From 067771b2e67a789dfc4844e54e3c3f5443e58fca Mon Sep 17 00:00:00 2001
From: Stas Kelvich <stas.kelvich@gmail.com>
Date: Mon, 15 Aug 2022 23:24:34 +0300
Subject: [PATCH] Set SNI for SSL connections

This allows an SNI-aware proxy to route connections. Patch adds a new
connection option (`sslsni`) to opt out of the SNI, to have the same
behavior as `libpq` does. See more in `sslsni` sections at
<https://www.postgresql.org/docs/current/libpq-connect.html#LIBPQ-PARAMKEYWORDS>.
---
 config.go | 10 ++++++++++
 1 file changed, 10 insertions(+)

diff --git a/config.go b/config.go
index 2277dc1d..0a276c6b 100644
--- a/config.go
+++ b/config.go
@@ -297,6 +297,7 @@ func ParseConfigWithOptions(connString string, options ParseConfigOptions) (*Con
 		"sslcert":              {},
 		"sslrootcert":          {},
 		"sslpassword":          {},
+		"sslsni":               {},
 		"krbspn":               {},
 		"krbsrvname":           {},
 		"target_session_attrs": {},
@@ -424,6 +425,7 @@ func parseEnvSettings() map[string]string {
 		"PGSSLMODE":            "sslmode",
 		"PGSSLKEY":             "sslkey",
 		"PGSSLCERT":            "sslcert",
+		"PGSSLSNI":             "sslsni",
 		"PGSSLROOTCERT":        "sslrootcert",
 		"PGSSLPASSWORD":        "sslpassword",
 		"PGTARGETSESSIONATTRS": "target_session_attrs",
@@ -619,11 +621,15 @@ func configTLS(settings map[string]string, thisHost string, parseConfigOptions P
 	sslcert := settings["sslcert"]
 	sslkey := settings["sslkey"]
 	sslpassword := settings["sslpassword"]
+	sslsni := settings["sslsni"]
 
 	// Match libpq default behavior
 	if sslmode == "" {
 		sslmode = "prefer"
 	}
+	if sslsni == "" {
+		sslsni = "1"
+	}
 
 	tlsConfig := &tls.Config{}
 
@@ -756,6 +762,10 @@ func configTLS(settings map[string]string, thisHost string, parseConfigOptions P
 		tlsConfig.Certificates = []tls.Certificate{cert}
 	}
 
+	if sslsni == "1" {
+		tlsConfig.ServerName = host
+	}
+
 	switch sslmode {
 	case "allow":
 		return []*tls.Config{nil, tlsConfig}, nil