On Wed, 2021-04-07 at 10:27 -0400, Tom Lane wrote: > Michael Paquier <mich...@paquier.xyz> writes: > > On Wed, Apr 07, 2021 at 01:17:34AM +0000, Michael Paquier wrote: > > > Add some information about authenticated identity via log_connections > > So, fairywren, that is able to run the SSL tests on Windows, has been > > complaining here: > > prairiedog is also not happy, apparently for a different reason. > Let me know if you need help debugging that one.
That one's failing because older OpenSSL doesn't support channel binding, and the new test I wrote forgot to check to make sure channel binding was supported... sorry. But the test doesn't truly *need* channel binding anyway; it just needs to check the interaction between SCRAM and verify-full, to ensure that the correct authn_id is set. Patch attached, tested locally with OpenSSL 1.0.1 and 1.1.1. --Jacob
diff --git a/src/test/ssl/t/002_scram.pl b/src/test/ssl/t/002_scram.pl index 0280d0a1ef..4eb130754e 100644 --- a/src/test/ssl/t/002_scram.pl +++ b/src/test/ssl/t/002_scram.pl @@ -104,8 +104,8 @@ $node->connect_fails( # Certificate verification at the connection level should still work fine. $node->connect_ok( - "sslcert=ssl/client.crt sslkey=$client_tmp_key sslrootcert=invalid hostaddr=$SERVERHOSTADDR dbname=verifydb user=ssltestuser channel_binding=require", - "SCRAM with clientcert=verify-full and channel_binding=require", + "sslcert=ssl/client.crt sslkey=$client_tmp_key sslrootcert=invalid hostaddr=$SERVERHOSTADDR dbname=verifydb user=ssltestuser", + "SCRAM with clientcert=verify-full", log_like => [ qr/connection authenticated: identity="ssltestuser" method=scram-sha-256/ ]); # clean up
