Home > mailing lists

Re: pgsql: Add some information about authenticated identity via log_connec - Mailing list pgsql-committers

From	Tom Lane
Subject	Re: pgsql: Add some information about authenticated identity via log_connec
Date	April 7, 2021 19:51:57
Msg-id	1597946.1617814317@sss.pgh.pa.us Whole thread Raw
In response to	Re: pgsql: Add some information about authenticated identity via log_connec (Jacob Champion <pchampion@vmware.com>)
Responses	Re: pgsql: Add some information about authenticated identity via log_connec (Michael Paquier <michael@paquier.xyz>)
List	pgsql-committers

Tree view

Jacob Champion <pchampion@vmware.com> writes:
> On Wed, 2021-04-07 at 10:27 -0400, Tom Lane wrote:
>> prairiedog is also not happy, apparently for a different reason.

> That one's failing because older OpenSSL doesn't support channel
> binding, and the new test I wrote forgot to check to make sure channel
> binding was supported... sorry.
> But the test doesn't truly *need* channel binding anyway; it just needs
> to check the interaction between SCRAM and verify-full, to ensure that
> the correct authn_id is set. Patch attached, tested locally with
> OpenSSL 1.0.1 and 1.1.1.

Sounds reasonable, pushed.  (I didn't actually verify it on prairiedog,
because that would have taken a couple hours :-(.  We can revisit if
that animal fails to go green.)

            regards, tom lane

pgsql-committers by date:

From: Tom Lane
Date: 07 April 2021, 19:50:22
Subject: pgsql: Remove channel binding requirement from clientcert=verify-full t

From: Bruce Momjian
Date: 07 April 2021, 20:06:59
Subject: pgsql: Move pg_stat_statements query jumbling to core.

Re: pgsql: Add some information about authenticated identity via log_connec - Mailing list pgsql-committers

Previous

Next