Search Postgresql Archives

Re: SV: SV: SV: SV: Problem with ssl and psql in Postgresql 13

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

 

Gustavsson Mikael <mikael.gustavsson@xxxxxxx> writes:
> I did a final test before logging out for Christmas because i found a thread in hackers discussing some issue with GSS and SSL.
> So if i set gssencmode=disable on my pgsql-13 to postgres 13 server connection i get an SSL connection.

Oooh ... that's the missing ingredient.  Do you have a GSS credentials
cache on the client side, but no support on the server side?

It looks like, if there is a credentials cache and gssencmode isn't
explicitly disabled, we try GSS first.  If the server refuses that:

                    if (gss_ok == 'N')
                    {
                        /* Server doesn't want GSSAPI; fall back if we can */
                        if (conn->gssencmode[0] == 'r')
                        {
                            appendPQExpBufferStr(&conn->errorMessage,
                                                 libpq_gettext("server doesn't support GSSAPI encryption, but it was required\n"));
                            goto error_return;
                        }

                        conn->try_gss = false;
                        conn->status = CONNECTION_MADE;
                        return PGRES_POLLING_WRITING;
                    }

that is, it decides the connection it has is good enough.  This
is not OK if SSL should have been used.

			regards, tom lane
[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
[Index of Archives]     [Postgresql Jobs]     [Postgresql Admin]     [Postgresql Performance]     [Linux Clusters]     [PHP Home]     [PHP on Windows]     [Kernel Newbies]     [PHP Classes]     [PHP Books]     [PHP Databases]     [Postgresql & PHP]     [Yosemite]

  Powered by Linux