projects / postgresql.git / commit
? search:
summary | shortlog | log | commit | commitdiff | tree
(parent: 3ad2afc) | patch
Refactor channel binding code to fetch cbind_data only when necessary
authorPeter Eisentraut <peter_e@gmx.net>
Thu, 4 Jan 2018 18:53:09 +0000 (13:53 -0500)
committerPeter Eisentraut <peter_e@gmx.net>
Thu, 4 Jan 2018 18:55:12 +0000 (13:55 -0500)
commitf3049a603a7950f313b33ab214f11563c66dc069
treef870af0cee87ab890b6925a202c43de7624972fdtree
parent3ad2afc2e98fc85d5cf9529d84265b70acc0b13dcommit | diff
Refactor channel binding code to fetch cbind_data only when necessary

As things stand now, channel binding data is fetched from OpenSSL and
saved into the SCRAM exchange context for any SSL connection attempted
for a SCRAM authentication, resulting in data fetched but not used if no
channel binding is used or if a different channel binding type is used
than what the data is here for.

Refactor the code in such a way that binding data is fetched from the
SSL stack only when a specific channel binding is used for both the
frontend and the backend.  In order to achieve that, save the libpq
connection context directly in the SCRAM exchange state, and add a
dependency to SSL in the low-level SCRAM routines.

This makes the interface in charge of initializing the SCRAM context
cleaner as all its data comes from either PGconn* (for frontend) or
Port* (for the backend).

Author: Michael Paquier <michael.paquier@gmail.com>
src/backend/libpq/auth-scram.c diff | blob | blame | history
src/backend/libpq/auth.c diff | blob | blame | history
src/include/libpq/scram.h diff | blob | blame | history
src/interfaces/libpq/fe-auth-scram.c diff | blob | blame | history
src/interfaces/libpq/fe-auth.c diff | blob | blame | history
src/interfaces/libpq/fe-auth.h diff | blob | blame | history
This is the main PostgreSQL git repository.