Re: [PATCH] test/ssl: rework the sslfiles Makefile target

From: Daniel Gustafsson <daniel(at)yesql(dot)se>
To: Jacob Champion <pchampion(at)vmware(dot)com>
Cc: "pgsql-hackers(at)lists(dot)postgresql(dot)org" <pgsql-hackers(at)lists(dot)postgresql(dot)org>, "andrew(at)dunslane(dot)net" <andrew(at)dunslane(dot)net>
Subject: Re: [PATCH] test/ssl: rework the sslfiles Makefile target
Date: 2021-07-27 22:24:36
Views: Raw Message | Whole Thread | Download mbox | Resend email
Lists: pgsql-hackers

> On 4 Mar 2021, at 01:03, Jacob Champion <pchampion(at)vmware(dot)com> wrote:

> Andrew pointed out elsewhere [1] that it's pretty difficult to add new
> certificates to the test/ssl suite without blowing away the current
> state and starting over. I needed new cases for the NSS backend work,
> and ran into the same pain, so here is my attempt to improve the
> situation.

Thanks for working on this, I second the pain cited. I've just started to look
at this, so only a few comments thus far.

> The unused server-ss certificate has been removed entirely.

Nice catch, this seems to have been unused since the original import of the SSL
test suite. To cut down scope of the patch (even if only a small bit) I
propose to apply this separately first, as per the attached.

> - Serial number collisions are less likely, thanks to Andrew's idea to
> use the current clock time as the initial serial number in a series.

+my $serialno = `openssl x509 -serial -noout -in ssl/client.crt`;
+$serialno =~ s/^serial=//;
+$serialno = hex($serialno); # OpenSSL prints serial numbers in hexadecimal

Will that work on Windows? We don't currently require the openssl binary to be
in PATH unless one wants to rebuild sslfiles (which it is quite likely to be
but there should at least be errorhandling covering when it's not).

> - I am making _heavy_ use of GNU Make-isms, which does not improve
> long-term maintainability.

GNU Make is already a requirement, I don't see this shifting the needle in any

Daniel Gustafsson

Attachment Content-Type Size
ssl-remove-server-ss.patch application/octet-stream 5.6 KB

In response to


Browse pgsql-hackers by date

  From Date Subject
Next Message Bryn Llewellyn 2021-07-27 22:36:37 Re: Have I found an interval arithmetic bug?
Previous Message Tomas Vondra 2021-07-27 21:38:53 Re: Showing applied extended statistics in explain