From: | Kyotaro Horiguchi <horikyota(dot)ntt(at)gmail(dot)com> |
---|---|
To: | peter(dot)eisentraut(at)enterprisedb(dot)com |
Cc: | michael(at)paquier(dot)xyz, byavuz81(at)gmail(dot)com, pgsql-bugs(at)lists(dot)postgresql(dot)org |
Subject: | Re: BUG #17522: While using --with-ssl=openssl and PG_TEST_EXTRA='ssl' options, SSL test fails on OpenBSD 7.1 |
Date: | 2022-06-21 00:27:53 |
Message-ID: | 20220621.092753.452165241922345774.horikyota.ntt@gmail.com |
Views: | Raw Message | Whole Thread | Download mbox | Resend email |
Thread: | |
Lists: | pgsql-bugs |
At Mon, 20 Jun 2022 14:22:09 +0200, Peter Eisentraut <peter(dot)eisentraut(at)enterprisedb(dot)com> wrote in
> On 20.06.22 05:05, Michael Paquier wrote:
> > On Fri, Jun 17, 2022 at 12:03:16PM +0000, PG Bug reporting form wrote:
> > Thanks for the report.
> >
> >> [11:41:29.100](0.001s) not ok 77 - IPv4 host with CIDR mask does not
> >> match:
> >> matches
> >> [11:41:29.100](0.000s)
> >> [11:41:29.100](0.000s) # Failed test 'IPv4 host with CIDR mask does
> >> not
> >> match: matches'
> >> # at t/001_ssltests.pl line 336.
> >> [11:41:29.100](0.000s) # 'psql: error: connection to
> >> server at "127.0.0.1", port 60779 failed: could not set SSL Server
> >> Name
> >> Indication (SNI): ssl3 ext invalid servername'
> >> # doesn't match '(?^:server\ certificate\ for\ \"192\.0\.2\.1\"\ \(and\
> >> 1\ other\ name\)\ does\ not\ match\ host\ name\ \"192\.0\.2\.1\/32\")'
> > There is only one failure. None of the buildfarm members running
> > OpneBSD check the SSL tests, but this specific test has been
> > introduced by c1932e5.
> > I am adding Peter and Jacob in CC. This is a new open item for v15.
>
> The test is
>
> $node->connect_fails(
> "$common_connstr host=192.0.2.1/32",
> "IPv4 host with CIDR mask does not match",
> expected_stderr =>
> qr/\Qserver certificate for "192.0.2.1" (and 1 other name) does not
> match host name "192.0.2.1\/32"\E/
> );
>
> which is not using a valid host name to begin with. What is the
> purpose of this test?
It checks if that such invalid name is properly rejected. The
certificate to match with is a IPv4 GEN_IPADD so the name
"192.0.2.1/32" is fed to inet_pton() and the function is supposed to
reject the invalid address.
OpenBSD 7.1's inet_aton() seems like accepting the address as valid.
regards.
--
Kyotaro Horiguchi
NTT Open Source Software Center
From | Date | Subject | |
---|---|---|---|
Next Message | Kyotaro Horiguchi | 2022-06-21 02:42:59 | Re: Using PQexecQuery in pipeline mode produces unexpected Close messages |
Previous Message | Magnus Hagander | 2022-06-20 21:21:34 | Re: Issue with SSL and password protected keys in DER/PK8 format |