Обсуждение: expected authentication request from server, but received H
One of our users reports getting the error message "expected authentication request from server, but received H" when trying to connect to the database. I have confirmed that they do indeed connect to the database and not some other service and in Wireshark it looks like the TLS handshake succeeds. Server is PostgreSQL 15.7 (Ubuntu 15.7-1.pgdg22.04+1) I haven't been able to find out what client version they are using yet, but I suspect it's quite old. We've been on 15.x for quite a while now and it did work until at least a month ago, so I wouldn't expect an incompatible protocol change, however, I think the upgrade from 15.6 to 15.7 was just last week, so maybe something changed between these minor versions? I'm especially intrigued by "received H". According to https://www.postgresql.org/docs/current/protocol-message-formats.html Byte1('H') could mark a Copy Out response or a Flush command. Both don't make sense in that context. hp -- _ | Peter J. Holzer | Story must make more sense than reality. |_|_) | | | | | hjp@hjp.at | -- Charles Stross, "Creative writing __/ | http://www.hjp.at/ | challenge!"
Вложения
"Peter J. Holzer" <hjp-pgsql@hjp.at> writes: > One of our users reports getting the error message > "expected authentication request from server, but received H" > when trying to connect to the database. That's very bizarre, and I don't recall any similar reports in the recent past. > Server is PostgreSQL 15.7 (Ubuntu 15.7-1.pgdg22.04+1) > I haven't been able to find out what client version they are using yet, > but I suspect it's quite old. It would definitely be interesting to find out what the client-side code is, including the openssl version being used. > We've been on 15.x for quite a while now and it did work until at least > a month ago, so I wouldn't expect an incompatible protocol change, > however, I think the upgrade from 15.6 to 15.7 was just last week, so > maybe something changed between these minor versions? A look at the release notes doesn't suggest that anything was changed in that area. But I wonder if your new build could differ in some other relevant way, such as being linked to a newer openssl version. > I'm especially intrigued by "received H". According to > https://www.postgresql.org/docs/current/protocol-message-formats.html > Byte1('H') could mark a Copy Out response or a Flush command. Both don't > make sense in that context. Yeah, that couldn't be a valid message type byte here. I guess that either (a) the TLS stuff is going wrong and delivering garbage data, or (b) libpq is somehow out of sync with the server, such that it's taking a data byte as a message type byte. I found a description of an ancient instance of (b) here: https://www.postgresql.org/message-id/flat/CAAZKuFaxdPccCs9%2B2hTbMM5iwPZP6C494sAVz6qZhOPcYSGkTQ%40mail.gmail.com Of course we fixed that a dozen years ago, and anyway that particular problem required a server that is in dire straits. regards, tom lane
On 2024-05-23 17:23:14 -0400, Tom Lane wrote: > "Peter J. Holzer" <hjp-pgsql@hjp.at> writes: > > One of our users reports getting the error message > > "expected authentication request from server, but received H" > > when trying to connect to the database. > > That's very bizarre, and I don't recall any similar reports in the > recent past. > > > Server is PostgreSQL 15.7 (Ubuntu 15.7-1.pgdg22.04+1) > > I haven't been able to find out what client version they are using yet, > > but I suspect it's quite old. > > It would definitely be interesting to find out what the client-side > code is, including the openssl version being used. They have psqlODBC 9.3 and 13.2 on a 64-bit Windows platform (probably Windows 10). The problem occurs with both. I tried to replicate it with psqlODBC 13.0 and couldn't. OpenSSL is bundled with psqlODBC, AFAICS. For 13.0 that would be 1.1.1.8 (hmm, that doesn't look like an OpenSSL version. Would that be 1.1.1h in Linux terms?). But the fact that it happens with two very different versions but I can't replicate it with one in between (and quite close to one of them) makes it unlikely (IMHO) to be just version related. There must be something else going on. I've asked them (their IT department, not the user) to try to disable any anti-virus software. That's a bit of a reach, but always a possibility if something behaves weirdly on Windows. hp -- _ | Peter J. Holzer | Story must make more sense than reality. |_|_) | | | | | hjp@hjp.at | -- Charles Stross, "Creative writing __/ | http://www.hjp.at/ | challenge!"
Вложения
On 5/27/24 14:19, Peter J. Holzer wrote: > On 2024-05-23 17:23:14 -0400, Tom Lane wrote: >> "Peter J. Holzer" <hjp-pgsql@hjp.at> writes: >>> One of our users reports getting the error message >>> "expected authentication request from server, but received H" >>> when trying to connect to the database. >> >> That's very bizarre, and I don't recall any similar reports in the >> recent past. >> >>> Server is PostgreSQL 15.7 (Ubuntu 15.7-1.pgdg22.04+1) >>> I haven't been able to find out what client version they are using yet, >>> but I suspect it's quite old. >> >> It would definitely be interesting to find out what the client-side >> code is, including the openssl version being used. > > They have psqlODBC 9.3 and 13.2 on a 64-bit Windows platform (probably > Windows 10). The problem occurs with both. I tried to replicate it with > psqlODBC 13.0 and couldn't. Just to be clear that is 9.03 and 13.02. > > OpenSSL is bundled with psqlODBC, AFAICS. For 13.0 that would be 1.1.1.8 > (hmm, that doesn't look like an OpenSSL version. Would that be 1.1.1h in > Linux terms?). But the fact that it happens with two very different > versions but I can't replicate it with one in between (and quite close The only thing I could find that relates to SSL directly in the move from 13.00 --> 13.02 is: https://github.com/postgresql-interfaces/psqlodbc/commit/4eaa430e3ef06162a5655dc7baff9be40f2e1cce Which happened at 13.01. > to one of them) makes it unlikely (IMHO) to be just version related. > There must be something else going on. I've asked them (their IT > department, not the user) to try to disable any anti-virus software. > That's a bit of a reach, but always a possibility if something behaves > weirdly on Windows. > > hp > -- Adrian Klaver adrian.klaver@aklaver.com