| From: | Jacob Champion <jchampion(at)timescale(dot)com> |
|---|---|
| To: | Kyotaro Horiguchi <horikyota(dot)ntt(at)gmail(dot)com> |
| Cc: | peter(dot)eisentraut(at)enterprisedb(dot)com, Michael Paquier <michael(at)paquier(dot)xyz>, byavuz81(at)gmail(dot)com, pgsql-bugs(at)lists(dot)postgresql(dot)org |
| Subject: | Re: BUG #17522: While using --with-ssl=openssl and PG_TEST_EXTRA='ssl' options, SSL test fails on OpenBSD 7.1 |
| Date: | 2022-06-21 20:07:42 |
| Message-ID: | CAAWbhmiTjZnFVLPrVprCmV7HQcG+r3cJqj2zP80sfLNkCsCROg@mail.gmail.com |
| Views: | Raw Message | Whole Thread | Download mbox | Resend email |
| Thread: | |
| Lists: | pgsql-bugs |
On Tue, Jun 21, 2022 at 1:34 PM Jacob Champion <jchampion(at)timescale(dot)com> wrote:
> Is LibreSSL just less liberal in what it'll send via SNI?
Looks like it; I can reproduce with a local build against LibreSSL. On
the one hand it seems like there might be a case for improving the
guards around our call to SSL_set_tlsext_host_name(), but that seems
like overkill for fixing this test -- we can just disable SNI.
Attached is a patch which does that.
There is also a question of why LibreSSL doesn't do the same for the
IPv6 CIDR test. Should we proactively disable SNI for both of them?
--Jacob
| Attachment | Content-Type | Size |
|---|---|---|
| 0001-test-ssl-fix-invalid-hostname-test-for-LibreSSL.patch | text/x-patch | 1.3 KB |
| From | Date | Subject | |
|---|---|---|---|
| Next Message | Jacob Champion | 2022-06-21 20:15:05 | Re: BUG #17522: While using --with-ssl=openssl and PG_TEST_EXTRA='ssl' options, SSL test fails on OpenBSD 7.1 |
| Previous Message | Jacob Champion | 2022-06-21 18:34:05 | Re: BUG #17522: While using --with-ssl=openssl and PG_TEST_EXTRA='ssl' options, SSL test fails on OpenBSD 7.1 |