Quick Links

Re: disabled SSL log_like tests

From:	Tom Lane <tgl(at)sss(dot)pgh(dot)pa(dot)us>
To:	Thomas Munro <thomas(dot)munro(at)gmail(dot)com>
Cc:	Andrew Dunstan <andrew(at)dunslane(dot)net>, PostgreSQL-development <pgsql-hackers(at)postgresql(dot)org>, Jacob Champion <jacob(dot)champion(at)enterprisedb(dot)com>
Subject:	Re: disabled SSL log_like tests
Date:	2025-05-05 22:45:24
Message-ID:	3058990.1746485124@sss.pgh.pa.us
Views:	Raw Message \| Whole Thread \| Download mbox \| Resend email
Thread:
Lists:	pgsql-hackers

Thomas Munro <thomas(dot)munro(at)gmail(dot)com> writes:
> If you run the not-yet-enabled-by-default OpenBSD CI task on master,
> ssl/001_ssltests fails in "intermediate client certificate is
> untrusted", recently uncommented by commit e0f373ee.

Yeah, I see that too. But I also see three failures in 002_scram.pl,
which presumably were there before e0f373ee. (Tested on OpenBSD 7.6
and 7.7.) The buildfarm's OpenBSD animals haven't caught this
because they don't run this test suite :-(. Yes they build with
--with-openssl, but one of them lacks --enable-tap-tests and the
other two aren't filling PG_TEST_EXTRA.

The SCRAM failures are a bit discouraging ...

[18:16:33.259](0.565s) not ok 26 - SCRAM with SSL and channel_binding=require, server certificate uses 'rsassaPss'
[18:16:33.261](0.002s)
[18:16:33.261](0.000s) # Failed test 'SCRAM with SSL and channel_binding=require, server certificate uses 'rsassaPss''
# at t/002_scram.pl line 161.
[18:16:33.262](0.001s) # got: '2'
# expected: '0'
[18:16:33.264](0.002s) not ok 27 - SCRAM with SSL and channel_binding=require, server certificate uses 'rsassaPss': no stderr
[18:16:33.265](0.001s)
[18:16:33.265](0.000s) # Failed test 'SCRAM with SSL and channel_binding=require, server certificate uses 'rsassaPss': no stderr'
# at t/002_scram.pl line 161.
[18:16:33.266](0.001s) # got: 'psql: error: connection to server at "127.0.0.1", port 10442 failed: SSL error: sslv3 alert handshake failure'
# expected: ''
[18:16:33.268](0.002s) not ok 28 - SCRAM with SSL and channel_binding=require, server certificate uses 'rsassaPss': log matches
[18:16:33.269](0.001s)
[18:16:33.269](0.000s) # Failed test 'SCRAM with SSL and channel_binding=require, server certificate uses 'rsassaPss': log matches'
# at /home/tgl/pgsql/src/test/ssl/../../../src/test/perl/PostgreSQL/Test/Cluster.pm line 2607.
[18:16:33.270](0.001s) # '2025-05-05 18:16:33.222 EDT [71478] [unknown] LOG: connection received: host=localhost port=42632
# 2025-05-05 18:16:33.244 EDT [71478] [unknown] LOG: could not accept SSL connection: missing rsa certificate
# '
# doesn't match '(?^:connection authenticated: identity="ssltestuser" method=scram-sha-256)'

regards, tom lane

In response to

Re: disabled SSL log_like tests at 2025-05-05 19:39:09 from Thomas Munro

Responses

Re: disabled SSL log_like tests at 2025-05-07 01:18:11 from Tom Lane

Browse pgsql-hackers by date

	From	Date	Subject
Next Message	Jacob Champion	2025-05-05 23:06:34	[PATCH] Fix hostaddr crash during non-blocking cancellation
Previous Message	Dagfinn Ilmari Mannsåker	2025-05-05 21:37:51	Re: RFC: Command Restrictions by INI file with Audit Logging (DROP/TRUNCATE/DELETE)