From: | Jeff Davis <pgsql(at)j-davis(dot)com> |
---|---|
To: | Michael Paquier <michael(at)paquier(dot)xyz>, Tom Lane <tgl(at)sss(dot)pgh(dot)pa(dot)us> |
Cc: | Jeff Davis <jdavis(at)postgresql(dot)org>, pgsql-committers(at)lists(dot)postgresql(dot)org |
Subject: | Re: pgsql: Add libpq parameter 'channel_binding'. |
Date: | 2019-09-30 21:38:14 |
Message-ID: | 55c81610cba6bcc5289268ae46c686cabc439a0f.camel@j-davis.com |
Views: | Raw Message | Whole Thread | Download mbox | Resend email |
Thread: | |
Lists: | pgsql-committers |
On Mon, 2019-09-30 at 16:08 +0900, Michael Paquier wrote:
> So, something like the attached looks better to me. Using a server
> which publishes SCRAM-SHA-256-PLUS, I get the following over SSL:
> 1) client supports channel binding:
> 1-1) channel_binding = disable => OK, with SCRAM-SHA-256
> 1-2) channel_binding = prefer => OK, with SCRAM-SHA-256-PLUS
> 1-3) channel_binding = require => OK, with SCRAM-SHA-256-PLUS
> 2) client does not support channel binding
> 2-1) channel_binding = disable => OK, with SCRAM-SHA-256
> 2-2) channel_binding = prefer => OK, with SCRAM-SHA-256
> 2-3) channel_binding = require => failure with new error message,
> instead of the confusing one.
>
> The bug is with 2-3, and Tom's suggestion would have switched 2-2 to
> a
> failure (2-2 works on HEAD).
Looks good to me, though I think you need to update the expected error
message in the test you just added.
Regards,
Jeff Davis
From | Date | Subject | |
---|---|---|---|
Next Message | Tom Lane | 2019-09-30 21:41:46 | Re: pgsql: Add libpq parameter 'channel_binding'. |
Previous Message | Tom Lane | 2019-09-30 21:14:13 | pgsql: Rely on plan_cache_mode to force generic plans in partition_prun |