Received: from malur.postgresql.org ([217.196.149.56]) by arkaria.postgresql.org with esmtps (TLS1.3) tls TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384 (Exim 4.96) (envelope-from ) id 1vNfzD-00AYH8-1M for pgsql-hackers@arkaria.postgresql.org; Mon, 24 Nov 2025 23:28:47 +0000 Received: from localhost ([127.0.0.1] helo=malur.postgresql.org) by malur.postgresql.org with esmtp (Exim 4.96) (envelope-from ) id 1vNfzB-005MNZ-2e for pgsql-hackers@arkaria.postgresql.org; Mon, 24 Nov 2025 23:28:46 +0000 Received: from magus.postgresql.org ([2a02:c0:301:0:ffff::29]) by malur.postgresql.org with esmtps (TLS1.3) tls TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384 (Exim 4.96) (envelope-from ) id 1vNfzB-005MNQ-1Z for pgsql-hackers@lists.postgresql.org; Mon, 24 Nov 2025 23:28:45 +0000 Received: from mail-pf1-x42f.google.com ([2607:f8b0:4864:20::42f]) by magus.postgresql.org with esmtps (TLS1.3) tls TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256 (Exim 4.96) (envelope-from ) id 1vNfz9-001JjP-0b for pgsql-hackers@lists.postgresql.org; Mon, 24 Nov 2025 23:28:45 +0000 Received: by mail-pf1-x42f.google.com with SMTP id d2e1a72fcca58-7b86e0d9615so5832628b3a.0 for ; Mon, 24 Nov 2025 15:28:42 -0800 (PST) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20230601; t=1764026920; x=1764631720; darn=lists.postgresql.org; h=to:references:message-id:content-transfer-encoding:cc:date :in-reply-to:from:subject:mime-version:from:to:cc:subject:date :message-id:reply-to; bh=97/6KSoLtyYL/dC6TCPEJVANbmDymPo3HplAC7TM34w=; b=cBdflb1U2xg1VMIsSbX0j0+rrTcdqKykN2aLCzJExyFyOI7vT2XByyjR6g00ACzxnQ 6HpoYy2bbSD6tWF1TLHYMyPbHAKcUhoVFP94R2zx/YBECTCn74MGwDY6WTy+Tc11Ig5M elr5ZLoQoSAf2gbFGWBJn7lJz7rzt02QP+22JM+SIhfGhTcv7m4fD8+Erqpwa3xljMTm hM6AW4eCVuvNaLFeiVKDQB6IG1IUiP3rclNPDFnuLhsYjhmmd5NFWHUDBjlwwDCahsCC wtPxIwjuhsnNneZSzYMsquzlHKK/eGaVEeImBilr5w8e/AhsVAl7FekGaJMQUxzgGVmh H2Cg== X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20230601; t=1764026920; x=1764631720; h=to:references:message-id:content-transfer-encoding:cc:date :in-reply-to:from:subject:mime-version:x-gm-gg:x-gm-message-state :from:to:cc:subject:date:message-id:reply-to; bh=97/6KSoLtyYL/dC6TCPEJVANbmDymPo3HplAC7TM34w=; b=YIaEStqOcUT75uOBSxNRjxxAthT+gd360QSWoQqD4R4hTYOQyupOHZmZlKKp+73Ot0 wpB+RZVXyC+2JK+SLoCp7N3x221AVt40q7nkxFtRiLYWXS7wWZ5knHVBvgVZ621Rpl++ 0HtdaRYHy3l5gPcE+WZ9T+PqEfttbBnuN2JTDDnYKM8KM8s8NZE1CgYMTm5OcSzigt62 VrBTtIXlIx49J5VklvTcT1KBMmb2NguxBW9m52qpU5+ZIP2nCkwy0z9f8OYlSO/MJbEg 0iCNFzD4nVBSnzc5+kh1STQXVFLYJEi1y61tSeVey4kvemLu00nPg9n+Eud7bOHG0N1Q i+hw== X-Forwarded-Encrypted: i=1; AJvYcCWTF5it27UGZqIO2qJ6rfjKq6pq9yuSj3Au3Nd+Kd03igStb+9nqnztUCHXUgp8EV1vqnHT01hFEJ/ekzg4@lists.postgresql.org X-Gm-Message-State: AOJu0YxOvEOOVZZ36nW8gFEbek+HAUZkh59GYs4wkPAOeKdp50CHLAc+ IEM5yNAMlTAUGZx0oEgh+nTnivFikgQogu+g7o3qn4mLi7qot6mC33JI X-Gm-Gg: ASbGnctJ4f2w/V+3/FAY7bEaiWUwOqvSVtyFNepzZtwwNA/ph1ooTgRmKBupmbLQC8E DsgNoW7bhEicYwplIuGy+5dPqn39xv6E/NrMgi/zPVB+ddFWNMcwCQ8pML2HwkERvGg9oA8EXim ua2nFBk0XL/jd1sN9O8MvaG4epD97gwupUHVT3hfifwRFvnJ+2PcZiBkls43IiiYdGAXEw8NO7d