| From: | Michael Paquier <michael(at)paquier(dot)xyz> |
|---|---|
| To: | Peter Eisentraut <peter(dot)eisentraut(at)2ndquadrant(dot)com> |
| Cc: | Heikki Linnakangas <hlinnaka(at)iki(dot)fi>, pgsql-hackers <pgsql-hackers(at)postgresql(dot)org> |
| Subject: | Re: Negotiating the SCRAM channel binding type |
| Date: | 2018-08-31 17:27:16 |
| Message-ID: | 20180831172716.GA5305@paquier.xyz |
| Views: | Raw Message | Whole Thread | Download mbox | Resend email |
| Thread: | |
| Lists: | pgsql-hackers |
On Fri, Aug 31, 2018 at 12:18:52PM +0200, Peter Eisentraut wrote:
> I was updating the gnutls patch for the changed channel binding setup,
> and I noticed that the 002_scram.pl test now passes even though the
> gnutls patch currently does not support channel binding. So AFAICT,
> we're not testing the channel binding functionality there at all. Is
> that as intended?
As far as I understood that's the intention. One can still test easily
channel binding if you implement it so you can make sure that the
default SSL connection still works. And you can also make sure that if
you don't implement channel binding then an SSL connection still works.
But you cannot make sure that if you have channel binding implemented
then the disabled path works.
I'd still like to think that having a way to enforce the disabled code
path over SSL has value, but you know, votes...
--
Michael
| From | Date | Subject | |
|---|---|---|---|
| Next Message | Michael Paquier | 2018-08-31 18:10:08 | Re: BUG #15346: Replica fails to start after the crash |
| Previous Message | Jonathan S. Katz | 2018-08-31 17:24:11 | Re: FailedAssertion on partprune |