On Thu, Mar 5, 2026 at 12:11 PM Zsolt Parragi <[email protected]> wrote: > Attached v6 with the problematic log expectation removed.
Okay, I was doing some final pre-commit review today and... unfortunately, using STATUS_EOF like my "TODO" suggested breaks our de facto SASL profile. The server hasn't completed its side of the exchange until it sends either [AuthenticationSASLFinal+]AuthenticationOk or ErrorResponse. Since STATUS_EOF suppresses not only the log message but the entire ereport(FATAL), we'll never send that last packet, so a more polite client can't tell whether the server finished the exchange or just crashed. v6 doesn't fail any tests because of a shortcut I took in PQconnectPoll() in libpq, which skips reading the final message from a known-doomed OAuth discovery connection. But you can see it if you apply the attached patch. (It's not a correct patch; it just shows the problem.) I'm experimenting with an ereport(FATAL_CLIENT_ONLY) option, in the same vein as WARNING_CLIENT_ONLY, to try to cover this. --Jacob P.S. I would eventually like to record our undocumented SASL profile in a test suite (he said, staring at pg-pytest)...
nocfbot.polite.diff
Description: Binary data
