From c9aaa9b41a6354d604ce8e93bd50803e952c161b Mon Sep 17 00:00:00 2001 From: Mauricio0129 Date: Mon, 6 Jul 2026 15:05:08 -0400 Subject: [PATCH] fix: do not retry on wrong password (28P01) with sslmode=allow/prefer --- asyncpg/connect_utils.py | 9 +++++++-- 1 file changed, 7 insertions(+), 2 deletions(-) diff --git a/asyncpg/connect_utils.py b/asyncpg/connect_utils.py index 07c4fdde..4615f415 100644 --- a/asyncpg/connect_utils.py +++ b/asyncpg/connect_utils.py @@ -1103,9 +1103,14 @@ async def __connect_addr( except ( exceptions.InvalidAuthorizationSpecificationError, exceptions.ConnectionDoesNotExistError, # seen on Windows - ): + ) as exc: tr.close() - + + # Do not retry on wrong password (28P01) — the issue is credentials, + # not SSL negotiation. Only pg_hba.conf rejections (28000) warrant a retry. + if isinstance(exc, exceptions.InvalidPasswordError): + raise + # retry=True here is a redundant check because we don't want to # accidentally raise the internal _RetryConnectSignal to the user if retry and (