=== Applying patches on top of PostgreSQL commit ID 972c14fb9134fdfd76ea6ebcf98a55a945bbc988 === /etc/rc.d/jail: WARNING: Per-jail configuration via jail_* variables is obsolete. Please consider migrating to /etc/jail.conf. Wed Apr 15 09:17:29 UTC 2026 On branch cf/4390 nothing to commit, working tree clean === using 'git am' to apply patch ./v15-0001-Add-notBefore-and-notAfter-to-SSL-cert-info-disp.patch === Applying: v15rebase Using index info to reconstruct a base tree... M contrib/sslinfo/meson.build M contrib/sslinfo/sslinfo.c M doc/src/sgml/monitoring.sgml M src/backend/catalog/system_views.sql M src/backend/libpq/be-secure-openssl.c M src/backend/utils/activity/backend_status.c M src/backend/utils/adt/pgstatfuncs.c M src/include/catalog/pg_proc.dat M src/include/libpq/libpq-be.h M src/include/utils/backend_status.h M src/test/regress/expected/rules.out M src/test/ssl/t/001_ssltests.pl M src/test/ssl/t/003_sslinfo.pl Falling back to patching base and 3-way merge... Auto-merging src/test/ssl/t/003_sslinfo.pl Auto-merging src/test/ssl/t/001_ssltests.pl Auto-merging src/test/regress/expected/rules.out Auto-merging src/include/utils/backend_status.h Auto-merging src/include/libpq/libpq-be.h Auto-merging src/include/catalog/pg_proc.dat Auto-merging src/backend/utils/adt/pgstatfuncs.c Auto-merging src/backend/utils/activity/backend_status.c Auto-merging src/backend/libpq/be-secure-openssl.c CONFLICT (content): Merge conflict in src/backend/libpq/be-secure-openssl.c Auto-merging src/backend/catalog/system_views.sql Auto-merging doc/src/sgml/monitoring.sgml Auto-merging contrib/sslinfo/sslinfo.c Auto-merging contrib/sslinfo/meson.build error: Failed to merge in the changes. hint: Use 'git am --show-current-patch=diff' to see the failed patch Patch failed at 0001 v15rebase When you have resolved this problem, run "git am --continue". If you prefer to skip this patch, run "git am --skip" instead. To restore the original branch and stop patching, run "git am --abort". === using patch(1) to apply patch ./v15-0001-Add-notBefore-and-notAfter-to-SSL-cert-info-disp.patch === patching file contrib/sslinfo/Makefile patching file contrib/sslinfo/meson.build patching file contrib/sslinfo/sslinfo--1.2--1.3.sql patching file contrib/sslinfo/sslinfo.c patching file contrib/sslinfo/sslinfo.control patching file doc/src/sgml/monitoring.sgml Hunk #1 succeeded at 2673 (offset 275 lines). patching file doc/src/sgml/sslinfo.sgml patching file src/backend/catalog/system_views.sql Hunk #1 succeeded at 1086 (offset 84 lines). patching file src/backend/libpq/be-secure-openssl.c Hunk #1 FAILED at 35. Hunk #2 succeeded at 107 with fuzz 1 (offset 28 lines). Hunk #3 succeeded at 2249 (offset 691 lines). Hunk #4 succeeded at 2410 (offset 691 lines). 1 out of 4 hunks FAILED -- saving rejects to file src/backend/libpq/be-secure-openssl.c.rej patching file src/backend/utils/activity/backend_status.c Hunk #1 succeeded at 378 (offset -35 lines). patching file src/backend/utils/adt/pgstatfuncs.c Hunk #1 succeeded at 355 (offset 25 lines). Hunk #2 succeeded at 449 (offset 25 lines). Hunk #3 succeeded at 486 (offset 25 lines). Hunk #4 succeeded at 495 (offset 25 lines). Hunk #5 succeeded at 640 (offset 25 lines). Hunk #6 succeeded at 708 (offset 25 lines). patching file src/include/catalog/pg_proc.dat Hunk #1 succeeded at 5689 (offset 53 lines). patching file src/include/libpq/libpq-be.h patching file src/include/utils/backend_status.h patching file src/test/regress/expected/rules.out Hunk #1 succeeded at 1798 (offset 15 lines). Hunk #2 succeeded at 1944 (offset 33 lines). Hunk #3 succeeded at 2247 (offset 128 lines). Hunk #4 succeeded at 2283 (offset 131 lines). patching