Re: Out-of-tree certificate interferes ssltest
Michael Paquier <michael@paquier.xyz>
From: Michael Paquier <michael@paquier.xyz>
To: Daniel Gustafsson <daniel@yesql.se>
Cc: Kyotaro Horiguchi <horikyota.ntt@gmail.com>, pgsql-hackers@lists.postgresql.org
Date: 2022-03-17T07:22:14Z
Lists: pgsql-hackers
Attachments
- ssltest-tap-2.patch (text/x-diff) patch
On Thu, Mar 17, 2022 at 02:59:26PM +0900, Michael Paquier wrote: > In both cases, enforcing sslcrl to a value of "invalid" interferes > with the failure scenario we expect from sslcrldir. It is possible to > bypass that with something like the attached, but that's a kind of > ugly hack. Another alternative would be to drop those two tests, and > I am not sure how much we care about these two negative scenarios. Actually, there is a trick I have recalled here: we can enforce sslcrl to an empty value in the connection string after the default. This still ensures that the test won't pick up any SSL data from the local environment and avoids any interferences of OpenSSL's X509_STORE_load_locations(). This gives a much simpler and cleaner patch. Thoughts? -- Michael
Commits
-
Fix failures in SSL tests caused by out-of-tree keys and certificates
- 8138bd4a567e 10.21 landed
- 635abe6cd4d5 11.16 landed
- 199ca68c9245 12.11 landed
- f32be9938ca4 13.7 landed
- fdb1be4962ca 14.3 landed
- 9ca234bae793 15.0 landed