database/postgres
1
0
Fork 0
mirror of https://github.com/postgres/postgres.git synced 2025-08-22 21:53:06 +03:00
Code Activity

Add libpq connection parameter "scram_channel_binding"

Browse Source 
This parameter can be used to enforce the channel binding type used
during a SCRAM authentication.  This can be useful to check code paths
where an invalid channel binding type is used by a client and will be
even more useful to allow testing other channel binding types when they
are added.

The default value is tls-unique, which is what RFC 5802 specifies.
Clients can optionally specify an empty value, which has as effect to
not use channel binding and use SCRAM-SHA-256 as chosen SASL mechanism.

More tests for SCRAM and channel binding are added to the SSL test
suite.

Author: Author: Michael Paquier <michael.paquier@gmail.com>
This commit is contained in:
Peter Eisentraut
2017-12-18 18:05:24 -05:00
parent ab9e0e718a
commit 4bbf110d2f
7 changed files with 69 additions and 9 deletions
Download Patch File Download Diff File Expand all files Collapse all files

1
src/interfaces/libpq/fe-auth.h
View File

@@ -27,6 +27,7 @@ extern void *pg_fe_scram_init(const char *username,
const char *password,
bool ssl_in_use,
const char *sasl_mechanism,
const char *channel_binding_type,
char *tls_finished_message,
size_t tls_finished_len);
extern void pg_fe_scram_free(void *opaq);