Description
in postgres Documentation
sslmode
This option determines whether or with what priority a secure SSL TCP/IP connection will be negotiated with the server. There are six modes:
disable
only try a non-SSL connection
allow
first try a non-SSL connection; if that fails, try an SSL connection
prefer (default)
first try an SSL connection; if that fails, try a non-SSL connection
VERSION:
I'm using pgx/v4 v4.16.1
Detail:
When using sslmode=allow to establish a connection, according to the documentation, it should first try to establish a non-ssl connection and then try to establish an ssl connection after failure.
In the implementation, the ConnectConfig function will handle some special errors to skip subsequent retries.
for _, fc := range fallbackConfigs {
pgConn, err = connect(ctx, config, fc)
if err == nil {
break
} else if pgerr, ok := err.(*PgError); ok {
err = &connectError{config: config, msg: "server error", err: pgerr}
const ERRCODE_INVALID_PASSWORD = "28P01" // wrong password
const ERRCODE_INVALID_AUTHORIZATION_SPECIFICATION = "28000" // wrong password or bad pg_hba.conf settings
const ERRCODE_INVALID_CATALOG_NAME = "3D000" // db does not exist
const ERRCODE_INSUFFICIENT_PRIVILEGE = "42501" // missing connect privilege
if pgerr.Code == ERRCODE_INVALID_PASSWORD ||
pgerr.Code == ERRCODE_INVALID_AUTHORIZATION_SPECIFICATION ||
pgerr.Code == ERRCODE_INVALID_CATALOG_NAME ||
pgerr.Code == ERRCODE_INSUFFICIENT_PRIVILEGE {
break
}
}
}
When the previous attempt triggers a bad pg_hba.conf settings error, there will be no subsequent retries, but in actual use, occasionally it is necessary to set pg_hba.conf to block all non-ssl connections, and the client in allow mode will be unusable at this time
Is there any way that can be used in this scenario?Or should it not break on ERRCODE_INVALID_AUTHORIZATION_SPECIFICATION error?