On Wed, Feb 07, 2018 at 11:54:52AM -0500, Peter Eisentraut wrote:
> Here is a patch that gives the tests in the SSL test suite proper names
> instead of just writing out the connection strings. So instead of
>
> # running client tests
> # test that the server doesn't accept non-SSL connections
> ok 1 - sslmode=disable (should fail)
> # connect without server root cert
> ok 2 - sslrootcert=invalid sslmode=require
> ok 3 - sslrootcert=invalid sslmode=verify-ca (should fail)
> ok 4 - sslrootcert=invalid sslmode=verify-full (should fail)
>
> you get something like
>
> # running client tests
> ok 1 - server doesn't accept non-SSL connections
> ok 2 - connect without server root cert sslmode=require
> ok 3 - connect without server root cert sslmode=verify-ca
> ok 4 - connect without server root cert sslmode=verify-full
> ok 5 - connect with wrong server root cert sslmode=require
> ok 6 - connect with wrong server root cert sslmode=verify-ca
> ok 7 - connect with wrong server root cert sslmode=verify-full
>
> I have found the old way very confusing while working with several
> SSL-related patches recently.
No objections against that.
You need to update the comment on top of test_connect_ok in
ServerSetup.pm. Wouldn't it be better to use the expected result
as an argument and merge test_connect_ok and test_connect_fails?
--
Michael