| From: | Tom Lane <tgl(at)sss(dot)pgh(dot)pa(dot)us> |
|---|---|
| To: | Stephen Frost <sfrost(at)snowman(dot)net> |
| Cc: | Gustavsson Mikael <mikael(dot)gustavsson(at)smhi(dot)se>, Magnus Hagander <magnus(at)hagander(dot)net>, Kyotaro Horiguchi <horikyota(dot)ntt(at)gmail(dot)com>, "pgsql-general(at)postgresql(dot)org" <pgsql-general(at)postgresql(dot)org>, Svensson Peter <peter(dot)svensson(at)smhi(dot)se> |
| Subject: | Re: Problem with ssl and psql in Postgresql 13 |
| Date: | 2020-12-26 22:06:17 |
| Message-ID: | 1333636.1609020377@sss.pgh.pa.us |
| Views: | Raw Message | Whole Thread | Download mbox | Resend email |
| Thread: | |
| Lists: | pgsql-general |
Here's a draft patch for the libpq-side issues. The core of the
fix is to get rid of pqsecure_open_gss's clearing of allow_ssl_try,
and instead check whether GSS encryption is already enabled before
we try to enable SSL. While I was at it I also fixed the places
where we drop an attempted GSS connection: they should set
need_new_connection = true rather than incompletely doing it for
themselves. Notably that coding misses resetting auth_req_received
and password_needed; the consequences of that are minor but not zero.
There are things to fix on the server side, and the documentation
needs work, but this should be enough to solve Mikael's problem
if he's in a position to apply the patch locally.
regards, tom lane
| Attachment | Content-Type | Size |
|---|---|---|
| 0001-fix-libpq-gss-bugs.patch | text/x-diff | 3.2 KB |
| From | Date | Subject | |
|---|---|---|---|
| Next Message | Guyren Howe | 2020-12-26 22:15:36 | Re: Multi-column index vs index on individual columns |
| Previous Message | Tom Lane | 2020-12-26 21:00:10 | Re: Problem with ssl and psql in Postgresql 13 |