granicus.if.org Git - postgresql/commit

author	Peter Eisentraut <peter_e@gmx.net>
	Mon, 18 Dec 2017 23:05:24 +0000 (18:05 -0500)
committer	Peter Eisentraut <peter_e@gmx.net>
	Tue, 19 Dec 2017 15:12:36 +0000 (10:12 -0500)
commit	4bbf110d2fb4f74b9385bd5a521f824dfa5f15ec
tree	b09d54898a8c006c0ff4964c0bb0d22489b96d14	tree \| snapshot
parent	ab9e0e718acb9ded7e4c4b5cedc1d410690ea6ba	commit \| diff

Add libpq connection parameter "scram_channel_binding"

This parameter can be used to enforce the channel binding type used
during a SCRAM authentication. This can be useful to check code paths
where an invalid channel binding type is used by a client and will be
even more useful to allow testing other channel binding types when they
are added.

The default value is tls-unique, which is what RFC 5802 specifies.
Clients can optionally specify an empty value, which has as effect to
not use channel binding and use SCRAM-SHA-256 as chosen SASL mechanism.

More tests for SCRAM and channel binding are added to the SSL test
suite.

Author: Author: Michael Paquier <michael.paquier@gmail.com>

doc/src/sgml/libpq.sgml		diff \| blob \| history
src/interfaces/libpq/fe-auth-scram.c		diff \| blob \| history
src/interfaces/libpq/fe-auth.c		diff \| blob \| history
src/interfaces/libpq/fe-auth.h		diff \| blob \| history
src/interfaces/libpq/fe-connect.c		diff \| blob \| history
src/interfaces/libpq/libpq-int.h		diff \| blob \| history
src/test/ssl/t/002_scram.pl		diff \| blob \| history