summaryrefslogtreecommitdiff
path: root/vendor/github.com/jackc/pgconn/config.go
diff options
context:
space:
mode:
Diffstat (limited to 'vendor/github.com/jackc/pgconn/config.go')
-rw-r--r--vendor/github.com/jackc/pgconn/config.go13
1 files changed, 13 insertions, 0 deletions
diff --git a/vendor/github.com/jackc/pgconn/config.go b/vendor/github.com/jackc/pgconn/config.go
index 2277dc1de..4080f2c6a 100644
--- a/vendor/github.com/jackc/pgconn/config.go
+++ b/vendor/github.com/jackc/pgconn/config.go
@@ -297,6 +297,7 @@ func ParseConfigWithOptions(connString string, options ParseConfigOptions) (*Con
"sslcert": {},
"sslrootcert": {},
"sslpassword": {},
+ "sslsni": {},
"krbspn": {},
"krbsrvname": {},
"target_session_attrs": {},
@@ -424,6 +425,7 @@ func parseEnvSettings() map[string]string {
"PGSSLMODE": "sslmode",
"PGSSLKEY": "sslkey",
"PGSSLCERT": "sslcert",
+ "PGSSLSNI": "sslsni",
"PGSSLROOTCERT": "sslrootcert",
"PGSSLPASSWORD": "sslpassword",
"PGTARGETSESSIONATTRS": "target_session_attrs",
@@ -619,11 +621,15 @@ func configTLS(settings map[string]string, thisHost string, parseConfigOptions P
sslcert := settings["sslcert"]
sslkey := settings["sslkey"]
sslpassword := settings["sslpassword"]
+ sslsni := settings["sslsni"]
// Match libpq default behavior
if sslmode == "" {
sslmode = "prefer"
}
+ if sslsni == "" {
+ sslsni = "1"
+ }
tlsConfig := &tls.Config{}
@@ -756,6 +762,13 @@ func configTLS(settings map[string]string, thisHost string, parseConfigOptions P
tlsConfig.Certificates = []tls.Certificate{cert}
}
+ // Set Server Name Indication (SNI), if enabled by connection parameters.
+ // Per RFC 6066, do not set it if the host is a literal IP address (IPv4
+ // or IPv6).
+ if sslsni == "1" && net.ParseIP(host) == nil {
+ tlsConfig.ServerName = host
+ }
+
switch sslmode {
case "allow":
return []*tls.Config{nil, tlsConfig}, nil
generated by cgit v1.2.3 (git 2.46.0) at 2025-08-03 00:00:26 +0000