Re: disabled SSL log_like tests

Mon, 05 May 2025 15:45:49 -0700 

Thomas Munro <thomas.mu...@gmail.com> writes:
> If you run the not-yet-enabled-by-default OpenBSD CI task on master,
> ssl/001_ssltests fails in "intermediate client certificate is
> untrusted", recently uncommented by commit e0f373ee.

Yeah, I see that too.  But I also see three failures in 002_scram.pl,
which presumably were there before e0f373ee.  (Tested on OpenBSD 7.6
and 7.7.)  The buildfarm's OpenBSD animals haven't caught this
because they don't run this test suite :-(.  Yes they build with
--with-openssl, but one of them lacks --enable-tap-tests and the
other two aren't filling PG_TEST_EXTRA.

The SCRAM failures are a bit discouraging ...

[18:16:33.259](0.565s) not ok 26 - SCRAM with SSL and channel_binding=require, 
server certificate uses 'rsassaPss'
[18:16:33.261](0.002s) 
[18:16:33.261](0.000s) #   Failed test 'SCRAM with SSL and 
channel_binding=require, server certificate uses 'rsassaPss''
#   at t/002_scram.pl line 161.
[18:16:33.262](0.001s) #          got: '2'
#     expected: '0'
[18:16:33.264](0.002s) not ok 27 - SCRAM with SSL and channel_binding=require, 
server certificate uses 'rsassaPss': no stderr
[18:16:33.265](0.001s) 
[18:16:33.265](0.000s) #   Failed test 'SCRAM with SSL and 
channel_binding=require, server certificate uses 'rsassaPss': no stderr'
#   at t/002_scram.pl line 161.
[18:16:33.266](0.001s) #          got: 'psql: error: connection to server at 
"127.0.0.1", port 10442 failed: SSL error: sslv3 alert handshake failure'
#     expected: ''
[18:16:33.268](0.002s) not ok 28 - SCRAM with SSL and channel_binding=require, 
server certificate uses 'rsassaPss': log matches
[18:16:33.269](0.001s) 
[18:16:33.269](0.000s) #   Failed test 'SCRAM with SSL and 
channel_binding=require, server certificate uses 'rsassaPss': log matches'
#   at 
/home/tgl/pgsql/src/test/ssl/../../../src/test/perl/PostgreSQL/Test/Cluster.pm 
line 2607.
[18:16:33.270](0.001s) #                   '2025-05-05 18:16:33.222 EDT [71478] 
[unknown] LOG:  connection received: host=localhost port=42632
# 2025-05-05 18:16:33.244 EDT [71478] [unknown] LOG:  could not accept SSL 
connection: missing rsa certificate
# '
#     doesn't match '(?^:connection authenticated: identity="ssltestuser" 
method=scram-sha-256)'

                        regards, tom lane

Reply via email to