Re: Moving to HTTPS

On 01/15/2017 03:39 AM, Tom Lane wrote:
> Andrew Dunstan <andrew(dot)dunstan(at)2ndquadrant(dot)com> writes:
>> On 01/07/2017 07:12 PM, Tom Lane wrote:
>>> Andrew Dunstan <andrew(dot)dunstan(at)2ndquadrant(dot)com> writes:
>>>> Yeah, you're right. Or perhaps even more simply we could do:
>>>> perl -MLWP::Simple -e 'print qq{BAD\n} unless head(q{https://www.postgresql.org});'
>>> Hmm, so that reports BAD on all four of my buildfarm critters :-(.
>> Ugh. I was afraid of something like that. We might need to look at
>> providing a proxy or something.
> After further fooling with this, it seems the root cause is that you
> need Perl (specifically Net::SSLeay) to be linked to OpenSSL 0.9.8
> or later. Since we require at least 0.9.8 for PG itself, this does
> not seem like an unreasonably heavy lift.
>
> I found that some of the involved modules, particularly IO::Socket::SSL
> and LWP::Protocol::https, fail a few of their regression tests even
> with 0.9.8. But if you tell cpan to ignore that and install them
> anyway, it seems like things work; at least, the simple test proposed
> above now works on all four of my buildfarm critters. It will be
> interesting to see whether that equates to "buildfarm script can talk
> to https server". Do we have any more-thorough test case available?

The test should be thorough enough. If you want to try it for real and
you're using the same that you built against, just change the URLs in
your config file, i.e.:

sed -i -e
s,http://www.pgbuildfarm.org/,https://buildfarm.postgresql.org/,
your-config-file

cheers

andrew

--
Andrew Dunstan https://www.2ndQuadrant.com
PostgreSQL Development, 24x7 Support, Remote DBA, Training & Services