Hi Daniel,
I just reviewed the v11 patch and got a few comments:
1 - commit message
```This adds support for serverside SNI such that certficate/key handling
```
Typo: certficate -> certificate
2 -be-secure-openssl.c
```* host/snimode match, but we need something to drive the hand- shake till
```
Typo: hand- shake ->handshake
3 - be-secure-openssl.c
```
errhint("In strict ssl_snimode there need to be at least one entry in
pg_hosts.conf."));
there needs to be
```
Typo: There need to be -> there needs to be
4 - src/backend/makefile
It is recommended to delete pg_hosts.conf.sample during the `make uninstall`
command
5 - be-secure-openssl.c
```
be_tls_destroy(void)
{
+ ListCell *cell;
+
+ foreach(cell, contexts)
+ {
+ HostContext *host_context = lfirst(cell);
+
+ SSL_CTX_free(host_context->context);
+ pfree(host_context);
+ }
`````
In the `be_tls_destroy` function, the context is released, but it is not set to
null.
This is similar to the `free_context` function, and it seems that it
can be called directly.
Best regards
[email protected]
