On Wed, Jun 22, 2022 at 9:16 AM Tom Lane <tgl@sss.pgh.pa.us> wrote:
> Jacob Champion <jchampion@timescale.com> writes:
>
> > That's certainly an option. Do you think it's still early enough in
> > the cycle to make that change for 15?
>
> Why not? We're still in beta, and pretty early at that.
Mostly just that the test failure isn't new behavior in 15, and a user
would only see that if they deliberately shoved nonsense into the host
while built against LibreSSL -- in which case they could also disable
SNI to move forward. Moving from lax to strict validation means plenty
of IETF spec reading to make sure we don't throw away useful hostnames
by accident. But I really don't have a strong opinion here, if I'm
honest.
--Jacob