Re: disabled SSL log_like tests
Tom Lane <tgl@sss.pgh.pa.us>
From: Tom Lane <tgl@sss.pgh.pa.us>
To: Daniel Gustafsson <daniel@yesql.se>
Cc: Thomas Munro <thomas.munro@gmail.com>,
Andrew Dunstan <andrew@dunslane.net>,
PostgreSQL Hackers <pgsql-hackers@postgresql.org>,
Jacob Champion <jacob.champion@enterprisedb.com>
Date: 2025-05-08T20:24:31Z
Lists: pgsql-hackers
Daniel Gustafsson <daniel@yesql.se> writes:
> On 8 May 2025, at 15:49, Tom Lane <tgl@sss.pgh.pa.us> wrote:
>> I was feeling itchy about having two copies of code that looks none
>> too set-in-stone. Maybe we should just do that. Any preferences
>> on the API?
> There is already SSL::Server::ssl_library() which returns the underlying
> library, but it's not smart enough to differentiate between which flavour of
> OpenSSL compatible library is being used (OpenSSL, Libressl, BoringSSL etc) as
> it's only returning a hardcoded string as of now. My plan was to expand that
> at some point.
Hm. There is this bit in 001_ssltests.pl:
my $result = $node->safe_psql('postgres', "SHOW ssl_library");
is($result, $ssl_server->ssl_library(), 'ssl_library parameter');
which would break. Admittedly that's not a very exciting test,
so I wouldn't feel bad about dropping it, but maybe someone else
would.
Also, it seems like ssl_library is mainly intended to distinguish
which "backend" module is in use, so having the one string "OpenSSL"
seems to match up with the one backend "OpenSSL.pm". What we're
talking about here feels like a finer subdivision. I'm not quite
sure how it ought to fit into that "backend" structure.
We could deal with the RSA-PSS issue pretty cleanly by inventing a
backend method "supports_rsa_pss", but the other thing we're trying
to hack around doesn't seem like it has such a clean definition.
regards, tom lane
Commits
-
Skip RSA-PSS ssl test when using LibreSSL.
- cad781b3e5de 16.10 landed
- 95129709fd9b 18.0 landed
- 793aa989f8e4 15.14 landed
- 3007fee7f292 17.6 landed
-
Ooops ... add required configure support.
- 00811a96ac45 15.14 landed
-
Hack one ssl test case to pass with current LibreSSL.
- 75d73331d014 18.0 landed
-
Centralize ssl tests' check for whether we're using LibreSSL.
- 976a8c2170f1 17.6 landed
- 27fbf7cb6391 16.10 landed
- 1ddb9e14eadf 15.14 landed
- 0aaf69965dbd 18.0 landed
-
Re-enable SSL connect_fails tests, and fix related race conditions.
- e0f373ee42a4 18.0 landed
-
Disable unstable test cases in src/test/ssl/t/001_ssltests.pl.
- 55828a6b6084 16.0 cited