On Mon, Nov 26, 2018 at 6:56 AM Tom Lane <t...@sss.pgh.pa.us> wrote: > Thomas Munro <thomas.mu...@enterprisedb.com> writes: > > Fix pushed. > > By way of penance, I have now configured PG_TEST_EXTRA="ssl ldap > > kerberos" for my build farm animals elver and eelpout. elver should > > pass at the next build, as I just tested it with --nosend, but eelpout > > is so slow I'll just take my chances see if that works. > > Nope :-(. Looks like something about key length ... probably just > misconfiguration?
It seems that we have keys in our tree that are unacceptable to OpenSSL 1.1.1 as shipped in Debian buster: 2018-11-25 20:32:22.519 UTC [26882] FATAL: could not load server certificate file "server-cn-only.crt": ee key too small That's what you get if you use the libssl-dev package (1.1.1a-1), but you can still install libssl1.0-dev (which uninstalls 1.1's dev package). I've done that and it the ssl test passes on that machine, so fingers crossed for the next build farm run. I see now that Michael already wrote about this recently[1], but that thread hasn't yet reached a conclusion. [1] https://www.postgresql.org/message-id/flat/20180917131340.GE31460%40paquier.xyz -- Thomas Munro http://www.enterprisedb.com