You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
Disable unstable test cases in src/test/ssl/t/001_ssltests.pl.
Some of the test cases added by commit 3a0e385 are failing
intermittently in CI testing. It looks like, when a connection
attempt fails, it's possible for psql to exit and the test script
to slurp up the postmaster's log file before the connected backend
has managed to write the log entry we're expecting to see.
It's not clear whether that's fixable in any robust way. Pending
more thought, just comment out the log_like checks. The ones in
connect_ok tests should be fine, since surely the log entry should
be emitted before we complete the client auth sequence. I took
out all the ones in connect_fails tests though.
Discussion: https://postgr.es/m/E1oCNLk-000LCH-Af@gemulon.postgresql.org
qr{Client certificate verification failed at depth 0: certificate revoked},
688
-
qr{Failed certificate data \(unverified\): subject "/CN=ssltestuser", serial number 2315134995201656577, issuer "/CN=Test CA for PostgreSQL SSL regression test client certs"},
689
-
],
688
+
# temporarily(?) skip this check due to timing issue
689
+
# log_like => [
690
+
# qr{Client certificate verification failed at depth 0: certificate revoked},
691
+
# qr{Failed certificate data \(unverified\): subject "/CN=ssltestuser", serial number 2315134995201656577, issuer "/CN=Test CA for PostgreSQL SSL regression test client certs"},
692
+
# ],
690
693
# revoked certificates should not authenticate the user
qr{Client certificate verification failed at depth 0: unable to get local issuer certificate},
749
-
qr{Failed certificate data \(unverified\): subject "\.\.\./CN=ssl-123456789012345678901234567890123456789012345678901234567890", serial number 2315418733629425152, issuer "/CN=Test CA for PostgreSQL SSL regression test client certs"},
750
-
]);
750
+
# temporarily(?) skip this check due to timing issue
751
+
# log_like => [
752
+
# qr{Client certificate verification failed at depth 0: unable to get local issuer certificate},
753
+
# qr{Failed certificate data \(unverified\): subject "\.\.\./CN=ssl-123456789012345678901234567890123456789012345678901234567890", serial number 2315418733629425152, issuer "/CN=Test CA for PostgreSQL SSL regression test client certs"},
754
+
# ]
755
+
);
751
756
752
757
# Use an invalid cafile here so that the next test won't be able to verify the
qr{Client certificate verification failed at depth 1: unable to get local issuer certificate},
764
-
qr{Failed certificate data \(unverified\): subject "/CN=Test CA for PostgreSQL SSL regression test client certs", serial number 2315134995201656577, issuer "/CN=Test root CA for PostgreSQL SSL regression test suite"},
765
-
]);
767
+
# temporarily(?) skip this check due to timing issue
768
+
# log_like => [
769
+
# qr{Client certificate verification failed at depth 1: unable to get local issuer certificate},
770
+
# qr{Failed certificate data \(unverified\): subject "/CN=Test CA for PostgreSQL SSL regression test client certs", serial number 2315134995201656577, issuer "/CN=Test root CA for PostgreSQL SSL regression test suite"},
771
+
# ]
772
+
);
766
773
767
774
# test server-side CRL directory
768
775
switch_server_cert(
@@ -776,9 +783,11 @@ sub switch_server_cert
776
783
. sslkey('client-revoked.key'),
777
784
"certificate authorization fails with revoked client cert with server-side CRL directory",
qr{Client certificate verification failed at depth 0: certificate revoked},
781
-
qr{Failed certificate data \(unverified\): subject "/CN=ssltestuser", serial number 2315134995201656577, issuer "/CN=Test CA for PostgreSQL SSL regression test client certs"},
782
-
]);
786
+
# temporarily(?) skip this check due to timing issue
787
+
# log_like => [
788
+
# qr{Client certificate verification failed at depth 0: certificate revoked},
789
+
# qr{Failed certificate data \(unverified\): subject "/CN=ssltestuser", serial number 2315134995201656577, issuer "/CN=Test CA for PostgreSQL SSL regression test client certs"},
0 commit comments