> On 12 Apr 2023, at 21:43, Peter Eisentraut <peter.eisentraut@enterprisedb.com> wrote:
>
> On 12.04.23 18:54, Jacob Champion wrote:
>> Peter, you should have a .../etc/openssl@3/certs directory somewhere
>> in your Homebrew installation prefix -- do you, or has Homebrew
>> removed it by mistake?
>
> I don't have that, but I don't have it for openssl@1.1 either.
The important bit is that your OPENSSLDIR points to a directory which has the
content OpenSSL needs.
> I have
>
> ~$ ll /usr/local/etc/openssl@3
> total 76
> drwxr-xr-x 7 peter admin 224 2023-03-08 08:49 misc/
> lrwxr-xr-x 1 peter admin 27 2023-03-21 13:41 cert.pem -> ../ca-certificates/cert.pem
> -rw-r--r-- 1 peter admin 412 2023-03-21 13:41 ct_log_list.cnf
> -rw-r--r-- 1 peter admin 412 2023-03-21 13:41 ct_log_list.cnf.dist
> -rw-r--r-- 1 peter admin 351 2023-03-08 08:57 fipsmodule.cnf
> -rw-r--r-- 1 peter admin 12386 2023-03-13 10:49 openssl.cnf
> -rw-r--r-- 1 peter admin 12292 2023-03-21 13:41 openssl.cnf.default
> -rw-r--r-- 1 peter admin 12292 2023-03-08 08:49 openssl.cnf.dist
> -rw-r--r-- 1 peter admin 12292 2023-03-21 13:41 openssl.cnf.dist.default
Assuming that's your OPENSSLDIR, then that looks like it should (it's precisely
what I have).
Just to further rule out any issues in the installation, If you run the command
from upthread, does that properly verify postgresql.org?
echo Q | <path to>openssl@3/bin/openssl s_client -connect postgresql.org:443 -verify_return_error
Is the failure repeatable enough that you might be able to tease something out
of the log? I've been trying again today but been unable to reproduce this =(
We don't have great coverage of macOS in the buildfarm sadly, I wonder if can
get sifaka to run the SSL tests if we ask nicely?
--
Daniel Gustafsson
