Refactor channel binding code to fetch cbind_data only when necessary As things stand now, channel binding data is fetched from OpenSSL and saved into the SCRAM exchange context for any SSL connection attempted for a SCRAM authentication, resulting in data fetched but not used if no channel binding is used or if a different channel binding type is used than what the data is here for.
Refactor the code in such a way that binding data is fetched from the SSL stack only when a specific channel binding is used for both the frontend and the backend. In order to achieve that, save the libpq connection context directly in the SCRAM exchange state, and add a dependency to SSL in the low-level SCRAM routines. This makes the interface in charge of initializing the SCRAM context cleaner as all its data comes from either PGconn* (for frontend) or Port* (for the backend). Author: Michael Paquier <michael.paqu...@gmail.com> Branch ------ master Details ------- https://git.postgresql.org/pg/commitdiff/f3049a603a7950f313b33ab214f11563c66dc069 Modified Files -------------- src/backend/libpq/auth-scram.c | 33 +++----- src/backend/libpq/auth.c | 19 +---- src/include/libpq/scram.h | 6 +- src/interfaces/libpq/fe-auth-scram.c | 159 +++++++++++++++++------------------ src/interfaces/libpq/fe-auth.c | 27 +----- src/interfaces/libpq/fe-auth.h | 10 +-- 6 files changed, 102 insertions(+), 152 deletions(-)