Thread: BUG #17522: While using --with-ssl=openssl and PG_TEST_EXTRA='ssl' options, SSL test fails on OpenBSD 7.1
BUG #17522: While using --with-ssl=openssl and PG_TEST_EXTRA='ssl' options, SSL test fails on OpenBSD 7.1
From
PG Bug reporting form
Date:
The following bug has been logged on the website:
Bug reference: 17522
Logged by: Nazir Bilal Yavuz
Email address: byavuz81@gmail.com
PostgreSQL version: 14.4
Operating system: OpenBSD 7.1
Description:
Hi,
While installing PostgreSQL from source code, SSL tests fail on OpenBSD
7.1.
The commands I used are:
./configure \
--enable-tap-tests \
--with-ssl=openssl \
\
--with-includes=/usr/local/include --with-libs=/usr/local/lib && \
gmake -s world-bin && gmake -s check-world PG_TEST_EXTRA='ssl'
OS:
OpenBSD openbsd-trial-01 7.1 GENERIC.MP#0 amd64
OpenSSL Version:
LibreSSL 3.5.2
Error message:
t/001_ssltests.pl (Wstat: 256 Tests: 182 Failed: 1)
t/002_scram.pl ..... ok
t/003_sslinfo.pl ... ok
Logs(regress_log_001_ssltests and 001_ssltests_primary.log):
regress_log_001_ssltests(77th test fails):
[11:41:15.963](0.114s) # setting up data directory
# Checking port 60779
# Found port 60779
Name: primary
Data directory:
/home/nbyavuz/postgres/src/test/ssl/tmp_check/t_001_ssltests_primary_data/pgdata
Backup directory:
/home/nbyavuz/postgres/src/test/ssl/tmp_check/t_001_ssltests_primary_data/backup
Archive directory:
/home/nbyavuz/postgres/src/test/ssl/tmp_check/t_001_ssltests_primary_data/archives
Connection string: port=60779 host=/tmp/j3eM1DJbn4
Log file:
/home/nbyavuz/postgres/src/test/ssl/tmp_check/log/001_ssltests_primary.log
# Running: initdb -D
/home/nbyavuz/postgres/src/test/ssl/tmp_check/t_001_ssltests_primary_data/pgdata
-A trust -N
The files belonging to this database system will be owned by user
"nbyavuz".
This user must also own the server process.
The database cluster will be initialized with locale "C".
The default database encoding has accordingly been set to "SQL_ASCII".
The default text search configuration will be set to "english".
Data page checksums are disabled.
creating directory
/home/nbyavuz/postgres/src/test/ssl/tmp_check/t_001_ssltests_primary_data/pgdata
... ok
creating subdirectories ... ok
selecting dynamic shared memory implementation ... posix
selecting default max_connections ... 100
selecting default shared_buffers ... 128MB
selecting default time zone ... Etc/UTC
creating configuration files ... ok
running bootstrap script ... ok
performing post-bootstrap initialization ... ok
Sync to disk skipped.
The data directory might become corrupt if the operating system crashes.
Success. You can now start the database server using:
pg_ctl -D
/home/nbyavuz/postgres/src/test/ssl/tmp_check/t_001_ssltests_primary_data/pgdata
-l logfile start
# Running:
/home/nbyavuz/postgres/src/test/ssl/../../../src/test/regress/pg_regress
--config-auth
/home/nbyavuz/postgres/src/test/ssl/tmp_check/t_001_ssltests_primary_data/pgdata
### Starting node "primary"
# Running: pg_ctl -w -D
/home/nbyavuz/postgres/src/test/ssl/tmp_check/t_001_ssltests_primary_data/pgdata
-l
/home/nbyavuz/postgres/src/test/ssl/tmp_check/log/001_ssltests_primary.log
-o --cluster-name=primary start
waiting for server to start.... done
server started
# Postmaster PID for node "primary" is 3599
[11:41:19.675](3.712s) ok 1 - ssl_library parameter
### Restarting node "primary"
# Running: pg_ctl -w -D
/home/nbyavuz/postgres/src/test/ssl/tmp_check/t_001_ssltests_primary_data/pgdata
-l
/home/nbyavuz/postgres/src/test/ssl/tmp_check/log/001_ssltests_primary.log
restart
waiting for server to shut down.... done
server stopped
waiting for server to start.... done
server started
# Postmaster PID for node "primary" is 85461
[11:41:25.055](5.380s) # testing password-protected keys
# Running: pg_ctl -D
/home/nbyavuz/postgres/src/test/ssl/tmp_check/t_001_ssltests_primary_data/pgdata
-l
/home/nbyavuz/postgres/src/test/ssl/tmp_check/log/001_ssltests_primary.log
restart
waiting for server to shut down.... done
server stopped
waiting for server to start.... stopped waiting
pg_ctl: could not start server
Examine the log output.
[11:41:25.280](0.224s) ok 2 - restart fails with password-protected key file
with wrong password
# No postmaster PID for node "primary"
# Running: pg_ctl -D
/home/nbyavuz/postgres/src/test/ssl/tmp_check/t_001_ssltests_primary_data/pgdata
-l
/home/nbyavuz/postgres/src/test/ssl/tmp_check/log/001_ssltests_primary.log
restart
pg_ctl: PID file
"/home/nbyavuz/postgres/src/test/ssl/tmp_check/t_001_ssltests_primary_data/pgdata/postmaster.pid"
does not exist
Is server running?
trying to start server anyway
waiting for server to start.... done
server started
[11:41:25.422](0.143s) ok 3 - restart succeeds with password-protected key
file
# Postmaster PID for node "primary" is 50027
# Running: pg_ctl -D
/home/nbyavuz/postgres/src/test/ssl/tmp_check/t_001_ssltests_primary_data/pgdata
-l
/home/nbyavuz/postgres/src/test/ssl/tmp_check/log/001_ssltests_primary.log
restart
waiting for server to shut down.... done
server stopped
waiting for server to start.... stopped waiting
pg_ctl: could not start server
Examine the log output.
[11:41:25.650](0.228s) ok 4 - restart fails with incorrect SSL protocol
bounds
# Running: pg_ctl -D
/home/nbyavuz/postgres/src/test/ssl/tmp_check/t_001_ssltests_primary_data/pgdata
-l
/home/nbyavuz/postgres/src/test/ssl/tmp_check/log/001_ssltests_primary.log
restart
pg_ctl: PID file
"/home/nbyavuz/postgres/src/test/ssl/tmp_check/t_001_ssltests_primary_data/pgdata/postmaster.pid"
does not exist
Is server running?
