Re: [PATCH v3] GSSAPI encryption support

On Tue, Oct 20, 2015 at 3:01 AM, Robbie Harwood wrote:
> Stephen Frost <sfrost(at)snowman(dot)net> writes:
>> psql: lost synchronization with server: got message type "S", length 22
>
> which unfortunately could be a great many things. I've said this a
> couple times now, but I really do need more information - a traffic
> dump, a list of commands that were run, etc.; unfortunately, the surface
> here is pretty large, and while I totally am willing to believe there
> are bugs in the code I've written, I do not yet see them.

--- a/src/interfaces/libpq/fe-protocol3.c
+++ b/src/interfaces/libpq/fe-protocol3.c
@@ -129,6 +129,58 @@ pqParseInput3(PGconn *conn)
return;
}

+#ifdef ENABLE_GSS
+ /* We want to be ready in both IDLE and BUSY states
for encryption */
+ if (id == 'g' && !conn->gss_disable_enc && conn->gctx)
+ {
+ ssize_t encEnd, next;
[...]
+ }
+ else if (!conn->gss_disable_enc && conn->gss_auth_done &&
+ !conn->gss_decrypted_cur && id != 'E')
+ /* This could be a sync error, so let's handle
it as such. */
+ handleSyncLoss(conn, id, msgLength);
+#endif

Hm. The out-of-sync error I am seeing in my environment is caused by
this block when parsing 'g' messages coming from the backend that are
considered as being GSSAPI-encrypted messages. I am still looking at
that...
--
Michael