Open
Conversation
pinzon
force-pushed
the
feat/ssl-support
branch
2 times, most recently
from
ea49177 to
18f038f
Compare
pinzon
force-pushed
the
feat/ssl-support
branch
from
18f038f to
62b8c26
Compare
cloutierMat
reviewed
Mar 26, 2026
Member
cloutierMat
left a comment
cloutierMat
left a comment
There was a problem hiding this comment.
Thanks for moving your changes here. I know it is a bit weird to keep the patch but I would prefer to keep the LOGS and exception handling out of here for better control over log levels.
Also if you are to keep the catch all except Exception as e I would at least add exc_info for DEBUG so that we can gain some insight on the error instead of covering it entirely
postgresql_proxy/proxy.py
Outdated
| try: | ||
| # Peek at the first 8 bytes to check for SSLRequest | ||
| # Using MSG_PEEK so we don't consume the data if it's not SSLRequest | ||
| client_socket.setblocking(True) |
Member
There was a problem hiding this comment.
We don't really need to set blocking to True here, since this happens before we set blocking to False anyway, right?
Member
Author
There was a problem hiding this comment.
True, it's not necessary at all but since the socket is a parameter, I prefer to confirm/assert the blocking mode.
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
2 participants
Add this suggestion to a batch that can be applied as a single commit.This suggestion is invalid because no changes were made to the code.Suggestions cannot be applied while the pull request is closed.Suggestions cannot be applied while viewing a subset of changes.Only one suggestion per line can be applied in a batch.Add this suggestion to a batch that can be applied as a single commit.Applying suggestions on deleted lines is not supported.You must change the existing code in this line in order to create a valid suggestion.Outdated suggestions cannot be applied.This suggestion has been applied or marked resolved.Suggestions cannot be applied from pending reviews.Suggestions cannot be applied on multi-line comments.Suggestions cannot be applied while the pull request is queued to merge.Suggestion cannot be applied right now. Please check back later.
Motivation
This PR adds SSL support to the PostgreSQL proxy. Following @cloutierMat's recommendation, the necessary changes have been migrated from the LocalStack-Ext patches to this repository.
Changes
ssl_contextattribute in Proxy class_handle_ssl_negotiationmethod in Proxy class to handle SSL connection negotiationaccept_wrappernow utilizes_handle_ssl_negotiationifssl_contextexists