upstream/postgresql
1
0
Fork 0
mirror of https://github.com/postgres/postgres.git synced 2026-04-22 06:37:06 -04:00
Code Issues Projects Releases Packages Wiki Activity Actions
Base de données relationnelle
63621 commits 38 branches 679 tags 844 MiB
C 84.5%
PLpgSQL 6.1%
Perl 4.9%
Yacc 1.2%
Meson 0.7%
Other 2.4%
Find a file
Daniel Gustafsson 4f433025f6 ssl: Serverside SNI support for libpq 
Support for SNI was added to clientside libpq in 5c55dc8b47 with the
sslsni parameter, but there was no support for utilizing it serverside.
This adds support for serverside SNI such that certificate/key handling
is available per host.  A new config file, $datadir/pg_hosts.conf, is
used for configuring which certificate and key should be used for which
hostname.  In order to use SNI the ssl_sni GUC must be set to on, when
it is off the ssl configuration works just like before.  If ssl_sni is
enabled and pg_hosts.conf is non-empty it will take precedence over
the regular SSL GUCs, if it is empty or missing the regular GUCs will
be used just as before this commit with no hostname specific handling.
The TLS init hook is not compatible with ssl_sni since it operates on
a single TLS configuration and SNI break that assumption.  If the init
hook and ssl_sni are both enabled, a WARNING will be issued.

Host configuration can either be for a literal hostname to match, non-
SNI connections using the no_sni keyword or a default fallback matching
all connections.  By omitting no_sni and the fallback a strict mode
can be achieved where only connections using sslsni=1 and a specified
hostname are allowed.

CRL file(s) are applied from postgresql.conf to all configured hostnames.

Serverside SNI requires OpenSSL, currently LibreSSL does not support
the required infrastructure to update the SSL context during the TLS
handshake.

Author: Daniel Gustafsson <daniel@yesql.se>
Co-authored-by: Jacob Champion <jacob.champion@enterprisedb.com>
Reviewed-by: Jacob Champion <jacob.champion@enterprisedb.com>
Reviewed-by: Zsolt Parragi <zsolt.parragi@percona.com>
Reviewed-by: Chao Li <li.evan.chao@gmail.com>
Reviewed-by: Dewei Dai <daidewei1970@163.com>
Reviewed-by: Cary Huang <cary.huang@highgo.ca>
Reviewed-by: Heikki Linnakangas <hlinnaka@iki.fi>
Discussion: https://postgr.es/m/1C81CD0D-407E-44F9-833A-DD0331C202E5@yesql.se
2026-03-18 12:37:11 +01:00
.github Add CODE_OF_CONDUCT.md, CONTRIBUTING.md, and SECURITY.md. 2024-07-02 13:03:58 -05:00
config Hardcode override of typeof_unqual for clang-for-bitcode 2026-03-16 19:24:49 +01:00
contrib pg_plan_advice: Avoid a crash under GEQO. 2026-03-17 14:25:43 -04:00
doc ssl: Serverside SNI support for libpq 2026-03-18 12:37:11 +01:00
src ssl: Serverside SNI support for libpq 2026-03-18 12:37:11 +01:00
.cirrus.star ci: Simplify ci-os-only handling 2025-08-14 12:09:34 -04:00
.cirrus.tasks.yml Revert "Change default value of default_toast_compression to "lz4"" 2026-03-05 08:25:35 +09:00
.cirrus.yml ci: Per-repo configuration for manually trigger tasks 2025-08-14 11:54:03 -04:00
.dir-locals.el Make Emacs perl-mode indent more like perltidy. 2019-01-13 11:32:31 -08:00
.editorconfig Update .editorconfig and .gitattributes for postgresql.conf.sample. 2025-11-18 10:28:36 -06:00
.git-blame-ignore-revs Add commit b6eb8dde6b to .git-blame-ignore-revs. 2026-03-13 11:45:34 -05:00
.gitattributes Update .editorconfig and .gitattributes for postgresql.conf.sample. 2025-11-18 10:28:36 -06:00
.gitignore Update top-level .gitignore. 2022-12-04 15:23:00 -05:00
.mailmap Add a Git .mailmap file 2024-11-05 13:56:02 +01:00
aclocal.m4 autoconf: Move export_dynamic determination to configure 2022-12-06 18:55:28 -08:00
configure ssl: Serverside SNI support for libpq 2026-03-18 12:37:11 +01:00
configure.ac ssl: Serverside SNI support for libpq 2026-03-18 12:37:11 +01:00
COPYRIGHT Update copyright for 2026 2026-01-01 13:24:10 -05:00
GNUmakefile.in Allow selecting the git revision to be packaged by "make dist". 2024-05-03 11:08:50 -04:00
HISTORY Canonicalize some URLs 2020-02-10 20:47:50 +01:00
Makefile Restore AIX support. 2026-02-23 13:34:22 -05:00
meson.build ssl: Serverside SNI support for libpq 2026-03-18 12:37:11 +01:00
meson_options.txt Update copyright for 2026 2026-01-01 13:24:10 -05:00
README.md Revise the style of a paragraph in README.md. 2024-03-21 10:16:41 -05:00

README.md

PostgreSQL Database Management System

This directory contains the source code distribution of the PostgreSQL database management system.

PostgreSQL is an advanced object-relational database management system that supports an extended subset of the SQL standard, including transactions, foreign keys, subqueries, triggers, user-defined types and functions. This distribution also contains C language bindings.

Copyright and license information can be found in the file COPYRIGHT.

General documentation about this version of PostgreSQL can be found at https://www.postgresql.org/docs/devel/. In particular, information about building PostgreSQL from the source code can be found at https://www.postgresql.org/docs/devel/installation.html.

The latest version of this software, and related software, may be obtained at https://www.postgresql.org/download/. For more information look at our web site located at https://www.postgresql.org/.