trying to start server anyway
waiting for server to start.... done
server started
[11:41:25.764](0.114s) ok 5 - restart succeeds with correct SSL protocol
bounds
[11:41:25.765](0.000s) # running client tests
### Restarting node "primary"
# Running: pg_ctl -w -D
/home/nbyavuz/postgres/src/test/ssl/tmp_check/t_001_ssltests_primary_data/pgdata
-l
/home/nbyavuz/postgres/src/test/ssl/tmp_check/log/001_ssltests_primary.log
restart
waiting for server to shut down.... done
server stopped
waiting for server to start.... done
server started
# Postmaster PID for node "primary" is 3662
[11:41:26.059](0.294s) ok 6 - server doesn't accept non-SSL connections
[11:41:26.059](0.001s) ok 7 - server doesn't accept non-SSL connections:
matches
[11:41:26.221](0.161s) ok 8 - connect without server root cert
sslmode=require
[11:41:26.221](0.000s) ok 9 - connect without server root cert
sslmode=require: no stderr
[11:41:26.249](0.028s) ok 10 - connect without server root cert
sslmode=verify-ca
[11:41:26.249](0.000s) ok 11 - connect without server root cert
sslmode=verify-ca: matches
[11:41:26.277](0.028s) ok 12 - connect without server root cert
sslmode=verify-full
[11:41:26.278](0.000s) ok 13 - connect without server root cert
sslmode=verify-full: matches
[11:41:26.315](0.037s) ok 14 - connect with wrong server root cert
sslmode=require
[11:41:26.315](0.000s) ok 15 - connect with wrong server root cert
sslmode=require: matches
[11:41:26.350](0.035s) ok 16 - connect with wrong server root cert
sslmode=verify-ca
[11:41:26.351](0.000s) ok 17 - connect with wrong server root cert
sslmode=verify-ca: matches
[11:41:26.401](0.050s) ok 18 - connect with wrong server root cert
sslmode=verify-full
[11:41:26.401](0.000s) ok 19 - connect with wrong server root cert
sslmode=verify-full: matches
[11:41:26.458](0.057s) ok 20 - connect with server CA cert, without root
CA
[11:41:26.458](0.000s) ok 21 - connect with server CA cert, without root CA:
matches
[11:41:26.515](0.057s) ok 22 - connect with correct server CA cert file
sslmode=require
[11:41:26.515](0.000s) ok 23 - connect with correct server CA cert file
sslmode=require: no stderr
[11:41:26.572](0.056s) ok 24 - connect with correct server CA cert file
sslmode=verify-ca
[11:41:26.572](0.000s) ok 25 - connect with correct server CA cert file
sslmode=verify-ca: no stderr
[11:41:26.629](0.057s) ok 26 - connect with correct server CA cert file
sslmode=verify-full
[11:41:26.630](0.000s) ok 27 - connect with correct server CA cert file
sslmode=verify-full: no stderr
[11:41:26.686](0.056s) ok 28 - cert root file that contains two
certificates, order 1
[11:41:26.686](0.000s) ok 29 - cert root file that contains two
certificates, order 1: no stderr
[11:41:26.743](0.057s) ok 30 - cert root file that contains two
certificates, order 2
[11:41:26.743](0.000s) ok 31 - cert root file that contains two
certificates, order 2: no stderr
[11:41:26.800](0.057s) ok 32 - sslcrl option with invalid file name
[11:41:26.800](0.000s) ok 33 - sslcrl option with invalid file name: no
stderr
[11:41:26.840](0.039s) ok 34 - CRL belonging to a different CA
[11:41:26.840](0.000s) ok 35 - CRL belonging to a different CA: matches
[11:41:26.895](0.055s) ok 36 - directory CRL belonging to a different CA
[11:41:26.895](0.000s) ok 37 - directory CRL belonging to a different CA:
matches
[11:41:26.952](0.057s) ok 38 - CRL with a non-revoked cert
[11:41:26.952](0.000s) ok 39 - CRL with a non-revoked cert: no stderr
[11:41:27.009](0.057s) ok 40 - directory CRL with a non-revoked cert
[11:41:27.010](0.000s) ok 41 - directory CRL with a non-revoked cert: no
stderr
[11:41:27.066](0.056s) ok 42 - mismatch between host name and server
certificate sslmode=require
[11:41:27.066](0.000s) ok 43 - mismatch between host name and server
certificate sslmode=require: no stderr
[11:41:27.123](0.057s) ok 44 - mismatch between host name and server
certificate sslmode=verify-ca
[11:41:27.124](0.000s) ok 45 - mismatch between host name and server
certificate sslmode=verify-ca: no stderr
[11:41:27.170](0.047s) ok 46 - mismatch between host name and server
certificate sslmode=verify-full
[11:41:27.171](0.000s) ok 47 - mismatch between host name and server
certificate sslmode=verify-full: matches
### Restarting node "primary"
# Running: pg_ctl -w -D
/home/nbyavuz/postgres/src/test/ssl/tmp_check/t_001_ssltests_primary_data/pgdata
-l
/home/nbyavuz/postgres/src/test/ssl/tmp_check/log/001_ssltests_primary.log
restart
waiting for server to shut down.... done
server stopped
waiting for server to start.... done
server started
# Postmaster PID for node "primary" is 70825
[11:41:27.455](0.285s) ok 48 - IP address in the Common Name
[11:41:27.456](0.000s) ok 49 - IP address in the Common Name: no stderr
[11:41:27.503](0.047s) ok 50 - mismatch between host name and server
certificate IP address
[11:41:27.503](0.001s) ok 51 - mismatch between host name and server
certificate IP address: matches
### Restarting node "primary"
# Running: pg_ctl -w -D
/home/nbyavuz/postgres/src/test/ssl/tmp_check/t_001_ssltests_primary_data/pgdata
-l
/home/nbyavuz/postgres/src/test/ssl/tmp_check/log/001_ssltests_primary.log
restart
waiting for server to shut down.... done
server stopped
waiting for server to start.... done
server started
# Postmaster PID for node "primary" is 8665
[11:41:27.788](0.285s) ok 52 - IP address in a dNSName
[11:41:27.789](0.000s) ok 53 - IP address in a dNSName: no stderr
### Restarting node "primary"
# Running: pg_ctl -w -D
/home/nbyavuz/postgres/src/test/ssl/tmp_check/t_001_ssltests_primary_data/pgdata
-l
/home/nbyavuz/postgres/src/test/ssl/tmp_check/log/001_ssltests_primary.log
restart
waiting for server to shut down.... done
server stopped
waiting for server to start.... done
server started
# Postmaster PID for node "primary" is 92989
[11:41:28.073](0.284s) ok 54 - host name matching with X.509 Subject
Alternative Names 1
[11:41:28.073](0.000s) ok 55 - host name matching with X.509 Subject
Alternative Names 1: no stderr
[11:41:28.130](0.057s) ok 56 - host name matching with X.509 Subject
Alternative Names 2
[11:41:28.130](0.000s) ok 57 - host name matching with X.509 Subject
Alternative Names 2: no stderr
[11:41:28.187](0.057s) ok 58 - host name matching with X.509 Subject
Alternative Names wildcard
[11:41:28.187](0.000s) ok 59 - host name matching with X.509 Subject
Alternative Names wildcard: no stderr
[11:41:28.235](0.047s) ok 60 - host name not matching with X.509 Subject
Alternative Names
[11:41:28.235](0.001s) ok 61 - host name not matching with X.509 Subject
Alternative Names: matches
[11:41:28.282](0.047s) ok 62 - host name not matching with X.509 Subject
Alternative Names wildcard
[11:41:28.283](0.001s) ok 63 - host name not matching with X.509 Subject
Alternative Names wildcard: matches
### Restarting node "primary"
# Running: pg_ctl -w -D
/home/nbyavuz/postgres/src/test/ssl/tmp_check/t_001_ssltests_primary_data/pgdata
-l
/home/nbyavuz/postgres/src/test/ssl/tmp_check/log/001_ssltests_primary.log
restart
waiting for server to shut down.... done
server stopped
waiting for server to start.... done
server started
# Postmaster PID for node "primary" is 36115
[11:41:28.567](0.285s) ok 64 - host name matching with a single X.509
Subject Alternative Name
[11:41:28.567](0.000s) ok 65 - host name matching with a single X.509
Subject Alternative Name: no stderr
[11:41:28.614](0.047s) ok 66 - host name not matching with a single X.509
Subject Alternative Name
[11:41:28.615](0.000s) ok 67 - host name not matching with a single X.509
Subject Alternative Name: matches
[11:41:28.662](0.047s) ok 68 - host name not matching with a single X.509
Subject Alternative Name wildcard
[11:41:28.663](0.000s) ok 69 - host name not matching with a single X.509
Subject Alternative Name wildcard: matches
### Restarting node "primary"
# Running: pg_ctl -w -D
/home/nbyavuz/postgres/src/test/ssl/tmp_check/t_001_ssltests_primary_data/pgdata
-l
/home/nbyavuz/postgres/src/test/ssl/tmp_check/log/001_ssltests_primary.log
restart
waiting for server to shut down.... done
server stopped
waiting for server to start.... done
server started
# Postmaster PID for node "primary" is 16329
[11:41:28.957](0.294s) ok 70 - host matching an IPv4 address (Subject
Alternative Name 1)
[11:41:28.957](0.000s) ok 71 - host matching an IPv4 address (Subject
Alternative Name 1): no stderr
[11:41:29.014](0.057s) ok 72 - host matching an IPv4 address in alternate
form (Subject Alternative Name 1)
[11:41:29.014](0.000s) ok 73 - host matching an IPv4 address in alternate
form (Subject Alternative Name 1): no stderr
[11:41:29.061](0.047s) ok 74 - host not matching an IPv4 address (Subject
Alternative Name 1)
[11:41:29.062](0.000s) ok 75 - host not matching an IPv4 address (Subject
Alternative Name 1): matches
[11:41:29.099](0.037s) ok 76 - IPv4 host with CIDR mask does not match
[11:41:29.100](0.001s) not ok 77 - IPv4 host with CIDR mask does not match:
matches
[11:41:29.100](0.000s)
[11:41:29.100](0.000s) # Failed test 'IPv4 host with CIDR mask does not
match: matches'
