Home > mailing lists

pgsql: Fix GSS client to non-GSS server connection - Mailing list pgsql-committers

From	Stephen Frost
Subject	pgsql: Fix GSS client to non-GSS server connection
Date	May 2, 2020 18:40:43
Msg-id	E1jUuFv-000463-93@gemulon.postgresql.org Whole thread Raw
List	pgsql-committers

Tree view

Fix GSS client to non-GSS server connection

If the client is compiled with GSSAPI support and tries to start up GSS
with the server, but the server is not compiled with GSSAPI support, we
would mistakenly end up falling through to call ProcessStartupPacket
with secure_done = true, but the client might then try to perform SSL,
which the backend wouldn't understand and we'd end up failing the
connection with:

FATAL:  unsupported frontend protocol 1234.5679: server supports 2.0 to 3.0

Fix by arranging to track ssl_done independently from gss_done, instead
of trying to use the same boolean for both.

Author: Andrew Gierth
Discussion: https://postgr.es/m/87h82kzwqn.fsf@news-spur.riddles.org.uk
Backpatch: 12-, where GSSAPI encryption was added.

Branch
------
master

Details
-------
https://git.postgresql.org/pg/commitdiff/b68a560f8ebfc7eed679d09facdce5512a38c9c2

Modified Files
--------------
src/backend/postmaster/postmaster.c | 37 ++++++++++++++++++++++++-------------
1 file changed, 24 insertions(+), 13 deletions(-)

pgsql-committers by date:

From: Tomas Vondra
Date: 02 May 2020, 16:34:55
Subject: pgsql: Remove pg_xact from pg_stat_reset_slru docs

From: Peter Geoghegan
Date: 03 May 2020, 00:04:47
Subject: pgsql: Refactor btvacuumpage().

pgsql: Fix GSS client to non-GSS server connection - Mailing list pgsql-committers

Previous

Next