| From: | Magnus Hagander <magnus(at)hagander(dot)net> |
|---|---|
| To: | PG Hackers <pgsql-hackers(at)postgresql(dot)org> |
| Subject: | libpq ssl -> clear fallback looses error messages |
| Date: | 2008-10-10 23:35:50 |
| Message-ID: | 48EFE6D6.2000109@hagander.net |
| Views: | Raw Message | Whole Thread | Download mbox | Resend email |
| Thread: | |
| Lists: | pgsql-hackers |
I noticed while working on general fixes for the certificate handling
that if we have a connection being attempted with sslmode=prefer (which
happens to be our default), we will loose error messages.
Basically, if we fail the SSL connection, we will throw away the error
message and try a cleartext connection. Now, if the server is configured
to require SSL (using hostssl), you will get an error message that says
"there is no pg_hba, etc, SSL off". Which is totally misleading, because
I *tried* to connect with SSL, but failed.
If I set sslmode=require, the error message is properly reported.
AFAIK we don't actually have a way to pass back an intermediate result
here, but we really need to report this error *somehow*.
It may even be to the point that if we connect and get a client side SSL
error, we should just report it and abort, and only retry if the error
is actually a server error saying there is no pg_hba for SSL here?
(or I'm missing something obvious :-P)
//Magnus
| From | Date | Subject | |
|---|---|---|---|
| Next Message | Josh Berkus | 2008-10-10 23:38:05 | Re: Contrib, schema, and load_module |
| Previous Message | Greg Smith | 2008-10-10 23:34:35 | Re: How is random_page_cost=4 ok? |