Skip to content

Fix SSL direct mode connection failure with sslsni parameter #9537

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom
Merged
akshay-joshi merged 1 commit into from
Jan 14, 2026
Merged

Fix SSL direct mode connection failure with sslsni parameter #9537

akshay-joshi merged 1 commit into from
Jan 14, 2026
+4 −0

Conversation

@jhf
Copy link
Contributor

@jhf jhf commented Jan 13, 2026
edited
Loading

🚨 Impact

SSL direct mode is completely broken when using the sslsni parameter with PostgreSQL 14+ servers. Connections fail with SSL error: unexpected eof while reading.

This affects any user attempting to use PGSSLSNI=1 (Server Name Indication) with direct SSL negotiation mode.

Summary

Fixes the sslsni connection parameter handling by converting boolean values to integers before passing to libpq.

Problem

The sslsni parameter is stored as a boolean (true/false) in the UI and database, but libpq requires integer values (1/0) for this parameter. When a boolean value is passed to libpq, it results in SSL connection failures.

Error:

connection to server at "host", port 5432 failed: SSL error: unexpected eof while reading

Solution

Added boolean-to-integer conversion in web/pgadmin/utils/driver/psycopg3/server_manager.py when creating the connection string. This ensures libpq receives the expected integer format.

The conversion happens in create_connection_string() method, right before parameters are passed to make_conninfo():

# Convert boolean connection parameters to integer for libpq compatibility
if key in ('sslcompression', 'sslsni'):
    value = 1 if value else 0

Changes

  • Modified: web/pgadmin/utils/driver/psycopg3/server_manager.py (+4 lines)
  • Converts boolean connection parameters to integers when building the connection string
  • Handles both sslcompression and sslsni parameters consistently

Testing

✅ Tested locally with pgAdmin 4 v9.11 on macOS
✅ Verified connection succeeds with PGSSLSNI=1 after fix
✅ Applied as hotfix and confirmed working in production environment

Test case:

  • PostgreSQL 14+ server requiring SNI
  • Connection parameters: sslmode=require, sslnegotiation=direct, sslsni=1
  • Result: Connection succeeds ✓

Related

  • Affects PostgreSQL 14+ servers (sslsni requires min_server_version: '14')
  • Aligns with libpq's expectation of integer values for boolean SSL parameters
  • Low risk change: 4 lines, narrow scope, well-tested

Request for Expedited Review

This is a minimal, critical fix (4 lines) that unblocks SSL direct mode functionality. Given the severity and low risk, requesting inclusion in pgAdmin 9.12.

Summary by CodeRabbit

  • Bug Fixes
    • Fixed SSL compression and SNI parameter handling for PostgreSQL connections using the psycopg3 driver.

@coderabbitai
Copy link

coderabbitai bot commented Jan 13, 2026
edited
Loading

Walkthrough

The change adds runtime conversion of two boolean connection parameters (sslcompression and sslsni) to integers (1 for True, 0 for False) during DSN construction in the psycopg3 server manager, addressing type compatibility requirements of the psycopg3 driver.

Changes

Cohort / File(s) Summary
Boolean parameter conversion for psycopg3 DSN
web/pgadmin/utils/driver/psycopg3/server_manager.py		 Converts boolean values for sslcompression and sslsni parameters to integers within create_connection_string method during DSN argument building

Estimated code review effort

🎯 2 (Simple) | ⏱️ ~10 minutes

Suggested reviewers

  • akshay-joshi
🚥 Pre-merge checks | ✅ 1 | ❌ 2
❌ Failed checks (1 warning, 1 inconclusive)
Check name Status Explanation Resolution
Docstring Coverage ⚠️ Warning Docstring coverage is 50.00% which is insufficient. The required threshold is 80.00%. Write docstrings for the functions missing them to satisfy the coverage threshold.
Title check ❓ Inconclusive The title focuses on 'SSL direct mode connection failure' but the PR objective clarifies the core issue is boolean-to-integer conversion of the sslsni parameter for libpq compatibility, not specifically a 'direct mode' failure. Consider revising the title to more directly reference the root cause: boolean-to-integer conversion for sslsni parameter (e.g., 'Convert sslsni boolean parameter to integer for libpq compatibility').
✅ Passed checks (1 passed)
Check name Status Explanation
Description Check ✅ Passed Check skipped - CodeRabbit’s high-level summary is enabled.

✏️ Tip: You can configure your own custom pre-merge checks in the settings.

✨ Finishing touches
  • 📝 Generate docstrings

Thanks for using CodeRabbit! It's free for OSS, and your support helps us grow. If you like it, consider giving us a shout-out.

❤️ Share

Comment @coderabbitai help to get the list of available commands and usage tips.

coderabbitai[bot]
coderabbitai bot reviewed Jan 13, 2026
View reviewed changes
Copy link

@coderabbitai coderabbitai bot left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Actionable comments posted: 1

📜 Review details

Configuration used: Path: .coderabbit.yaml

Review profile: CHILL

Plan: Pro

📥 Commits

Reviewing files that changed from the base of the PR and between 74c8b2d and 57cc6e1.

📒 Files selected for processing (1)
  • web/pgadmin/browser/server_groups/servers/__init__.py

@jhf
Fix sslsni boolean to integer conversion for libpq compatibility
7a83806 
The sslsni connection parameter was being stored as a boolean (true/false)
in the database, but libpq expects integer values (1/0) for this parameter.
When a boolean value was passed to libpq, it resulted in SSL connection
failures with 'unexpected eof while reading' errors.

This fix converts boolean connection parameters (sslcompression, sslsni) to
integers when creating the connection string in server_manager.py, ensuring
libpq receives the expected integer format.

Fixes connection issues when using PGSSLSNI=1 with PostgreSQL 14+ servers.
@jhf jhf force-pushed the fix/sslsni-boolean-conversion branch from 57cc6e1 to 7a83806 Compare January 13, 2026 15:10
@jhf jhf changed the title Fix sslsni boolean to integer conversion for libpq compatibility Fix SSL direct mode connection failure with sslsni parameter Jan 13, 2026
@akshay-joshi akshay-joshi merged commit 402ddaf into pgadmin-org:master Jan 14, 2026
36 of 37 checks passed
@jhf jhf deleted the fix/sslsni-boolean-conversion branch January 14, 2026 08:47
@rsbssbno
Copy link

rsbssbno commented Jan 14, 2026

would be supernice to get this fix !

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

@coderabbitai coderabbitai[bot] coderabbitai[bot] left review comments

Assignees

No one assigned

Labels

None yet

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

3 participants

@jhf @rsbssbno @akshay-joshi