From ccea44becd0285a11969fe07bf71a4fe4dd0dfc8 Mon Sep 17 00:00:00 2001 From: Conrad Ludgate Date: Tue, 8 Jul 2025 17:11:30 +0100 Subject: [PATCH] disable channel binding --- proxy/src/proxy/tests/mod.rs | 5 +++-- proxy/src/tls/server_config.rs | 3 ++- 2 files changed, 5 insertions(+), 3 deletions(-) diff --git a/proxy/src/proxy/tests/mod.rs b/proxy/src/proxy/tests/mod.rs index 46b9d1e5aa..2d4ebee917 100644 --- a/proxy/src/proxy/tests/mod.rs +++ b/proxy/src/proxy/tests/mod.rs @@ -1,7 +1,8 @@ //! A group of high-level tests for connection establishing logic and auth. #![allow(clippy::unimplemented)] -mod mitm; +// disabled as we removed support for channel binding. +// mod mitm; use std::sync::Arc; use std::time::Duration; @@ -296,7 +297,7 @@ async fn scram_auth_good(#[case] password: &str) -> anyhow::Result<()> { )); let _conn = postgres_client::Config::new("test".to_owned(), 5432) - .channel_binding(postgres_client::config::ChannelBinding::Require) + .channel_binding(postgres_client::config::ChannelBinding::Disable) .user("user") .dbname("db") .password(password) diff --git a/proxy/src/tls/server_config.rs b/proxy/src/tls/server_config.rs index 954c5797e1..f466573fbd 100644 --- a/proxy/src/tls/server_config.rs +++ b/proxy/src/tls/server_config.rs @@ -188,7 +188,8 @@ fn process_key_cert( let key = sign::any_supported_type(&priv_key).context("invalid private key")?; let first_cert = &cert_chain[0]; - let tls_server_end_point = TlsServerEndPoint::new(first_cert)?; + // let tls_server_end_point = TlsServerEndPoint::new(first_cert)?; + let tls_server_end_point = TlsServerEndPoint::Undefined; let certificate = SliceReader::new(first_cert) .context("Failed to parse cerficiate")?