You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
To initiate an SSL-encrypted connection, the frontend initially sends an SSLRequest message rather than a StartupMessage. The server then responds with a single byte containing S or N, indicating that it is willing or unwilling to perform SSL, respectively.
My understanding of the issue is therefore:
Proxy listens for a message to the backend p.backend.ReceiveStartupMessage().
Backend gets startup message, determines it's a SSLRequest and forward it to the frontend (PG Server). p.frontend.Send(msg)
Proxy listens for a message from the frontend p.frontend.Receive()
PG Server sends a 1 byte message S
Proxy continues to listen because Receive() calls header, err := f.cr.Next(5) i.e. it waits for 5 bytes to be received and it has only received 1 byte.
Step 5 being the problem.
Questions:
Is this library supposed to support SSL connections?
If yes, am I correct in my understanding that it's currently broken?
if yes, should I try to fix it and send you a PR? Any thoughts on how you would prefer I do this? (can't guarantee I will be successful)
The text was updated successfully, but these errors were encountered:
pgproto3 has support for TLS (see ssl_request), but pgmockproxy is not handling the SSLRequest.
Since pgmockproxy is just a simple testing proxy, you could connect with sslmode=disable. If you would like to add TLS support for the proxy, you would need to determine the type of message returned by ReceiveStartupMessage() and handle it appropriately, e.g. returning S or N and setting up a TLS conn. HTH.
@yulicrunchy thank you 馃檹 in retrospect it's funny this didn't occur to me. Naturally I would have to do TLS termination in the proxy to be able to read the queries the user is sending 馃う
I guess I wonder how I will set up a TLS connection to the remote though because of the f.cr.Next(5) though?
Hi 馃憢,
Sorry if this question has an obvious answer. I have no experience with GO nor the PG wire protocol.
But I've had some trouble running https://github.com/jackc/pgmock/tree/master/pgmockproxy and think I've figured out why.
Behaviour:
Debugging:
I found the following in the PG docs:
My understanding of the issue is therefore:
p.backend.ReceiveStartupMessage()
.p.frontend.Send(msg)
p.frontend.Receive()
header, err := f.cr.Next(5)
i.e. it waits for 5 bytes to be received and it has only received 1 byte.Step 5 being the problem.
Questions:
The text was updated successfully, but these errors were encountered: