On Wed, Jul 16, 2025 at 11:50 AM Jacob Champion <jacob.champ...@enterprisedb.com> wrote: > On Wed, Jul 16, 2025 at 11:11 AM Andres Freund <and...@anarazel.de> wrote: > > Do you have a WIP patch? > > I'm working on one now.
The attached still needs some documentation work, and closer inspection of the new assertions and OpenSSL error handling, but I think it's good enough to get my intent across. 0001 is a fix for pqWait+gssencmode, which is hopefully the easier of the two to review/backport. The current behavior for GSS is, IMO, an obvious oversight. 0002 adds drain semantics at the end of pqReadData(). If we were writing this from scratch, it wouldn't look like this: there's no point in having the transport layer split data off into an undersized conn->inBuffer if we're just going to come right back and drain it all anyway. But I'm hoping this is easier to reason about and verify, compared to a bigger rewrite. I've renamed the existing pgtls_read_pending() to pgtls_read_is_pending(), to try to disambiguate it from the new *_drain_pending() APIs, but I'm not particularly attached to my choice of names. Thanks, --Jacob
0001-WIP-extend-TLS-read-pending-concept-to-GSS-too.patch
Description: Binary data
0002-WIP-add-a-drain-pending-concept-to-SSL-GSS.patch
Description: Binary data
