Re: Supporting tls-server-end-point as SCRAM channel binding forOpenSSL 1.0.0 and 1.0.1 - Mailing list pgsql-hackers

On 29 May 2018 at 22:48, Michael Paquier <michael@paquier.xyz> wrote:

On Tue, May 29, 2018 at 10:33:03PM -0400, Heikki Linnakangas wrote:
> Hmm. I think Peter went through this in commits ac3ff8b1d8 and 054e8c6cdb.
> If you got that working now, I suppose we could do that, but I'm actually
> inclined to just stick to the current, more straightforward code, and
> require OpenSSL 1.0.2 for this feature. OpenSSL 1.0.2 has been around for
> several years now. It's not available on all the popular platforms and
> distributions yet, but I don't want to bend over backwards to support those.

I think that this mainly boils down to how much Postgres JDBC wants to
get support here as some vendors can maintain oldest versions of OpenSSL
for a long time.  The extra code is not that much complicated by the
way, still it is true that HEAD is cleaner with its simplicity.

I'm unclear what this has to do with JDBC ? JDBC doesn't use OpenSSL 

Alvaro ?

    It's only indirectly related. It does matter on what servers JDBC would be able to connect to (using SCRAM + channel binding). Only those with tls-server-end-point will be able to use CB with JDBC, and that is, as of today, only OpenSSL 1.0.2 or higher, which is not available on some older distributions.



    Álvaro

-- 

Alvaro Hernandez


-----------
OnGres