Re: BUG #17760: SCRAM authentication fails with "modern" (rsassaPss signature) server certificate

Gunnar "Nick" Bluth <gunnar.bluth@pro-open.de>

From: "Gunnar \"Nick\" Bluth" <gunnar.bluth@pro-open.de>
To: pgsql-bugs@lists.postgresql.org
Date: 2023-01-31T12:27:59Z
Lists: pgsql-bugs
Am 25.01.23 um 12:32 schrieb PG Bug reporting form:

> I have to say that I'm not all too deep into crypto stuff. I couldn't even
> tell how to create one such certificate, let alone what that PSS stuff is
> all about ;-/
> 
> Maybe this is even fixed with recent OpenSSL versions (client has 1.1.1f,
> Ubuntu 20.04)? Though that line was introduced in 2010...
> 
> I do think however that this is an oversight on our side and has to be
> addressed. If not in code, the docs should point out that certain server
> certificate types (PSS) may not work with SCRAM auth (or libpq needs to be
> compiled against a minimum version of OpenSSL, if that's the root cause).

Nobody willing to enlighten me on this one? :(

-- 
Gunnar "Nick" Bluth

Eimermacherweg 106
D-48159 Münster

Mobil +49 172 8853339
Email: gunnar.bluth@pro-open.de
__________________________________________________________________________
"Ceterum censeo SystemD esse delendam" - Cato

Commits

  1. Fix handling of SCRAM-SHA-256's channel binding with RSA-PSS certificates