# at t/001_ssltests.pl line 336.
[11:41:29.100](0.000s) # 'psql: error: connection to
server at "127.0.0.1", port 60779 failed: could not set SSL Server Name
Indication (SNI): ssl3 ext invalid servername'
# doesn't match '(?^:server\ certificate\ for\ \"192\.0\.2\.1\"\ \(and\
1\ other\ name\)\ does\ not\ match\ host\ name\ \"192\.0\.2\.1\/32\")'
[11:41:29.156](0.056s) ok 78 - host matching an IPv6 address (Subject
Alternative Name 2)
[11:41:29.157](0.000s) ok 79 - host matching an IPv6 address (Subject
Alternative Name 2): no stderr
[11:41:29.213](0.056s) ok 80 - host matching an IPv6 address in alternate
form (Subject Alternative Name 2)
[11:41:29.213](0.000s) ok 81 - host matching an IPv6 address in alternate
form (Subject Alternative Name 2): no stderr
[11:41:29.270](0.057s) ok 82 - host matching an IPv6 address in mixed form
(Subject Alternative Name 2)
[11:41:29.270](0.000s) ok 83 - host matching an IPv6 address in mixed form
(Subject Alternative Name 2): no stderr
[11:41:29.318](0.047s) ok 84 - host not matching an IPv6 address (Subject
Alternative Name 2)
[11:41:29.318](0.000s) ok 85 - host not matching an IPv6 address (Subject
Alternative Name 2): matches
[11:41:29.365](0.047s) ok 86 - IPv6 host with CIDR mask does not match
[11:41:29.365](0.000s) ok 87 - IPv6 host with CIDR mask does not match:
matches
### Restarting node "primary"
# Running: pg_ctl -w -D
/home/nbyavuz/postgres/src/test/ssl/tmp_check/t_001_ssltests_primary_data/pgdata
-l
/home/nbyavuz/postgres/src/test/ssl/tmp_check/log/001_ssltests_primary.log
restart
waiting for server to shut down.... done
server stopped
waiting for server to start.... done
server started
# Postmaster PID for node "primary" is 72297
[11:41:29.650](0.285s) ok 88 - certificate with both a CN and SANs 1
[11:41:29.650](0.000s) ok 89 - certificate with both a CN and SANs 1: no
stderr
[11:41:29.707](0.057s) ok 90 - certificate with both a CN and SANs 2
[11:41:29.708](0.000s) ok 91 - certificate with both a CN and SANs 2: no
stderr
[11:41:29.755](0.047s) ok 92 - certificate with both a CN and SANs ignores
CN
[11:41:29.755](0.000s) ok 93 - certificate with both a CN and SANs ignores
CN: matches
### Restarting node "primary"
# Running: pg_ctl -w -D
/home/nbyavuz/postgres/src/test/ssl/tmp_check/t_001_ssltests_primary_data/pgdata
-l
/home/nbyavuz/postgres/src/test/ssl/tmp_check/log/001_ssltests_primary.log
restart
waiting for server to shut down.... done
server stopped
waiting for server to start.... done
server started
# Postmaster PID for node "primary" is 78347
[11:41:30.068](0.313s) ok 94 - certificate with both a CN and IP SANs
matches CN
[11:41:30.068](0.000s) ok 95 - certificate with both a CN and IP SANs
matches CN: no stderr
[11:41:30.125](0.057s) ok 96 - certificate with both a CN and IP SANs
matches SAN 1
[11:41:30.126](0.000s) ok 97 - certificate with both a CN and IP SANs
matches SAN 1: no stderr
[11:41:30.182](0.056s) ok 98 - certificate with both a CN and IP SANs
matches SAN 2
[11:41:30.182](0.000s) ok 99 - certificate with both a CN and IP SANs
matches SAN 2: no stderr
### Restarting node "primary"
# Running: pg_ctl -w -D
/home/nbyavuz/postgres/src/test/ssl/tmp_check/t_001_ssltests_primary_data/pgdata
-l
/home/nbyavuz/postgres/src/test/ssl/tmp_check/log/001_ssltests_primary.log
restart
waiting for server to shut down.... done
server stopped
waiting for server to start.... done
server started
# Postmaster PID for node "primary" is 11103
[11:41:30.467](0.285s) ok 100 - certificate with both an IP CN and IP SANs
1
[11:41:30.468](0.000s) ok 101 - certificate with both an IP CN and IP SANs
1: no stderr
[11:41:30.524](0.056s) ok 102 - certificate with both an IP CN and IP SANs
2
[11:41:30.524](0.000s) ok 103 - certificate with both an IP CN and IP SANs
2: no stderr
[11:41:30.572](0.047s) ok 104 - certificate with both an IP CN and IP SANs
ignores CN
[11:41:30.572](0.000s) ok 105 - certificate with both an IP CN and IP SANs
ignores CN: matches
### Restarting node "primary"
# Running: pg_ctl -w -D
/home/nbyavuz/postgres/src/test/ssl/tmp_check/t_001_ssltests_primary_data/pgdata
-l
/home/nbyavuz/postgres/src/test/ssl/tmp_check/log/001_ssltests_primary.log
restart
waiting for server to shut down.... done
server stopped
waiting for server to start.... done
server started
# Postmaster PID for node "primary" is 51804
[11:41:30.857](0.285s) ok 106 - certificate with both an IP CN and DNS SANs
matches CN
[11:41:30.857](0.000s) ok 107 - certificate with both an IP CN and DNS SANs
matches CN: no stderr
[11:41:30.914](0.056s) ok 108 - certificate with both an IP CN and DNS SANs
matches SAN 1
[11:41:30.914](0.000s) ok 109 - certificate with both an IP CN and DNS SANs
matches SAN 1: no stderr
[11:41:30.971](0.057s) ok 110 - certificate with both an IP CN and DNS SANs
matches SAN 2
[11:41:30.971](0.000s) ok 111 - certificate with both an IP CN and DNS SANs
matches SAN 2: no stderr
### Restarting node "primary"
# Running: pg_ctl -w -D
/home/nbyavuz/postgres/src/test/ssl/tmp_check/t_001_ssltests_primary_data/pgdata
-l
/home/nbyavuz/postgres/src/test/ssl/tmp_check/log/001_ssltests_primary.log
restart
waiting for server to shut down.... done
server stopped
