Hi,
Yes, libpq patch solved our problem.
Before patch:
psql -h myserver -U myuser -d postgres
psql: error: FATAL: no pg_hba.conf entry for host "ip", user "myuser", database "postgres", SSL off
FATAL: no pg_hba.conf entry for host "ip", user "myuser", database "postgres", SSL off
With patched libpq:
$ psql -h myserver -U myuser -d postgres
Password for user myuser:
psql (13.1)
SSL connection (protocol: TLSv1.3, cipher: TLS_AES_256_GCM_SHA384, bits: 256, compression: off)
Type "help" for help.
postgres=>
Best regards,
Peter Svensson, SMHI
Från: Tom Lane <tgl@sss.pgh.pa.us>
Skickat: den 26 december 2020 23:06
Till: Stephen Frost
Kopia: Gustavsson Mikael; Magnus Hagander; Kyotaro Horiguchi; pgsql-general@postgresql.org; Svensson Peter
Ämne: Re: Problem with ssl and psql in Postgresql 13
Here's a draft patch for the libpq-side issues. The core of the
fix is to get rid of pqsecure_open_gss's clearing of allow_ssl_try,
and instead check whether GSS encryption is already enabled before
we try to enable SSL. While I was at it I also fixed the places
where we drop an attempted GSS connection: they should set
need_new_connection = true rather than incompletely doing it for
themselves. Notably that coding misses resetting auth_req_received
and password_needed; the consequences of that are minor but not zero.
There are things to fix on the server side, and the documentation
needs work, but this should be enough to solve Mikael's problem
if he's in a position to apply the patch locally.
regards, tom lane