|From:||Robbie Harwood <rharwood(at)redhat(dot)com>|
|Cc:||David Steele <david(at)pgmasters(dot)net>, Michael Paquier <michael(dot)paquier(at)gmail(dot)com>|
|Subject:||[PATCH v6] GSSAPI encryption support|
|Views:||Raw Message | Whole Thread | Download mbox|
Here's yet another version of GSSAPI encryption support. It's also
available for viewing on my github:
Let me hit the highlights of this time around:
- Fallback code is back! It's almost unchanged from early versions of
this patchset. Corresponding doc changes for this and the next item
are of course included.
- Minor protocol change. I did not realize that connection parameters
were not read until after auth was complete, which means that in this
version I go back to sending the AUTH_REQ_OK in the clear. Though I
found this initially irritating since it required re-working the
should_crypto conditions, it ends up being a net positive since I can
trade a library call for a couple variables.
- Client buffer flush on completion of authentication. This should
prevent the issue with the client getting unexpected message type of
NUL due to encrypted data not getting decrypted. I continue to be
unable to replicate this issue, but since the codepath triggers in the
"no data buffered case" all the math is sound. (Famous last words I'm
- Code motion is its own patch. This was requested and hopefully
clarifies what's going on.
- Some GSSAPI authentication fixes have been applied. I've been staring
at this code too long now and writing this made me feel better. If it
should be a separate change that's fine and easy to do.
|Next Message||Robert Haas||2016-03-08 22:45:58||fun with "Ready for Committer" patches|
|Previous Message||Oleg Bartunov||2016-03-08 22:30:10||Re: SP-GiST support for inet datatypes|