On 2021-02-15 18:40, Jesse Zhang wrote:
> I imagine this also (finally) opens up the possibility for the server
> to present a different certificate for each hostname based on SNI.
> This eliminates the requirement for wildcard certs where the cluster
> is running on a host with multiple (typically two to three) hostnames
> and the clients check the hostname against SAN in the cert
> (sslmode=verify-full). Am I right? Is that feature on anybody's
> roadmap?
This would be the client side of that. But I don't know of anyone
planning to work on the server side.