Introducing SNI in TLS handshake for SSL connections

Hi,

Back in November 2013 someone suggested adding the SNI header in the TLS
handshake for connections initiated by libpq using OpenSQL. There was no
usecase at that point.

However, right now there is one:

I'd like to write a small "PostGreSQL router" that routes connections to a
specific cluster based on the requested SNI. Maybe it is even possible to
just integrate this as an option in HaProxy, didn't look how difficult it
would be to do it there.

The whole point is for using PostGreSQL inside containers and being able to
connect to it from anywhere. For example if you are using Docker, you could
expose the default PostGreSQL port on Dockers ingress routing mesh and let
it go to the router application. Then the router application will read the
SNI headers and forward the connection to the appropriate container via the
Docker Overlay network (and maybe optionally even do "ssl offload" at this
point since the Overlay network is already encrypted).

If there's nobody against this, I can try to do the patch myself, doesn't
look too difficult (I expect it to simply work by calling
SSL_set_tlsext_host_name(SSL_context, PQhost(conn))) somewhere in
initialize_SSL
in fe-secure-openssl.c.

Thanks,
Florin.