Re: Problem with ssl and psql in Postgresql 13
Tom Lane <tgl@sss.pgh.pa.us>
From: Tom Lane <tgl@sss.pgh.pa.us>
To: Stephen Frost <sfrost@snowman.net>
Cc: Gustavsson Mikael <mikael.gustavsson@smhi.se>,
Magnus Hagander <magnus@hagander.net>,
Kyotaro Horiguchi <horikyota.ntt@gmail.com>,
"pgsql-general@postgresql.org" <pgsql-general@postgresql.org>,
Svensson Peter <peter.svensson@smhi.se>
Date: 2020-12-26T22:06:17Z
Lists: pgsql-general
Attachments
- 0001-fix-libpq-gss-bugs.patch (text/x-diff) patch 0001
Here's a draft patch for the libpq-side issues. The core of the fix is to get rid of pqsecure_open_gss's clearing of allow_ssl_try, and instead check whether GSS encryption is already enabled before we try to enable SSL. While I was at it I also fixed the places where we drop an attempted GSS connection: they should set need_new_connection = true rather than incompletely doing it for themselves. Notably that coding misses resetting auth_req_received and password_needed; the consequences of that are minor but not zero. There are things to fix on the server side, and the documentation needs work, but this should be enough to solve Mikael's problem if he's in a position to apply the patch locally. regards, tom lane
Commits
-
Fix up usage of krb_server_keyfile GUC parameter.
- 861e967176e9 13.2 landed
- 860fe27ee1e2 14.0 landed
- 3ca19490b4f8 12.6 landed
-
Improve log messages related to pg_hba.conf not matching a connection.
- d05e14d786ac 13.2 landed
- 7ed616f818f0 12.6 landed
- 3995c424984e 14.0 landed
-
Fix assorted issues in backend's GSSAPI encryption support.
- c1c88bf03e1e 13.2 landed
- 622ae4621ece 14.0 landed
- 4cfdd8a47a9e 12.6 landed
-
Fix bugs in libpq's GSSAPI encryption support.
- ff6ce9a3a691 14.0 landed
- b3a5bf719cf7 12.6 landed
- 06b844c2b8d3 13.2 landed