On Thu, Feb 22, 2018 at 08:34:30AM -0500, Peter Eisentraut wrote: > I noticed that a couple of test cases in the SSL tests fail to connect > not for the reason that the tests think they should. Here is a patch to > augment the test setup so that a test for connection rejection also > checks that we get the expected error message.
+1 for the idea. And good catches. One of the tests is failing: t/001_ssltests.pl .. 1/62 # Failed test 'certificate authorization fails with revoked client cert: matches' # at /home/XXXX/git/postgres/src/test/ssl/../../../src/test/perl/TestLib.pm line 354. # 'psql: private key file "ssl/client-revoked.key" has group or world access; permissions should be u=rw (0600) or less # ' # doesn't match '(?^:SSL error)' # Looks like you failed 1 test of 62. t/001_ssltests.pl .. Dubious, test returned 1 (wstat 256, 0x100) Failed 1/62 subtests This comes from libpq itself, and the tree uses 0644 on this file. You just need to update this test so as ssl/client-revoked_tmp.key is used instead of ssl/client-revoked.key, and then the tests pass. -- Michael
Description: PGP signature