database/postgres
1
0
Fork 0
mirror of https://github.com/postgres/postgres.git synced 2025-09-02 04:21:28 +03:00
Code Activity

Add libpq parameter 'channel_binding'.

Browse Source 
Allow clients to require channel binding to enhance security against
untrusted servers.

Author: Jeff Davis
Reviewed-by: Michael Paquier
Discussion: https://postgr.es/m/227015d8417f2b4fef03f8966dbfa5cbcc4f44da.camel%40j-davis.com
This commit is contained in:
Jeff Davis
2019-09-23 13:45:23 -07:00
parent 13cd97e6c8
commit d6e612f837
9 changed files with 233 additions and 20 deletions
Download Patch File Download Diff File Expand all files Collapse all files

12
src/test/authentication/t/001_password.pl
View File

@@ -17,7 +17,7 @@ if ($windows_os)
}
else
{
plan tests => 8;
plan tests => 10;
}
@@ -86,3 +86,13 @@ test_role($node, 'md5_role', 'scram-sha-256', 2);
reset_pg_hba($node, 'md5');
test_role($node, 'scram_role', 'md5', 0);
test_role($node, 'md5_role', 'md5', 0);
# Tests for channel binding without SSL.
# Using the password authentication method; channel binding can't work
reset_pg_hba($node, 'password');
$ENV{"PGCHANNELBINDING"} = 'require';
test_role($node, 'scram_role', 'scram-sha-256', 2);
# SSL not in use; channel binding still can't work
reset_pg_hba($node, 'scram-sha-256');
$ENV{"PGCHANNELBINDING"} = 'require';
test_role($node, 'scram_role', 'scram-sha-256', 2);