Add libpq connection parameter "scram_channel_binding" This parameter can be used to enforce the channel binding type used during a SCRAM authentication. This can be useful to check code paths where an invalid channel binding type is used by a client and will be even more useful to allow testing other channel binding types when they are added.
The default value is tls-unique, which is what RFC 5802 specifies. Clients can optionally specify an empty value, which has as effect to not use channel binding and use SCRAM-SHA-256 as chosen SASL mechanism. More tests for SCRAM and channel binding are added to the SSL test suite. Author: Author: Michael Paquier <[email protected]> Branch ------ master Details ------- https://git.postgresql.org/pg/commitdiff/4bbf110d2fb4f74b9385bd5a521f824dfa5f15ec Modified Files -------------- doc/src/sgml/libpq.sgml | 24 ++++++++++++++++++++++++ src/interfaces/libpq/fe-auth-scram.c | 20 +++++++++++++++----- src/interfaces/libpq/fe-auth.c | 9 ++++++--- src/interfaces/libpq/fe-auth.h | 1 + src/interfaces/libpq/fe-connect.c | 9 +++++++++ src/interfaces/libpq/libpq-int.h | 1 + src/test/ssl/t/002_scram.pl | 14 +++++++++++++- 7 files changed, 69 insertions(+), 9 deletions(-)
