Re: [PoC] Let libpq reject unexpected authentication requests

Aleksander Alekseev <aleksander@timescale.com>

From: Aleksander Alekseev <aleksander@timescale.com>
To: "pgsql-hackers@postgresql.org" <pgsql-hackers@postgresql.org>
Cc: Jacob Champion <jchampion@timescale.com>, Peter Eisentraut <peter.eisentraut@enterprisedb.com>, Michael Paquier <michael@paquier.xyz>, "David G. Johnston" <david.g.johnston@gmail.com>
Date: 2023-01-31T13:19:50Z
Lists: pgsql-hackers
Hi Peter,

> > What is the status of this patch set?  Michael had registered himself as
> > committer and then removed himself again.  So I hadn't been paying much
> > attention myself.  Was there anything left to discuss?
>
> Previously I marked the patch as RfC. Although it's been a few months
> ago and I don't recall all the details, it should have been in good
> shape (in my personal opinion at least). The commits a9e9a9f and
> 0873b2d Michael referred to are message refactorings so I doubt Jacob
> had serious problems with them.
>
> Of course, I'll take another fresh look and let you know my findings in a bit.

The code is well written, documented and test-covered. All the tests
pass. To my knowledge there are no open questions left. I think the
patch is as good as it will ever get.

-- 
Best regards,
Aleksander Alekseev



Commits

  1. libpq: Add sslcertmode option to control client certificates

  2. Rewrite error message related to sslmode in libpq

  3. libpq: Add support for require_auth to control authorized auth methods

  4. Run pgindent on libpq's fe-auth.c, fe-auth-scram.c and fe-connect.c