waiting for server to start.... done
server started
# Postmaster PID for node "primary" is 44894
[11:41:31.256](0.284s) ok 112 - server certificate without CN or SANs
sslmode=verify-ca
[11:41:31.256](0.000s) ok 113 - server certificate without CN or SANs
sslmode=verify-ca: no stderr
[11:41:31.313](0.057s) ok 114 - server certificate without CN or SANs
sslmode=verify-full
[11:41:31.313](0.000s) ok 115 - server certificate without CN or SANs
sslmode=verify-full: matches
### Restarting node "primary"
# Running: pg_ctl -w -D
/home/nbyavuz/postgres/src/test/ssl/tmp_check/t_001_ssltests_primary_data/pgdata
-l
/home/nbyavuz/postgres/src/test/ssl/tmp_check/log/001_ssltests_primary.log
restart
waiting for server to shut down.... done
server stopped
waiting for server to start.... done
server started
# Postmaster PID for node "primary" is 76454
[11:41:31.598](0.285s) ok 116 - connects without client-side CRL
[11:41:31.598](0.000s) ok 117 - connects without client-side CRL: no
stderr
[11:41:31.634](0.036s) ok 118 - does not connect with client-side CRL file
[11:41:31.635](0.000s) ok 119 - does not connect with client-side CRL file:
matches
[11:41:31.702](0.067s) ok 120 - does not connect with client-side CRL
directory
[11:41:31.703](0.000s) ok 121 - does not connect with client-side CRL
directory: matches
# Running: psql -X -A -F , -P null=_null_ -d sslkey=invalid sslcert=invalid
sslrootcert=invalid sslcrl=invalid sslcrldir=invalid user=ssltestuser
dbname=trustdb hostaddr=127.0.0.1 host=common-name.pg-ssltest.test
sslrootcert=invalid -c SELECT * FROM pg_stat_ssl WHERE pid =
pg_backend_pid()
[11:41:31.759](0.056s) ok 122 - pg_stat_ssl view without client certificate:
exit code 0
[11:41:31.759](0.001s) ok 123 - pg_stat_ssl view without client certificate:
no stderr
[11:41:31.760](0.000s) ok 124 - pg_stat_ssl view without client certificate:
matches
[11:41:31.949](0.190s) ok 125 - connection success with correct range of TLS
protocol versions
[11:41:31.950](0.000s) ok 126 - connection success with correct range of TLS
protocol versions: no stderr
[11:41:31.978](0.028s) ok 127 - connection failure with incorrect range of
TLS protocol versions
[11:41:31.978](0.000s) ok 128 - connection failure with incorrect range of
TLS protocol versions: matches
[11:41:32.006](0.028s) ok 129 - connection failure with an incorrect SSL
protocol minimum bound
[11:41:32.007](0.000s) ok 130 - connection failure with an incorrect SSL
protocol minimum bound: matches
[11:41:32.035](0.028s) ok 131 - connection failure with an incorrect SSL
protocol maximum bound
[11:41:32.035](0.000s) ok 132 - connection failure with an incorrect SSL
protocol maximum bound: matches
[11:41:32.036](0.000s) # running server tests
[11:41:32.092](0.056s) ok 133 - certificate authorization fails without
client cert
[11:41:32.092](0.000s) ok 134 - certificate authorization fails without
client cert: matches
[11:41:32.187](0.094s) ok 135 - certificate authorization succeeds with
correct client cert in PEM format
[11:41:32.187](0.000s) ok 136 - certificate authorization succeeds with
correct client cert in PEM format: no stderr
[11:41:32.272](0.085s) ok 137 - certificate authorization succeeds with
correct client cert in DER format
[11:41:32.272](0.000s) ok 138 - certificate authorization succeeds with
correct client cert in DER format: no stderr
[11:41:32.329](0.057s) ok 139 - certificate authorization succeeds with
correct client cert in encrypted PEM format
[11:41:32.330](0.000s) ok 140 - certificate authorization succeeds with
correct client cert in encrypted PEM format: no stderr
[11:41:32.386](0.057s) ok 141 - certificate authorization succeeds with
correct client cert in encrypted DER format
[11:41:32.387](0.000s) ok 142 - certificate authorization succeeds with
correct client cert in encrypted DER format: no stderr
[11:41:32.424](0.038s) ok 143 - certificate authorization fails with correct
client cert and wrong password in encrypted PEM format
[11:41:32.425](0.000s) ok 144 - certificate authorization fails with correct
client cert and wrong password in encrypted PEM format: matches
[11:41:32.548](0.123s) ok 145 - certificate authorization succeeds with DN
mapping
[11:41:32.548](0.000s) ok 146 - certificate authorization succeeds with DN
mapping: no stderr
[11:41:32.549](0.001s) ok 147 - certificate authorization succeeds with DN
mapping: log matches
[11:41:32.633](0.085s) ok 148 - certificate authorization succeeds with DN
regex mapping
[11:41:32.634](0.000s) ok 149 - certificate authorization succeeds with DN
regex mapping: no stderr
[11:41:32.709](0.076s) ok 150 - certificate authorization succeeds with CN
mapping
[11:41:32.710](0.000s) ok 151 - certificate authorization succeeds with CN
mapping: no stderr
[11:41:32.710](0.000s) ok 152 - certificate authorization succeeds with CN
mapping: log matches
[11:41:32.711](0.001s) not ok 153 # TODO & SKIP Need Pty support
[11:41:32.711](0.000s) not ok 154 # TODO & SKIP Need Pty support
[11:41:32.711](0.000s) not ok 155 # TODO & SKIP Need Pty support
[11:41:32.711](0.000s) not ok 156 # TODO & SKIP Need Pty support
Hexadecimal number > 0xffffffff non-portable at t/001_ssltests.pl line
628.
# Running: psql -X -A -F , -P null=_null_ -d sslkey=invalid sslcert=invalid
sslrootcert=invalid sslcrl=invalid sslcrldir=invalid
sslrootcert=ssl/root+server_ca.crt sslmode=require dbname=certdb
hostaddr=127.0.0.1 host=localhost user=ssltestuser sslcert=ssl/client.crt
sslkey=/home/nbyavuz/postgres/src/test/ssl/tmp_check/tmp_test_Wgl4/client.key
-c SELECT * FROM pg_stat_ssl WHERE pid = pg_backend_pid()
[11:41:32.861](0.149s) ok 157 - pg_stat_ssl with client certificate: exit
code 0
[11:41:32.861](0.001s) ok 158 - pg_stat_ssl with client certificate: no
stderr
[11:41:32.862](0.000s) ok 159 - pg_stat_ssl with client certificate:
matches
[11:41:32.899](0.038s) ok 160 - certificate authorization fails because of
file permissions
[11:41:32.900](0.001s) ok 161 - certificate authorization fails because of
file permissions: matches
[11:41:32.956](0.056s) ok 162 - certificate authorization fails with client
cert belonging to another user
[11:41:32.957](0.000s) ok 163 - certificate authorization fails with client
cert belonging to another user: matches
[11:41:32.957](0.000s) ok 164 - certificate authorization fails with client
cert belonging to another user: log matches
[11:41:33.013](0.056s) ok 165 - certificate authorization fails with revoked
client cert
[11:41:33.014](0.000s) ok 166 - certificate authorization fails with revoked
client cert: matches
[11:41:33.014](0.000s) ok 167 - certificate authorization fails with revoked
client cert: log does not match
[11:41:33.089](0.075s) ok 168 - auth_option clientcert=verify-full succeeds
with matching username and Common Name
[11:41:33.090](0.000s) ok 169 - auth_option clientcert=verify-full succeeds
with matching username and Common Name: no stderr
[11:41:33.090](0.001s) ok 170 - auth_option clientcert=verify-full succeeds
with matching username and Common Name: log does not match
[11:41:33.146](0.056s) ok 171 - auth_option clientcert=verify-full fails
with mismatching username and Common Name
[11:41:33.147](0.000s) ok 172 - auth_option clientcert=verify-full fails
with mismatching username and Common Name: matches
[11:41:33.147](0.000s) ok 173 - auth_option clientcert=verify-full fails
with mismatching username and Common Name: log does not match
[11:41:33.213](0.066s) ok 174 - auth_option clientcert=verify-ca succeeds
with mismatching username and Common Name
[11:41:33.214](0.001s) ok 175 - auth_option clientcert=verify-ca succeeds
with mismatching username and Common Name: no stderr
[11:41:33.214](0.001s) ok 176 - auth_option clientcert=verify-ca succeeds
with mismatching username and Common Name: log does not match
### Restarting node "primary"
# Running: pg_ctl -w -D
/home/nbyavuz/postgres/src/test/ssl/tmp_check/t_001_ssltests_primary_data/pgdata
-l
/home/nbyavuz/postgres/src/test/ssl/tmp_check/log/001_ssltests_primary.log
restart
waiting for server to shut down.... done
server stopped
waiting for server to start.... done
server started
# Postmaster PID for node "primary" is 41620
[11:41:33.507](0.293s) ok 177 - intermediate client certificate is provided
by client
[11:41:33.508](0.000s) ok 178 - intermediate client certificate is provided
by client: no stderr
[11:41:33.564](0.057s) ok 179 - intermediate client certificate is missing
[11:41:33.565](0.001s) ok 180 - intermediate client certificate is missing:
matches
### Restarting node "primary"
# Running: pg_ctl -w -D
/home/nbyavuz/postgres/src/test/ssl/tmp_check/t_001_ssltests_primary_data/pgdata
-l
/home/nbyavuz/postgres/src/test/ssl/tmp_check/log/001_ssltests_primary.log
restart
waiting for server to shut down.... done
server stopped
waiting for server to start.... done
server started
# Postmaster PID for node "primary" is 11261
[11:41:33.830](0.266s) ok 181 - certificate authorization fails with revoked
client cert with server-side CRL directory
[11:41:33.831](0.000s) ok 182 - certificate authorization fails with revoked
client cert with server-side CRL directory: matches
[11:41:33.831](0.001s) 1..182
### Stopping node "primary" using mode immediate
# Running: pg_ctl -D
/home/nbyavuz/postgres/src/test/ssl/tmp_check/t_001_ssltests_primary_data/pgdata
-m immediate stop
waiting for server to shut down.... done
server stopped
# No postmaster PID for node "primary"
[11:41:33.936](0.105s) # Looks like you failed 1 test of 182.
001_ssltests_primary.log:
2022-06-17 11:41:19.555 UTC [3599] LOG: starting PostgreSQL 15beta1 on
x86_64-unknown-openbsd7.1, compiled by OpenBSD clang version 13.0.0,
64-bit
2022-06-17 11:41:19.560 UTC [3599] LOG: listening on Unix socket
"/tmp/j3eM1DJbn4/.s.PGSQL.60779"
2022-06-17 11:41:19.566 UTC [91568] LOG: database system was shut down at
2022-06-17 11:41:19 UTC
2022-06-17 11:41:19.577 UTC [3599] LOG: database system is ready to accept
connections
2022-06-17 11:41:19.660 UTC [84074] 001_ssltests.pl LOG: statement: SHOW
ssl_library
2022-06-17 11:41:19.688 UTC [99895] 001_ssltests.pl LOG: statement: CREATE
USER ssltestuser
2022-06-17 11:41:19.705 UTC [72146] 001_ssltests.pl LOG: statement: CREATE
USER md5testuser
2022-06-17 11:41:19.724 UTC [88214] 001_ssltests.pl LOG: statement: CREATE
USER anotheruser
2022-06-17 11:41:19.743 UTC [68479] 001_ssltests.pl LOG: statement: CREATE
USER yetanotheruser
2022-06-17 11:41:19.762 UTC [78282] 001_ssltests.pl LOG: statement: CREATE
DATABASE trustdb
2022-06-17 11:41:20.522 UTC [32871] 001_ssltests.pl LOG: statement: CREATE
DATABASE certdb
2022-06-17 11:41:21.283 UTC [34104] 001_ssltests.pl LOG: statement: CREATE
DATABASE certdb_dn
2022-06-17 11:41:22.042 UTC [90910] 001_ssltests.pl LOG: statement: CREATE
DATABASE certdb_dn_re
2022-06-17 11:41:22.803 UTC [56551] 001_ssltests.pl LOG: statement: CREATE
DATABASE certdb_cn
2022-06-17 11:41:23.562 UTC [45859] 001_ssltests.pl LOG: statement: CREATE
