Add libpq connection parameter "scram_channel_binding"

This parameter can be used to enforce the channel binding type used
during a SCRAM authentication.  This can be useful to check code paths
where an invalid channel binding type is used by a client and will be
even more useful to allow testing other channel binding types when they
are added.

The default value is tls-unique, which is what RFC 5802 specifies.
Clients can optionally specify an empty value, which has as effect to
not use channel binding and use SCRAM-SHA-256 as chosen SASL mechanism.

More tests for SCRAM and channel binding are added to the SSL test
suite.

Author: Author: Michael Paquier <michael.paquier@gmail.com>

1 files changed, 13 insertions, 1 deletions

diff --git a/src/test/ssl/t/002_scram.pl b/src/test/ssl/t/002_scram.pl
index 25f75bd52ac..324b4888d42 100644
--- a/src/test/ssl/t/002_scram.pl
+++ b/src/test/ssl/t/002_scram.pl
@@ -4,7 +4,7 @@ use strict;
 use warnings;
 use PostgresNode;
 use TestLib;
-use Test::More tests => 1;
+use Test::More tests => 4;
 use ServerSetup;
 use File::Copy;
 
@@ -34,5 +34,17 @@ $ENV{PGPASSWORD} = "pass";
 $common_connstr =
 "user=ssltestuser dbname=trustdb sslmode=require hostaddr=$SERVERHOSTADDR";
 
+# Default settings
 test_connect_ok($common_connstr, '',
 				"SCRAM authentication with default channel binding");
+
+# Channel binding settings
+test_connect_ok($common_connstr,
+	"scram_channel_binding=tls-unique",
+	"SCRAM authentication with tls-unique as channel binding");
+test_connect_ok($common_connstr,
+	"scram_channel_binding=''",
+	"SCRAM authentication without channel binding");
+test_connect_fails($common_connstr,
+	"scram_channel_binding=not-exists",
+	"SCRAM authentication with invalid channel binding");