Обсуждение: SSL test names
Here is a patch that gives the tests in the SSL test suite proper names instead of just writing out the connection strings. So instead of # running client tests # test that the server doesn't accept non-SSL connections ok 1 - sslmode=disable (should fail) # connect without server root cert ok 2 - sslrootcert=invalid sslmode=require ok 3 - sslrootcert=invalid sslmode=verify-ca (should fail) ok 4 - sslrootcert=invalid sslmode=verify-full (should fail) you get something like # running client tests ok 1 - server doesn't accept non-SSL connections ok 2 - connect without server root cert sslmode=require ok 3 - connect without server root cert sslmode=verify-ca ok 4 - connect without server root cert sslmode=verify-full ok 5 - connect with wrong server root cert sslmode=require ok 6 - connect with wrong server root cert sslmode=verify-ca ok 7 - connect with wrong server root cert sslmode=verify-full I have found the old way very confusing while working with several SSL-related patches recently. -- Peter Eisentraut http://www.2ndQuadrant.com/ PostgreSQL Development, 24x7 Support, Remote DBA, Training & Services
Вложения
On Wed, Feb 07, 2018 at 11:54:52AM -0500, Peter Eisentraut wrote: > Here is a patch that gives the tests in the SSL test suite proper names > instead of just writing out the connection strings. So instead of > > # running client tests > # test that the server doesn't accept non-SSL connections > ok 1 - sslmode=disable (should fail) > # connect without server root cert > ok 2 - sslrootcert=invalid sslmode=require > ok 3 - sslrootcert=invalid sslmode=verify-ca (should fail) > ok 4 - sslrootcert=invalid sslmode=verify-full (should fail) > > you get something like > > # running client tests > ok 1 - server doesn't accept non-SSL connections > ok 2 - connect without server root cert sslmode=require > ok 3 - connect without server root cert sslmode=verify-ca > ok 4 - connect without server root cert sslmode=verify-full > ok 5 - connect with wrong server root cert sslmode=require > ok 6 - connect with wrong server root cert sslmode=verify-ca > ok 7 - connect with wrong server root cert sslmode=verify-full > > I have found the old way very confusing while working with several > SSL-related patches recently. No objections against that. You need to update the comment on top of test_connect_ok in ServerSetup.pm. Wouldn't it be better to use the expected result as an argument and merge test_connect_ok and test_connect_fails? -- Michael
Вложения
> On 07 Feb 2018, at 17:54, Peter Eisentraut <peter.eisentraut@2ndquadrant.com> wrote: > I have found the old way very confusing while working with several > SSL-related patches recently. Agreed. I had similar, but way uglier, hacks in my Secure Transport branch. +1 on something like this. cheers ./daniel
On 2/7/18 23:18, Michael Paquier wrote: > You need to update the comment on top of test_connect_ok in > ServerSetup.pm. done and committed > Wouldn't it be better to use the expected result > as an argument and merge test_connect_ok and test_connect_fails? That doesn't seem to be the general style, and I think it's more readable the way it is now. -- Peter Eisentraut http://www.2ndQuadrant.com/ PostgreSQL Development, 24x7 Support, Remote DBA, Training & Services