If SSL negotiation fails and SSLMODE is 'prefer', then retry without SSL.

Negotiation failure is only likely to happen if one side or the other is
misconfigured, eg. bad client certificate.  I'm not 100% convinced that
a retry is really the best thing, hence not back-patching this fix for now.
Per gripe from Sergio Cinos.

1 files changed, 20 insertions, 1 deletions

diff --git a/src/interfaces/libpq/fe-connect.c b/src/interfaces/libpq/fe-connect.c
index 55f3e04f6d9..eb6ab6127df 100644
--- a/src/interfaces/libpq/fe-connect.c
+++ b/src/interfaces/libpq/fe-connect.c
@@ -8,7 +8,7 @@
  *
  *
  * IDENTIFICATION
- *	  $PostgreSQL: pgsql/src/interfaces/libpq/fe-connect.c,v 1.338 2006/10/06 17:14:00 petere Exp $
+ *	  $PostgreSQL: pgsql/src/interfaces/libpq/fe-connect.c,v 1.339 2006/11/21 16:28:00 tgl Exp $
  *
  *-------------------------------------------------------------------------
  */
@@ -1400,6 +1400,25 @@ keep_going:						/* We will come back to here until there is
 					conn->status = CONNECTION_MADE;
 					return PGRES_POLLING_WRITING;
 				}
+				if (pollres == PGRES_POLLING_FAILED)
+				{
+					/*
+					 * Failed ... if sslmode is "prefer" then do a non-SSL
+					 * retry
+					 */
+					if (conn->sslmode[0] == 'p' /* "prefer" */
+						&& conn->allow_ssl_try	/* redundant? */
+						&& !conn->wait_ssl_try) /* redundant? */
+					{
+						/* only retry once */
+						conn->allow_ssl_try = false;
+						/* Must drop the old connection */
+						closesocket(conn->sock);
+						conn->sock = -1;
+						conn->status = CONNECTION_NEEDED;
+						goto keep_going;
+					}
+				}
 				return pollres;
 #else							/* !USE_SSL */
 				/* can't get here */