| From: | Stephen Frost <sfrost(at)snowman(dot)net> |
|---|---|
| To: | Andrew Gierth <andrew(at)tao11(dot)riddles(dot)org(dot)uk> |
| Cc: | Peter Eisentraut <peter(dot)eisentraut(at)2ndquadrant(dot)com>, pgsql-hackers(at)lists(dot)postgresql(dot)org |
| Subject: | Re: Protocol problem with GSSAPI encryption? |
| Date: | 2020-05-02 18:02:38 |
| Message-ID: | 20200502180237.GZ13712@tamriel.snowman.net |
| Views: | Whole Thread | Raw Message | Download mbox | Resend email |
| Thread: | |
| Lists: | pgsql-hackers |
Greetings,
* Stephen Frost (sfrost(at)snowman(dot)net) wrote:
> * Andrew Gierth (andrew(at)tao11(dot)riddles(dot)org(dot)uk) wrote:
> > >>>>> "Peter" == Peter Eisentraut <peter(dot)eisentraut(at)2ndquadrant(dot)com> writes:
> >
> > >> It seems to me that this is a bug in ProcessStartupPacket, which
> > >> should accept both GSS or SSL negotiation requests on a connection
> > >> (in either order). Maybe secure_done should be two flags rather than
> > >> one?
> >
> > Peter> I have also seen reports of that. I think your analysis is
> > Peter> correct.
> >
> > I figure something along these lines for the fix. Anyone in a position
> > to test this?
>
> At least at first blush, I tend to agree with your analysis and patch.
>
> I'll see about getting this actually set up and tested in the next week
> or so (and maybe there's some way to also manage to have a regression
> test for it..).
After testing this and playing around with it a bit, I've gone ahead and
pushed it.
Thanks!
Stephen
| From | Date | Subject | |
|---|---|---|---|
| Next Message | Stephen Frost | 2020-05-02 18:15:08 | Re: Problems with GSS encryption and SSL in libpq in 12~ |
| Previous Message | Tomas Vondra | 2020-05-02 16:59:05 | Re: SLRU statistics |