From: | Michael Paquier <michael(at)paquier(dot)xyz> |
---|---|
To: | Thomas Munro <thomas(dot)munro(at)enterprisedb(dot)com> |
Cc: | Kyotaro HORIGUCHI <horiguchi(dot)kyotaro(at)lab(dot)ntt(dot)co(dot)jp>, Pg Hackers <pgsql-hackers(at)postgresql(dot)org>, Heikki Linnakangas <hlinnaka(at)iki(dot)fi> |
Subject: | Re: SSL tests failing with "ee key too small" error on Debian SID |
Date: | 2018-11-26 00:35:56 |
Message-ID: | 20181126003556.GF1776@paquier.xyz |
Views: | Raw Message | Whole Thread | Download mbox | Resend email |
Thread: | |
Lists: | pgsql-hackers |
On Mon, Nov 26, 2018 at 01:17:24PM +1300, Thomas Munro wrote:
> On Wed, Oct 3, 2018 at 1:32 PM Michael Paquier <michael(at)paquier(dot)xyz> wrote:
>> I find your suggestion quite tempting at the end instead of having to
>> tweak the global system's configuration. That should normally work with
>> any configuration. This would require regenerating the certs in the
>> tree. Any thoughts from others?
>
> I don't really have opinion here, but I wanted to point out that
> src/test/ldap/t/001_auth.pl creates new certs on the fly, which is a
> bit inconsistent with the SSL test's approach of certs-in-the-tree.
> Which is better?
When going up to 2k, it takes longer to generate the keys than to run
the tests, so keeping them in the tree looks like a pretty good gain to
me.
--
Michael
From | Date | Subject | |
---|---|---|---|
Next Message | Tom Lane | 2018-11-26 01:26:47 | Re: csv format for psql |
Previous Message | Michael Paquier | 2018-11-26 00:33:51 | Re: pgsql: Add PGXS options to control TAP and isolation tests |