Here's an interesting scenario I happened across recently.

If you have a single line in the pg_hba.conf:

hostssl all all md5

Attempting to log in with an incorrect password results in an
error message about there not being a pg_hba.conf entry for the

Reading carefully, the error message states that there's no
pg_hba.conf for the user with **ssl off**.

What I believe is happening, is that the pg connection libs
first try to connect via ssl and get a password failed error,
then fallback to trying to connect without ssl, and get a "no
pg_hba.conf entry" error. The problem is that the second error
masks the first one, hiding the real cause of the connection
failure, and causing a lot of confusion.

If we could keep both errors and report them both, I feel like
it would be an improvement to our client library behavior.

Bill Moran

Sent via pgsql-hackers mailing list (
To make changes to your subscription:

Reply via email to