|
46 | 46 | $common_connstr = |
47 | 47 | "user=ssltestuser dbname=trustdb sslcert=invalid hostaddr=$SERVERHOSTADDR host=common-name.pg-ssltest.test"; |
48 | 48 |
|
49 | | -# The server should not accept non-SSL connections |
| 49 | +# The server should not accept non-SSL connections. |
50 | 50 | note"test that the server doesn't accept non-SSL connections"; |
51 | 51 | test_connect_fails($common_connstr,"sslmode=disable"); |
52 | 52 |
|
53 | 53 | # Try without a root cert. In sslmode=require, this should work. In verify-ca |
54 | | -# or verify-full mode it should fail |
| 54 | +# or verify-full mode it should fail. |
55 | 55 | note"connect without server root cert"; |
56 | 56 | test_connect_ok($common_connstr,"sslrootcert=invalid sslmode=require"); |
57 | 57 | test_connect_fails($common_connstr,"sslrootcert=invalid sslmode=verify-ca"); |
58 | 58 | test_connect_fails($common_connstr,"sslrootcert=invalid sslmode=verify-full"); |
59 | 59 |
|
60 | | -# Try with wrong root cert, should fail. (we're using the client CA as the |
61 | | -# root, but the server's key is signed by the server CA) |
62 | | -note"connectwithout wrong server root cert"; |
| 60 | +# Try with wrong root cert, should fail. (We're using the client CA as the |
| 61 | +# root, but the server's key is signed by the server CA.) |
| 62 | +note"connectwith wrong server root cert"; |
63 | 63 | test_connect_fails($common_connstr, |
64 | 64 | "sslrootcert=ssl/client_ca.crt sslmode=require"); |
65 | 65 | test_connect_fails($common_connstr, |
|