On 1/2/18 14:56, Thomas Munro wrote:
>> A small point on the test changes. You change the test under
>> "diagnostic message", but I'm not sure why. Do the changes invalidate
>> the existing test?
>
> Yeah. In master, I was relying on the server rejecting ldaptls=1
> requests due to lack of configured certificate in order to generate a
> diagnostic message. Now that there is a certificate, I needed to find
> another way to get requests rejected with a diagnostic message. I
> have added a brief note to the commit message about this.
>
>> We should probably also add another "note" call to introduce the LDAPS
>> tests section.
>
> I realised that I should probably also include a new test for
> ldaptls=1, so that we can see that both ways of doing TLS are working.
> I added that test, and added a "note" to label the whole section as
> "TLS". Please see attached.
Committed.
I added a test case for combining LDAPS with StartTLS. The OpenLDAP
library sensibly rejects that, so we don't need to do anything ourselves
to prevent that.
--
Peter Eisentraut http://www.2ndQuadrant.com/
PostgreSQL Development, 24x7 Support, Remote DBA, Training & Services