diff options
| author | Peter Eisentraut <peter_e@gmx.net> | 2017-12-18 18:05:24 -0500 |
|---|---|---|
| committer | Peter Eisentraut <peter_e@gmx.net> | 2017-12-19 10:12:36 -0500 |
| commit | 4bbf110d2fb4f74b9385bd5a521f824dfa5f15ec (patch) | |
| tree | b09d54898a8c006c0ff4964c0bb0d22489b96d14 /src/interfaces/libpq/fe-auth.h | |
| parent | ab9e0e718acb9ded7e4c4b5cedc1d410690ea6ba (diff) | |
| download | postgresql-4bbf110d2fb4f74b9385bd5a521f824dfa5f15ec.tar.gz postgresql-4bbf110d2fb4f74b9385bd5a521f824dfa5f15ec.zip | |
Add libpq connection parameter "scram_channel_binding"
This parameter can be used to enforce the channel binding type used
during a SCRAM authentication. This can be useful to check code paths
where an invalid channel binding type is used by a client and will be
even more useful to allow testing other channel binding types when they
are added.
The default value is tls-unique, which is what RFC 5802 specifies.
Clients can optionally specify an empty value, which has as effect to
not use channel binding and use SCRAM-SHA-256 as chosen SASL mechanism.
More tests for SCRAM and channel binding are added to the SSL test
suite.
Author: Author: Michael Paquier <michael.paquier@gmail.com>
Diffstat (limited to 'src/interfaces/libpq/fe-auth.h')
| -rw-r--r-- | src/interfaces/libpq/fe-auth.h | 1 |
1 files changed, 1 insertions, 0 deletions
diff --git a/src/interfaces/libpq/fe-auth.h b/src/interfaces/libpq/fe-auth.h index 3e92410eaed..db319ac071d 100644 --- a/src/interfaces/libpq/fe-auth.h +++ b/src/interfaces/libpq/fe-auth.h @@ -27,6 +27,7 @@ extern void *pg_fe_scram_init(const char *username, const char *password, bool ssl_in_use, const char *sasl_mechanism, + const char *channel_binding_type, char *tls_finished_message, size_t tls_finished_len); extern void pg_fe_scram_free(void *opaq); |