On 2/22/18 23:58, Michael Paquier wrote:
> One of the tests is failing:
> t/001_ssltests.pl .. 1/62
> # Failed test 'certificate authorization fails with revoked client cert: matches'
> # at /home/XXXX/git/postgres/src/test/ssl/../../../src/test/perl/TestLib.pm line 354.
> # 'psql: private key file "ssl/client-revoked.key" has
> group or world access; permissions should be u=rw (0600) or less
> # '
> # doesn't match '(?^:SSL error)'
> # Looks like you failed 1 test of 62.
> t/001_ssltests.pl .. Dubious, test returned 1 (wstat 256, 0x100)
> Failed 1/62 subtests
>
> This comes from libpq itself, and the tree uses 0644 on this file. You
> just need to update this test so as ssl/client-revoked_tmp.key is used
> instead of ssl/client-revoked.key, and then the tests pass.
Oh. I actually had that file as 0600 in my checked-out tree, probably
from earlier experiments. Fixed that. And I also changed it to make
another temp file that is explicitly 0644, because we can't rely on that
being the default either.
--
Peter Eisentraut http://www.2ndQuadrant.com/
PostgreSQL Development, 24x7 Support, Remote DBA, Training & Services