khpjJlUB/LhAhlwJ8uLSc07f6EqNE8a6ynxgLP9j1VeL+sDQ0IJp3byNFGTaLZLpkHaQ/xHUPe9 tKOkYZR9aasyAcIdICgy2uzDCKpkMXvWsf9L9EqfJw4VmkH8UKiWAsYqX3V1JI+DX9XmiOPGbSO fi8P2TGXgsXHAk3Fg3c5DRa2AX9/gp1h0g9Flu6gMw/DrW0e8cyZ7AQcMcmc/GfHp3fo63Y9vo4 E+UUQVCs08Bo77F1dUeHs= X-Google-Smtp-Source: AGHT+IGl5jZhc4CKmuCV1dpHvVPQCLaOQLDee3d79jhDeukql0dbpIOHphVsTTB8PHYbRrFb2JrbDQ== X-Received: by 2002:a05:6a20:430f:b0:34f:c83b:b3ea with SMTP id adf61e73a8af0-3614eb0e511mr13543453637.18.1764026920118; Mon, 24 Nov 2025 15:28:40 -0800 (PST) Received: from smtpclient.apple ([45.32.121.103]) by smtp.gmail.com with ESMTPSA id 41be03b00d2f7-bd75e6c6ad3sm14354402a12.13.2025.11.24.15.28.37 (version=TLS1_2 cipher=ECDHE-ECDSA-AES128-GCM-SHA256 bits=128/128); Mon, 24 Nov 2025 15:28:39 -0800 (PST) Content-Type: text/plain; charset=utf-8 Mime-Version: 1.0 (Mac OS X Mail 16.0 \(3826.700.81\)) Subject: Re: Serverside SNI support in libpq From: Chao Li In-Reply-To: <0C53C316-C24E-4307-807B-D825CA3F7254@yesql.se> Date: Tue, 25 Nov 2025 07:28:00 +0800 Cc: Jacob Champion , Michael Paquier , Andres Freund , Pgsql Hackers Content-Transfer-Encoding: quoted-printable Message-Id: References: <88986722-5A72-4DEC-8750-BDBF67FF8C01@yesql.se> <7E77028B-5A3A-436B-9046-8E9992E9F94A@yesql.se> <0BC5B9B1-6503-4563-AAC6-33DEF264AE3F@yesql.se> <80F4F8F4-8E4F-4B6F-866B-D837057C1192@yesql.se> <0C53C316-C24E-4307-807B-D825CA3F7254@yesql.se> To: Daniel Gustafsson X-Mailer: Apple Mail (2.3826.700.81) List-Id: List-Help: List-Subscribe: List-Post: List-Owner: List-Archive: Archived-At: Precedence: bulk Hi Daniel, None of my comment on v9 are addressed in v10: >=20 > 1 - commit message > ``` > Experimental support for serverside SNI support in libpq, a new config > file $datadir/pg_hosts.conf is used for configuring which certicate = and > ``` >=20 > Typo: certicate -> certificate >=20 > 2 - be-secure-common.c > ``` > +run_ssl_passphrase_command(const char *prompt, bool is_server_start, = char *buf, int size, void *userdata) > { > int loglevel =3D is_server_start ? ERROR : LOG; > char *command; > FILE *fh; > int pclose_rc; > size_t len =3D 0; > + char *cmd =3D (char *) userdata; > ``` >=20 > Cmd is only passed to replace_percent_placeholders(), and the function = take a "const char *=E2=80=9D argument, so we can define cmd as =E2=80=9Cc= onst char *=E2=80=9D. >=20 > 2 - be-secure-common.c > ``` > + tokenize_auth_file(HostsFileName, file, &hosts_lines, LOG, 0); > + > + foreach(line, hosts_lines) > + { > + TokenizedAuthLine *tok_line =3D (TokenizedAuthLine *) lfirst(line); > + > + if (tok_line->err_msg !