| From: | Peter Eisentraut <peter_e(at)gmx(dot)net> |
|---|---|
| To: | pgsql-committers(at)postgresql(dot)org |
| Subject: | pgsql: Add libpq connection parameter "scram_channel_binding" |
| Date: | 2017-12-19 15:16:29 |
| Message-ID: | E1eRJd7-0004rA-3o@gemulon.postgresql.org |
| Views: | Raw Message | Whole Thread | Download mbox | Resend email |
| Thread: | |
| Lists: | pgsql-committers |
Add libpq connection parameter "scram_channel_binding"
This parameter can be used to enforce the channel binding type used
during a SCRAM authentication. This can be useful to check code paths
where an invalid channel binding type is used by a client and will be
even more useful to allow testing other channel binding types when they
are added.
The default value is tls-unique, which is what RFC 5802 specifies.
Clients can optionally specify an empty value, which has as effect to
not use channel binding and use SCRAM-SHA-256 as chosen SASL mechanism.
More tests for SCRAM and channel binding are added to the SSL test
suite.
Author: Author: Michael Paquier <michael(dot)paquier(at)gmail(dot)com>
Branch
------
master
Details
-------
https://git.postgresql.org/pg/commitdiff/4bbf110d2fb4f74b9385bd5a521f824dfa5f15ec
Modified Files
--------------
doc/src/sgml/libpq.sgml | 24 ++++++++++++++++++++++++
src/interfaces/libpq/fe-auth-scram.c | 20 +++++++++++++++-----
src/interfaces/libpq/fe-auth.c | 9 ++++++---
src/interfaces/libpq/fe-auth.h | 1 +
src/interfaces/libpq/fe-connect.c | 9 +++++++++
src/interfaces/libpq/libpq-int.h | 1 +
src/test/ssl/t/002_scram.pl | 14 +++++++++++++-
7 files changed, 69 insertions(+), 9 deletions(-)
| From | Date | Subject | |
|---|---|---|---|
| Next Message | Robert Haas | 2017-12-19 15:24:19 | pgsql: Mark a few parallelism-related variables with PGDLLIMPORT. |
| Previous Message | Andres Freund | 2017-12-18 22:44:20 | pgsql: Add shared tuplestores. |