Re: [HACKERS] Support for Secure Transport SSL library on macOS asOpenSSL alternative
| От | Michael Paquier |
|---|---|
| Тема | Re: [HACKERS] Support for Secure Transport SSL library on macOS asOpenSSL alternative |
| Дата | |
| Msg-id | CAB7nPqRsk1U_tV=bEbi=i+LSzb+EPCkZYS8zgu1ieCbV7R-FLA@mail.gmail.com обсуждение исходный текст |
| Ответ на | Re: [HACKERS] Support for Secure Transport SSL library on macOS asOpenSSL alternative (Michael Paquier <michael.paquier@gmail.com>) |
| Ответы |
Re: [HACKERS] Support for Secure Transport SSL library on macOS as OpenSSL alternative
|
| Список | pgsql-hackers |
On Mon, Nov 20, 2017 at 11:35 AM, Michael Paquier <michael.paquier@gmail.com> wrote: > The last set of patches available here does not apply: > https://www.postgresql.org/message-id/B5E2B87D-3E8A-4597-9A7F-8489B3B67556@yesql.se > The SSL test refactoring is one cause. I think as well that this is > crashing when attempting to use SCRAM authentication with the SSL > brand of macos and SCRAM's channel binding. I am going to send a patch > which allows handling of no support for channel bindings for a given > SSL implementation, something needed as well by the gnutls patch. > Please make sure that you define at least be_tls_get_peer_finished() > and pgtls_get_finished() with a NULL result and a length of 0 as > return results as, as far as I can see, macos does not give direct > access to the TLS finish message bytes. At least that's not > documented. This last comment is from last week, so I am marking the patch as returned with feedback. This also needs more thoughts for channel binding support with SCRAM. -- Michael
В списке pgsql-hackers по дате отправления: