| From: | Tom Lane <tgl(at)sss(dot)pgh(dot)pa(dot)us> |
|---|---|
| To: | Jacob Champion <pchampion(at)vmware(dot)com> |
| Cc: | "michael(at)paquier(dot)xyz" <michael(at)paquier(dot)xyz>, "pgsql-committers(at)lists(dot)postgresql(dot)org" <pgsql-committers(at)lists(dot)postgresql(dot)org> |
| Subject: | Re: pgsql: Add some information about authenticated identity via log_connec |
| Date: | 2021-04-07 16:51:57 |
| Message-ID: | 1597946.1617814317@sss.pgh.pa.us |
| Views: | Raw Message | Whole Thread | Download mbox | Resend email |
| Thread: | |
| Lists: | pgsql-committers |
Jacob Champion <pchampion(at)vmware(dot)com> writes:
> On Wed, 2021-04-07 at 10:27 -0400, Tom Lane wrote:
>> prairiedog is also not happy, apparently for a different reason.
> That one's failing because older OpenSSL doesn't support channel
> binding, and the new test I wrote forgot to check to make sure channel
> binding was supported... sorry.
> But the test doesn't truly *need* channel binding anyway; it just needs
> to check the interaction between SCRAM and verify-full, to ensure that
> the correct authn_id is set. Patch attached, tested locally with
> OpenSSL 1.0.1 and 1.1.1.
Sounds reasonable, pushed. (I didn't actually verify it on prairiedog,
because that would have taken a couple hours :-(. We can revisit if
that animal fails to go green.)
regards, tom lane
| From | Date | Subject | |
|---|---|---|---|
| Next Message | Bruce Momjian | 2021-04-07 17:06:59 | pgsql: Move pg_stat_statements query jumbling to core. |
| Previous Message | Tom Lane | 2021-04-07 16:50:22 | pgsql: Remove channel binding requirement from clientcert=verify-full t |