Movatterモバイル変換

[0]ホーム
URL:

Skip to content

Navigation Menu

Sign in
Appearance settings

Search code, repositories, users, issues, pull requests...

Provide feedback

We read every piece of feedback, and take your input very seriously.

Saved searches

Use saved searches to filter your results more quickly

 Sign up
Appearance settings

Commit55828a6

Browse files
committed
Disable unstable test cases in src/test/ssl/t/001_ssltests.pl.
Some of the test cases added by commit3a0e385 are failingintermittently in CI testing. It looks like, when a connectionattempt fails, it's possible for psql to exit and the test scriptto slurp up the postmaster's log file before the connected backendhas managed to write the log entry we're expecting to see.It's not clear whether that's fixable in any robust way. Pendingmore thought, just comment out the log_like checks. The ones inconnect_ok tests should be fine, since surely the log entry shouldbe emitted before we complete the client auth sequence. I tookout all the ones in connect_fails tests though.Discussion:https://postgr.es/m/E1oCNLk-000LCH-Af@gemulon.postgresql.org
1 parent5e692dc commit55828a6

File tree

1 file changed

+27
-18
lines changed

1 file changed

+27
-18
lines changed

‎src/test/ssl/t/001_ssltests.pl

Lines changed: 27 additions & 18 deletions
Original file line numberDiff line numberDiff line change
@@ -674,19 +674,22 @@ sub switch_server_cert
674674
expected_stderr=>
675675
qr/certificate authentication failed for user "anotheruser"/,
676676
# certificate authentication should be logged even on failure
677-
log_like=>
678-
[qr/connection authenticated: identity="CN=ssltestuser" method=cert/],);
677+
# temporarily(?) skip this check due to timing issue
678+
#log_like =>
679+
# [qr/connection authenticated: identity="CN=ssltestuser" method=cert/],
680+
);
679681

680682
# revoked client cert
681683
$node->connect_fails(
682684
"$common_connstr user=ssltestuser sslcert=ssl/client-revoked.crt"
683685
. sslkey('client-revoked.key'),
684686
"certificate authorization fails with revoked client cert",
685687
expected_stderr=>qr/SSL error: sslv3 alert certificate revoked/,
686-
log_like=> [
687-
qr{Client certificate verification failed at depth 0: certificate revoked},
688-
qr{Failed certificate data\(unverified\): subject "/CN=ssltestuser", serial number 2315134995201656577, issuer "/CN=Test CA for PostgreSQL SSL regression test client certs"},
689-
],
688+
# temporarily(?) skip this check due to timing issue
689+
#log_like => [
690+
#qr{Client certificate verification failed at depth 0: certificate revoked},
691+
#qr{Failed certificate data \(unverified\): subject "/CN=ssltestuser", serial number 2315134995201656577, issuer "/CN=Test CA for PostgreSQL SSL regression test client certs"},
692+
#],
690693
# revoked certificates should not authenticate the user
691694
log_unlike=> [qr/connection authenticated:/],);
692695

@@ -744,10 +747,12 @@ sub switch_server_cert
744747
"$common_connstr sslmode=require sslcert=ssl/client-long.crt" . sslkey('client-long.key'),
745748
"logged client certificate Subjects are truncated if they're too long",
746749
expected_stderr=>qr/SSL error: tlsv1 alert unknown ca/,
747-
log_like=> [
748-
qr{Client certificate verification failed at depth 0: unable to get local issuer certificate},
749-
qr{Failed certificate data\(unverified\): subject "\.\.\./CN=ssl-123456789012345678901234567890123456789012345678901234567890", serial number 2315418733629425152, issuer "/CN=Test CA for PostgreSQL SSL regression test client certs"},
750-
]);
750+
# temporarily(?) skip this check due to timing issue
751+
#log_like => [
752+
#qr{Client certificate verification failed at depth 0: unable to get local issuer certificate},
753+
#qr{Failed certificate data \(unverified\): subject "\.\.\./CN=ssl-123456789012345678901234567890123456789012345678901234567890", serial number 2315418733629425152, issuer "/CN=Test CA for PostgreSQL SSL regression test client certs"},
754+
#]
755+
);
751756

752757
# Use an invalid cafile here so that the next test won't be able to verify the
753758
# client CA.
@@ -759,10 +764,12 @@ sub switch_server_cert
759764
"$common_connstr sslmode=require sslcert=ssl/client+client_ca.crt",
760765
"intermediate client certificate is untrusted",
761766
expected_stderr=>qr/SSL error: tlsv1 alert unknown ca/,
762-
log_like=> [
763-
qr{Client certificate verification failed at depth 1: unable to get local issuer certificate},
764-
qr{Failed certificate data\(unverified\): subject "/CN=Test CA for PostgreSQL SSL regression test client certs", serial number 2315134995201656577, issuer "/CN=Test root CA for PostgreSQL SSL regression test suite"},
765-
]);
767+
# temporarily(?) skip this check due to timing issue
768+
#log_like => [
769+
#qr{Client certificate verification failed at depth 1: unable to get local issuer certificate},
770+
#qr{Failed certificate data \(unverified\): subject "/CN=Test CA for PostgreSQL SSL regression test client certs", serial number 2315134995201656577, issuer "/CN=Test root CA for PostgreSQL SSL regression test suite"},
771+
#]
772+
);
766773

767774
# test server-side CRL directory
768775
switch_server_cert(
@@ -776,9 +783,11 @@ sub switch_server_cert
776783
. sslkey('client-revoked.key'),
777784
"certificate authorization fails with revoked client cert with server-side CRL directory",
778785
expected_stderr=>qr/SSL error: sslv3 alert certificate revoked/,
779-
log_like=> [
780-
qr{Client certificate verification failed at depth 0: certificate revoked},
781-
qr{Failed certificate data\(unverified\): subject "/CN=ssltestuser", serial number 2315134995201656577, issuer "/CN=Test CA for PostgreSQL SSL regression test client certs"},
782-
]);
786+
# temporarily(?) skip this check due to timing issue
787+
#log_like => [
788+
#qr{Client certificate verification failed at depth 0: certificate revoked},
789+
#qr{Failed certificate data \(unverified\): subject "/CN=ssltestuser", serial number 2315134995201656577, issuer "/CN=Test CA for PostgreSQL SSL regression test client certs"},
790+
#]
791+
);
783792

784793
done_testing();

0 commit comments

Comments
 (0)
[8]ページ先頭
©2009-2025 Movatter.jp