Обсуждение: BUG #14432: sslmode=allow causing authentication to time out
VGhlIGZvbGxvd2luZyBidWcgaGFzIGJlZW4gbG9nZ2VkIG9uIHRoZSB3ZWJz aXRlOgoKQnVnIHJlZmVyZW5jZTogICAgICAxNDQzMgpMb2dnZWQgYnk6ICAg ICAgICAgIEFubnVuemlhdG8gVG9jY2kKRW1haWwgYWRkcmVzczogICAgICBu dW56aW90b2NjaTIwMDBAZ21haWwuY29tClBvc3RncmVTUUwgdmVyc2lvbjog OS42LjEKT3BlcmF0aW5nIHN5c3RlbTogICBGZWRvcmEgMjQsIDY0LWJpdApE ZXNjcmlwdGlvbjogICAgICAgIAoKSSBoYXZlIGEgcHJvamVjdCB0aGF0IGV4 cG9zZXMgYSBkYXRhYmFzZSB3aXRoIGFuIEFQSSwgYW5kIG15IHRlc3Qgc3Vp dGVzCmhhdmUgYSBwcm9ibGVtDQoNCkkgc2VuZCAxMDAgbG9naW4gcmVxdWVz dHMgdG8gUG9zdGdyZVNRTCwgYW5kIDItMyBvZiB0aGVtIGNvbWUgYmFjayAy IG1pbnV0ZXMKbGF0ZXIgc2F5aW5nICJzZXJ2ZXIgY2xvc2VkIHRoZSBjb25u ZWN0aW9uIHVuZXhwZWN0ZWRseSIsIGFuZCB0aGUgc2VydmVyCmxvZ3Mgc2F5 ICJjYW5jZWxpbmcgYXV0aGVudGljYXRpb24gZHVlIHRvIHRpbWVvdXQiLg0K DQpJdCBpcyByZXByb2R1Y2libGUgb24gTGludXggc3lzdGVtcywgYnV0IEkg aGF2ZW4ndCB5ZXQgdGVzdGVkIDkuNiBvbiBtYWNPUwpvciBXaW5kb3dzIDEw Lg0KDQpJIHRyYWNrZWQgaXQgZG93biB0byBzc2xtb2RlPWFsbG93LiBUaGUg YmVsb3cgc2NyaXB0IHJlcHJvZHVjZXMgdGhlCnByb2JsZW0uDQoNCiMgdGhp cyBvbmx5IHNheXMgInRvbyBtYW55IGNsaWVudHMiDQokIC4vdGVzdC5zaCBk aXNhYmxlIA0KDQojIHRoaXMgc2F5cyAidG9vIG1hbnkgY2xpZW50cyIsIGlu dGVyc3BlcnNlZCB3aXRoICJzZXJ2ZXIgY2xvc2VkIHRoZQpjb25uZWN0aW9u IHVuZXhwZWN0ZWRseSIgZXJyb3JzLCBidXQgdGhlIGxvZ3MgZG9uJ3Qgc2F5 ICJjYW5jZWxpbmcKYXV0aGVudGljYXRpb24gZHVlIHRvIHRpbWVvdXQiDQok IC4vdGVzdC5zaCBhbGxvdw0KDQpJIGJlbGlldmUgaXQgaXMgdGhlIHNhbWUg dW5kZXJseWluZyBwcm9ibGVtLCBidXQgdGhlcmUgYXJlIHNsaWdodGx5CmRp ZmZlcmVudCBlcnJvcnMgYXMgZGVzY3JpYmVkIGFib3ZlLg0KDQpCZWdpbiBz Y3JpcHQ6DQpgYGANCiMhL2Jpbi9zaA0KDQpybSAtcmYgZGF0YV90ZXN0DQoN CmluaXRkYiAtRCBkYXRhX3Rlc3QgLUUgVVRGOCAtVSBwb3N0Z3Jlcw0KZWNo byAidW5peF9zb2NrZXRfZGlyZWN0b3JpZXM9Jy90bXAnIiA+PiBkYXRhX3Rl c3QvcG9zdGdyZXNxbC5jb25mDQoNCnBnX2N0bCBzdGFydCAtRCBkYXRhX3Rl c3QgLW8gIi1wIDU0MzEiDQpzbGVlcCAzDQpwc3FsIC1VIHBvc3RncmVzIC1o IDEyNy4wLjAuMSAtcCA1NDMxIHBvc3RncmVzIC0xYyAiQUxURVIgUk9MRSBw b3N0Z3JlcwpQQVNTV09SRCAncGFzc3dvcmQnOyINCnBnX2N0bCBzdG9wIC1E IGRhdGFfdGVzdA0KDQpjcCBkYXRhX3Rlc3QvcGdfaGJhLmNvbmYgZGF0YV90 