diff options
| author | Heikki Linnakangas | 2024-04-07 23:49:37 +0000 |
|---|---|---|
| committer | Heikki Linnakangas | 2024-04-07 23:49:37 +0000 |
| commit | 705843d294d5d3bc5cce4001596df4df5f1c8b59 (patch) | |
| tree | 383337ffbcc0346ee4a084c611d65e8930ceeb8f /src/backend/tcop/backend_startup.c | |
| parent | 20f9b61cc1926775b1ceb25196df942efaf8bdd2 (diff) | |
Enhance libpq encryption negotiation tests with new GUC
The new "log_connection_negotiation" server option causes the server
to print messages to the log when it receives a SSLRequest or
GSSENCRequest packet from the client. Together with "log_connections",
it gives a trace of how a connection and encryption is
negotiatated. Use the option in the libpq_encryption test, to verify
in more detail how libpq negotiates encryption with different
gssencmode and sslmode options.
This revealed a couple of cases where libpq retries encryption or
authentication, when it should already know that it cannot succeed. I
marked them with XXX comments in the test tables. They only happen
when the connection was going to fail anyway, and only with rare
combinations of options, so they're not serious.
Discussion: https://www.postgresql.org/message-id/CAEze2Wja8VUoZygCepwUeiCrWa4jP316k0mvJrOW4PFmWP0Tcw@mail.gmail.com
Diffstat (limited to 'src/backend/tcop/backend_startup.c')
| -rw-r--r-- | src/backend/tcop/backend_startup.c | 23 |
1 files changed, 23 insertions, 0 deletions
diff --git a/src/backend/tcop/backend_startup.c b/src/backend/tcop/backend_startup.c index 0b9f899cd8b..64df3ff32a2 100644 --- a/src/backend/tcop/backend_startup.c +++ b/src/backend/tcop/backend_startup.c @@ -37,6 +37,9 @@ #include "utils/ps_status.h" #include "utils/timeout.h" +/* GUCs */ +bool Trace_connection_negotiation = false; + static void BackendInitialize(ClientSocket *client_sock, CAC_state cac); static int ProcessStartupPacket(Port *port, bool ssl_done, bool gss_done); static void SendNegotiateProtocolVersion(List *unrecognized_protocol_options); @@ -474,6 +477,16 @@ ProcessStartupPacket(Port *port, bool ssl_done, bool gss_done) SSLok = 'N'; /* No support for SSL */ #endif + if (Trace_connection_negotiation) + { + if (SSLok == 'S') + ereport(LOG, + (errmsg("SSLRequest accepted"))); + else + ereport(LOG, + (errmsg("SSLRequest rejected"))); + } + retry1: if (send(port->sock, &SSLok, 1, 0) != 1) { @@ -519,6 +532,16 @@ retry1: GSSok = 'G'; #endif + if (Trace_connection_negotiation) + { + if (GSSok == 'G') + ereport(LOG, + (errmsg("GSSENCRequest accepted"))); + else + ereport(LOG, + (errmsg("GSSENCRequest rejected"))); + } + while (send(port->sock, &GSSok, 1, 0) != 1) { if (errno == EINTR) |