Home > mailing lists

Re: Protocol problem with GSSAPI encryption? - Mailing list pgsql-hackers

From	Stephen Frost
Subject	Re: Protocol problem with GSSAPI encryption?
Date	December 4, 2019 08:24:41
Msg-id	20191204052440.GD6962@tamriel.snowman.net Whole thread Raw
In response to	Re: Protocol problem with GSSAPI encryption? (Andrew Gierth <andrew@tao11.riddles.org.uk>)
Responses	Re: Protocol problem with GSSAPI encryption? (Jakob Egger <jakob@eggerapps.at>) Re: Protocol problem with GSSAPI encryption? (Andrew Gierth <andrew@tao11.riddles.org.uk>) Re: Protocol problem with GSSAPI encryption? (Stephen Frost <sfrost@snowman.net>)
List	pgsql-hackers

Tree view

Greetings,

* Andrew Gierth (andrew@tao11.riddles.org.uk) wrote:
> >>>>> "Peter" == Peter Eisentraut <peter.eisentraut@2ndquadrant.com> writes:
>
>  >> It seems to me that this is a bug in ProcessStartupPacket, which
>  >> should accept both GSS or SSL negotiation requests on a connection
>  >> (in either order). Maybe secure_done should be two flags rather than
>  >> one?
>
>  Peter> I have also seen reports of that. I think your analysis is
>  Peter> correct.
>
> I figure something along these lines for the fix. Anyone in a position
> to test this?

At least at first blush, I tend to agree with your analysis and patch.

I'll see about getting this actually set up and tested in the next week
or so (and maybe there's some way to also manage to have a regression
test for it..).

Thanks!

Stephen

Attachment

signature.asc

pgsql-hackers by date:

From: Tom Lane
Date: 04 December 2019, 08:12:27
Subject: Re: Windows buildfarm members vs. new async-notify isolation test

From: Kyotaro Horiguchi
Date: 04 December 2019, 08:33:07
Subject: Re: Session WAL activity

Re: Protocol problem with GSSAPI encryption? - Mailing list pgsql-hackers

Attachment

Previous

Next