DATABASE verifydb
2022-06-17 11:41:24.637 UTC [3599] LOG: received fast shutdown request
2022-06-17 11:41:24.637 UTC [3599] LOG: aborting any active transactions
2022-06-17 11:41:24.640 UTC [3599] LOG: background worker "logical
replication launcher" (PID 33986) exited with exit code 1
2022-06-17 11:41:24.641 UTC [82217] LOG: shutting down
2022-06-17 11:41:24.641 UTC [82217] LOG: checkpoint starting: shutdown
immediate
2022-06-17 11:41:24.916 UTC [82217] LOG: checkpoint complete: wrote 4438
buffers (27.1%); 0 WAL file(s) added, 0 removed, 2 recycled; write=0.252 s,
sync=0.001 s, total=0.276 s; sync files=0, longest=0.000 s, average=0.000 s;
distance=35720 kB, estimate=35720 kB
2022-06-17 11:41:24.947 UTC [3599] LOG: database system is shut down
2022-06-17 11:41:24.974 UTC [85461] LOG: starting PostgreSQL 15beta1 on
x86_64-unknown-openbsd7.1, compiled by OpenBSD clang version 13.0.0,
64-bit
2022-06-17 11:41:24.974 UTC [85461] LOG: listening on IPv4 address
"127.0.0.1", port 60779
2022-06-17 11:41:24.979 UTC [85461] LOG: listening on Unix socket
"/tmp/j3eM1DJbn4/.s.PGSQL.60779"
2022-06-17 11:41:24.985 UTC [67821] LOG: database system was shut down at
2022-06-17 11:41:24 UTC
2022-06-17 11:41:25.002 UTC [85461] LOG: database system is ready to accept
connections
2022-06-17 11:41:25.062 UTC [85461] LOG: received fast shutdown request
2022-06-17 11:41:25.062 UTC [85461] LOG: aborting any active transactions
2022-06-17 11:41:25.064 UTC [85461] LOG: background worker "logical
replication launcher" (PID 95840) exited with exit code 1
2022-06-17 11:41:25.064 UTC [41277] LOG: shutting down
2022-06-17 11:41:25.065 UTC [41277] LOG: checkpoint starting: shutdown
immediate
2022-06-17 11:41:25.072 UTC [41277] LOG: checkpoint complete: wrote 4
buffers (0.0%); 0 WAL file(s) added, 0 removed, 0 recycled; write=0.001 s,
sync=0.001 s, total=0.008 s; sync files=0, longest=0.000 s, average=0.000 s;
distance=0 kB, estimate=0 kB
2022-06-17 11:41:25.093 UTC [85461] LOG: database system is shut down
2022-06-17 11:41:25.186 UTC [26725] FATAL: could not load private key file
"server-password.key": bad decrypt
2022-06-17 11:41:25.189 UTC [26725] LOG: database system is shut down
2022-06-17 11:41:25.330 UTC [50027] LOG: starting PostgreSQL 15beta1 on
x86_64-unknown-openbsd7.1, compiled by OpenBSD clang version 13.0.0,
64-bit
2022-06-17 11:41:25.330 UTC [50027] LOG: listening on IPv4 address
"127.0.0.1", port 60779
2022-06-17 11:41:25.340 UTC [50027] LOG: listening on Unix socket
"/tmp/j3eM1DJbn4/.s.PGSQL.60779"
2022-06-17 11:41:25.346 UTC [79735] LOG: database system was shut down at
2022-06-17 11:41:25 UTC
2022-06-17 11:41:25.357 UTC [50027] LOG: database system is ready to accept
connections
2022-06-17 11:41:25.429 UTC [50027] LOG: received fast shutdown request
2022-06-17 11:41:25.429 UTC [50027] LOG: aborting any active transactions
2022-06-17 11:41:25.431 UTC [50027] LOG: background worker "logical
replication launcher" (PID 47216) exited with exit code 1
2022-06-17 11:41:25.431 UTC [62413] LOG: shutting down
2022-06-17 11:41:25.431 UTC [62413] LOG: checkpoint starting: shutdown
immediate
2022-06-17 11:41:25.441 UTC [62413] LOG: checkpoint complete: wrote 3
buffers (0.0%); 0 WAL file(s) added, 0 removed, 0 recycled; write=0.001 s,
sync=0.001 s, total=0.010 s; sync files=0, longest=0.000 s, average=0.000 s;
distance=0 kB, estimate=0 kB
2022-06-17 11:41:25.461 UTC [50027] LOG: database system is shut down
2022-06-17 11:41:25.548 UTC [87729] FATAL: could not set maximum SSL
protocol version
2022-06-17 11:41:25.550 UTC [87729] LOG: database system is shut down
2022-06-17 11:41:25.693 UTC [22730] LOG: starting PostgreSQL 15beta1 on
x86_64-unknown-openbsd7.1, compiled by OpenBSD clang version 13.0.0,
64-bit
2022-06-17 11:41:25.693 UTC [22730] LOG: listening on IPv4 address
"127.0.0.1", port 60779
2022-06-17 11:41:25.698 UTC [22730] LOG: listening on Unix socket
"/tmp/j3eM1DJbn4/.s.PGSQL.60779"
2022-06-17 11:41:25.703 UTC [10004] LOG: database system was shut down at
2022-06-17 11:41:25 UTC
2022-06-17 11:41:25.715 UTC [22730] LOG: database system is ready to accept
connections
2022-06-17 11:41:25.771 UTC [22730] LOG: received fast shutdown request
2022-06-17 11:41:25.772 UTC [22730] LOG: aborting any active transactions
2022-06-17 11:41:25.773 UTC [22730] LOG: background worker "logical
replication launcher" (PID 68210) exited with exit code 1
2022-06-17 11:41:25.774 UTC [23030] LOG: shutting down
2022-06-17 11:41:25.774 UTC [23030] LOG: checkpoint starting: shutdown
immediate
2022-06-17 11:41:25.785 UTC [23030] LOG: checkpoint complete: wrote 3
buffers (0.0%); 0 WAL file(s) added, 0 removed, 0 recycled; write=0.001 s,
sync=0.001 s, total=0.012 s; sync files=0, longest=0.000 s, average=0.000 s;
distance=0 kB, estimate=0 kB
2022-06-17 11:41:25.808 UTC [22730] LOG: database system is shut down
2022-06-17 11:41:25.903 UTC [3662] LOG: starting PostgreSQL 15beta1 on
x86_64-unknown-openbsd7.1, compiled by OpenBSD clang version 13.0.0,
64-bit
2022-06-17 11:41:25.903 UTC [3662] LOG: listening on IPv4 address
"127.0.0.1", port 60779
2022-06-17 11:41:25.907 UTC [3662] LOG: listening on Unix socket
"/tmp/j3eM1DJbn4/.s.PGSQL.60779"
2022-06-17 11:41:25.913 UTC [31118] LOG: database system was shut down at
2022-06-17 11:41:25 UTC
2022-06-17 11:41:25.925 UTC [3662] LOG: database system is ready to accept
connections
2022-06-17 11:41:26.040 UTC [15442] [unknown] LOG: connection received:
host=localhost port=42016
2022-06-17 11:41:26.042 UTC [15442] [unknown] FATAL: no pg_hba.conf entry
for host "127.0.0.1", user "ssltestuser", database "trustdb", no
encryption
2022-06-17 11:41:26.042 UTC [15442] [unknown] DETAIL: Client IP address
resolved to "localhost", forward lookup not checked.