file src/test/ssl/t/001_ssltests.pl Hunk #1 succeeded at 653 (offset 73 lines). Hunk #2 succeeded at 851 (offset 69 lines). patching file src/test/ssl/t/003_sslinfo.pl Unstaged changes after reset: M contrib/sslinfo/Makefile M contrib/sslinfo/meson.build M contrib/sslinfo/sslinfo.c M contrib/sslinfo/sslinfo.control M doc/src/sgml/monitoring.sgml M doc/src/sgml/sslinfo.sgml M src/backend/catalog/system_views.sql M src/backend/libpq/be-secure-openssl.c M src/backend/utils/activity/backend_status.c M src/backend/utils/adt/pgstatfuncs.c M src/include/catalog/pg_proc.dat M src/include/libpq/libpq-be.h M src/include/utils/backend_status.h M src/test/regress/expected/rules.out M src/test/ssl/t/001_ssltests.pl M src/test/ssl/t/003_sslinfo.pl Removing contrib/sslinfo/sslinfo--1.2--1.3.sql Removing src/backend/libpq/be-secure-openssl.c.rej === using 'git apply' to apply patch ./v15-0001-Add-notBefore-and-notAfter-to-SSL-cert-info-disp.patch === Applied patch to 'contrib/sslinfo/Makefile' cleanly. Applied patch to 'contrib/sslinfo/meson.build' cleanly. Falling back to direct application... Applied patch to 'contrib/sslinfo/sslinfo.c' cleanly. Applied patch to 'contrib/sslinfo/sslinfo.control' cleanly. Applied patch to 'doc/src/sgml/monitoring.sgml' cleanly. Applied patch to 'doc/src/sgml/sslinfo.sgml' cleanly. Applied patch to 'src/backend/catalog/system_views.sql' cleanly. Applied patch to 'src/backend/libpq/be-secure-openssl.c' with conflicts. Applied patch to 'src/backend/utils/activity/backend_status.c' cleanly. Applied patch to 'src/backend/utils/adt/pgstatfuncs.c' cleanly. Applied patch to 'src/include/catalog/pg_proc.dat' cleanly. Applied patch to 'src/include/libpq/libpq-be.h' cleanly. Applied patch to 'src/include/utils/backend_status.h' cleanly. Applied patch to 'src/test/regress/expected/rules.out' cleanly. Applied patch to 'src/test/ssl/t/001_ssltests.pl' cleanly. Applied patch to 'src/test/ssl/t/003_sslinfo.pl' cleanly. U src/backend/libpq/be-secure-openssl.c diff --cc src/backend/libpq/be-secure-openssl.c index a3e222f3a3d,1f79512b1ab..00000000000 --- a/src/backend/libpq/be-secure-openssl.c +++ b/src/backend/libpq/be-secure-openssl.c @@@ -36,7 -35,7 +36,11 @@@ #include "storage/latch.h" #include "utils/guc.h" #include "utils/memutils.h" ++<<<<<<< ours +#include "utils/wait_event.h" ++======= + #include "utils/timestamp.h" ++>>>>>>> theirs /* * These SSL-related #includes must come after all system-provided headers. @@@ -100,34 -78,11 +104,35 @@@ static bool initialize_dh(SSL_CTX *cont static bool initialize_ecdh(SSL_CTX *context, bool isServerStart); static const char *SSLerrmessageExt(unsigned long ecode, const char *replacement); static const char *SSLerrmessage(unsigned long ecode); +static bool init_host_context(HostsLine *host, bool isServerStart); +static void host_context_cleanup_cb(void *arg); +#ifdef HAVE_SSL_CTX_SET_CLIENT_HELLO_CB +static int sni_clienthello_cb(SSL *ssl, int *al, void *arg); +#endif static char *X509_NAME_to_cstring(X509_NAME *name); + static TimestampTz ASN1_TIME_to_timestamptz(const ASN1_TIME *time); static SSL_CTX *SSL_context = NULL; +static MemoryContext SSL_hosts_memcxt = NULL; +static struct hosts +{ + /* + * List of HostsLine structures containing SSL configurations for + * connections with hostnames defined in the SNI extension. + */ + List *sni; + + /* The SSL configuration to use for connections without SNI */ + HostsLine *no_sni; + + /* + * The default SSL configuration to use as a fallback in case no hostname + * matches the supplied hostname in the SNI extension. + */ + HostsLine *default_host; +} *SSL_hosts; + static bool dummy_ssl_passwd_cb_called = false; static bool ssl_is_server_start;