Re: [PATCH v3] GSSAPI encryption support

On Tue, Oct 20, 2015 at 3:01 AM, Robbie Harwood wrote:
> Stephen Frost <sfrost@snowman.net> writes:
>> psql: lost synchronization with server: got message type "S", length 22
>
> which unfortunately could be a great many things.  I've said this a
> couple times now, but I really do need more information - a traffic
> dump, a list of commands that were run, etc.; unfortunately, the surface
> here is pretty large, and while I totally am willing to believe there
> are bugs in the code I've written, I do not yet see them.

--- a/src/interfaces/libpq/fe-protocol3.c
+++ b/src/interfaces/libpq/fe-protocol3.c
@@ -129,6 +129,58 @@ pqParseInput3(PGconn *conn)                       return;               }

+#ifdef ENABLE_GSS
+               /* We want to be ready in both IDLE and BUSY states
for encryption */
+               if (id == 'g' && !conn->gss_disable_enc && conn->gctx)
+               {
+                       ssize_t encEnd, next;
[...]
+               }
+               else if (!conn->gss_disable_enc && conn->gss_auth_done &&
+                                !conn->gss_decrypted_cur && id != 'E')
+                       /* This could be a sync error, so let's handle
it as such. */
+                       handleSyncLoss(conn, id, msgLength);
+#endif

Hm. The out-of-sync error I am seeing in my environment is caused by
this block when parsing 'g' messages coming from the backend that are
considered as being GSSAPI-encrypted messages. I am still looking at
that...
-- 
Michael