On 3/25/20 7:44 PM, Tom Lane wrote: > I wrote: >> Concretely, I see that contrib/sslinfo has >> SHLIB_LINK += $(filter -lssl -lcrypto -lssleay32 -leay32, $(LIBS)) > I verified that that fixes things on macOS and pushed it, along with > a couple other minor fixes.
Thanks. > > However, I'm quite desperately unhappy that the new test module > does this: > > $node->append_conf('postgresql.conf', "listen_addresses = 'localhost'"); > > That's opening a security hole. Note that we do *not* run src/test/ssl > by default, and it has a README warning people not to run it on multiuser > systems. It seems 100% unacceptable for this test to fire up a similarly > insecure server without so much as a by-your-leave. > > I don't actually see why we need the localhost port at all --- it doesn't > look like this test ever attempts to connect to the server. So couldn't > we just drop that? > > Seems reasonable. I just tested that and it seems quite happy, so I'll make the change. cheers andrew -- Andrew Dunstan https://www.2ndQuadrant.com PostgreSQL Development, 24x7 Support, Remote DBA, Training & Services