On Fri, Aug 31, 2018 at 12:18:52PM +0200, Peter Eisentraut wrote:
> I was updating the gnutls patch for the changed channel binding setup,
> and I noticed that the 002_scram.pl test now passes even though the
> gnutls patch currently does not support channel binding. So AFAICT,
> we're not testing the channel binding functionality there at all. Is
> that as intended?
As far as I understood that's the intention. One can still test easily
channel binding if you implement it so you can make sure that the
default SSL connection still works. And you can also make sure that if
you don't implement channel binding then an SSL connection still works.
But you cannot make sure that if you have channel binding implemented
then the disabled path works.
I'd still like to think that having a way to enforce the disabled code
path over SSL has value, but you know, votes...
--
Michael