Re: BUG #17760: SCRAM authentication fails with "modern" (rsassaPss signature) server certificate
Gunnar "Nick" Bluth <gunnar.bluth@pro-open.de>
From: "Gunnar \"Nick\" Bluth" <gunnar.bluth@pro-open.de>
To: pgsql-bugs@lists.postgresql.org
Date: 2023-01-31T12:27:59Z
Lists: pgsql-bugs
Am 25.01.23 um 12:32 schrieb PG Bug reporting form: > I have to say that I'm not all too deep into crypto stuff. I couldn't even > tell how to create one such certificate, let alone what that PSS stuff is > all about ;-/ > > Maybe this is even fixed with recent OpenSSL versions (client has 1.1.1f, > Ubuntu 20.04)? Though that line was introduced in 2010... > > I do think however that this is an oversight on our side and has to be > addressed. If not in code, the docs should point out that certain server > certificate types (PSS) may not work with SCRAM auth (or libpq needs to be > compiled against a minimum version of OpenSSL, if that's the root cause). Nobody willing to enlighten me on this one? :( -- Gunnar "Nick" Bluth Eimermacherweg 106 D-48159 Münster Mobil +49 172 8853339 Email: gunnar.bluth@pro-open.de __________________________________________________________________________ "Ceterum censeo SystemD esse delendam" - Cato
Commits
-
Fix handling of SCRAM-SHA-256's channel binding with RSA-PSS certificates
- 88d606f7cc68 11.20 landed
- a40e7b75e689 12.15 landed
- 2eb8e54cc373 13.11 landed
- 864f80feadea 14.8 landed
- 5fd61055eacf 15.3 landed
- 9244c11afe23 16.0 landed