On 05/08/2018 14:45, Michael Paquier wrote: > On Sun, Aug 05, 2018 at 03:30:43PM +0300, Heikki Linnakangas wrote: >> That test just tested that the scram_channel_binding libpq option works, but >> I removed the option. I know you wanted to keep it as a feature flag, but as >> discussed earlier, I don't think that'd be useful. > > Sorry for the noise, I missed that there is still the test "Basic SCRAM > authentication with SSL" so that would be fine. I would have preferred > keeping around the negative test so as we don't break SSL connections > when the client enforced cbind_flag to 'n' as that would be useful when > adding new SSL implementations as that would avoid manual tests which > people will most likely forget, but well...
I was updating the gnutls patch for the changed channel binding setup, and I noticed that the 002_scram.pl test now passes even though the gnutls patch currently does not support channel binding. So AFAICT, we're not testing the channel binding functionality there at all. Is that as intended? -- Peter Eisentraut http://www.2ndQuadrant.com/ PostgreSQL Development, 24x7 Support, Remote DBA, Training & Services
