| From: | Tom Lane <tgl(at)sss(dot)pgh(dot)pa(dot)us> |
|---|---|
| To: | Shay Rojansky <roji(at)roji(dot)org> |
| Cc: | pgsql-hackers(at)postgresql(dot)org |
| Subject: | Re: PostgreSQL not setting OpenSSL session id context? |
| Date: | 2017-07-30 19:17:58 |
| Message-ID: | 1973.1501442278@sss.pgh.pa.us |
| Views: | Raw Message | Whole Thread | Download mbox | Resend email |
| Thread: | |
| Lists: | pgsql-hackers |
Shay Rojansky <roji(at)roji(dot)org> writes:
> When trying to connect with Npgsql to PostgreSQL with client authentication
> (PG has ssl_ca_file set), the first connection works just fine. The second
> connection, however, fails and the PostgreSQL logs contain the message
> session id context uninitialized". This occurs when using .NET's default
> SSL implementation, SslStream, which supports session resumption - the
> session connection's ClientHello message contains a session ticket from the
> first session, triggering the issue.
AFAIK Postgres doesn't support session resumption. If I am correctly
understanding what that is supposed to provide, it would require saving
all of a backend's internal state on the off chance that somebody would
request resuming the session later. I do not think we are going there.
The idea makes sense for servers with relatively lightweight per-session
state, but that ain't us.
I think what you need to do is tell SslStream not to expect that PG
servers will do session resumption. (I'm a bit astonished that that
would be its default assumption in the first place, but whatever.)
regards, tom lane
| From | Date | Subject | |
|---|---|---|---|
| Next Message | Tom Lane | 2017-07-30 19:59:47 | Re: PostgreSQL not setting OpenSSL session id context? |
| Previous Message | Shay Rojansky | 2017-07-30 18:03:50 | PostgreSQL not setting OpenSSL session id context? |