[pgpool-committers: 7176] pgpool: Deal with GSSAPI encrypted connection request from frontend.

Tatsuo Ishii ishii at sraoss.co.jp
Sat Oct 3 09:29:09 JST 2020


Deal with GSSAPI encrypted connection request from frontend.

If GSSAPI connection request comes from frontend, Pgpool-II responded
in inappropriate way.  For example,

psql: error: could not connect to server: server closed the connection unexpectedly
This probably means the server terminated abnormally
before or while processing the request.

or even:
FATAL:  client authentication failed
DETAIL:  no pool_hba.conf entry for host "x.x.x.x", user "", database "", SSL off
(https://www.pgpool.net/pipermail/pgpool-general/2020-September/007353.html)

With this commit Pgpool-II responds better. i.e. replies back to
frontend with "we don't support GSSAPI" and expects that the frontend
falls back to SSL connection (if frontend's param: gssencmode=prefer
(default) and SSL is configure when Pgpool-II was built) or fals back
to non-SSL connection.

Patch by me, reviewed and tested by Umar Hayat.

Branch
------
V4_0_STABLE

Details
-------
https://git.postgresql.org/gitweb?p=pgpool2.git;a=commitdiff;h=db31d2c5fc35cc06e4d0be093f13219f0cc6f19d

Modified Files
--------------
src/protocol/child.c | 14 ++++++++++++++
1 file changed, 14 insertions(+)



More information about the pgpool-committers mailing list