forked frompostgres/postgres
- Notifications
You must be signed in to change notification settings - Fork6
Commita12c75a
committed
Fix SSL test for libpq connection parameter channel_binding
When compiling Postgres with OpenSSL 1.0.1 or older versions, SCRAM'schannel binding cannot be supported as X509_get_signature_nid() isneeded, which causes a regression test with channel_binding='require' tofail as the server cannot publish SCRAM-SHA-256-PLUS as SASL mechanismover an SSL connection.Fix the issue by using a method similar toc3d41cc, making the testresult conditional. The test passes if X509_get_signature_nid() ispresent, and when missing we test for a connection failure. Testing aconnection failure is more useful than skipping the test as we shouldfail the connection if channel binding is required by the client but theserver does not support it.Reported-by: Tom Lane, Michael PaquierAuthor: Michael PaquierDiscussion:https://postgr.es/m/20190927024457.GA8485@paquier.xyzDiscussion:https://postgr.es/m/24857.1569775891@sss.pgh.pa.us1 parent7acf8a8 commita12c75a
1 file changed
+21
-6
lines changedLines changed: 21 additions & 6 deletions
| Original file line number | Diff line number | Diff line change | |
|---|---|---|---|
| |||
18 | 18 | | |
19 | 19 | | |
20 | 20 | | |
21 | | - | |
22 | | - | |
23 | 21 | | |
24 | 22 | | |
25 | 23 | | |
| 24 | + | |
| 25 | + | |
| 26 | + | |
| 27 | + | |
| 28 | + | |
| 29 | + | |
26 | 30 | | |
27 | 31 | | |
28 | 32 | | |
| |||
60 | 64 | | |
61 | 65 | | |
62 | 66 | | |
63 | | - | |
64 | | - | |
65 | | - | |
66 | | - | |
| 67 | + | |
| 68 | + | |
| 69 | + | |
| 70 | + | |
| 71 | + | |
| 72 | + | |
| 73 | + | |
| 74 | + | |
| 75 | + | |
| 76 | + | |
| 77 | + | |
| 78 | + | |
| 79 | + | |
| 80 | + | |
| 81 | + | |
67 | 82 | | |
68 | 83 | | |
69 | 84 | | |
| |||
0 commit comments
Comments
(0)