8000 Hack one ssl test case to pass with current LibreSSL. · postgres/postgres@75d7333 · GitHub
[go: up one dir, main page]

Skip to content

Commit 75d7333

Browse files
committed
Hack one ssl test case to pass with current LibreSSL.
With LibreSSL, our test of error logging for cert chain depths > 0 reports the wrong certificate. This is almost certainly their bug not ours, so just tweak the test to accept their answer. No back-patch needed, since this test case wasn't enabled before e0f373e. Reported-by: Thomas Munro <thomas.munro@gmail.com> Author: Tom Lane <tgl@sss.pgh.pa.us> Reviewed-by: Daniel Gustafsson <daniel@yesql.se> Discussion: https://postgr.es/m/CA+hUKG+fLqyweHqFSBcErueUVT0vDuSNWui-ySz3+d_APmq7dw@mail.gmail.com
1 parent 0aaf699 commit 75d7333

File tree

1 file changed

+5
-1
lines changed

1 file changed

+5
-1
lines changed

src/test/ssl/t/001_ssltests.pl

Lines changed: 5 additions & 1 deletion
Original file line numberDiff line numberDiff line change
@@ -900,7 +900,11 @@ sub switch_server_cert
900900
expected_stderr => qr/SSL error: tlsv1 alert unknown ca/,
901901
log_like => [
902902
qr{Client certificate verification failed at depth 1: unable to get local issuer certificate},
903-
qr{Failed certificate data \(unverified\): subject "/CN=Test CA for PostgreSQL SSL regression test client certs", serial number \d+, issuer "/CN=Test root CA for PostgreSQL SSL regression test suite"},
903+
# As of 5/2025, LibreSSL reports a different cert as being at fault;
904+
# it's wrong, but seems to be their bug not ours
905+
!$libressl
906+
? qr{Failed certificate data \(unverified\): subject "/CN=Test CA for PostgreSQL SSL regression test client certs", serial number \d+, issuer "/CN=Test root CA for PostgreSQL SSL regression test suite"}
907+
: qr{Failed certificate data \(unverified\): subject "/CN=ssltestuser", serial number \d+, issuer "/CN=Test CA for PostgreSQL SSL regression test client certs"},
904908
]);
905909

906910
# test server-side CRL directory

0 commit comments

Comments
 (0)
0