> On 4. Dec 2019, at 06:24, Stephen Frost <sfr...@snowman.net> wrote: > > Greetings, > > * Andrew Gierth (and...@tao11.riddles.org.uk) wrote: >>>>>>> "Peter" == Peter Eisentraut <peter.eisentr...@2ndquadrant.com> writes: >> >>>> It seems to me that this is a bug in ProcessStartupPacket, which >>>> should accept both GSS or SSL negotiation requests on a connection >>>> (in either order). Maybe secure_done should be two flags rather than >>>> one? >> >> Peter> I have also seen reports of that. I think your analysis is >> Peter> correct. >> >> I figure something along these lines for the fix. Anyone in a position >> to test this? > > At least at first blush, I tend to agree with your analysis and patch.
I agree with the patch, but this also needs to be fixed on the client side. Otherwise libpq won't be able to connect to older servers. I'm attaching a proposed second patch to detect the error on the client side and reconnect to this message. This patch was first submitted as a separate thread here: https://www.postgresql.org/message-id/f27eee9d-d04a-4b6b-b1f1-96ea4dd99...@eggerapps.at Jakob
0002-libpq-Retry-after-failed-ssl-gss-negotiation.patch
Description: Binary data
