From: | Tom Lane <tgl(at)sss(dot)pgh(dot)pa(dot)us> |
---|---|
To: | Andrew Dunstan <andrew(dot)dunstan(at)2ndquadrant(dot)com> |
Cc: | buildfarm-members(at)postgresql(dot)org, buildfarm-admins(at)postgresql(dot)org |
Subject: | Re: Moving to HTTPS |
Date: | 2017-01-15 08:39:42 |
Message-ID: | 7217.1484469582@sss.pgh.pa.us |
Views: | Raw Message | Whole Thread | Download mbox | Resend email |
Thread: | |
Lists: | buildfarm-members |
Andrew Dunstan <andrew(dot)dunstan(at)2ndquadrant(dot)com> writes:
> On 01/07/2017 07:12 PM, Tom Lane wrote:
>> Andrew Dunstan <andrew(dot)dunstan(at)2ndquadrant(dot)com> writes:
>>> Yeah, you're right. Or perhaps even more simply we could do:
>>> perl -MLWP::Simple -e 'print qq{BAD\n} unless head(q{https://www.postgresql.org});'
>> Hmm, so that reports BAD on all four of my buildfarm critters :-(.
> Ugh. I was afraid of something like that. We might need to look at
> providing a proxy or something.
After further fooling with this, it seems the root cause is that you
need Perl (specifically Net::SSLeay) to be linked to OpenSSL 0.9.8
or later. Since we require at least 0.9.8 for PG itself, this does
not seem like an unreasonably heavy lift.
I found that some of the involved modules, particularly IO::Socket::SSL
and LWP::Protocol::https, fail a few of their regression tests even
with 0.9.8. But if you tell cpan to ignore that and install them
anyway, it seems like things work; at least, the simple test proposed
above now works on all four of my buildfarm critters. It will be
interesting to see whether that equates to "buildfarm script can talk
to https server". Do we have any more-thorough test case available?
BTW, if anyone else is like me and has a more modern openssl installed
in a non-default location on an old machine, the secret sauce for getting
Net::SSLeay to use that is to set environment variable OPENSSL_PREFIX
to the openssl install prefix path before building Net::SSLeay.
regards, tom lane
From | Date | Subject | |
---|---|---|---|
Next Message | Andrew Dunstan | 2017-01-15 13:59:28 | Re: Moving to HTTPS |
Previous Message | Andrew Dunstan | 2017-01-08 16:16:34 | Re: Moving to HTTPS |