Thread

Commits

  1. Use more verbose matching patterns for errors in SSL TAP tests

  1. Improve error matching patterns in the SSL tests

    Michael Paquier <michael@paquier.xyz> — 2021-04-01T02:59:15Z

    Hi all,
    
    It has been mentioned twice for the last couple of days that some of
    the SSL tests are not really picky with what they check, which can be
    annoying when it comes to the testing of other SSL implementations as
    we cannot really be sure if an error tells more than "SSL error":
    https://www.postgresql.org/message-id/20210330151507.GA9536@alvherre.pgsql
    https://www.postgresql.org/message-id/e0f0484a1815b26bb99ef9ddc7a110dfd6425931.camel@vmware.com
    
    Please find attached a patch to tighten a bit all that.  The errors
    produced by OpenSSL down to 1.0.1 are the same.  I have noticed one
    extra place where we just check for a FATAL, where the trust
    authentication failed after a CN mismatch.
    
    Thoughts?
    --
    Michael
    
  2. Re: Improve error matching patterns in the SSL tests

    Michael Paquier <michael@paquier.xyz> — 2021-04-05T01:36:01Z

    On Thu, Apr 01, 2021 at 11:59:15AM +0900, Michael Paquier wrote:
    > Please find attached a patch to tighten a bit all that.  The errors
    > produced by OpenSSL down to 1.0.1 are the same.  I have noticed one
    > extra place where we just check for a FATAL, where the trust
    > authentication failed after a CN mismatch.
    
    Sorry for the late reply here.  This has been applied as of 8d3a4c3.
    --
    Michael