Re: pgsql: With gssencmode='require', check credential cache before connect

At Tue, 9 Apr 2024 08:14:53 +0300, Heikki Linnakangas <hlinnaka(at)iki(dot)fi> wrote in
> On 09/04/2024 04:46, Kyotaro Horiguchi wrote:
> > Hello.
> > At Sun, 07 Apr 2024 23:50:08 +0000, Heikki Linnakangas
> > <heikki(dot)linnakangas(at)iki(dot)fi> wrote in
> >> With gssencmode='require', check credential cache before connecting
> > This commit adds the following error message (indentations are
> > adjusted):
> > + libpq_append_conn_error(conn,
> > + "GSSAPI encryption required but it is not supported over a local
> > socket)");
> > The closing parenthesis at the end of the message seems to be a
> > leftover from editing.
>
> Fixed, thanks!
>
> > About the following message:
> > + libpq_append_conn_error(conn, "could not set ssl alpn extension:
> > %s", err);
> > I'm not sure about the policy for writing acronyms in lowercase, but
> > other occurrences of ALPN (in backend code) seem to be written in
> > uppercase.
>
> Changed to uppercase. I also changed "ssl" to uppercase, for
> consistency with the "could not set SSL Server Name Indication (SNI)"
> message earlier.

(I didn't consider SSL..)

> To be even more consistent, we should perhaps spell out "SSL
> Application-Layer Protocol Negotiation (ALPN)", but that's pretty long
> and I don't think it really helps the user. It really should not fail,
> and there isn't anything the user can really do if that fails. Anyone
> who doesn't already know what ALPN is will need to google it anyway.

I think so, too.

regards.

--
Kyotaro Horiguchi
NTT Open Source Software Center