| From: | Robert Haas <robertmhaas(at)gmail(dot)com> |
|---|---|
| To: | Thomas Munro <thomas(dot)munro(at)enterprisedb(dot)com> |
| Cc: | Peter Eisentraut <peter_e(at)gmx(dot)net>, "pgsql-hackers(at)postgresql(dot)org" <pgsql-hackers(at)postgresql(dot)org> |
| Subject: | Re: pgsql: Implement channel binding tls-server-end-point for SCRAM |
| Date: | 2018-01-05 13:47:44 |
| Message-ID: | CA+TgmoYx8bw839UYnw1fCnsXHhHcGWZCgR6Fd-=yTn4Kw7Bejg@mail.gmail.com |
| Views: | Raw Message | Whole Thread | Download mbox | Resend email |
| Thread: | |
| Lists: | pgsql-committers pgsql-hackers |
On Thu, Jan 4, 2018 at 4:09 PM, Thomas Munro
<thomas(dot)munro(at)enterprisedb(dot)com> wrote:
> On Fri, Jan 5, 2018 at 9:36 AM, Peter Eisentraut <peter_e(at)gmx(dot)net> wrote:
>> Implement channel binding tls-server-end-point for SCRAM
>
> FYI some BF animals are saying:
>
> libpq/be-secure-openssl.o: In function `be_tls_get_certificate_hash':
> /home/pgbuildfarm/buildroot-termite/HEAD/pgsql.build/../pgsql/src/backend/libpq/be-secure-openssl.c:1268:
> undefined reference to `X509_get_signature_nid'
The SSL tests on chipmunk failed in the last run. I assume that's
probably the fault of this patch, or one of the follow-on commits:
# Running: psql -X -A -t -c SELECT 'connected with user=ssltestuser
dbname=trustdb sslmode=require hostaddr=127.0.0.1
scram_channel_binding=tls-server-end-point' -d user=ssltestuser
dbname=trustdb sslmode=require hostaddr=127.0.0.1
scram_channel_binding=tls-server-end-point
psql: channel binding type "tls-server-end-point" is not supported by this build
not ok 4 - SCRAM authentication with tls-server-end-point as channel binding
# Failed test 'SCRAM authentication with tls-server-end-point as
channel binding'
# at /home/pgbfarm/buildroot/HEAD/pgsql.build/src/test/ssl/ServerSetup.pm
line 64.
# Running: psql -X -A -t -c SELECT 'connected with user=ssltestuser
dbname=trustdb sslmode=require hostaddr=127.0.0.1
scram_channel_binding=not-exists' -d user=ssltestuser dbname=trustdb
sslmode=require hostaddr=127.0.0.1 scram_channel_binding=not-exists
psql: FATAL: unsupported SCRAM channel-binding type
ok 5 - SCRAM authentication with invalid channel binding
### Stopping node "master" using mode immediate
# Running: pg_ctl -D
/home/pgbfarm/buildroot/HEAD/pgsql.build/src/test/ssl/tmp_check/t_002_scram_master_data/pgdata
-m immediate stop
waiting for server to shut down.... done
server stopped
# No postmaster PID for node "master"
# Looks like you failed 1 test of 5.
--
Robert Haas
EnterpriseDB: http://www.enterprisedb.com
The Enterprise PostgreSQL Company
| From | Date | Subject | |
|---|---|---|---|
| Next Message | Michael Paquier | 2018-01-05 14:28:53 | Re: pgsql: Implement channel binding tls-server-end-point for SCRAM |
| Previous Message | Peter Eisentraut | 2018-01-05 00:11:43 | pgsql: Another attempt at fixing build with various OpenSSL versions |
| From | Date | Subject | |
|---|---|---|---|
| Next Message | Robert Haas | 2018-01-05 13:50:20 | Re: [Patch] Make block and file size for WAL and relations defined at cluster creation |
| Previous Message | Antonio Belloni | 2018-01-05 13:22:08 | Re: Contributing with code |