Re: [JDBC] [HACKERS] Channel binding support for SCRAM-SHA-256

On 11/26/17 06:59, Michael Paquier wrote:
> On Tue, Nov 21, 2017 at 1:36 PM, Michael Paquier
> <michael(dot)paquier(at)gmail(dot)com> wrote:
>> So attached are rebased patches:
>> - 0001 to introduce the connection parameter saslchannelbinding, which
>> allows libpq to enforce the type of channel binding used during an
>> exchange.
>> - 0002 to add tls-endpoint as channel binding type, which is where 0001 shines.
>
> Attached is a rebased patch set, documentation failing to compile. I
> am moving at the same time this patch set to the next commit fest.

I think these are SCRAM channel bindings, not SASL channel bindings, so
the parameter should be named accordingly.

I also wonder whether there should be a mechanism to turn off channel
binding from the client. Right now, there is no way to test the
non-PLUS mechanism in an SSL build.

--
Peter Eisentraut http://www.2ndQuadrant.com/
PostgreSQL Development, 24x7 Support, Remote DBA, Training & Services