Re: [PATCH v2] GSSAPI encryption support

Jeff Janes <jeff(dot)janes(at)gmail(dot)com> writes:

> On Tue, Sep 29, 2015 at 7:53 AM, Robbie Harwood <rharwood(at)redhat(dot)com> wrote:
>> Robbie Harwood <rharwood(at)redhat(dot)com> writes:
>>
>>>>>> Michael Paquier <michael(dot)paquier(at)gmail(dot)com> writes:
>>>>>>
>>>>>>> Well, the issue is still here: login through gssapi fails with
>>>>>>> your patch, not with HEAD. This patch is next on my review list by
>>>>>>> the way so I'll see what I can do about it soon even if I am in
>>>>>>> the US for Postgres Open next week. Still, how did you test it? I
>>>>>>> am just creating by myself a KDC, setting up a valid credential
>>>>>>> with kinit, and after setting up Postgres for this purpose the
>>>>>>> protocol communication just fails.
>>>
>>> I have no issues, no sync loss; nothing is amiss as far as I can see.
>>> If there is actually a problem here, I need more information from you.
>>> At the very least, as previously mentioned, I need to know what
>>> messages went over the wire to/from the server before it occurred, and
>>> what command (if it it made it to command processing) it was in the
>>> midst of sending.
>>
>> Any follow-up on this? I'd really like my code to be bug-free.
>
> I don't know if this is worth posting as the patch is currently
> returned with feedback and you are redoing it in a different way, but
> with your patch I get this error when connecting:
>
> lost synchronization with server: got message type "T", length 27
> The connection to the server was lost. Attempting reset: Failed.
>
> I only get the error when connection to a patched server from a
> patched libpq. If either is unpatched, then there is no problem.
>
> Let me know if this is worth looking into.

Definitely good to know, and I appreciate your testing. It's probably
not worth looking into right now, but please do test the next version of
the code as well.

Thanks!
--Robbie