| From: | Michael Paquier <michael(at)paquier(dot)xyz> |
|---|---|
| To: | Postgres hackers <pgsql-hackers(at)lists(dot)postgresql(dot)org> |
| Subject: | Improve error matching patterns in the SSL tests |
| Date: | 2021-04-01 02:59:15 |
| Message-ID: | YGU3AxQh0zBMMW8m@paquier.xyz |
| Views: | Raw Message | Whole Thread | Download mbox | Resend email |
| Thread: | |
| Lists: | pgsql-hackers |
Hi all,
It has been mentioned twice for the last couple of days that some of
the SSL tests are not really picky with what they check, which can be
annoying when it comes to the testing of other SSL implementations as
we cannot really be sure if an error tells more than "SSL error":
https://www.postgresql.org/message-id/20210330151507.GA9536@alvherre.pgsql
https://www.postgresql.org/message-id/e0f0484a1815b26bb99ef9ddc7a110dfd6425931.camel@vmware.com
Please find attached a patch to tighten a bit all that. The errors
produced by OpenSSL down to 1.0.1 are the same. I have noticed one
extra place where we just check for a FATAL, where the trust
authentication failed after a CN mismatch.
Thoughts?
--
Michael
| Attachment | Content-Type | Size |
|---|---|---|
| ssl-test-tighten.patch | text/x-diff | 4.0 KB |
| From | Date | Subject | |
|---|---|---|---|
| Next Message | David Rowley | 2021-04-01 03:06:29 | Re: making update/delete of inheritance trees scale better |
| Previous Message | Thomas Munro | 2021-04-01 02:56:43 | Re: Crash in BRIN minmax-multi indexes |