| From: | Heikki Linnakangas <heikki(dot)linnakangas(at)iki(dot)fi> |
|---|---|
| To: | pgsql-committers(at)lists(dot)postgresql(dot)org |
| Subject: | pgsql: Enhance libpq encryption negotiation tests with new GUC |
| Date: | 2024-04-07 23:50:08 |
| Message-ID: | E1rtcH1-0012Sl-IJ@gemulon.postgresql.org |
| Views: | Raw Message | Whole Thread | Download mbox | Resend email |
| Thread: | |
| Lists: | pgsql-committers |
Enhance libpq encryption negotiation tests with new GUC
The new "log_connection_negotiation" server option causes the server
to print messages to the log when it receives a SSLRequest or
GSSENCRequest packet from the client. Together with "log_connections",
it gives a trace of how a connection and encryption is
negotiatated. Use the option in the libpq_encryption test, to verify
in more detail how libpq negotiates encryption with different
gssencmode and sslmode options.
This revealed a couple of cases where libpq retries encryption or
authentication, when it should already know that it cannot succeed. I
marked them with XXX comments in the test tables. They only happen
when the connection was going to fail anyway, and only with rare
combinations of options, so they're not serious.
Discussion: https://www.postgresql.org/message-id/CAEze2Wja8VUoZygCepwUeiCrWa4jP316k0mvJrOW4PFmWP0Tcw@mail.gmail.com
Branch
------
master
Details
-------
https://git.postgresql.org/pg/commitdiff/705843d294d5d3bc5cce4001596df4df5f1c8b59
Modified Files
--------------
src/backend/tcop/backend_startup.c | 23 ++
src/backend/utils/misc/guc_tables.c | 11 +
.../libpq_encryption/t/001_negotiate_encryption.pl | 380 ++++++++++++---------
3 files changed, 255 insertions(+), 159 deletions(-)
| From | Date | Subject | |
|---|---|---|---|
| Next Message | Michael Paquier | 2024-04-08 00:48:00 | pgsql: injection_points: Introduce runtime conditions |
| Previous Message | Michael Paquier | 2024-04-07 23:46:05 | pgsql: Make GIN test using injection points repeatable |