Re: Channel binding not supported using scram-sha-256 passwords

From: Peter Eisentraut <peter(dot)eisentraut(at)2ndquadrant(dot)com>
To: Michael Paquier <michael(at)paquier(dot)xyz>
Cc: Hugh Ranalli <hugh(at)whtc(dot)ca>, Bruce Momjian <bruce(at)momjian(dot)us>, pgsql-general(at)lists(dot)postgresql(dot)org
Subject: Re: Channel binding not supported using scram-sha-256 passwords
Date: 2019-02-21 19:32:01
Message-ID: 134517f0-2736-37ed-02c0-da3d41c7a0db@2ndquadrant.com
Views: Raw Message | Whole Thread | Download mbox | Resend email
Thread:
Lists: pgsql-general

On 2019-02-21 05:47, Michael Paquier wrote:
> if (conn->ssl_in_use)
> + {
> + /*
> + * The server has offered SCRAM-SHA-256-PLUS, which is only
> + * supported by the client if a hash of the peer certificate
> + * can be created.
> + */
> +#ifdef HAVE_PGTLS_GET_PEER_CERTIFICATE_HASH
> selected_mechanism = SCRAM_SHA_256_PLUS_NAME;
> +#endif
> + }

Is that right? Won't we then just select nothing if the macro is not
defined?

--
Peter Eisentraut http://www.2ndQuadrant.com/
PostgreSQL Development, 24x7 Support, Remote DBA, Training & Services

In response to

Responses

Browse pgsql-general by date

  From Date Subject
Next Message Tiffany Thang 2019-02-21 19:52:16 Re: Copy entire schema A to a different schema B
Previous Message Peter Eisentraut 2019-02-21 19:30:54 Re: procedures and transactions