| From: | Peter Eisentraut <peter(dot)eisentraut(at)2ndquadrant(dot)com> |
|---|---|
| To: | Michael Paquier <michael(at)paquier(dot)xyz> |
| Cc: | Hugh Ranalli <hugh(at)whtc(dot)ca>, Bruce Momjian <bruce(at)momjian(dot)us>, pgsql-general(at)lists(dot)postgresql(dot)org |
| Subject: | Re: Channel binding not supported using scram-sha-256 passwords |
| Date: | 2019-02-26 14:16:19 |
| Message-ID: | 4b0c2616-967e-356e-fff8-99f4177ff08f@2ndquadrant.com |
| Views: | Whole Thread | Raw Message | Download mbox | Resend email |
| Thread: | |
| Lists: | pgsql-general |
On 2019-02-22 06:28, Michael Paquier wrote:
>> Is that right? Won't we then just select nothing if the macro is not
>> defined?
> In the context of an SSL connection, the server would send both SCRAM
> and SCRAM_PLUS as valid mechanisms if it supports channel binding
> (HAVE_BE_TLS_GET_CERTIFICATE_HASH). If the server does not support
> channel binding, then only SCRAM is sent.
After reading it again a few more times, I think your patch is correct.
I tried reproducing the issue locally, but the required OpenSSL version
is too old to be easily available.
--
Peter Eisentraut http://www.2ndQuadrant.com/
PostgreSQL Development, 24x7 Support, Remote DBA, Training & Services
| From | Date | Subject | |
|---|---|---|---|
| Next Message | Tom Lane | 2019-02-26 14:57:35 | Re: LDAP authenticated session terminated by signal 11: Segmentation fault, PostgresSQL server terminates other active server processes |
| Previous Message | Stephen Frost | 2019-02-26 12:24:21 | Re: LDAP authenticated session terminated by signal 11: Segmentation fault, PostgresSQL server terminates other active server processes |