-
Notifications
You must be signed in to change notification settings - Fork 808
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
connect_timeout is not obeyed for sslmode=allow|prefer #1672
Labels
Comments
I think that would work. |
smaher-edb
added a commit
to smaher-edb/pgconn
that referenced
this issue
Jul 13, 2023
connect_timeout given in conn string was not obeyed if sslmode is not specified or equals sslmode=allow|prefer. It took twice the amount of time specified by connect_timeout in conn string. While this behavior is correct if multi-host is provided in conn string, it doesn't look correct in case of single host. This behavior was also not matching with libpq. Ref: [1672](jackc/pgx#1672)
smaher-edb
added a commit
to smaher-edb/pgx
that referenced
this issue
Jul 13, 2023
connect_timeout given in conn string was not obeyed if sslmode is not specified (default is prefer) or equals sslmode=allow|prefer. It took twice the amount of time specified by connect_timeout in conn string. While this behavior is correct if multi-host is provided in conn string, it doesn't look correct in case of single host. This behavior was also not matching with libpq. The root cause was to implement sslmode=allow|prefer conn are tried twice. First with TLSConfig and if that doesn't work then without TLSConfig. The fix for this issue now uses the same context if same host is being tried out. This change won't affect the existing multi-host behavior. This PR goal is to close issue [jackc/issues/1672](jackc#1672)
jackc
pushed a commit
to jackc/pgconn
that referenced
this issue
Jul 15, 2023
connect_timeout given in conn string was not obeyed if sslmode is not specified or equals sslmode=allow|prefer. It took twice the amount of time specified by connect_timeout in conn string. While this behavior is correct if multi-host is provided in conn string, it doesn't look correct in case of single host. This behavior was also not matching with libpq. Ref: [1672](jackc/pgx#1672)
jackc
pushed a commit
that referenced
this issue
Jul 15, 2023
connect_timeout given in conn string was not obeyed if sslmode is not specified (default is prefer) or equals sslmode=allow|prefer. It took twice the amount of time specified by connect_timeout in conn string. While this behavior is correct if multi-host is provided in conn string, it doesn't look correct in case of single host. This behavior was also not matching with libpq. The root cause was to implement sslmode=allow|prefer conn are tried twice. First with TLSConfig and if that doesn't work then without TLSConfig. The fix for this issue now uses the same context if same host is being tried out. This change won't affect the existing multi-host behavior. This PR goal is to close issue [/issues/1672](#1672)
LGTM - merged both. |
Thanks @jackc. Not sure what is the standard release cycle/date but as we currently need this in |
Just released pgconn |
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
Describe the bug
connect_timeout
given in conn string is not obeyed ifsslmode
is not specified or equalssslmode=allow|prefer
. It takes twice the amount specified byconnect_timeout
in conn string. While this behavior is correct ifmulti-host
is provided in conn string, it doesn't look correct in case of single host. This behavior is also not matching with libpq (example given below).To Reproduce
Steps to reproduce the behavior:
Output
Without
sslmode
it takes4s
instead of2s
.If
sslmode=require
is provided in connection string it correctly takes2s
.Expected behavior
Expectation is to match the behavior of
libpq/psql
.Actual behavior
When connection string has single host and no
sslmode
specified (orsslmode=allow
orprefer
) thenconnect_timeout
given in connection string should be obeyed. Currently, it is taking two times that value. It seems to be happening because to implement these 2 sslmode, code correctly tries to connect to the server first withTLSConfig
and if it fails then withoutTLSConfig
. However, while doing thisconnect_timeout
should still be obeyed. Otherwise it increases the actual timeout by multiple of 2. (most of the time when timeout error occurs it is expected to fail with or without TLSConfig)In case of
multi-host
(-d "host=host1,host2 ..."
), this behavior is correct as it is also given here.However, it doesn't look ok if single host is provided and
sslmode
is not specified (default isprefer
).libpq
behavior in this case is also different thanmulti-host
behavior (example given above).Version
go version go1.20.4 darwin/amd64
PostgreSQL 14.8 on x86_64-pc-linux-gnu, compiled by gcc (Debian 8.3.0-6) 8.3.0, 64-bit
require github.com/jackc/pgx/v4 v4.18.11
Additional context
I think this behavior got introduced because the code path for supporting
multi-host
as well assslmode=allow|prefer
is same. Both of them seems to be usingfallbackConfig
.With following temporary fix it seems to be working fine. However, not sure whether it is the correct way to do it.
The text was updated successfully, but these errors were encountered: