Home > mailing lists

Re: BUG #17522: While using --with-ssl=openssl and PG_TEST_EXTRA='ssl' options, SSL test fails on OpenBSD 7.1 - Mailing list pgsql-bugs

From	Jacob Champion
Subject	Re: BUG #17522: While using --with-ssl=openssl and PG_TEST_EXTRA='ssl' options, SSL test fails on OpenBSD 7.1
Date	June 21, 2022 23:07:42
Msg-id	CAAWbhmiTjZnFVLPrVprCmV7HQcG+r3cJqj2zP80sfLNkCsCROg@mail.gmail.com Whole thread Raw
In response to	Re: BUG #17522: While using --with-ssl=openssl and PG_TEST_EXTRA='ssl' options, SSL test fails on OpenBSD 7.1 (Jacob Champion <jchampion@timescale.com>)
Responses	Re: BUG #17522: While using --with-ssl=openssl and PG_TEST_EXTRA='ssl' options, SSL test fails on OpenBSD 7.1 (Jacob Champion <jchampion@timescale.com>)
List	pgsql-bugs

Tree view

On Tue, Jun 21, 2022 at 1:34 PM Jacob Champion <jchampion@timescale.com> wrote:
> Is LibreSSL just less liberal in what it'll send via SNI?

Looks like it; I can reproduce with a local build against LibreSSL. On
the one hand it seems like there might be a case for improving the
guards around our call to SSL_set_tlsext_host_name(), but that seems
like overkill for fixing this test -- we can just disable SNI.
Attached is a patch which does that.

There is also a question of why LibreSSL doesn't do the same for the
IPv6 CIDR test. Should we proactively disable SNI for both of them?

--Jacob

Attachment

0001-test-ssl-fix-invalid-hostname-test-for-LibreSSL.patch

pgsql-bugs by date:

From: Jacob Champion
Date: 21 June 2022, 21:34:05
Subject: Re: BUG #17522: While using --with-ssl=openssl and PG_TEST_EXTRA='ssl' options, SSL test fails on OpenBSD 7.1

From: Jacob Champion
Date: 21 June 2022, 23:15:05
Subject: Re: BUG #17522: While using --with-ssl=openssl and PG_TEST_EXTRA='ssl' options, SSL test fails on OpenBSD 7.1

Re: BUG #17522: While using --with-ssl=openssl and PG_TEST_EXTRA='ssl' options, SSL test fails on OpenBSD 7.1 - Mailing list pgsql-bugs

Attachment

Previous

Next