SSL test names
Here is a patch that gives the tests in the SSL test suite proper names
instead of just writing out the connection strings. So instead of
# running client tests
# test that the server doesn't accept non-SSL connections
ok 1 - sslmode=disable (should fail)
# connect without server root cert
ok 2 - sslrootcert=invalid sslmode=require
ok 3 - sslrootcert=invalid sslmode=verify-ca (should fail)
ok 4 - sslrootcert=invalid sslmode=verify-full (should fail)
you get something like
# running client tests
ok 1 - server doesn't accept non-SSL connections
ok 2 - connect without server root cert sslmode=require
ok 3 - connect without server root cert sslmode=verify-ca
ok 4 - connect without server root cert sslmode=verify-full
ok 5 - connect with wrong server root cert sslmode=require
ok 6 - connect with wrong server root cert sslmode=verify-ca
ok 7 - connect with wrong server root cert sslmode=verify-full
I have found the old way very confusing while working with several
SSL-related patches recently.
--
Peter Eisentraut http://www.2ndQuadrant.com/
PostgreSQL Development, 24x7 Support, Remote DBA, Training & Services
Attachments:
0001-Refine-SSL-tests-test-name-reporting.patchtext/plain; charset=UTF-8; name=0001-Refine-SSL-tests-test-name-reporting.patch; x-mac-creator=0; x-mac-type=0Download+88-66
On Wed, Feb 07, 2018 at 11:54:52AM -0500, Peter Eisentraut wrote:
Here is a patch that gives the tests in the SSL test suite proper names
instead of just writing out the connection strings. So instead of# running client tests
# test that the server doesn't accept non-SSL connections
ok 1 - sslmode=disable (should fail)
# connect without server root cert
ok 2 - sslrootcert=invalid sslmode=require
ok 3 - sslrootcert=invalid sslmode=verify-ca (should fail)
ok 4 - sslrootcert=invalid sslmode=verify-full (should fail)you get something like
# running client tests
ok 1 - server doesn't accept non-SSL connections
ok 2 - connect without server root cert sslmode=require
ok 3 - connect without server root cert sslmode=verify-ca
ok 4 - connect without server root cert sslmode=verify-full
ok 5 - connect with wrong server root cert sslmode=require
ok 6 - connect with wrong server root cert sslmode=verify-ca
ok 7 - connect with wrong server root cert sslmode=verify-fullI have found the old way very confusing while working with several
SSL-related patches recently.
No objections against that.
You need to update the comment on top of test_connect_ok in
ServerSetup.pm. Wouldn't it be better to use the expected result
as an argument and merge test_connect_ok and test_connect_fails?
--
Michael
On 07 Feb 2018, at 17:54, Peter Eisentraut <peter.eisentraut@2ndquadrant.com> wrote:
I have found the old way very confusing while working with several
SSL-related patches recently.
Agreed. I had similar, but way uglier, hacks in my Secure Transport branch.
+1 on something like this.
cheers ./daniel
On 2/7/18 23:18, Michael Paquier wrote:
You need to update the comment on top of test_connect_ok in
ServerSetup.pm.
done and committed
Wouldn't it be better to use the expected result
as an argument and merge test_connect_ok and test_connect_fails?
That doesn't seem to be the general style, and I think it's more
readable the way it is now.
--
Peter Eisentraut http://www.2ndQuadrant.com/
PostgreSQL Development, 24x7 Support, Remote DBA, Training & Services