From 4bbf110d2fb4f74b9385bd5a521f824dfa5f15ec Mon Sep 17 00:00:00 2001 From: Peter Eisentraut Date: Mon, 18 Dec 2017 18:05:24 -0500 Subject: Add libpq connection parameter "scram_channel_binding" This parameter can be used to enforce the channel binding type used during a SCRAM authentication. This can be useful to check code paths where an invalid channel binding type is used by a client and will be even more useful to allow testing other channel binding types when they are added. The default value is tls-unique, which is what RFC 5802 specifies. Clients can optionally specify an empty value, which has as effect to not use channel binding and use SCRAM-SHA-256 as chosen SASL mechanism. More tests for SCRAM and channel binding are added to the SSL test suite. Author: Author: Michael Paquier --- doc/src/sgml/libpq.sgml | 24 ++++++++++++++++++++++++ 1 file changed, 24 insertions(+) (limited to 'doc/src') diff --git a/doc/src/sgml/libpq.sgml b/doc/src/sgml/libpq.sgml index 4703309254a..4e4645136c6 100644 --- a/doc/src/sgml/libpq.sgml +++ b/doc/src/sgml/libpq.sgml @@ -1222,6 +1222,30 @@ postgresql://%2Fvar%2Flib%2Fpostgresql/dbname + + scram_channel_binding + + + Specifies the channel binding type to use with SCRAM authentication. + The list of channel binding types supported by server are listed in + . An empty value specifies that + the client will not use channel binding. The default value is + tls-unique. + + + + Channel binding is only supported on SSL connections. If the + connection is not using SSL, then this setting is ignored. + + + + This parameter is mainly intended for protocol testing. In normal + use, there should not be a need to choose a channel binding type other + than the default one. + + + + sslmode -- cgit v1.2.3