| From: | Jeff Davis <pgsql(at)j-davis(dot)com> |
|---|---|
| To: | Michael Paquier <michael(at)paquier(dot)xyz>, Tom Lane <tgl(at)sss(dot)pgh(dot)pa(dot)us> |
| Cc: | Jeff Davis <jdavis(at)postgresql(dot)org>, pgsql-committers(at)lists(dot)postgresql(dot)org |
| Subject: | Re: pgsql: Add libpq parameter 'channel_binding'. |
| Date: | 2019-09-30 18:14:47 |
| Message-ID: | 11a5c3b483f1c0140f9fc5cf863d8ac61a28e60a.camel@j-davis.com |
| Views: | Raw Message | Whole Thread | Download mbox | Resend email |
| Thread: | |
| Lists: | pgsql-committers |
On Mon, 2019-09-30 at 16:08 +0900, Michael Paquier wrote:
> So, something like the attached looks better to me. Using a server
> which publishes SCRAM-SHA-256-PLUS, I get the following over SSL:
> 1) client supports channel binding:
> 1-1) channel_binding = disable => OK, with SCRAM-SHA-256
> 1-2) channel_binding = prefer => OK, with SCRAM-SHA-256-PLUS
> 1-3) channel_binding = require => OK, with SCRAM-SHA-256-PLUS
> 2) client does not support channel binding
> 2-1) channel_binding = disable => OK, with SCRAM-SHA-256
> 2-2) channel_binding = prefer => OK, with SCRAM-SHA-256
> 2-3) channel_binding = require => failure with new error message,
> instead of the confusing one.
For 2-3, shouldn't we error at an earlier stage? The user of the client
has requested something impossible to satisfy.
Regards,
Jeff Davis
| From | Date | Subject | |
|---|---|---|---|
| Next Message | Tom Lane | 2019-09-30 18:20:29 | Re: pgsql: Add libpq parameter 'channel_binding'. |
| Previous Message | Bruce Momjian | 2019-09-30 17:44:27 | pgsql: docs: adjust multi-column most-common-value statistics |