Re: [PATCH] Add `verify-system` sslmode to use system CA pool for server cert
| От | Tom Lane |
|---|---|
| Тема | Re: [PATCH] Add `verify-system` sslmode to use system CA pool for server cert |
| Дата | |
| Msg-id | 1176935.1681330985@sss.pgh.pa.us обсуждение |
| Ответ на | Re: [PATCH] Add `verify-system` sslmode to use system CA pool for server cert (Daniel Gustafsson <daniel@yesql.se>) |
| Ответы |
Re: [PATCH] Add `verify-system` sslmode to use system CA pool for server cert
|
| Список | pgsql-hackers |
Daniel Gustafsson <daniel@yesql.se> writes:
> We don't have great coverage of macOS in the buildfarm sadly, I wonder if can
> get sifaka to run the SSL tests if we ask nicely?
I was just looking into that, but it seems like it'd be a mess.
I have a modern openssl installation from MacPorts, but if
I try to select that I am going to end up compiling with
-I/opt/local/include -L/opt/local/lib, which exposes all of the
metric buttload of stuff that MacPorts tends to pull in. sifaka
is intended to test in a reasonably-default macOS environment,
and that would be far from it.
Plausible alternatives include:
1. Hand-built private copy of openssl. longfin is set up that way,
but I'm not really eager to duplicate that approach, especially if
we want to test cutting-edge openssl.
2. Run a second BF animal that's intentionally pointed at the MacPorts
environment, in hopes of testing what MacPorts users would see.
#2 feels like it might not be a waste of cycles, and certainly that
machine is underworked at the moment. Thoughts?
regards, tom lane
В списке pgsql-hackers по дате отправления: