Re: BUG #17760: SCRAM authentication fails with "modern" (rsassaPss signature) server certificate

Michael Paquier <michael@paquier.xyz>

From: Michael Paquier <michael@paquier.xyz>
To: Jacob Champion <jchampion@timescale.com>
Cc: Gunnar Nick Bluth <gunnar.bluth@pro-open.de>, Heikki Linnakangas <hlinnaka@iki.fi>, pgsql-bugs@lists.postgresql.org
Date: 2023-02-15T01:22:54Z
Lists: pgsql-bugs
On Mon, Feb 13, 2023 at 09:44:03AM -0800, Jacob Champion wrote:
> LGTM too, thanks Michael! I tested against LibreSSL 3.5.3 to
> double-check the fallback.

Thanks for checking with this one, I don't have LibreSSL in my
environment, at least not now.  Perhaps I should..  So, I have spent a
couple of hours on that, and backpatched the fix down to 11.  There
were different conflicts for each branch.

The new tests have been added in 15~, where the generation of the cert
and key files is more straight-forward than ~14.  Actually, make
sslfiles fails on these branches when using OpenSSL 1.1.1~.  Perhaps
that may be worth addressing, but the existing tests pass anyway when
relying on X509_get_signature_info(), as much as they pass with older
versions of OpenSSL.  I have done some manual checks with RSA-PSS
certs and keys to make sure that channel binding works correctly for
these versions (one can just reuse the ones generated on HEAD or
REL_15_STABLE in src/test/ssl/ for that).
--
Michael

Commits

  1. Fix handling of SCRAM-SHA-256's channel binding with RSA-PSS certificates