On Wed, Feb 27, 2019 at 10:21:00AM +0100, Peter Eisentraut wrote:
> On 2019-02-26 23:35, Michael Paquier wrote:
>> What I do in such cases is to compile OpenSSL by myself and link
>> Postgres to it, here is a command to build shared libraries (all that
>> is documented in INSTALL):
>> ./config --pr
On 2019-02-26 23:35, Michael Paquier wrote:
> What I do in such cases is to compile OpenSSL by myself and link
> Postgres to it, here is a command to build shared libraries (all that
> is documented in INSTALL):
> ./config --prefix=$INSTALLPATH shared
I did test it now using a custom-built OpenSSL
On Tue, Feb 26, 2019 at 10:04:35AM -0500, Tom Lane wrote:
> Peter Eisentraut writes:
>> I tried reproducing the issue locally, but the required OpenSSL version
>> is too old to be easily available.
>
> Hm, I've got buildfarm hosts with quite old OpenSSLs handy. What
> tests do you want done, exa
Peter Eisentraut writes:
> I tried reproducing the issue locally, but the required OpenSSL version
> is too old to be easily available.
Hm, I've got buildfarm hosts with quite old OpenSSLs handy. What
tests do you want done, exactly?
regards, tom lane
On 2019-02-22 06:28, Michael Paquier wrote:
>> Is that right? Won't we then just select nothing if the macro is not
>> defined?
> In the context of an SSL connection, the server would send both SCRAM
> and SCRAM_PLUS as valid mechanisms if it supports channel binding
> (HAVE_BE_TLS_GET_CERTIFICATE
On Thu, Feb 21, 2019 at 08:32:01PM +0100, Peter Eisentraut wrote:
> On 2019-02-21 05:47, Michael Paquier wrote:
>> if (conn->ssl_in_use)
>> +{
>> +/*
>> + * The server has offered SCRAM-SHA-256-PLUS,
>
On 2019-02-21 05:47, Michael Paquier wrote:
> if (conn->ssl_in_use)
> + {
> + /*
> + * The server has offered SCRAM-SHA-256-PLUS,
> which is only
> + * supported by the c
On Wed, Feb 20, 2019 at 04:53:32PM +0100, Peter Eisentraut wrote:
> I think there is a bug in the frontend code. If the server offers
> SCRAM-SHA-256-PLUS, the client will choose it if SSL is in use, but it
> will later fail with this error message if not
> HAVE_PGTLS_GET_PEER_CERTIFICATE_HASH.
G
On 2019-02-18 02:06, Michael Paquier wrote:
> Now, the error message "channel binding not supported by this build"
> would show up by either the backend or the frontend if
> X509_get_signature_nid() is not present in the version of OpenSSL your
> version of libpq (for the frontend) or your backend
On Sun, 17 Feb 2019 at 20:06, Michael Paquier wrote:
> Now, the error message "channel binding not supported by this build"
> would show up by either the backend or the frontend if
> X509_get_signature_nid() is not present in the version of OpenSSL your
> version of libpq (for the frontend) or yo
On Fri, Feb 15, 2019 at 04:18:40PM -0500, Hugh Ranalli wrote:
> I did see that. However, I'm not *trying* to use it. I set up accounts with
> scram-sha-256 passwords, and when trying to connect I get this message.
> Hence why I tried to disable it.
tls-server-end-point is implemented as channel bi
On Fri, 15 Feb 2019 at 16:14, Bruce Momjian wrote:
> The PG 11 release notes are clear that channel binding is not supported
> in a usable way yet:
>
I did see that. However, I'm not *trying* to use it. I set up accounts with
scram-sha-256 passwords, and when trying to connect I get this message
On Fri, Feb 15, 2019 at 03:41:37PM -0500, Hugh Ranalli wrote:
>
> I've been trying to implement scram-sha-256 passwords on PostgreSQL 11.1.
> However, connection attempts whether through Python (psycopg2) or psql fail
> with the message: "channel binding not supported by this build." I've tried
>
I've been trying to implement scram-sha-256 passwords on PostgreSQL 11.1.
However, connection attempts whether through Python (psycopg2) or psql fail
with the message: "channel binding not supported by this build." I've tried
clearing scram_channel_binding in my global psqlrc ("\set
scram_channel_b
14 matches
Mail list logo
