Re: pgsql: Update ssl test certificates and keys

On Fri, Jan 4, 2019 at 3:36 AM Peter Eisentraut
<peter(dot)eisentraut(at)2ndquadrant(dot)com> wrote:
> On 23/12/2018 09:04, Michael Paquier wrote:
> > On Tue, Nov 27, 2018 at 02:21:39PM +0000, Peter Eisentraut wrote:
> >> Update ssl test certificates and keys
> >>
> >> Debian testing and newer now require that RSA and DHE keys are at
> >> least 2048 bit long and no longer allow SHA-1 for signatures in
> >> certificates. This is currently causing the ssl tests to fail there
> >> because the test certificates and keys have been created in violation
> >> of those conditions.
> >>
> >> Update the parameters to create the test files and create a new set of
> >> test files.
> >
> > Peter, would it make sense to back-patch this commit down to where the
> > SSL tests have been introduced? If /etc/ssl/ is not correctly
> > configured, this results in failures across branches on Debian if the
> > default is used.
>
> done

Thanks. FWIW I've just updated eelpout (a Debian testing BF animal
that runs all the extra tests including SSL) to use libssl-dev
(instead of libssl1.0-dev), and cleared its accache files. Let's see
if that works...

--
Thomas Munro
http://www.enterprisedb.com