On Wed, Jun 21, 2017 at 4:04 AM, Álvaro Hernández Tortosa <a...@8kdata.com> wrote: > In the coming weeks, and once my PR for pgjdbc has been added, I will > work towards another patch to implement channel binding. Should be > reasonably easy now, thanks to this.
So you basically have an equivalent of OpenSSL stuff in java, right? - SSL_get_peer_certificate to get the X509 point of the server. - X509_digest to hash it. - OBJ_find_sigid_algs and X509_get_signature_nid to guess the signature algorithm of a certificate. I think that this part can be tricky depending on the SSL implementation, but I have designed a generic API for this purpose. That's all it took me to get end-point to work. Plus the error handling of course. -- Michael -- Sent via pgsql-hackers mailing list (pgsql-hackers@postgresql.org) To make changes to your subscription: http://www.postgresql.org/mailpref/pgsql-hackers