Improve fallback handling for GSS session encryption when native library is missing (#6422)

vonzshik · vonzshik · commit e9b9fd6ee2e7 · 2026-01-23T13:48:34.000+03:00
Improves #6416 (cherry picked from commit e222c91)
diff --git a/src/Npgsql/Internal/NpgsqlConnector.cs b/src/Npgsql/Internal/NpgsqlConnector.cs
@@ -676,7 +676,22 @@ internal async ValueTask<GssEncryptionResult> GSSEncrypt(bool async, bool isRequ
 
         try
         {
-            var data = authentication.GetOutgoingBlob(ReadOnlySpan<byte>.Empty, out var statusCode)!;
+            byte[]? data;
+            NegotiateAuthenticationStatusCode statusCode;
+
+            try
+            {
+                data = authentication.GetOutgoingBlob(ReadOnlySpan<byte>.Empty, out statusCode)!;
+            }
+            catch (TypeInitializationException)
+            {
+                // On UNIX .NET throws TypeInitializationException if it's unable to load the native library
+                if (isRequired)
+                    throw new NpgsqlException("Unable to load native library to negotiate GSS encryption");
+
+                return GssEncryptionResult.GetCredentialFailure;
+            }
+
             if (statusCode != NegotiateAuthenticationStatusCode.ContinueNeeded)
             {
                 // Unable to retrieve credentials
