Re: Proposal for implementing OCSP Stapling in PostgreSQL - Mailing list pgsql-hackers

From David Zhang
Subject Re: Proposal for implementing OCSP Stapling in PostgreSQL
Date
Msg-id f44d520e-76ce-4046-afc1-6af052a2ec93@highgo.ca
Whole thread Raw
In response to Re: Proposal for implementing OCSP Stapling in PostgreSQL  (David Zhang <david.zhang@highgo.ca>)
Responses Re: Proposal for implementing OCSP Stapling in PostgreSQL
Re: Proposal for implementing OCSP Stapling in PostgreSQL
List pgsql-hackers
Hi Hackers,

This is the third version patch for "Certificate status check using OCSP 
Stapling" with ssl regression test cases added.

Here is how I run the ssl regression test:
     ./configure --enable-tap-tests --with-openssl
     make -j
     cd src/test/ssl
     make sslfiles
     make check PG_TEST_EXTRA=ssl

expected results:
     # +++ tap check in src/test/ssl +++
     t/001_ssltests.pl .. ok
     t/002_scram.pl ..... ok
     t/003_sslinfo.pl ... ok
     All tests successful.
     Files=3, Tests=279, 17 wallclock secs ( 0.05 usr  0.01 sys + 2.32 
cusr  2.16 csys =  4.54 CPU)

     Result: PASS

Notes, before executing the SSL regression tests with the command `make 
check PG_TEST_EXTRA=ssl`, it is necessary to wait for 1 minute after 
running `make sslfiles`. This delay is required because the newly 
generated OCSP responses for the 'expired' test cases need 1 minute to 
pass the nextUpdate period. Once the stapled OCSP response files for the 
tests are committed as test input, there is no need to wait, similar to 
certificate files.

Any comments or feedback would be greatly appreciated!

Thank you,

David
Attachment

pgsql-hackers by date:

Previous
From: Michael Paquier
Date:
Subject: Re: Hooking into ExplainOneQuery() complicated by missing standard_ExplainOneQuery
Next
From: Japin Li
Date:
Subject: Re: Improve readability by using designated initializers when possible