| From: | Daniel Gustafsson <dgustafsson(at)postgresql(dot)org> |
|---|---|
| To: | pgsql-committers(at)lists(dot)postgresql(dot)org |
| Subject: | pgsql: Set SNI ClientHello extension to localhost in tests |
| Date: | 2022-02-10 13:29:05 |
| Message-ID: | E1nI9VR-0004sW-J9@gemulon.postgresql.org |
| Views: | Raw Message | Whole Thread | Download mbox | Resend email |
| Thread: | |
| Lists: | pgsql-committers |
Set SNI ClientHello extension to localhost in tests
The connection strings in the SSL client tests were using the host
set up from Cluster.pm which is a temporary pathname. When SNI is
enabled we pass the host to OpenSSL in order to set the server name
indication ClientHello extension via SSL_set_tlsext_host_name.
OpenSSL doesn't validate the hostname apart from checking the max
length, but LibreSSL checks for RFC 5890 conformance which results
in errors during testing as the pathname from Cluster.pm is not a
valid hostname.
Fix by setting the host explicitly to localhost, as that's closer
to the intent of the test.
Backpatch through 14 where SNI support came in.
Reported-by: Nazir Bilal Yavuz <byavuz81(at)gmail(dot)com>
Reviewed-by: Tom Lane <tgl(at)sss(dot)pgh(dot)pa(dot)us>
Discussion: https://postgr.es/m/17391-304f81bcf724b58b@postgresql.org
Backpatch-through: 14
Branch
------
master
Details
-------
https://git.postgresql.org/pg/commitdiff/6d503d2a47324c15c5b4274bf4dd016064143754
Modified Files
--------------
src/test/ssl/t/001_ssltests.pl | 6 +++---
src/test/ssl/t/002_scram.pl | 6 +++---
src/test/ssl/t/003_sslinfo.pl | 6 +++---
3 files changed, 9 insertions(+), 9 deletions(-)
| From | Date | Subject | |
|---|---|---|---|
| Next Message | Daniel Gustafsson | 2022-02-10 13:29:49 | pgsql: Set SNI ClientHello extension to localhost in tests |
| Previous Message | Peter Eisentraut | 2022-02-10 11:26:05 | pgsql: Remove unnecessary resetPQExpBuffer call |