Обсуждение: SSL tests failing for channel_binding with OpenSSL <= 1.0.1

Поиск
Список
Период
Сортировка

SSL tests failing for channel_binding with OpenSSL <= 1.0.1

От
Michael Paquier
Дата:
Hi all,
(Jeff Davis in CC)

As $subject tells, any version of OpenSSL not including
X509_get_signature_nid() (version <= 1.0.1) causes the SSL tests to
fail.  This has been introduced by d6e612f.

We need to do something similar to c3d41cc for the test, as per the
attached.  I have tested that with OpenSSL 1.0.1 and 1.0.2 to stress
both scenarios.

Any objections to this fix?

Thanks,
--
Michael
Вложения

Re: SSL tests failing for channel_binding with OpenSSL <= 1.0.1

От
Michael Paquier
Дата:
On Fri, Sep 27, 2019 at 11:44:57AM +0900, Michael Paquier wrote:
> We need to do something similar to c3d41cc for the test, as per the
> attached.  I have tested that with OpenSSL 1.0.1 and 1.0.2 to stress
> both scenarios.
>
> Any objections to this fix?

Committed as a12c75a1.
--
Michael
Вложения

Re: SSL tests failing for channel_binding with OpenSSL <= 1.0.1

От
Tom Lane
Дата:
Michael Paquier <michael@paquier.xyz> writes:
> On Fri, Sep 27, 2019 at 11:44:57AM +0900, Michael Paquier wrote:
>> We need to do something similar to c3d41cc for the test, as per the
>> attached.  I have tested that with OpenSSL 1.0.1 and 1.0.2 to stress
>> both scenarios.
>> Any objections to this fix?

> Committed as a12c75a1.

The committed fix looks odd: isn't the number of executed tests the
same in both code paths?  (I didn't try it yet.)

            regards, tom lane

Re: SSL tests failing for channel_binding with OpenSSL <= 1.0.1

От
Jeff Davis
Дата:
On Mon, 2019-09-30 at 09:37 -0400, Tom Lane wrote:
> Michael Paquier <michael@paquier.xyz> writes:
> > On Fri, Sep 27, 2019 at 11:44:57AM +0900, Michael Paquier wrote:
> > > We need to do something similar to c3d41cc for the test, as per
> > > the
> > > attached.  I have tested that with OpenSSL 1.0.1 and 1.0.2 to
> > > stress
> > > both scenarios.
> > > Any objections to this fix?
> > Committed as a12c75a1.
> 
> The committed fix looks odd: isn't the number of executed tests the
> same in both code paths?  (I didn't try it yet.)

test_connect_fails actually runs two tests, one for the failing exit
code and one for the error message.

Regards,
    Jeff Davis

Re: SSL tests failing for channel_binding with OpenSSL <= 1.0.1

От
Michael Paquier
Дата:
On Mon, Sep 30, 2019 at 11:08:20AM -0700, Jeff Davis wrote:
> On Mon, 2019-09-30 at 09:37 -0400, Tom Lane wrote:
>> The committed fix looks odd: isn't the number of executed tests the
>> same in both code paths?  (I didn't try it yet.)
>
> test_connect_fails actually runs two tests, one for the failing exit
> code and one for the error message.

Yes.  The committed code still works as I would expect.  With OpenSSL
<= 1.0.1, I get 10 tests, and 9 with OpenSSL >= 1.0.2.  You can check
the difference from test 5 "SCRAM with SSL and channel_binding=require".
--
Michael
Вложения