On 11/10/2016 07:16 AM, Michael Paquier wrote:
> On Wed, Nov 9, 2016 at 7:46 PM, Andreas Karlsson <andreas@proxel.se> wrote:
>> Those tests fail due to that listen_addresses cannot be changed on reload so
>> none of the test cases can even connect to the database. When I hacked
>> ServerSetup.pm to set the correct listen_address before starting all tests
>> pass.
>
> Hm... listen_addresses remain constant at 127.0.0.1 and setting up
> listen_addresses = '*' does not work either.. Perhaps I am missing
> something?
When PostgreSQL is started in the tests it by default only listens to a
unix socket (except on Windows). It is the call to the restart function
in the SSL tests which allows PostgreSQL to receive TCP connections.
Fixing this in the SSL tests will require some refactoring.
>> It is a bit annoying that if pg_hba.conf contains hostssl then postgres will
>> refuse to start. Maybe this is something we should also fix in this patch
>> since now when we can enable SSL after starting it becomes more useful to
>> not bail on hostssl. What do you think?
>
> I forgot that... There is the same problem today when updating
> postgresql.conf and restarting the server if there is an hostssl
> entry. Do you have in mind to relax things? It seems to be that the
> safest bet is to not reload parameters if ssl is switched from on to
> off and if pg_hba.conf has a hostssl entry, right? That complicates
> the code though.
I personally think that it would be cleaner and easier to understand if
we just do not fail on hostssl lines just because SSL is disabled. A
warning should be enough. But I do not have any strong opinions here,
and would be fine with leaving the code as-is.
>> I will look into writing a cleaner patch for ServerSetup.pm some time later
>> this week.
>
> Thanks. Making the restart/reload OS-dependent will be necessary.
> src/test/ssl can run on Windows.
I do not think that this will be an issue with the current design, but I
do not have access to a Windows machine for testing.
Andreas