Postgres Pro
Downloads
Home   >   mailing lists

Re: disabled SSL log_like tests - Mailing list pgsql-hackers

From Tom Lane
Subject Re: disabled SSL log_like tests
Date
Msg-id 3058990.1746485124@sss.pgh.pa.us
Whole thread Raw
In response to Re: disabled SSL log_like tests  (Thomas Munro <thomas.munro@gmail.com>)
List pgsql-hackers
Tree view 
Thomas Munro <thomas.munro@gmail.com> writes:
> If you run the not-yet-enabled-by-default OpenBSD CI task on master,
> ssl/001_ssltests fails in "intermediate client certificate is
> untrusted", recently uncommented by commit e0f373ee.

Yeah, I see that too.  But I also see three failures in 002_scram.pl,
which presumably were there before e0f373ee.  (Tested on OpenBSD 7.6
and 7.7.)  The buildfarm's OpenBSD animals haven't caught this
because they don't run this test suite :-(.  Yes they build with
--with-openssl, but one of them lacks --enable-tap-tests and the
other two aren't filling PG_TEST_EXTRA.

The SCRAM failures are a bit discouraging ...

[18:16:33.259](0.565s) not ok 26 - SCRAM with SSL and channel_binding=require, server certificate uses 'rsassaPss'
[18:16:33.261](0.002s)
[18:16:33.261](0.000s) #   Failed test 'SCRAM with SSL and channel_binding=require, server certificate uses
'rsassaPss''
#   at t/002_scram.pl line 161.
[18:16:33.262](0.001s) #          got: '2'
#     expected: '0'
[18:16:33.264](0.002s) not ok 27 - SCRAM with SSL and channel_binding=require, server certificate uses 'rsassaPss': no
stderr
[18:16:33.265](0.001s)
[18:16:33.265](0.000s) #   Failed test 'SCRAM with SSL and channel_binding=require, server certificate uses
'rsassaPss':no stderr' 
#   at t/002_scram.pl line 161.
[18:16:33.266](0.001s) #          got: 'psql: error: connection to server at "127.0.0.1", port 10442 failed: SSL error:
sslv3alert handshake failure' 
#     expected: ''
[18:16:33.268](0.002s) not ok 28 - SCRAM with SSL and channel_binding=require, server certificate uses 'rsassaPss': log
matches
[18:16:33.269](0.001s)
[18:16:33.269](0.000s) #   Failed test 'SCRAM with SSL and channel_binding=require, server certificate uses
'rsassaPss':log matches' 
#   at /home/tgl/pgsql/src/test/ssl/../../../src/test/perl/PostgreSQL/Test/Cluster.pm line 2607.
[18:16:33.270](0.001s) #                   '2025-05-05 18:16:33.222 EDT [71478] [unknown] LOG:  connection received:
host=localhostport=42632 
# 2025-05-05 18:16:33.244 EDT [71478] [unknown] LOG:  could not accept SSL connection: missing rsa certificate
# '
#     doesn't match '(?^:connection authenticated: identity="ssltestuser" method=scram-sha-256)'

            regards, tom lane

pgsql-hackers by date:

Previous
From: Dagfinn Ilmari Mannsåker
Date:
Subject: Re: RFC: Command Restrictions by INI file with Audit Logging (DROP/TRUNCATE/DELETE)
Next
From: Jacob Champion
Date:
Subject: [PATCH] Fix hostaddr crash during non-blocking cancellation