Support channel binding 'tls-unique' in SCRAM

This is the basic feature set using OpenSSL to support the feature.  In
order to allow the frontend and the backend to fetch the sent and
expected TLS Finished messages, a PG-like API is added to be able to
make the interface pluggable for other SSL implementations.

This commit also adds a infrastructure to facilitate the addition of
future channel binding types as well as libpq parameters to control the
SASL mechanism names and channel binding names.  Those will be added by
upcoming commits.

Some tests are added to the SSL test suite to test SCRAM authentication
with channel binding.

Author: Michael Paquier <michael@paquier.xyz>
Reviewed-by: Peter Eisentraut <peter.eisentraut@2ndquadrant.com>

src/test/ssl/ServerSetup.pm

@@ -57,19 +57,21 @@ sub test_connect_ok
 {
 	my $common_connstr = $_[0];
 	my $connstr = $_[1];
+	my $test_name = $_[2];
 
 	my $result =
 	  run_test_psql("$common_connstr $connstr", "(should succeed)");
-	ok($result, $connstr);
+	ok($result, $test_name || $connstr);
 }
 
 sub test_connect_fails
 {
 	my $common_connstr = $_[0];
 	my $connstr = $_[1];
+	my $test_name = $_[2];
 
 	my $result = run_test_psql("$common_connstr $connstr", "(should fail)");
-	ok(!$result, "$connstr (should fail)");
+	ok(!$result, $test_name || "$connstr (should fail)");
 }
 
 # Copy a set of files, taking into account wildcards
@@ -89,8 +91,7 @@ sub copy_files
 
 sub configure_test_server_for_ssl
 {
-	my $node       = $_[0];
-	my $serverhost = $_[1];
+	my ($node, $serverhost, $authmethod, $password, $password_enc) = @_;
 
 	my $pgdata = $node->data_dir;
 
@@ -100,6 +101,15 @@ sub configure_test_server_for_ssl
 	$node->psql('postgres', "CREATE DATABASE trustdb");
 	$node->psql('postgres', "CREATE DATABASE certdb");
 
+	# Update password of each user as needed.
+	if (defined($password))
+	{
+		$node->psql('postgres',
+"SET password_encryption='$password_enc'; ALTER USER ssltestuser PASSWORD '$password';");
+		$node->psql('postgres',
+"SET password_encryption='$password_enc'; ALTER USER anotheruser PASSWORD '$password';");
+	}
+
 	# enable logging etc.
 	open my $conf, '>>', "$pgdata/postgresql.conf";
 	print $conf "fsync=off\n";
@@ -129,7 +139,7 @@ sub configure_test_server_for_ssl
 	$node->restart;
 
 	# Change pg_hba after restart because hostssl requires ssl=on
-	configure_hba_for_ssl($node, $serverhost);
+	configure_hba_for_ssl($node, $serverhost, $authmethod);
 }
 
 # Change the configuration to use given server cert file, and reload
@@ -157,8 +167,7 @@ sub switch_server_cert
 
 sub configure_hba_for_ssl
 {
-	my $node       = $_[0];
-	my $serverhost = $_[1];
+	my ($node, $serverhost, $authmethod) = @_;
 	my $pgdata     = $node->data_dir;
 
   # Only accept SSL connections from localhost. Our tests don't depend on this
@@ -169,9 +178,9 @@ sub configure_hba_for_ssl
 	print $hba
 "# TYPE  DATABASE        USER            ADDRESS                 METHOD\n";
 	print $hba
-"hostssl trustdb         ssltestuser     $serverhost/32            trust\n";
+"hostssl trustdb         ssltestuser     $serverhost/32            $authmethod\n";
 	print $hba
-"hostssl trustdb         ssltestuser     ::1/128                 trust\n";
+"hostssl trustdb         ssltestuser     ::1/128                 $authmethod\n";
 	print $hba
 "hostssl certdb          ssltestuser     $serverhost/32            cert\n";
 	print $hba