From 4bbf110d2fb4f74b9385bd5a521f824dfa5f15ec Mon Sep 17 00:00:00 2001 From: Peter Eisentraut Date: Mon, 18 Dec 2017 18:05:24 -0500 Subject: Add libpq connection parameter "scram_channel_binding" This parameter can be used to enforce the channel binding type used during a SCRAM authentication. This can be useful to check code paths where an invalid channel binding type is used by a client and will be even more useful to allow testing other channel binding types when they are added. The default value is tls-unique, which is what RFC 5802 specifies. Clients can optionally specify an empty value, which has as effect to not use channel binding and use SCRAM-SHA-256 as chosen SASL mechanism. More tests for SCRAM and channel binding are added to the SSL test suite. Author: Author: Michael Paquier --- src/interfaces/libpq/fe-auth.h | 1 + 1 file changed, 1 insertion(+) (limited to 'src/interfaces/libpq/fe-auth.h') diff --git a/src/interfaces/libpq/fe-auth.h b/src/interfaces/libpq/fe-auth.h index 3e92410eaed..db319ac071d 100644 --- a/src/interfaces/libpq/fe-auth.h +++ b/src/interfaces/libpq/fe-auth.h @@ -27,6 +27,7 @@ extern void *pg_fe_scram_init(const char *username, const char *password, bool ssl_in_use, const char *sasl_mechanism, + const char *channel_binding_type, char *tls_finished_message, size_t tls_finished_len); extern void pg_fe_scram_free(void *opaq); -- cgit v1.2.3