From: | Jacob Champion <jchampion(at)timescale(dot)com> |
---|---|
To: | Tom Lane <tgl(at)sss(dot)pgh(dot)pa(dot)us> |
Cc: | Kyotaro Horiguchi <horikyota(dot)ntt(at)gmail(dot)com>, peter(dot)eisentraut(at)enterprisedb(dot)com, Michael Paquier <michael(at)paquier(dot)xyz>, byavuz81(at)gmail(dot)com, pgsql-bugs(at)lists(dot)postgresql(dot)org |
Subject: | Re: BUG #17522: While using --with-ssl=openssl and PG_TEST_EXTRA='ssl' options, SSL test fails on OpenBSD 7.1 |
Date: | 2022-06-22 16:28:56 |
Message-ID: | CAAWbhmjdPS7A76gUXVPis8Zhmztk3c3Gbe94bUyqK-Qu=0utMA@mail.gmail.com |
Views: | Raw Message | Whole Thread | Download mbox | Resend email |
Thread: | |
Lists: | pgsql-bugs |
On Wed, Jun 22, 2022 at 9:16 AM Tom Lane <tgl(at)sss(dot)pgh(dot)pa(dot)us> wrote:
> Jacob Champion <jchampion(at)timescale(dot)com> writes:
>
> > That's certainly an option. Do you think it's still early enough in
> > the cycle to make that change for 15?
>
> Why not? We're still in beta, and pretty early at that.
Mostly just that the test failure isn't new behavior in 15, and a user
would only see that if they deliberately shoved nonsense into the host
while built against LibreSSL -- in which case they could also disable
SNI to move forward. Moving from lax to strict validation means plenty
of IETF spec reading to make sure we don't throw away useful hostnames
by accident. But I really don't have a strong opinion here, if I'm
honest.
--Jacob
From | Date | Subject | |
---|---|---|---|
Next Message | Tom Lane | 2022-06-22 16:31:45 | Re: BUG #17522: While using --with-ssl=openssl and PG_TEST_EXTRA='ssl' options, SSL test fails on OpenBSD 7.1 |
Previous Message | Nathan Bossart | 2022-06-22 16:25:50 | Re: Extension pg_trgm, permissions and pg_dump order |