On Fri, Aug 31, 2018 at 12:18:52PM +0200, Peter Eisentraut wrote: > I was updating the gnutls patch for the changed channel binding setup, > and I noticed that the 002_scram.pl test now passes even though the > gnutls patch currently does not support channel binding. So AFAICT, > we're not testing the channel binding functionality there at all. Is > that as intended?
As far as I understood that's the intention. One can still test easily channel binding if you implement it so you can make sure that the default SSL connection still works. And you can also make sure that if you don't implement channel binding then an SSL connection still works. But you cannot make sure that if you have channel binding implemented then the disabled path works. I'd still like to think that having a way to enforce the disabled code path over SSL has value, but you know, votes... -- Michael
signature.asc
Description: PGP signature