diff options
| author | Tom Lane <tgl@sss.pgh.pa.us> | 2025-05-09 11:53:51 -0400 |
|---|---|---|
| committer | Tom Lane <tgl@sss.pgh.pa.us> | 2025-05-09 11:53:51 -0400 |
| commit | 75d73331d0146871c846e849be626cb220e7e013 (patch) | |
| tree | d44f501b3a7160cc3e41599deee85c84645fb96f | |
| parent | 0aaf69965dbd92072911cc46e4b28b9a37c38fad (diff) | |
| download | postgresql-75d73331d0146871c846e849be626cb220e7e013.tar.gz postgresql-75d73331d0146871c846e849be626cb220e7e013.zip | |
Hack one ssl test case to pass with current LibreSSL.
With LibreSSL, our test of error logging for cert chain depths > 0
reports the wrong certificate. This is almost certainly their bug
not ours, so just tweak the test to accept their answer.
No back-patch needed, since this test case wasn't enabled before
e0f373ee4.
Reported-by: Thomas Munro <thomas.munro@gmail.com>
Author: Tom Lane <tgl@sss.pgh.pa.us>
Reviewed-by: Daniel Gustafsson <daniel@yesql.se>
Discussion: https://postgr.es/m/CA+hUKG+fLqyweHqFSBcErueUVT0vDuSNWui-ySz3+d_APmq7dw@mail.gmail.com
| -rw-r--r-- | src/test/ssl/t/001_ssltests.pl | 6 |
1 files changed, 5 insertions, 1 deletions
diff --git a/src/test/ssl/t/001_ssltests.pl b/src/test/ssl/t/001_ssltests.pl index 60b5c3630b0..2cb4d0ffd41 100644 --- a/src/test/ssl/t/001_ssltests.pl +++ b/src/test/ssl/t/001_ssltests.pl @@ -900,7 +900,11 @@ $node->connect_fails( expected_stderr => qr/SSL error: tlsv1 alert unknown ca/, log_like => [ qr{Client certificate verification failed at depth 1: unable to get local issuer certificate}, - qr{Failed certificate data \(unverified\): subject "/CN=Test CA for PostgreSQL SSL regression test client certs", serial number \d+, issuer "/CN=Test root CA for PostgreSQL SSL regression test suite"}, + # As of 5/2025, LibreSSL reports a different cert as being at fault; + # it's wrong, but seems to be their bug not ours + !$libressl + ? qr{Failed certificate data \(unverified\): subject "/CN=Test CA for PostgreSQL SSL regression test client certs", serial number \d+, issuer "/CN=Test root CA for PostgreSQL SSL regression test suite"} + : qr{Failed certificate data \(unverified\): subject "/CN=ssltestuser", serial number \d+, issuer "/CN=Test CA for PostgreSQL SSL regression test client certs"}, ]); # test server-side CRL directory |