Home > mailing lists

Re: Negotiating the SCRAM channel binding type - Mailing list pgsql-hackers

From	Michael Paquier
Subject	Re: Negotiating the SCRAM channel binding type
Date	July 12, 2018 19:10:56
Msg-id	20180712131056.GC1167@paquier.xyz Whole thread Raw
In response to	Re: Negotiating the SCRAM channel binding type (Heikki Linnakangas <hlinnaka@iki.fi>)
List	pgsql-hackers

Tree view

On Wed, Jul 11, 2018 at 04:00:47PM +0300, Heikki Linnakangas wrote:
> Looking at the GnuTLS docs, I believe it has everything we need.
> gnutls_certificate_get_peers() and gnutls_certificate_get_ours() can be used
> to get the certificate, and gnutls_x509_crt_get_signature_algorithm() gets
> the signatureAlgorithm.

Looking at the docs, there is gnutls_x509_crt_get_fingerprint() which
can provide the certificate hash.  So if the signature algorithm  is MD5
or SHA-1, it would be simple enough to upgrade it to SHA-256 and
calculate the hash.  They have way better docs than OpenSSL, which is
nice.
--
Michael

Attachment

signature.asc

pgsql-hackers by date:

From: Michael Paquier
Date: 12 July 2018, 19:08:18
Subject: Re: Negotiating the SCRAM channel binding type

From: Michael Paquier
Date: 12 July 2018, 19:18:53
Subject: Re: pg_create_logical_replication_slot returns text instead of name

Re: Negotiating the SCRAM channel binding type - Mailing list pgsql-hackers

Attachment

Previous

Next