Failure unspecified at GSS-API level (Mechanism level: [DecryptMessage:lib/kerberos_jni/sspi/KerbImpl.c(908)]
search cancel

Failure unspecified at GSS-API level (Mechanism level: [DecryptMessage:lib/kerberos_jni/sspi/KerbImpl.c(908)]

book

Article ID: 376798

calendar_today

Updated On:

Products

VMware Tanzu Data Suite

Issue/Introduction

JDBC connections resulting into below error when using encrypted connection using GSSAPI enabled in connection string but works without issues when GSSAPI is disabled.

 

Caused by: org.ietf.jgss.GSSException: Failure unspecified at GSS-API level (Mechanism level: [DecryptMessage:lib/kerberos_jni/sspi/KerbImpl.c(908)]: The message or signature supplied for verification has been altered

Environment

Vmware Tanzu Postgres 15.4.0

java version 17 

Spring boot version : 3.2.2 

hibernate version : 6.5.2

Cause

+ Its a bug in code which made the GSSInputStream always expects to read enough data but if the underlying un-buffered socket does not have enough data, the decrypt will report a checksum error. So the fix was to use the buffered socket to create GSSInputStream in the code.

+This will happen when a user has a slow network (many TCP packages received in one GSSAPI package), it is difficult to reproduce using VM

 

Resolution

The issue is fixed with PR(https://github.com/pgjdbc/pgjdbc/pull/3373) released by Broadcom engineering to upstream and next release of VMware Tanzu Postgres.

Powered by Wolken Software