> On 4. Dec 2019, at 06:24, Stephen Frost <[email protected]> wrote: > > Greetings, > > * Andrew Gierth ([email protected]) wrote: >>>>>>> "Peter" == Peter Eisentraut <[email protected]> writes: >> >>>> It seems to me that this is a bug in ProcessStartupPacket, which >>>> should accept both GSS or SSL negotiation requests on a connection >>>> (in either order). Maybe secure_done should be two flags rather than >>>> one? >> >> Peter> I have also seen reports of that. I think your analysis is >> Peter> correct. >> >> I figure something along these lines for the fix. Anyone in a position >> to test this? > > At least at first blush, I tend to agree with your analysis and patch.
I agree with the patch, but this also needs to be fixed on the client side. Otherwise libpq won't be able to connect to older servers. I'm attaching a proposed second patch to detect the error on the client side and reconnect to this message. This patch was first submitted as a separate thread here: https://www.postgresql.org/message-id/[email protected] Jakob
0002-libpq-Retry-after-failed-ssl-gss-negotiation.patch
Description: Binary data