2022-06-17 11:41:26.068 UTC [85066] [unknown] LOG: connection received:
host=localhost port=35896
2022-06-17 11:41:26.179 UTC [85066] [unknown] LOG: connection authorized:
user=ssltestuser database=trustdb application_name=001_ssltests.pl SSL
enabled (protocol=TLSv1.3, cipher=TLS_AES_256_GCM_SHA384, bits=256)
2022-06-17 11:41:26.199 UTC [85066] 001_ssltests.pl LOG: statement: SELECT
$$connected with sslkey=invalid sslcert=invalid sslrootcert=invalid
sslcrl=invalid sslcrldir=invalid user=ssltestuser dbname=trustdb
hostaddr=127.0.0.1 host=common-name.pg-ssltest.test sslrootcert=invalid
sslmode=require$$
2022-06-17 11:41:26.230 UTC [66836] [unknown] LOG: connection received:
host=localhost port=24098
2022-06-17 11:41:26.236 UTC [66836] [unknown] LOG: could not accept SSL
connection: EOF detected
2022-06-17 11:41:26.258 UTC [13616] [unknown] LOG: connection received:
host=localhost port=28343
2022-06-17 11:41:26.266 UTC [13616] [unknown] LOG: could not accept SSL
connection: EOF detected
2022-06-17 11:41:26.287 UTC [22983] [unknown] LOG: connection received:
host=localhost port=31738
2022-06-17 11:41:26.313 UTC [22983] [unknown] LOG: could not accept SSL
connection: tlsv1 alert unknown ca
2022-06-17 11:41:26.324 UTC [17252] [unknown] LOG: connection received:
host=localhost port=35043
2022-06-17 11:41:26.348 UTC [17252] [unknown] LOG: could not accept SSL
connection: Broken pipe
2022-06-17 11:41:26.359 UTC [88052] [unknown] LOG: connection received:
host=localhost port=7219
2022-06-17 11:41:26.383 UTC [88052] [unknown] LOG: could not accept SSL
connection: Broken pipe
2022-06-17 11:41:26.410 UTC [59134] [unknown] LOG: connection received:
host=localhost port=7268
2022-06-17 11:41:26.437 UTC [59134] [unknown] LOG: could not accept SSL
connection: tlsv1 alert unknown ca
2022-06-17 11:41:26.467 UTC [74381] [unknown] LOG: connection received:
host=localhost port=10564
2022-06-17 11:41:26.494 UTC [74381] [unknown] LOG: connection authorized:
user=ssltestuser database=trustdb application_name=001_ssltests.pl SSL
enabled (protocol=TLSv1.3, cipher=TLS_AES_256_GCM_SHA384, bits=256)
2022-06-17 11:41:26.496 UTC [74381] 001_ssltests.pl LOG: statement: SELECT
$$connected with sslkey=invalid sslcert=invalid sslrootcert=invalid
sslcrl=invalid sslcrldir=invalid user=ssltestuser dbname=trustdb
hostaddr=127.0.0.1 host=common-name.pg-ssltest.test
sslrootcert=ssl/root+server_ca.crt sslmode=require$$
2022-06-17 11:41:26.524 UTC [25761] [unknown] LOG: connection received:
host=localhost port=18010
2022-06-17 11:41:26.552 UTC [25761] [unknown] LOG: connection authorized:
user=ssltestuser database=trustdb application_name=001_ssltests.pl SSL
enabled (protocol=TLSv1.3, cipher=TLS_AES_256_GCM_SHA384, bits=256)
2022-06-17 11:41:26.555 UTC [25761] 001_ssltests.pl LOG: statement: SELECT
$$connected with sslkey=invalid sslcert=invalid sslrootcert=invalid
sslcrl=invalid sslcrldir=invalid user=ssltestuser dbname=trustdb
hostaddr=127.0.0.1 host=common-name.pg-ssltest.test
sslrootcert=ssl/root+server_ca.crt sslmode=verify-ca$$
2022-06-17 11:41:26.581 UTC [1453] [unknown] LOG: connection received:
host=localhost port=12949
2022-06-17 11:41:26.607 UTC [1453] [unknown] LOG: connection authorized:
user=ssltestuser database=trustdb application_name=001_ssltests.pl SSL
enabled (protocol=TLSv1.3, cipher=TLS_AES_256_GCM_SHA384, bits=256)
2022-06-17 11:41:26.609 UTC [1453] 001_ssltests.pl LOG: statement: SELECT
$$connected with sslkey=invalid sslcert=invalid sslrootcert=invalid
sslcrl=invalid sslcrldir=invalid user=ssltestuser dbname=trustdb
hostaddr=127.0.0.1 host=common-name.pg-ssltest.test
sslrootcert=ssl/root+server_ca.crt sslmode=verify-full$$
2022-06-17 11:41:26.638 UTC [22297] [unknown] LOG: connection received:
host=localhost port=25255
2022-06-17 11:41:26.665 UTC [22297] [unknown] LOG: connection authorized:
user=ssltestuser database=trustdb application_name=001_ssltests.pl SSL
enabled (protocol=TLSv1.3, cipher=TLS_AES_256_GCM_SHA384, bits=256)
2022-06-17 11:41:26.667 UTC [22297] 001_ssltests.pl LOG: statement: SELECT
$$connected with sslkey=invalid sslcert=invalid sslrootcert=invalid
sslcrl=invalid sslcrldir=invalid user=ssltestuser dbname=trustdb
hostaddr=127.0.0.1 host=common-name.pg-ssltest.test
sslrootcert=ssl/both-cas-1.crt sslmode=verify-ca$$
2022-06-17 11:41:26.695 UTC [16039] [unknown] LOG: connection received:
host=localhost port=40890
2022-06-17 11:41:26.721 UTC [16039] [unknown] LOG: connection authorized:
user=ssltestuser database=trustdb application_name=001_ssltests.pl SSL
enabled (protocol=TLSv1.3, cipher=TLS_AES_256_GCM_SHA384, bits=256)
2022-06-17 11:41:26.723 UTC [16039] 001_ssltests.pl LOG: statement: SELECT
$$connected with sslkey=invalid sslcert=invalid sslrootcert=invalid
sslcrl=invalid sslcrldir=invalid user=ssltestuser dbname=trustdb
hostaddr=127.0.0.1 host=common-name.pg-ssltest.test
sslrootcert=ssl/both-cas-2.crt sslmode=verify-ca$$
2022-06-17 11:41:26.752 UTC [60969] [unknown] LOG: connection received:
host=localhost port=4716
2022-06-17 11:41:26.778 UTC [60969] [unknown] LOG: connection authorized:
user=ssltestuser database=trustdb application_name=001_ssltests.pl SSL
enabled (protocol=TLSv1.3, cipher=TLS_AES_256_GCM_SHA384, bits=256)
2022-06-17 11:41:26.780 UTC [60969] 001_ssltests.pl LOG: statement: SELECT
$$connected with sslkey=invalid sslcert=invalid sslrootcert=invalid
sslcrl=invalid sslcrldir=invalid user=ssltestuser dbname=trustdb
hostaddr=127.0.0.1 host=common-name.pg-ssltest.test
sslrootcert=ssl/root+server_ca.crt sslmode=verify-ca sslcrl=invalid$$
2022-06-17 11:41:26.810 UTC [7888] [unknown] LOG: connection received:
host=localhost port=22630
2022-06-17 11:41:26.837 UTC [7888] [unknown] LOG: could not accept SSL
connection: tlsv1 alert unknown ca
2022-06-17 11:41:26.849 UTC [5551] [unknown] LOG: connection received:
host=localhost port=31611
2022-06-17 11:41:26.875 UTC [5551] [unknown] LOG: could not accept SSL
connection: tlsv1 alert unknown ca
2022-06-17 11:41:26.904 UTC [90748] [unknown] LOG: connection received:
host=localhost port=41945
2022-06-17 11:41:26.932 UTC [90748] [unknown] LOG: connection authorized:
user=ssltestuser database=trustdb application_name=001_ssltests.pl SSL
enabled (protocol=TLSv1.3, cipher=TLS_AES_256_GCM_SHA384, bits=256)
2022-06-17 11:41:26.935 UTC [90748] 001_ssltests.pl LOG: statement: SELECT
$$connected with sslkey=invalid sslcert=invalid sslrootcert=invalid
