Re: Protocol problem with GSSAPI encryption?

> On 4. Dec 2019, at 06:24, Stephen Frost <sfrost(at)snowman(dot)net> wrote:
>
> Greetings,
>
> * Andrew Gierth (andrew(at)tao11(dot)riddles(dot)org(dot)uk) wrote:
>>>>>>> "Peter" == Peter Eisentraut <peter(dot)eisentraut(at)2ndquadrant(dot)com> writes:
>>
>>>> It seems to me that this is a bug in ProcessStartupPacket, which
>>>> should accept both GSS or SSL negotiation requests on a connection
>>>> (in either order). Maybe secure_done should be two flags rather than
>>>> one?
>>
>> Peter> I have also seen reports of that. I think your analysis is
>> Peter> correct.
>>
>> I figure something along these lines for the fix. Anyone in a position
>> to test this?
>
> At least at first blush, I tend to agree with your analysis and patch.

I agree with the patch, but this also needs to be fixed on the client side.
Otherwise libpq won't be able to connect to older servers.

I'm attaching a proposed second patch to detect the error on the client side and reconnect to this message.

This patch was first submitted as a separate thread here:
https://www.postgresql.org/message-id/F27EEE9D-D04A-4B6B-B1F1-96EA4DD996D0@eggerapps.at

Jakob