Check postgresql ALPN value for direct SSL connections

2026-01-04 03:52:56 +00:00 · 2025-07-30 14:07:37 +01:00
parent 1dce2a9e74
commit 3bd2486778
1 changed files with 7 additions and 1 deletions
--- a/proxy/src/pglb/handshake.rs
+++ b/proxy/src/pglb/handshake.rs
@@ -137,7 +137,13 @@ pub(crate) async fn handshake<S: AsyncRead + AsyncWrite + Unpin + Send>(

                        // check the ALPN, if exists, as required.
                        match conn_info.alpn_protocol() {
-                            None | Some(PG_ALPN_PROTOCOL) => {}
+                            None => {
+                                if direct.is_some() {
+                                    warn!("missing ALPN protocol 'postgresql'");
+                                    return Err(HandshakeError::ProtocolViolation);
+                                }
+                            }
+                            Some(PG_ALPN_PROTOCOL) => {}
                            Some(other) => {
                                let alpn = String::from_utf8_lossy(other);
                                warn!(%alpn, "unexpected ALPN");