0b5d1fb36a
The error message for a missing or invalid system CA when using sslrootcert=system differs based on the OpenSSL version used. In OpenSSL 1.0.1-3.0 it is reported as SSL Error, with varying degrees of helpfulness in the error message. With OpenSSL 3.1 it is reported as an SSL SYSCALL error with "Undefined error" as the error message. This fix pulls out the particular error in OpenSSL 3.1 as a certificate verify error in order to help the user better figure out what happened, and to keep the ssl test working. While there is no evidence that extracing the errors will clobber errno, this adds a guard against that regardless to also make the consistent with how we handle OpenSSL errors elsewhere. It also memorizes the output from OpenSSL 3.0 in the test in cases where the system CA isn't responding. Reported-by: Peter Eisentraut <peter.eisentraut@enterprisedb.com> Discussion: https://postgr.es/m/c39be3c5-c1a5-1e33-1024-16f527e251a4@enterprisedb.com |
||
---|---|---|
.. | ||
authentication | ||
examples | ||
icu | ||
isolation | ||
kerberos | ||
ldap | ||
locale | ||
mb | ||
modules | ||
perl | ||
recovery | ||
regress | ||
ssl | ||
subscription | ||
Makefile | ||
README | ||
meson.build |
README
PostgreSQL tests ================ This directory contains a variety of test infrastructure as well as some of the tests in PostgreSQL. Not all tests are here -- in particular, there are more in individual contrib/ modules and in src/bin. Not all these tests get run by "make check". Check src/test/Makefile to see which tests get run automatically. authentication/ Tests for authentication (but see also below) examples/ Demonstration programs for libpq that double as regression tests via "make check" isolation/ Tests for concurrent behavior at the SQL level kerberos/ Tests for Kerberos/GSSAPI authentication and encryption ldap/ Tests for LDAP-based authentication locale/ Sanity checks for locale data, encodings, etc mb/ Tests for multibyte encoding (UTF-8) support modules/ Extensions used only or mainly for test purposes, generally not suitable for installing in production databases perl/ Infrastructure for Perl-based TAP tests recovery/ Test suite for recovery and replication regress/ PostgreSQL's main regression test suite, pg_regress ssl/ Tests to exercise and verify SSL certificate handling subscription/ Tests for logical replication