Re: BUG #17522: While using --with-ssl=openssl and PG_TEST_EXTRA='ssl' options, SSL test fails on OpenBSD 7.1

Michael Paquier <michael@paquier.xyz>

From: Michael Paquier <michael@paquier.xyz>
To: Tom Lane <tgl@sss.pgh.pa.us>
Cc: Jacob Champion <jchampion@timescale.com>, Kyotaro Horiguchi <horikyota.ntt@gmail.com>, peter.eisentraut@enterprisedb.com, byavuz81@gmail.com, pgsql-bugs@lists.postgresql.org
Date: 2022-06-23T06:00:00Z
Lists: pgsql-bugs
On Wed, Jun 22, 2022 at 12:31:45PM -0400, Tom Lane wrote:
> Jacob Champion <jchampion@timescale.com> writes:
>> Moving from lax to strict validation means plenty
>> of IETF spec reading to make sure we don't throw away useful hostnames
>> by accident.
> 
> True.  I'd be content to disallow '/' and move on.

It does not seem like this is strictly forbidden, either.  This set of
rules would be RFC 1035, section 2.3, I guess:
https://datatracker.ietf.org/doc/html/rfc1035

> Or we could just drop this test case.

I'd be fine with that.  Disabling the SNI, as proposed upthread, would
also be fine.
--
Michael

Commits

  1. Remove unportable test