ZXN0L3BnX2hiYS5iYWsNCnNlZCAtZSAnL3RydXN0L3MvMzIgICAgICAgICAg ICB0cnVzdC8zMiAgICAgICAgICAgIG1kNS9nJyA8CmRhdGFfdGVzdC9wZ19o YmEuYmFrID4gZGF0YV90ZXN0L3BnX2hiYS5jb25mDQplY2hvICJob3N0ICAg IGFsbCAgICAgICAgICAgICBhbGwgICAgICAgICAgICAgMTkyLjE2OC4wLjAv MTYgICAgICAgICAgICBtZDUiCj4+IGRhdGFfdGVzdC9wZ19oYmEuY29uZg0K DQpwZ19jdGwgc3RhcnQgLUQgZGF0YV90ZXN0IC1vICItcCA1NDMxIC1OIDEw MDAiDQpzbGVlcCAzDQpwaWRzPSIiDQplY2hvICIxMjcuMC4wLjE6NTQzMTpw b3N0Z3Jlczpwb3N0Z3JlczpwYXNzd29yZCIgPiAuL3BncGFzcw0KY2htb2Qg MDYwMCAuL3BncGFzcw0KZXhwb3J0IFBHUEFTU0ZJTEU9Ii4vcGdwYXNzIg0K Zm9yIGkgaW4gYHNlcSAxIDEwMDAwYDsgZG8NCgkjZWNobyAibG9vcCAkaSIN Cglwc3FsICJob3N0PTEyNy4wLjAuMSBkYm5hbWU9cG9zdGdyZXMgcG9ydD01 NDMxIHNzbG1vZGU9IiQxIiB1c2VyPXBvc3RncmVzIgotMWMgIlNFTEVDVCAn dGVzdCcsIHBnX3NsZWVwKDUpOyIgPiAvZGV2L251bGwgJg0KCXBpZHM9IiRw aWRzICQhIg0KZG9uZQ0Kd2FpdCAkcGlkcw0KcGdfY3RsIHN0b3AgLUQgZGF0 YV90ZXN0DQpgYGAKCg==
nunziotocci2000@gmail.com writes: > I send 100 login requests to PostgreSQL, and 2-3 of them come back 2 minutes > later saying "server closed the connection unexpectedly", and the server > logs say "canceling authentication due to timeout". FWIW, I couldn't reproduce this (using RHEL6, don't have a Fedora installation at the moment). > I tracked it down to sslmode=allow. The below script reproduces the > problem. Since you haven't done anything to enable SSL in your test server, sslmode=allow shouldn't have any effect except to allow libpq to retry a failed connection attempt one time. libpq is pretty simple-minded about that and will retry no matter what the specific error report is, in particular it would do so for "too many clients". So basically this ought to just increase the number of "too many clients" failures you get. I wonder whether you are running into kernel resource limits like number of processes or number of open files. I was able to get some "fork failed: Resource temporarily unavailable" type errors if I pushed max_connections high enough, but no unexpected behavior. regards, tom lane