On 10/06/2014 04:21 PM, Heikki Linnakangas wrote:
> Here's a new version of the SSL regression suite I wrote earlier. It now
> specifies both host and hostaddr in the connection string as Andres
> suggested, so it no longer requires changes to network configuration. I
> added a bunch of tests for the SAN feature that Alexey Klyukin wrote and
> was committed earlier. Plus a lot of miscellaneous cleanup.
And here's another version. It now includes tests for CRLs, and uses a
root CA that's used to sign the server and client CA's certificates, to
test that using intermediary CAs work.
> This probably needs some further cleanup before it's ready for
> committing. One issues is that it creates a temporary cluster that
> listens for TCP connections on localhost, which isn't safe on a
> multi-user system.
This issue remains. There isn't much we can do about it; SSL doesn't
work over Unix domain sockets. We could make it work, but that's a whole
different feature.
How do people feel about including this test suite in the source tree?
It's probably not suitable for running as part of "make check-world",
but it's extremely handy if you're working on a patch related to SSL.
I'd like to commit this, even if it has some rough edges. That way we
can improve it later, rather than have it fall into oblivion. Any
objections?
- Heikki
