Hi,
I did a final test before logging out for Christmas because i found a thread in hackers discussing some issue with GSS and SSL.
So if i set gssencmode=disable on my pgsql-13 to postgres 13 server connection i get an SSL connection.
Is this expected behaviour?
$ /usr/pgsql-13/bin/psql "dbname=postgres user=kalle host=server gssencmode=disable"
Password for user kalle:
psql (13.1)
SSL connection (protocol: TLSv1.3, cipher: TLS_AES_256_GCM_SHA384, bits: 256, compression: off)
Type "help" for help.
postgres=>
KR, Mikael Gustavsson, SMHI
Från: externaly-forwarded@xxxxxxx <externaly-forwarded@xxxxxxx> för Gustavsson Mikael <mikael.gustavsson@xxxxxxx>
Skickat: den 22 december 2020 09:07:17
Till: Tom Lane
Kopia: Magnus Hagander; Kyotaro Horiguchi; pgsql-general@xxxxxxxxxxxxxx; Svensson Peter
Ämne: SV: SV: SV: SV: Problem with ssl and psql in Postgresql 13
Skickat: den 22 december 2020 09:07:17
Till: Tom Lane
Kopia: Magnus Hagander; Kyotaro Horiguchi; pgsql-general@xxxxxxxxxxxxxx; Svensson Peter
Ämne: SV: SV: SV: SV: Problem with ssl and psql in Postgresql 13
Hi,
Yes it´s odd. I think we begin with download/reinstall and take it from there.
The server name is just letters and numbers so I think we can rule that out.
Christmas is coming up fast as usual so I think I will pick this up in January.
Thanks for all the help and Happy Christmas! Or God Jul as we say in Sweden.
KR
Mikael Gustavsson, SMHI
Från: Tom Lane <tgl@xxxxxxxxxxxxx>
Skickat: den 18 december 2020 21:02:50
Till: Gustavsson Mikael
Kopia: Magnus Hagander; Kyotaro Horiguchi; pgsql-general@xxxxxxxxxxxxxx; Svensson Peter
Ämne: Re: SV: SV: SV: Problem with ssl and psql in Postgresql 13
Skickat: den 18 december 2020 21:02:50
Till: Gustavsson Mikael
Kopia: Magnus Hagander; Kyotaro Horiguchi; pgsql-general@xxxxxxxxxxxxxx; Svensson Peter
Ämne: Re: SV: SV: SV: Problem with ssl and psql in Postgresql 13
Gustavsson Mikael <mikael.gustavsson@xxxxxxx> writes:
> pgsql-13 with require:
> $ /usr/pgsql-13/bin/psql "dbname=postgres user=kalle host=server sslmode=require"
> Password for user kalle:
> psql (13.1)
> Type "help" for help.
That is just bizarre. libpq should not ignore the sslmode=require option
like that, unless it thinks it's making a Unix-socket connection, which
it should not think given the host specification. (There's not a slash
in your server's real name, is there? But if there was, v11 should
misbehave too.)
It seems like there must be some environment setting, or maybe a service
file, changing the behavior from what it should be on its face. But
that theory has big flaws too: an explicit sslmode=require setting should
not be overridable from environment, and even if it was, why wouldn't v11
act the same?
The only other conclusion I can think of is that your copy of libpq.so
is broken. Maybe you should try redownloading/reinstalling v13.
regards, tom lane
> pgsql-13 with require:
> $ /usr/pgsql-13/bin/psql "dbname=postgres user=kalle host=server sslmode=require"
> Password for user kalle:
> psql (13.1)
> Type "help" for help.
That is just bizarre. libpq should not ignore the sslmode=require option
like that, unless it thinks it's making a Unix-socket connection, which
it should not think given the host specification. (There's not a slash
in your server's real name, is there? But if there was, v11 should
misbehave too.)
It seems like there must be some environment setting, or maybe a service
file, changing the behavior from what it should be on its face. But
that theory has big flaws too: an explicit sslmode=require setting should
not be overridable from environment, and even if it was, why wouldn't v11
act the same?
The only other conclusion I can think of is that your copy of libpq.so
is broken. Maybe you should try redownloading/reinstalling v13.
regards, tom lane