update dependencies

author: Gibheer <gibheer+git@zero-knowledge.org> 2022-11-11 11:22:50 +0100
committer: Gibheer <gibheer+git@zero-knowledge.org> 2022-11-11 11:22:50 +0100
commit: fe6bd04947e26a962fab3cf7a354abd44333bda6 (patch)
tree: de4714364747c05d391ab665176413eb24938545 /vendor/github.com/lib/pq/ssl.go
parent: dc9dfb76ff9375e6368e9e05a40e6dc07b325a8d (diff)
1 files changed, 11 insertions, 0 deletions
diff --git a/vendor/github.com/lib/pq/ssl.go b/vendor/github.com/lib/pq/ssl.go
index e5eb928..36b61ba 100644
--- a/vendor/github.com/lib/pq/ssl.go
+++ b/vendor/github.com/lib/pq/ssl.go
@@ -8,6 +8,7 @@ import (
 	"os"
 	"os/user"
 	"path/filepath"
+	"strings"
 )
 
 // ssl generates a function to upgrade a net.Conn based on the "sslmode" and
@@ -50,6 +51,16 @@ func ssl(o values) (func(net.Conn) (net.Conn, error), error) {
 		return nil, fmterrorf(`unsupported sslmode %q; only "require" (default), "verify-full", "verify-ca", and "disable" supported`, mode)
 	}
 
+	// Set Server Name Indication (SNI), if enabled by connection parameters.
+	// By default SNI is on, any value which is not starting with "1" disables
+	// SNI -- that is the same check vanilla libpq uses.
+	if sslsni := o["sslsni"]; sslsni == "" || strings.HasPrefix(sslsni, "1") {
+		// RFC 6066 asks to not set SNI if the host is a literal IP address (IPv4
+		// or IPv6). This check is coded already crypto.tls.hostnameInSNI, so
+		// just always set ServerName here and let crypto/tls do the filtering.
+		tlsConf.ServerName = o["host"]
+	}
+
 	err := sslClientCertificates(&tlsConf, o)
 	if err != nil {
 		return nil, err
author	Gibheer <gibheer+git@zero-knowledge.org>	2022-11-11 11:22:50 +0100
committer	Gibheer <gibheer+git@zero-knowledge.org>	2022-11-11 11:22:50 +0100
commit	fe6bd04947e26a962fab3cf7a354abd44333bda6 (patch)
tree	de4714364747c05d391ab665176413eb24938545 /vendor/github.com/lib/pq/ssl.go
parent	dc9dfb76ff9375e6368e9e05a40e6dc07b325a8d (diff)