Movatterモバイル変換

[0]ホーム
URL:

Skip to content

Navigation Menu

Sign in
Appearance settings

Search code, repositories, users, issues, pull requests...

Provide feedback

We read every piece of feedback, and take your input very seriously.

Saved searches

Use saved searches to filter your results more quickly

 Sign up
Appearance settings

Commit705843d

Browse files
committed
Enhance libpq encryption negotiation tests with new GUC
The new "log_connection_negotiation" server option causes the serverto print messages to the log when it receives a SSLRequest orGSSENCRequest packet from the client. Together with "log_connections",it gives a trace of how a connection and encryption isnegotiatated. Use the option in the libpq_encryption test, to verifyin more detail how libpq negotiates encryption with differentgssencmode and sslmode options.This revealed a couple of cases where libpq retries encryption orauthentication, when it should already know that it cannot succeed. Imarked them with XXX comments in the test tables. They only happenwhen the connection was going to fail anyway, and only with rarecombinations of options, so they're not serious.Discussion:https://www.postgresql.org/message-id/CAEze2Wja8VUoZygCepwUeiCrWa4jP316k0mvJrOW4PFmWP0Tcw@mail.gmail.com
1 parent20f9b61 commit705843d

File tree

3 files changed

+255
-159
lines changed

3 files changed

+255
-159
lines changed

‎src/backend/tcop/backend_startup.c

Lines changed: 23 additions & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -37,6 +37,9 @@
3737
#include"utils/ps_status.h"
3838
#include"utils/timeout.h"
3939

40+
/* GUCs */
41+
boolTrace_connection_negotiation= false;
42+
4043
staticvoidBackendInitialize(ClientSocket*client_sock,CAC_statecac);
4144
staticintProcessStartupPacket(Port*port,boolssl_done,boolgss_done);
4245
staticvoidSendNegotiateProtocolVersion(List*unrecognized_protocol_options);
@@ -474,6 +477,16 @@ ProcessStartupPacket(Port *port, bool ssl_done, bool gss_done)
474477
SSLok='N';/* No support for SSL */
475478
#endif
476479

480+
if (Trace_connection_negotiation)
481+
{
482+
if (SSLok=='S')
483+
ereport(LOG,
484+
(errmsg("SSLRequest accepted")));
485+
else
486+
ereport(LOG,
487+
(errmsg("SSLRequest rejected")));
488+
}
489+
477490
retry1:
478491
if (send(port->sock,&SSLok,1,0)!=1)
479492
{
@@ -519,6 +532,16 @@ ProcessStartupPacket(Port *port, bool ssl_done, bool gss_done)
519532
GSSok='G';
520533
#endif
521534

535+
if (Trace_connection_negotiation)
536+
{
537+
if (GSSok=='G')
538+
ereport(LOG,
539+
(errmsg("GSSENCRequest accepted")));
540+
else
541+
ereport(LOG,
542+
(errmsg("GSSENCRequest rejected")));
543+
}
544+
522545
while (send(port->sock,&GSSok,1,0)!=1)
523546
{
524547
if (errno==EINTR)

‎src/backend/utils/misc/guc_tables.c

Lines changed: 11 additions & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -96,6 +96,7 @@
9696

9797
/* XXX these should appear in other modules' header files */
9898
externboolLog_disconnections;
99+
externboolTrace_connection_negotiation;
99100
externintCommitDelay;
100101
externintCommitSiblings;
101102
externchar*default_tablespace;
@@ -1224,6 +1225,16 @@ struct config_bool ConfigureNamesBool[] =
12241225
false,
12251226
NULL,NULL,NULL
12261227
},
1228+
{
1229+
{"trace_connection_negotiation",PGC_POSTMASTER,DEVELOPER_OPTIONS,
1230+
gettext_noop("Log details of pre-authentication connection handshake."),
1231+
NULL,
1232+
GUC_NOT_IN_SAMPLE
1233+
},
1234+
&Trace_connection_negotiation,
1235+
false,
1236+
NULL,NULL,NULL
1237+
},
12271238
{
12281239
{"log_disconnections",PGC_SU_BACKEND,LOGGING_WHAT,
12291240
gettext_noop("Logs end of a session, including duration."),

0 commit comments

Comments
 (0)
[8]ページ先頭
©2009-2025 Movatter.jp