From 8dd1511e39acd729020e151deb15a958300ebff5 Mon Sep 17 00:00:00 2001 From: Stephen Frost Date: Wed, 8 Jan 2020 10:57:09 -0500 Subject: [PATCH] Improve GSSAPI Encryption startup comment in libpq The original comment was a bit confusing, pointed out by Alvaro Herrera. Thread: https://postgr.es/m/20191224151520.GA16435%40alvherre.pgsql --- src/interfaces/libpq/fe-connect.c | 10 ++++++---- 1 file changed, 6 insertions(+), 4 deletions(-) diff --git a/src/interfaces/libpq/fe-connect.c b/src/interfaces/libpq/fe-connect.c index 3bd30482ecc..89b134665bf 100644 --- a/src/interfaces/libpq/fe-connect.c +++ b/src/interfaces/libpq/fe-connect.c @@ -2800,10 +2800,12 @@ keep_going: /* We will come back to here until there is #ifdef ENABLE_GSS /* - * If GSSAPI is enabled and we have a credential cache, try to - * set it up before sending startup messages. If it's already - * operating, don't try SSL and instead just build the startup - * packet. + * If GSSAPI encryption is enabled, then call + * pg_GSS_have_cred_cache() which will return true if we can + * acquire credentials (and give us a handle to use in + * conn->gcred), and then send a packet to the server asking + * for GSSAPI Encryption (and skip past SSL negotiation and + * regular startup below). */ if (conn->try_gss && !conn->gctx) conn->try_gss = pg_GSS_have_cred_cache(&conn->gcred);