| From: | Michael Paquier <michael(at)paquier(dot)xyz> |
|---|---|
| To: | pgsql-committers(at)lists(dot)postgresql(dot)org |
| Subject: | pgsql: Fix SSL test for libpq connection parameter channel_binding |
| Date: | 2019-09-30 04:12:44 |
| Message-ID: | E1iEn3E-0007X3-JI@gemulon.postgresql.org |
| Views: | Raw Message | Whole Thread | Download mbox | Resend email |
| Thread: | |
| Lists: | pgsql-committers |
Fix SSL test for libpq connection parameter channel_binding
When compiling Postgres with OpenSSL 1.0.1 or older versions, SCRAM's
channel binding cannot be supported as X509_get_signature_nid() is
needed, which causes a regression test with channel_binding='require' to
fail as the server cannot publish SCRAM-SHA-256-PLUS as SASL mechanism
over an SSL connection.
Fix the issue by using a method similar to c3d41cc, making the test
result conditional. The test passes if X509_get_signature_nid() is
present, and when missing we test for a connection failure. Testing a
connection failure is more useful than skipping the test as we should
fail the connection if channel binding is required by the client but the
server does not support it.
Reported-by: Tom Lane, Michael Paquier
Author: Michael Paquier
Discussion: https://postgr.es/m/20190927024457.GA8485@paquier.xyz
Discussion: https://postgr.es/m/24857.1569775891@sss.pgh.pa.us
Branch
------
master
Details
-------
https://git.postgresql.org/pg/commitdiff/a12c75a1048295f03cf85533d6dcab5072ba262b
Modified Files
--------------
src/test/ssl/t/002_scram.pl | 27 +++++++++++++++++++++------
1 file changed, 21 insertions(+), 6 deletions(-)
| From | Date | Subject | |
|---|---|---|---|
| Next Message | Michael Paquier | 2019-09-30 06:45:39 | Re: pgsql: Add libpq parameter 'channel_binding'. |
| Previous Message | Michael Paquier | 2019-09-30 03:43:14 | Re: pgsql: Add libpq parameter 'channel_binding'. |