Re: disabled SSL log_like tests

Tom Lane <tgl@sss.pgh.pa.us>

From: Tom Lane <tgl@sss.pgh.pa.us>
To: Daniel Gustafsson <daniel@yesql.se>
Cc: Thomas Munro <thomas.munro@gmail.com>, Andrew Dunstan <andrew@dunslane.net>, PostgreSQL Hackers <pgsql-hackers@postgresql.org>, Jacob Champion <jacob.champion@enterprisedb.com>
Date: 2025-05-07T16:04:39Z
Lists: pgsql-hackers
Daniel Gustafsson <daniel@yesql.se> writes:
>> On 7 May 2025, at 06:34, Tom Lane <tgl@sss.pgh.pa.us> wrote:
>> I couldn't help noticing that the backtraces went through
>> lib/libssl/tls13_legacy.c, which doesn't give a warm feeling
>> about how supported they think our usage is (and perhaps also
>> explains why they didn't detect this bug themselves).

> Since we no longer support 1.0.2 we can apply something like the (lightly
> tested) attached which should be a no-op as we already use TLS_method() but via
> an alias.

Yeah, I saw that SSLv23_method() was merely an alias for TLS_method()
in LibreSSL as well.  That means unfortunately that your proposal is
just cosmetic and doesn't get us out of using code that they're
calling "legacy".  I wonder what it would take to get to the "modern"
code paths.

			regards, tom lane



Commits

  1. Skip RSA-PSS ssl test when using LibreSSL.

  2. Ooops ... add required configure support.

  3. Hack one ssl test case to pass with current LibreSSL.

  4. Centralize ssl tests' check for whether we're using LibreSSL.

  5. Re-enable SSL connect_fails tests, and fix related race conditions.

  6. Disable unstable test cases in src/test/ssl/t/001_ssltests.pl.