| From: | Stephen Frost <sfrost(at)snowman(dot)net> |
|---|---|
| To: | pgsql-committers(at)lists(dot)postgresql(dot)org |
| Subject: | pgsql: Fix GSS client to non-GSS server connection |
| Date: | 2020-05-02 15:40:43 |
| Message-ID: | E1jUuFv-000464-9j@gemulon.postgresql.org |
| Views: | Raw Message | Whole Thread | Download mbox | Resend email |
| Thread: | |
| Lists: | pgsql-committers |
Fix GSS client to non-GSS server connection
If the client is compiled with GSSAPI support and tries to start up GSS
with the server, but the server is not compiled with GSSAPI support, we
would mistakenly end up falling through to call ProcessStartupPacket
with secure_done = true, but the client might then try to perform SSL,
which the backend wouldn't understand and we'd end up failing the
connection with:
FATAL: unsupported frontend protocol 1234.5679: server supports 2.0 to 3.0
Fix by arranging to track ssl_done independently from gss_done, instead
of trying to use the same boolean for both.
Author: Andrew Gierth
Discussion: https://postgr.es/m/87h82kzwqn.fsf@news-spur.riddles.org.uk
Backpatch: 12-, where GSSAPI encryption was added.
Branch
------
REL_12_STABLE
Details
-------
https://git.postgresql.org/pg/commitdiff/79e594cf04754d55196d2ce54fc869ccad5fa9c3
Modified Files
--------------
src/backend/postmaster/postmaster.c | 37 ++++++++++++++++++++++++-------------
1 file changed, 24 insertions(+), 13 deletions(-)
| From | Date | Subject | |
|---|---|---|---|
| Next Message | Peter Geoghegan | 2020-05-02 21:04:47 | pgsql: Refactor btvacuumpage(). |
| Previous Message | Tomas Vondra | 2020-05-02 13:34:55 | pgsql: Remove superfluous memset from pgstat_recv_resetslrucounter |