On Fri, Jan 4, 2019 at 3:36 AM Peter Eisentraut <peter.eisentr...@2ndquadrant.com> wrote: > On 23/12/2018 09:04, Michael Paquier wrote: > > On Tue, Nov 27, 2018 at 02:21:39PM +0000, Peter Eisentraut wrote: > >> Update ssl test certificates and keys > >> > >> Debian testing and newer now require that RSA and DHE keys are at > >> least 2048 bit long and no longer allow SHA-1 for signatures in > >> certificates. This is currently causing the ssl tests to fail there > >> because the test certificates and keys have been created in violation > >> of those conditions. > >> > >> Update the parameters to create the test files and create a new set of > >> test files. > > > > Peter, would it make sense to back-patch this commit down to where the > > SSL tests have been introduced? If /etc/ssl/ is not correctly > > configured, this results in failures across branches on Debian if the > > default is used. > > done
Thanks. FWIW I've just updated eelpout (a Debian testing BF animal that runs all the extra tests including SSL) to use libssl-dev (instead of libssl1.0-dev), and cleared its accache files. Let's see if that works... -- Thomas Munro http://www.enterprisedb.com