Re: scram-sha-256 authentication broken in FIPS mode
Peter Eisentraut <peter.eisentraut@2ndquadrant.com>
From: Peter Eisentraut <peter.eisentraut@2ndquadrant.com>
To: Michael Paquier <michael@paquier.xyz>,
Alessandro Gherardi <alessandro.gherardi@yahoo.com>
Cc: "pgsql-general@lists.postgresql.org" <pgsql-general@lists.postgresql.org>
Date: 2018-09-11T14:32:27Z
Lists: pgsql-general
On 11/09/2018 05:02, Michael Paquier wrote: > Hence, intrinsically, we are in contradiction with the upstream docs. I > have worked on the problem with the patch, which works down to OpenSSL > 0.9.8, and should fix your issue. This is based on what you sent > previously, except that I was not able to apply what was sent, so I > reworked the whole. Alessandro, does this fix your problems? I would > like to apply that down to v10 where SCRAM has been introduced. I recommend letting this bake in the master branch for a while. There are a lot weirdly patched and alternative OpenSSL versions out there that defy any documentation. Of course, we should also see if this actually fixes the reported problem. -- Peter Eisentraut http://www.2ndQuadrant.com/ PostgreSQL Development, 24x7 Support, Remote DBA, Training & Services
Commits
-
Change SHA2 implementation based on OpenSSL to use EVP digest routines
- 4f48a6fbe2b2 14.0 landed
- e21cbb4b893b 14.0 landed