Re: Problem with ssl and psql in Postgresql 13
Tom Lane <tgl@sss.pgh.pa.us>
From: Tom Lane <tgl@sss.pgh.pa.us>
To: Kyotaro Horiguchi <horikyota.ntt@gmail.com>
Cc: sfrost@snowman.net, mikael.gustavsson@smhi.se, magnus@hagander.net,
pgsql-general@postgresql.org, peter.svensson@smhi.se
Date: 2020-12-24T16:54:32Z
Lists: pgsql-general
Attachments
- improve-pg_hba-rejection-messages-2.patch (text/x-diff) patch
I wrote: > Kyotaro Horiguchi <horikyota.ntt@gmail.com> writes: >> The attached the first patch does that. > +1, it seems like a clear oversight that the GSSENC patches didn't adjust > these messages. The reason SSL state is mentioned is that it's relevant > to which pg_hba entry gets chosen; and once we invented "hostgssenc" > entries, GSSENC state is also relevant. Thinking a little more about that: there are not four distinct states, because GSS and SSL can't both be enabled (ProcessStartupPacket enforces that). So I propose that instead of adding a new field, we make the existing field say one of three things: "GSS encryption", "SSL encryption", or "no encryption". As per attached. In the back branches, it might be best to spell these as "GSS encryption", "SSL on", and "SSL off", just to minimize the cosmetic change. regards, tom lane
Commits
-
Fix up usage of krb_server_keyfile GUC parameter.
- 861e967176e9 13.2 landed
- 860fe27ee1e2 14.0 landed
- 3ca19490b4f8 12.6 landed
-
Improve log messages related to pg_hba.conf not matching a connection.
- d05e14d786ac 13.2 landed
- 7ed616f818f0 12.6 landed
- 3995c424984e 14.0 landed
-
Fix assorted issues in backend's GSSAPI encryption support.
- c1c88bf03e1e 13.2 landed
- 622ae4621ece 14.0 landed
- 4cfdd8a47a9e 12.6 landed
-
Fix bugs in libpq's GSSAPI encryption support.
- ff6ce9a3a691 14.0 landed
- b3a5bf719cf7 12.6 landed
- 06b844c2b8d3 13.2 landed