Add libpq connection parameter "scram_channel_binding"
This parameter can be used to enforce the channel binding type used
during a SCRAM authentication. This can be useful to check code paths
where an invalid channel binding type is used by a client and will be
even more useful to allow testing other channel binding types when they
are added.
The default value is tls-unique, which is what RFC 5802 specifies.
Clients can optionally specify an empty value, which has as effect to
not use channel binding and use SCRAM-SHA-256 as chosen SASL mechanism.
More tests for SCRAM and channel binding are added to the SSL test
suite.
Author: Author: Michael Paquier <michael.paquier@gmail.com>
Branch
------
master
Details
-------
https://git.postgresql.org/pg/commitdiff/4bbf110d2fb4f74b9385bd5a521f824dfa5f15ec
Modified Files
--------------
doc/src/sgml/libpq.sgml | 24 ++++++++++++++++++++++++
src/interfaces/libpq/fe-auth-scram.c | 20 +++++++++++++++-----
src/interfaces/libpq/fe-auth.c | 9 ++++++---
src/interfaces/libpq/fe-auth.h | 1 +
src/interfaces/libpq/fe-connect.c | 9 +++++++++
src/interfaces/libpq/libpq-int.h | 1 +
src/test/ssl/t/002_scram.pl | 14 +++++++++++++-
7 files changed, 69 insertions(+), 9 deletions(-)