On 11/24/2016 08:46 AM, Michael Paquier wrote:
On Sat, Nov 12, 2016 at 3:42 AM, Andreas Karlsson <andr...@proxel.se> wrote:
On 11/11/2016 07:40 PM, Andreas Karlsson wrote:
Here is a new version of the patch with the only differences;
1) The SSL tests have been changed to use reload rather than restart
Did you check if the tests pass? I am getting a couple of failures
like this one:
psql: server certificate for "common-name.pg-ssltest.test" does not
match host name "127.0.0.1"
not ok 11 - sslrootcert=ssl/root+server_ca.crt sslmode=verify-full
Attached are the logs of the run I did, and the same behavior shows
for macOS and Linux. The shape of the tests look correct to me after
review. Still, seeing failing tests with sslmode=verify-full is a
problem that needs to be addressed. This may be pointing to an
incorrect CA load handling, though I could not spot a problem when
going through the code.
Thanks for finding this. I will look at this more once I get home, but
the tests do not fail on my computer. I wonder what I do differently.
What versions of Perl and OpenSSL do you run and how did you run the
tests when the failed? I ran the tests by running "make check" inside
"src/test/ssl".
Andreas
--
Sent via pgsql-hackers mailing list (pgsql-hackers@postgresql.org)
To make changes to your subscription:
http://www.postgresql.org/mailpref/pgsql-hackers
