On 12.04.23 22:52, Jacob Champion wrote:
> It surprises me that you can get a successful test with a missing
> certs directory. If I remove the workaround in Cirrus, I get the
> following error, which looks the same to me:
>
> [20:40:00.253](0.000s) not ok 121 - sslrootcert=system does not
> connect with private CA: matches
> [20:40:00.253](0.000s) # Failed test 'sslrootcert=system does
> not connect with private CA: matches'
> # at /Users/admin/pgsql/src/test/ssl/t/001_ssltests.pl line 479.
> [20:40:00.253](0.000s) # 'psql: error:
> connection to server at "127.0.0.1", port 57681 failed: SSL SYSCALL
> error: Undefined error: 0'
> # doesn't match '(?^:SSL error: certificate verify failed)'
>
> (That broken error message has changed since 3.0; now it's busted in a
> new way as of 3.1, I guess.)
>
> Does the test start passing if you create an empty certs directory? It
> still wouldn't explain why Daniel's setup is succeeding...
After
mkdir /usr/local/etc/openssl@3/certs
the tests pass!