On Wed, Jan 11, 2023 at 10:23 AM Magnus Hagander <magnus@hagander.net> wrote: > Sorry to jump in (very) late in this game. So first, I like this general approach :)
Thanks!
> It feels icky to have to add configure tests just to make a test work. But I guess there isn't really a way around that if we want to test the full thing.
I agree...
> However, shouldn't we be using X509_get_default_cert_file_env() to get the name of the env? Granted it's unlikely to be anything else, but if it's an API you're supposed to use. (In an ideal world that function would not return anything in LibreSSL but I think it does include something, and then just ignores it?)
I think you're right, but before I do that, is the cure better than the disease? It seems like that would further complicate a part of the Perl tests that is already unnecessarily complicated. (The Postgres code doesn't use the envvar at all.) Unless you already know of an OpenSSL-alike that doesn't use that same envvar name?
Fair point. No, I have not run into one, I just recalled having seen the API :)
And you're right -- I didn't consider that we were looking at that one in the *perl* code, not the C code. In the C code it would've been a trivial replacement. In the perl, I agree it's not worth it -- at least not until we run into a platform where it *would' matter.