbmVlZHMgdG8gYmUNCg0KNCAtIHNyYy9iYWNrZW5kL21ha2VmaWxlDQog ICBJdCBpcyByZWNvbW1lbmRlZCB0byBkZWxldGUgcGdfaG9zdHMuY29uZi5zYW1wbGUgZHVyaW5n IHRoZSBgbWFrZSB1bmluc3RhbGxgICBjb21tYW5kDQoNCjUgIC0gYmUtc2VjdXJlLW9wZW5zc2wu Yw0KYGBgDQpiZV90bHNfZGVzdHJveSh2b2lkKQ0KIHsNCisgTGlzdENlbGwgICAqY2VsbDsNCisN CisgZm9yZWFjaChjZWxsLCBjb250ZXh0cykNCisgew0KKyBIb3N0Q29udGV4dCAqaG9zdF9jb250 ZXh0ID0gbGZpcnN0KGNlbGwpOw0KKw0KKyBTU0xfQ1RYX2ZyZWUoaG9zdF9jb250ZXh0LT5jb250 ZXh0KTsNCisgcGZyZWUoaG9zdF9jb250ZXh0KTsNCisgfQ0KYGBgYGANCkluIHRoZSBgYmVfdGxz X2Rlc3Ryb3lgIGZ1bmN0aW9uLCB0aGUgY29udGV4dCBpcyByZWxlYXNlZCwgYnV0IGl0IGlzIG5v dCBzZXQgdG8gbnVsbC4gDQogICAgICAgICBUaGlzIGlzIHNpbWlsYXIgdG8gdGhlIGBmcmVlX2Nv bnRleHRgIGZ1bmN0aW9uLCBhbmQgaXQgc2VlbXMgdGhhdCBpdCBjYW4gYmUgY2FsbGVkIGRpcmVj dGx5Lg0KDQogQmVzdCByZWdhcmRzDQoNCg0KZGFpZGV3ZWkxOTcwQDE2My5jb20NCiANCiANCiAN CiANCg== ------=_001_NextPart114062233675_=---- Content-Type: text/html; charset="UTF-8" Content-Transfer-Encoding: quoted-printable = =0A
Hi Daniel,
   I= just reviewed the v11 patch and got a few comments:

<= div>1  - commit message
```This adds support for serverside= SNI such that certficate/key handling
```
Typo: certf= icate ->  certificate 

2  -be-s= ecure-openssl.c
```* host/snimode match, but we need something t= o drive the hand- shake till
```
Typo: hand- shake -&g= t;handshake

3 - be-secure-openssl.c
```=
errhint("In strict ssl_snimode there need to be at least one en= try in pg_hosts.conf."));
there needs to be
```
<= div>Typo: There need to be  -> there needs to be

4 - src/backend/makefile
   It is recommended = to delete pg_hosts.conf.sample during the `make uninstall`  command

5  - be-secure-openssl.c
```
<= div>be_tls_destroy(void)
 {
+ ListCell   *cell;
+
+ foreach(cell, contexts)
+ {
+ HostContext *host_context =3D lfirst(cell);
+<= /div>
+ SSL_CTX_free(host_cont= ext->context);
+ pfre= e(host_context);
+ }
`````
In the `be_tls_destroy` function, the context is rel= eased, but it is not set to null. 
      &nb= sp;  This is similar to the `free_context` function, and it seems tha= t it can be called directly.

 Best regards
=0A
daidewei1970@163.com
<= /div>
=0A
 
=0A
 =0A
 
=0A
 
=0A
=0A ------=_001_NextPart114062233675_=------