Improve GSSAPI Encryption startup comment in libpq

author Stephen Frost <sfrost@snowman.net>

Wed, 8 Jan 2020 15:57:09 +0000 (10:57 -0500)

committer Stephen Frost <sfrost@snowman.net>

Wed, 8 Jan 2020 15:57:09 +0000 (10:57 -0500)
author Stephen Frost <sfrost@snowman.net>
Wed, 8 Jan 2020 15:57:09 +0000 (10:57 -0500)
committer Stephen Frost <sfrost@snowman.net>
Wed, 8 Jan 2020 15:57:09 +0000 (10:57 -0500)
diff --git a/src/interfaces/libpq/fe-connect.c b/src/interfaces/libpq/fe-connect.c

index 3bd30482ecc447e8fa1b71ad13e4688bf7438939..89b134665bf72839ef73dd1d1b2fbea5b62ed002 100644 (file)
--- a/src/interfaces/libpq/fe-connect.c
+++ b/src/interfaces/libpq/fe-connect.c
@@ -2800,10 +2800,12 @@ keep_going:                     /* We will come back to here until there is
  #ifdef ENABLE_GSS
  
                 /*
-                * If GSSAPI is enabled and we have a credential cache, try to
-                * set it up before sending startup messages.  If it's already
-                * operating, don't try SSL and instead just build the startup
-                * packet.
+                * If GSSAPI encryption is enabled, then call
+                * pg_GSS_have_cred_cache() which will return true if we can
+                * acquire credentials (and give us a handle to use in
+                * conn->gcred), and then send a packet to the server asking
+                * for GSSAPI Encryption (and skip past SSL negotiation and
+                * regular startup below).
                  */
                 if (conn->try_gss && !conn->gctx)
                     conn->try_gss = pg_GSS_have_cred_cache(&conn->gcred);
author	Stephen Frost <sfrost@snowman.net>
	Wed, 8 Jan 2020 15:57:09 +0000 (10:57 -0500)
committer	Stephen Frost <sfrost@snowman.net>
	Wed, 8 Jan 2020 15:57:09 +0000 (10:57 -0500)