Dear hackers, a long-standing issue reported by users of the Npgsql .NET driver for PostgreSQL may have its roots on the PostgreSQL side. I'm far from being an SSL/OpenSSL expert so please be patient if the terms/analysis are incorrect.
When trying to connect with Npgsql to PostgreSQL with client authentication (PG has ssl_ca_file set), the first connection works just fine. The second connection, however, fails and the PostgreSQL logs contain the message session id context uninitialized". This occurs when using .NET's default SSL implementation, SslStream, which supports session resumption - the session connection's ClientHello message contains a session ticket from the first session, triggering the issue.
From some research, it seems that for session resumption/reuse to work, the SSL/TLS server must call SSL_CTX_set_session_id_context/and SSL_set_session_id_context with some arbitrary binary data, to distinguish between contexts/applications. A grep in the PostgreSQL source for "set_session_id_context" doesn't yield anything.
Can someone with more knowledge confirm whether an issue exists on the PostgreSQL side? If so, it seems completely trivial to fix this.
Thanks,
Shay