=3D NULL) > + { > + ok =3D false; > + continue; > + } > + > + if ((newline =3D parse_hosts_line(tok_line, LOG)) =3D=3D NULL) > + { > + ok =3D false; > + continue; > + } > + > + parsed_lines =3D lappend(parsed_lines, newline); > + } > + > + free_auth_file(file, 0); > ``` >=20 > When I read this function, I thought to raise a comment for freeing = hosts_lines. However, then I read be-secure-openssl.c, I saw the = load_hosts() is called within a transient hostctx, so it doesn=E2=80=99t = have to free memory pieces. Can we explain that in the function comment? = Otherwise other reviewers and future code readers may have the same = confusion. >=20 > 3 - be-secure-openssl.c > ``` > int > @@ -759,6 +933,9 @@ be_tls_close(Port *port) > pfree(port->peer_dn); > port->peer_dn =3D NULL; > } > + > + Host_context =3D NULL; > + SSL_context =3D NULL; > } > ``` >=20 > Do we need to free_contexts() here? When be_tls_init() is called = again, contexts will anyway be freed, so I guess earlier free might be = better? >=20 > 4 - guc_parameters.dat > ``` > +{ name =3D> 'hosts_file', type =3D> 'string', context =3D> = 'PGC_POSTMASTER', group =3D> 'FILE_LOCATIONS', > + short_desc =3D> 'Sets the server\'s "hosts" configuration file.', > + flags =3D> 'GUC_SUPERUSER_ONLY', > + variable =3D> 'HostsFileName', > + boot_val =3D> 'NULL', > +}, >=20 > +{ name =3D> 'ssl_snimode', type =3D> 'enum', context =3D> = 'PGC_SIGHUP', group =3D> 'CONN_AUTH_SSL', > + short_desc =3D> 'Sets the SNI mode to use for the server.', > + flags =3D> 'GUC_SUPERUSER_ONLY', > + variable =3D> 'ssl_snimode', > + boot_val =3D> 'SSL_SNIMODE_DEFAULT', > + options =3D> 'ssl_snimode_options', > +}, > ``` >=20 > If ssl_snimode is PGC_SIGHUP that allows to reload without a server = reset, why hosts_file cannot? Comment 4 can be ignored as Jacob has answered. > On Nov 24, 2025, at 22:53, Daniel Gustafsson wrote: >=20 >> On 12 Nov 2025, at 23:44, Jacob Champion = wrote: >=20 >> Did you have any thoughts on my earlier review [2]? The test patch >> attached there still fails on my machine with v9. >=20 > The attached incorporates your tests, fixes them to make them pass. = The > culprit seemed to be a combination of a bug in the code (the verify = callback > need to be defined in the default context even if there is no CA for = it to be > called in an SNI setting because OpenSSL), and that the tests were = matching > backend errors against frontend messages. >=20 > The other comments from your review are also addressed, as well as = additional > cleanup and improved error handling. >=20 > -- > Daniel Gustafsson >=20 > I reviewed v10 again, and got some a few more comments: 5 - runtime.sgml ``` + in pg_hba.conf. = hostname + is matched against the hostname TLS extension in the SSL handshake. ``` In the patch code, default context uses hostname =E2=80=9C*=E2=80=9D, = should we explain =E2=80=9C*=E2=80=9D here in the doc? 6 - runtime.sgml ``` + pg_hosts.conf, which is stored in the clusters + data directory. The hosts configuration file contains lines of the = general ``` Typo: clusters =3D> cluster=E2=80=99s 7 - runtime.sgml ``` + will only be used to for the handshake until the hostname is = inspected, it ``` =E2=80=9CUsed to for=E2=80=9D =3D> =E2=80=9Cused for" 8 - Cluster.pm ``` +matching the specified pattern. If the pattern matches agsinst the = logfile a ``` Typo: agsinst =3D> against Best regards, -- Chao Li (Evan) HighGo Software Co., Ltd. https://www.highgo.com/