From: | Daniel Gustafsson <daniel(at)yesql(dot)se> |
---|---|
To: | Tom Lane <tgl(at)sss(dot)pgh(dot)pa(dot)us> |
Cc: | Peter Eisentraut <peter(dot)eisentraut(at)enterprisedb(dot)com>, Jacob Champion <jchampion(at)timescale(dot)com>, "Gregory Stark (as CFM)" <stark(dot)cfm(at)gmail(dot)com>, PostgreSQL Hackers <pgsql-hackers(at)postgresql(dot)org>, Magnus Hagander <magnus(at)hagander(dot)net>, Michael Paquier <michael(at)paquier(dot)xyz>, thomas(at)habets(dot)se, Bruce Momjian <bruce(at)momjian(dot)us>, Andrew Dunstan <andrew(at)dunslane(dot)net>, Jelte Fennema <postgres(at)jeltef(dot)nl> |
Subject: | Re: [PATCH] Add `verify-system` sslmode to use system CA pool for server cert |
Date: | 2023-04-12 20:29:45 |
Message-ID: | 42F81A7E-15B9-496C-B9C1-0DE7200292D4@yesql.se |
Views: | Raw Message | Whole Thread | Download mbox | Resend email |
Thread: | |
Lists: | pgsql-hackers |
> On 12 Apr 2023, at 22:23, Tom Lane <tgl(at)sss(dot)pgh(dot)pa(dot)us> wrote:
>
> Daniel Gustafsson <daniel(at)yesql(dot)se> writes:
>> We don't have great coverage of macOS in the buildfarm sadly, I wonder if can
>> get sifaka to run the SSL tests if we ask nicely?
>
> I was just looking into that, but it seems like it'd be a mess.
>
> I have a modern openssl installation from MacPorts, but if
> I try to select that I am going to end up compiling with
> -I/opt/local/include -L/opt/local/lib, which exposes all of the
> metric buttload of stuff that MacPorts tends to pull in. sifaka
> is intended to test in a reasonably-default macOS environment,
> and that would be far from it.
That makes sense.
> Plausible alternatives include:
>
> 1. Hand-built private copy of openssl. longfin is set up that way,
> but I'm not really eager to duplicate that approach, especially if
> we want to test cutting-edge openssl.
>
> 2. Run a second BF animal that's intentionally pointed at the MacPorts
> environment, in hopes of testing what MacPorts users would see.
>
> #2 feels like it might not be a waste of cycles, and certainly that
> machine is underworked at the moment. Thoughts?
I think #2 would be a good addition. Most won't build OpenSSL themselves so
seeing builds from envs that are reasonable to expect in the wild is more
interesting.
--
Daniel Gustafsson
From | Date | Subject | |
---|---|---|---|
Next Message | Jacob Champion | 2023-04-12 20:52:35 | Re: [PATCH] Add `verify-system` sslmode to use system CA pool for server cert |
Previous Message | Tom Lane | 2023-04-12 20:23:05 | Re: [PATCH] Add `verify-system` sslmode to use system CA pool for server cert |