1:  542d330310 ! 1:  eec891c519 libpq: let client reject unexpected auth methods
    @@ src/test/ssl/t/002_scram.pl: $node->connect_ok(
     +		  qr/channel binding is required, but server did not offer an authentication method that supports channel binding/
     +	);
     +}
    ++
    + # Now test with a server certificate that uses the RSA-PSS algorithm.
    + # This checks that the certificate can be loaded and that channel binding
    + # works. (see bug #17760)
    +@@ src/test/ssl/t/002_scram.pl: if ($supports_rsapss_certs)
    + 			qr/connection authenticated: identity="ssltestuser" method=scram-sha-256/
    + 		]);
    + }
     +
      done_testing();
2:  815fdc4393 ! 2:  dc7f94f24c Add sslcertmode option for client certificates
    @@ src/tools/msvc/Solution.pm: sub GenerateFiles
      		HAVE_STDINT_H                            => 1,
      		HAVE_STDLIB_H                            => 1,
     @@ src/tools/msvc/Solution.pm: sub GenerateFiles
    - 
    - 		my ($digit1, $digit2, $digit3) = $self->GetOpenSSLVersion();
    - 
    + 			$define{HAVE_HMAC_CTX_NEW}          = 1;
    + 			$define{HAVE_OPENSSL_INIT_SSL}      = 1;
    + 		}
    ++
    ++		# Symbols needed with OpenSSL 1.0.2 and above.
     +		if (   ($digit1 >= '3' && $digit2 >= '0' && $digit3 >= '0')
     +			|| ($digit1 >= '1' && $digit2 >= '1' && $digit3 >= '0')
     +			|| ($digit1 >= '1' && $digit2 >= '0' && $digit3 >= '2'))
     +		{
     +			$define{HAVE_SSL_CTX_SET_CERT_CB} = 1;
     +		}
    -+
    - 		# More symbols are needed with OpenSSL 1.1.0 and above.
    - 		if (   ($digit1 >= '3' && $digit2 >= '0' && $digit3 >= '0')
    - 			|| ($digit1 >= '1' && $digit2 >= '1' && $digit3 >= '0'))
    + 	}
    + 
    + 	$self->GenerateConfigHeader('src/include/pg_config.h',     \%define, 1);
3:  6c3b1f28bc = 3:  9a84af5936 require_auth: decouple SASL and SCRAM