Requested tweaks to channel binding

brianc · Jan 14, 2025 · a338521 · a338521
1 parent 65e1c72
commit a338521
Show file tree

Hide file tree

Showing 3 changed files with 4 additions and 4 deletions.
diff --git a/packages/pg/lib/client.js b/packages/pg/lib/client.js
@@ -20,7 +20,7 @@ class Client extends EventEmitter {
     this.database = this.connectionParameters.database
     this.port = this.connectionParameters.port
     this.host = this.connectionParameters.host
-    this.enableChannelBinding = true
+    this.enableChannelBinding = false  // set true to use SCRAM-SHA-256-PLUS when offered
 
     // "hiding" the password so it doesn't show up in stack traces
     // or if the client is console.logged

diff --git a/packages/pg/lib/crypto/sasl.js b/packages/pg/lib/crypto/sasl.js
@@ -1,6 +1,7 @@
 'use strict'
 const crypto = require('./utils')
-const tls = require('tls');
+const tls = require('tls')
+const x509 = require('@peculiar/x509')
 
 function startSession(mechanisms, stream) {
   const candidates = ['SCRAM-SHA-256']
@@ -65,7 +66,6 @@ async function continueSession(session, password, serverData, stream) {
   // override if channel binding is in use:
   if (session.mechanism === 'SCRAM-SHA-256-PLUS') {
     const peerCert = stream.getPeerCertificate().raw
-    const x509 = await import('@peculiar/x509')
     const parsedCert = new x509.X509Certificate(peerCert)
     const sigAlgo = parsedCert.signatureAlgorithm
     if (!sigAlgo) {

diff --git a/packages/pg/package.json b/packages/pg/package.json
@@ -20,7 +20,7 @@
   "author": "Brian Carlson <[email protected]>",
   "main": "./lib",
   "dependencies": {
-    "@peculiar/x509": "^1.12.3",
+    "@peculiar/x509": "1.12.3",
     "pg-connection-string": "^2.7.0",
     "pg-pool": "^3.7.0",
     "pg-protocol": "^1.7.0",