Thanks to visit codestin.com
Credit goes to github.com

Skip to content

Commit 75d7333

Browse files
tglsfdctglsfdc
committed
Hack one ssl test case to pass with current LibreSSL.
With LibreSSL, our test of error logging for cert chain depths > 0 reports the wrong certificate. This is almost certainly their bug not ours, so just tweak the test to accept their answer. No back-patch needed, since this test case wasn't enabled before e0f373e. Reported-by: Thomas Munro <[email protected]> Author: Tom Lane <[email protected]> Reviewed-by: Daniel Gustafsson <[email protected]> Discussion: https://postgr.es/m/CA+hUKG+fLqyweHqFSBcErueUVT0vDuSNWui-ySz3+d_APmq7dw@mail.gmail.com
1 parent 0aaf699 commit 75d7333

File tree

1 file changed

+5
-1
lines changed

1 file changed

+5
-1
lines changed

src/test/ssl/t/001_ssltests.pl

Lines changed: 5 additions & 1 deletion
Original file line numberDiff line numberDiff line change
@@ -900,7 +900,11 @@ sub switch_server_cert
900900
expected_stderr => qr/SSL error: tlsv1 alert unknown ca/,
901901
log_like => [
902902
qr{Client certificate verification failed at depth 1: unable to get local issuer certificate},
903-
qr{Failed certificate data \(unverified\): subject "/CN=Test CA for PostgreSQL SSL regression test client certs", serial number \d+, issuer "/CN=Test root CA for PostgreSQL SSL regression test suite"},
903+
# As of 5/2025, LibreSSL reports a different cert as being at fault;
904+
# it's wrong, but seems to be their bug not ours
905+
!$libressl
906+
? qr{Failed certificate data \(unverified\): subject "/CN=Test CA for PostgreSQL SSL regression test client certs", serial number \d+, issuer "/CN=Test root CA for PostgreSQL SSL regression test suite"}
907+
: qr{Failed certificate data \(unverified\): subject "/CN=ssltestuser", serial number \d+, issuer "/CN=Test CA for PostgreSQL SSL regression test client certs"},
904908
]);
905909

906910
# test server-side CRL directory

0 commit comments

Comments
 (0)