| From: | Andres Freund <andres(at)anarazel(dot)de> |
|---|---|
| To: | Robert Haas <robertmhaas(at)gmail(dot)com> |
| Cc: | Andrew Dunstan <andrew(at)dunslane(dot)net>, Michael Paquier <michael(dot)paquier(at)gmail(dot)com>, PostgreSQL mailing lists <pgsql-hackers(at)postgresql(dot)org> |
| Subject: | Re: src/test/ssl broken on HEAD |
| Date: | 2015-09-02 23:15:47 |
| Message-ID: | 20150902231547.GG8555@awork2.anarazel.de |
| Views: | Raw Message | Whole Thread | Download mbox | Resend email |
| Thread: | |
| Lists: | pgsql-hackers |
On 2015-09-02 17:03:46 -0400, Robert Haas wrote:
> On Wed, Sep 2, 2015 at 4:50 PM, Andrew Dunstan <andrew(at)dunslane(dot)net> wrote:
> > Tell me what's needed and I'll look at creating a buildfarm test module for
> > it.
>
> You run the tests via: make -C src/test/ssl check
>
> But nota bene security caveats:
>
> commit e39250c644ea7cd3904e4e24570db21a209cf97f
> Author: Heikki Linnakangas <heikki(dot)linnakangas(at)iki(dot)fi>
> Date: Tue Dec 9 17:21:18 2014 +0200
>
> Add a regression test suite for SSL support.
>
> It's not run by the global "check" or "installcheck" targets, because the
> temporary installation it creates accepts TCP connections from any user
> the same host, which is insecure.
We could just implement SSL over unix sockets. Obviously the
connection-encryption aspect isn't actually useful, but e.g. client
certs still make sense. Besides, it allows to avoid concerns like the
above...
Greetings,
Andres Freund
| From | Date | Subject | |
|---|---|---|---|
| Next Message | Peter Geoghegan | 2015-09-02 23:23:13 | Re: Memory prefetching while sequentially fetching from SortTuple array, tuplestore |
| Previous Message | Tomas Vondra | 2015-09-02 23:15:46 | Re: DBT-3 with SF=20 got failed |