Participants
Michael Paquier
Michael Paquier
Attachments
Download Latest Patchset
+12-12
Show all attachments
Thread Outline
#1Michael PaquierMichael Paquier
Apr 01, 2021
#2Michael PaquierMichael Paquierto Michael Paquier (#1)
Apr 05, 2021

Improve error matching patterns in the SSL tests

Started by Michael Paquierabout 5 years ago2 messageshackers
Jump to latest
#1Michael Paquier
Michael Paquier
michael@paquier.xyz

Hi all,

It has been mentioned twice for the last couple of days that some of
the SSL tests are not really picky with what they check, which can be
annoying when it comes to the testing of other SSL implementations as
we cannot really be sure if an error tells more than "SSL error":
/messages/by-id/20210330151507.GA9536@alvherre.pgsql
/messages/by-id/e0f0484a1815b26bb99ef9ddc7a110dfd6425931.camel@vmware.com

Please find attached a patch to tighten a bit all that. The errors
produced by OpenSSL down to 1.0.1 are the same. I have noticed one
extra place where we just check for a FATAL, where the trust
authentication failed after a CN mismatch.

Thoughts?
--
Michael

Attachments:

ssl-test-tighten.patchtext/x-diff; charset=us-asciiDownload+12-12
#2Michael Paquier
Michael Paquier
michael@paquier.xyz
In reply to: Michael Paquier (#1)
Re: Improve error matching patterns in the SSL tests

On Thu, Apr 01, 2021 at 11:59:15AM +0900, Michael Paquier wrote:

Please find attached a patch to tighten a bit all that. The errors
produced by OpenSSL down to 1.0.1 are the same. I have noticed one
extra place where we just check for a FATAL, where the trust
authentication failed after a CN mismatch.

Sorry for the late reply here. This has been applied as of 8d3a4c3.
--
Michael

← Back to Topics