| From: | Thomas Munro <thomas(dot)munro(at)enterprisedb(dot)com> |
|---|---|
| To: | Peter Eisentraut <peter(dot)eisentraut(at)2ndquadrant(dot)com> |
| Cc: | Michael Paquier <michael(at)paquier(dot)xyz>, Postgres hackers <pgsql-hackers(at)postgresql(dot)org>, Tom Lane <tgl(at)sss(dot)pgh(dot)pa(dot)us> |
| Subject: | Re: pgsql: Update ssl test certificates and keys |
| Date: | 2019-01-15 21:37:35 |
| Message-ID: | CAEepm=06ignjgTz6utY1WmSJ_num_qfuiJFUQy1g9eyA5Lexiw@mail.gmail.com |
| Views: | Raw Message | Whole Thread | Download mbox | Resend email |
| Thread: | |
| Lists: | pgsql-committers pgsql-hackers |
On Fri, Jan 4, 2019 at 10:08 AM Thomas Munro
<thomas(dot)munro(at)enterprisedb(dot)com> wrote:
> On Fri, Jan 4, 2019 at 3:36 AM Peter Eisentraut
> <peter(dot)eisentraut(at)2ndquadrant(dot)com> wrote:
> > On 23/12/2018 09:04, Michael Paquier wrote:
> > > On Tue, Nov 27, 2018 at 02:21:39PM +0000, Peter Eisentraut wrote:
> > >> Update ssl test certificates and keys
> > >>
> > >> Debian testing and newer now require that RSA and DHE keys are at
> > >> least 2048 bit long and no longer allow SHA-1 for signatures in
> > >> certificates. This is currently causing the ssl tests to fail there
> > >> because the test certificates and keys have been created in violation
> > >> of those conditions.
> > >>
> > >> Update the parameters to create the test files and create a new set of
> > >> test files.
> > >
> > > Peter, would it make sense to back-patch this commit down to where the
> > > SSL tests have been introduced? If /etc/ssl/ is not correctly
> > > configured, this results in failures across branches on Debian if the
> > > default is used.
> >
> > done
>
> Thanks. FWIW I've just updated eelpout (a Debian testing BF animal
> that runs all the extra tests including SSL) to use libssl-dev
> (instead of libssl1.0-dev), and cleared its accache files. Let's see
> if that works...
Since that upgrade (to libssl 1.1.1a-1), there are have been a few
intermittent failures in the SSL tests on that animal (thanks Tom for
pointing that out off-list). In a quick check, I was able to
reproduce the failure after about 8 successful runs of "make check"
under src/test/ssl on that machine. I couldn't immediately see what
the problem was and I'm away from computers and work this week, so
I'll have to investigate properly early next week. The main unusual
thing about that animal is that it's an ARM CPU. FWIW I run that test
by having this in build-farm.conf (I mention this in case someone
wants to do the same on a Debian buster/testing x86 system to see if
it has a similar problem, if there isn't one like that already):
$ENV{PG_TEST_EXTRA} = "ssl ldap kerberos";
--
Thomas Munro
http://www.enterprisedb.com
| From | Date | Subject | |
|---|---|---|---|
| Next Message | Peter Eisentraut | 2019-01-16 16:09:37 | pgsql: Increase test coverage in RI_FKey_fk_upd_check_required() |
| Previous Message | Andres Freund | 2019-01-15 20:43:12 | pgsql: Fix parent of WCO qual. |
| From | Date | Subject | |
|---|---|---|---|
| Next Message | Peter Geoghegan | 2019-01-15 21:52:11 | PSA: "tenk1" and other similar regression test tables are from the Wisconsin Benchmark |
| Previous Message | David Rowley | 2019-01-15 21:36:26 | Re: Proving IS NOT NULL inference for ScalarArrayOpExpr's |