If the client supports ALPN but tries to use some other protocol, like HTTPS, reject the connection in the server. That is surely a confusion of some sort. Furthermore, the ALPN RFC 7301 says: > In the event that the server supports no protocols that the client > advertises, then the server SHALL respond with a fatal > "no_application_protocol" alert. This commit makes the server follow that advice. In the client, specifically check for the OpenSSL error code for the "no_application_protocol" alert. Otherwise you got a cryptic "SSL error: SSL error code 167773280" error if you tried to connect to a non-PostgreSQL server that rejects the connection with "no_application_protocol". ERR_reason_error_string() returns NULL for that code, which frankly seems like an OpenSSL bug to me, but we can easily print a better message ourselves. Reported-by: Jacob Champion Discussion: https://www.postgresql.org/message-id/6aedcaa5-60f3-49af-a857-2c76ba55a1f3@iki.fi |
||
---|---|---|
.. | ||
po | ||
t | ||
test | ||
.gitignore | ||
Makefile | ||
README | ||
exports.txt | ||
fe-auth-sasl.h | ||
fe-auth-scram.c | ||
fe-auth.c | ||
fe-auth.h | ||
fe-cancel.c | ||
fe-connect.c | ||
fe-exec.c | ||
fe-gssapi-common.c | ||
fe-gssapi-common.h | ||
fe-lobj.c | ||
fe-misc.c | ||
fe-print.c | ||
fe-protocol3.c | ||
fe-secure-common.c | ||
fe-secure-common.h | ||
fe-secure-gssapi.c | ||
fe-secure-openssl.c | ||
fe-secure.c | ||
fe-trace.c | ||
legacy-pqsignal.c | ||
libpq-events.c | ||
libpq-events.h | ||
libpq-fe.h | ||
libpq-int.h | ||
meson.build | ||
nls.mk | ||
pg_service.conf.sample | ||
pqexpbuffer.c | ||
pqexpbuffer.h | ||
pthread-win32.c | ||
win32.c | ||
win32.h |
README
src/interfaces/libpq/README This directory contains the C version of Libpq, the POSTGRES frontend library.