On Mon, Sep 30, 2019 at 05:41:46PM -0400, Tom Lane wrote: > Jeff Davis <[email protected]> writes: >> Looks good to me, though I think you need to update the expected error >> message in the test you just added. > > The test case did pass for me when I tried it on an old-openssl machine > a few hours ago. I don't think this test has any way to exercise the > code path where the server has support and the client doesn't (or > vice versa).
The behaviors of "prefer" which make sense with or without channel binding support on the client-side is actually what matters here when the server sends back SCRAM-SHA-256-PLUS over SSL. We could use a compile flag and enforce it in a buildfarm animal, or have more modes within the parameter, but the gains are not really worth the code complications in my opinion, and the parameter is already complicated enough. -- Michael
signature.asc
Description: PGP signature
