On Thu, Mar 23, 2023 at 03:40:55PM -0700, Jacob Champion wrote:
> On Tue, Mar 21, 2023 at 11:01 PM Michael Paquier <michael@paquier.xyz> wrote:
>> contrib/sslinfo/ has ssl_client_cert_present(), that we could use in
>> the tests to make sure that the client has actually sent a
>> certificate? How about adding some of these tests to 003_sslinfo.pl
>> for the "allow" and "require" cases?
>
> Added; see what you think.
That's a pretty good test design, covering all 4 cases. Nice.
>> freePGconn() is missing a free(sslcertmode).
>
> Argh, I keep forgetting that. Fixed, thanks!
I have spent a couple of hours looking at the whole again today,
testing that with OpenSSL to make sure that everything was OK. Apart
from a few tweaks, that seemed pretty good. So, applied.
--
Michael