sslcrl=invalid sslcrldir=invalid user=ssltestuser dbname=trustdb
hostaddr=127.0.0.1 host=common-name.pg-ssltest.test
sslrootcert=ssl/root+server_ca.crt sslmode=verify-ca
sslcrl=ssl/root+server.crl$$
2022-06-17 11:41:26.962 UTC [79027] [unknown] LOG: connection received:
host=localhost port=12761
2022-06-17 11:41:26.989 UTC [79027] [unknown] LOG: connection authorized:
user=ssltestuser database=trustdb application_name=001_ssltests.pl SSL
enabled (protocol=TLSv1.3, cipher=TLS_AES_256_GCM_SHA384, bits=256)
2022-06-17 11:41:26.991 UTC [79027] 001_ssltests.pl LOG: statement: SELECT
$$connected with sslkey=invalid sslcert=invalid sslrootcert=invalid
sslcrl=invalid sslcrldir=invalid user=ssltestuser dbname=trustdb
hostaddr=127.0.0.1 host=common-name.pg-ssltest.test
sslrootcert=ssl/root+server_ca.crt sslmode=verify-ca
sslcrldir=ssl/root+server-crldir$$
2022-06-17 11:41:27.019 UTC [7399] [unknown] LOG: connection received:
host=localhost port=17594
2022-06-17 11:41:27.044 UTC [7399] [unknown] LOG: connection authorized:
user=ssltestuser database=trustdb application_name=001_ssltests.pl SSL
enabled (protocol=TLSv1.3, cipher=TLS_AES_256_GCM_SHA384, bits=256)
2022-06-17 11:41:27.046 UTC [7399] 001_ssltests.pl LOG: statement: SELECT
$$connected with sslkey=invalid sslcert=invalid sslrootcert=invalid
sslcrl=invalid sslcrldir=invalid user=ssltestuser dbname=trustdb
sslrootcert=ssl/root+server_ca.crt hostaddr=127.0.0.1 sslmode=require
host=wronghost.test$$
2022-06-17 11:41:27.075 UTC [27584] [unknown] LOG: connection received:
host=localhost port=28008
2022-06-17 11:41:27.101 UTC [27584] [unknown] LOG: connection authorized:
user=ssltestuser database=trustdb application_name=001_ssltests.pl SSL
enabled (protocol=TLSv1.3, cipher=TLS_AES_256_GCM_SHA384, bits=256)
2022-06-17 11:41:27.103 UTC [27584] 001_ssltests.pl LOG: statement: SELECT
$$connected with sslkey=invalid sslcert=invalid sslrootcert=invalid
sslcrl=invalid sslcrldir=invalid user=ssltestuser dbname=trustdb
sslrootcert=ssl/root+server_ca.crt hostaddr=127.0.0.1 sslmode=verify-ca
host=wronghost.test$$
2022-06-17 11:41:27.133 UTC [30772] [unknown] LOG: connection received:
host=localhost port=5907
2022-06-17 11:41:27.178 UTC [3662] LOG: received fast shutdown request
2022-06-17 11:41:27.178 UTC [3662] LOG: aborting any active transactions
2022-06-17 11:41:27.179 UTC [3662] LOG: background worker "logical
replication launcher" (PID 71399) exited with exit code 1
2022-06-17 11:41:27.180 UTC [2584] LOG: shutting down
2022-06-17 11:41:27.181 UTC [2584] LOG: checkpoint starting: shutdown
immediate
2022-06-17 11:41:27.188 UTC [2584] LOG: checkpoint complete: wrote 4
buffers (0.0%); 0 WAL file(s) added, 0 removed, 0 recycled; write=0.001 s,
sync=0.001 s, total=0.008 s; sync files=0, longest=0.000 s, average=0.000 s;
distance=0 kB, estimate=0 kB
2022-06-17 11:41:27.211 UTC [3662] LOG: database system is shut down
2022-06-17 11:41:27.310 UTC [70825] LOG: starting PostgreSQL 15beta1 on
x86_64-unknown-openbsd7.1, compiled by OpenBSD clang version 13.0.0,
64-bit
2022-06-17 11:41:27.310 UTC [70825] LOG: listening on IPv4 address
"127.0.0.1", port 60779
2022-06-17 11:41:27.315 UTC [70825] LOG: listening on Unix socket
"/tmp/j3eM1DJbn4/.s.PGSQL.60779"
2022-06-17 11:41:27.321 UTC [60084] LOG: database system was shut down at
2022-06-17 11:41:27 UTC
2022-06-17 11:41:27.337 UTC [70825] LOG: database system is ready to accept
connections
2022-06-17 11:41:27.389 UTC [39846] [unknown] LOG: connection received:
host=localhost port=33879
2022-06-17 11:41:27.415 UTC [39846] [unknown] LOG: connection authorized:
user=ssltestuser database=trustdb application_name=001_ssltests.pl SSL
enabled (protocol=TLSv1.3, cipher=TLS_AES_256_GCM_SHA384, bits=256)
2022-06-17 11:41:27.436 UTC [39846] 001_ssltests.pl LOG: statement: SELECT
$$connected with sslkey=invalid sslcert=invalid sslrootcert=invalid
sslcrl=invalid sslcrldir=invalid user=ssltestuser dbname=trustdb
sslrootcert=ssl/root+server_ca.crt hostaddr=127.0.0.1 sslmode=verify-full
host=192.0.2.1$$
2022-06-17 11:41:27.465 UTC [3188] [unknown] LOG: connection received:
host=localhost port=43639
2022-06-17 11:41:27.510 UTC [70825] LOG: received fast shutdown request
2022-06-17 11:41:27.510 UTC [70825] LOG: aborting any active transactions
2022-06-17 11:41:27.513 UTC [70825] LOG: background worker "logical
replication launcher" (PID 52233) exited with exit code 1
2022-06-17 11:41:27.513 UTC [81857] LOG: shutting down
2022-06-17 11:41:27.513 UTC [81857] LOG: checkpoint starting: shutdown
immediate
2022-06-17 11:41:27.521 UTC [81857] LOG: checkpoint complete: wrote 3
buffers (0.0%); 0 WAL file(s) added, 0 removed, 0 recycled; write=0.001 s,
sync=0.001 s, total=0.008 s; sync files=0, longest=0.000 s, average=0.000 s;
distance=0 kB, estimate=0 kB
2022-06-17 11:41:27.541 UTC [70825] LOG: database system is shut down
2022-06-17 11:41:27.643 UTC [8665] LOG: starting PostgreSQL 15beta1 on
x86_64-unknown-openbsd7.1, compiled by OpenBSD clang version 13.0.0,
64-bit
2022-06-17 11:41:27.643 UTC [8665] LOG: listening on IPv4 address
"127.0.0.1", port 60779
2022-06-17 11:41:27.647 UTC [8665] LOG: listening on Unix socket
"/tmp/j3eM1DJbn4/.s.PGSQL.60779"
2022-06-17 11:41:27.652 UTC [91997] LOG: database system was shut down at
2022-06-17 11:41:27 UTC
2022-06-17 11:41:27.669 UTC [8665] LOG: database system is ready to accept
connections
2022-06-17 11:41:27.722 UTC [11512] [unknown] LOG: connection received:
host=localhost port=7969
2022-06-17 11:41:27.748 UTC [11512] [unknown] LOG: connection authorized:
user=ssltestuser database=trustdb application_name=001_ssltests.pl SSL
enabled (protocol=TLSv1.3, cipher=TLS_AES_256_GCM_SHA384, bits=256)
2022-06-17 11:41:27.770 UTC [11512] 001_ssltests.pl LOG: statement: SELECT
$$connected with sslkey=invalid sslcert=invalid sslrootcert=invalid
sslcrl=invalid sslcrldir=invalid user=ssltestuser dbname=trustdb
sslrootcert=ssl/root+server_ca.crt hostaddr=127.0.0.1 sslmode=verify-full
host=192.0.2.1$$
2022-06-17 11:41:27.796 UTC [8665] LOG: received fast shutdown request
2022-06-17 11:41:27.796 UTC [8665] LOG: aborting any active transactions
2022-06-17 11:41:27.798 UTC [8665] LOG: background worker "logical
replication launcher" (PID 53119) exited with exit code 1
2022-06-17 11:41:27.798 UTC [6310] LOG: shutting down
2022-06-17 11:41:27.798 UTC [6310] LOG: checkpoint starting: shutdown
immediate
2022-06-17 11:41:27.808 UTC [6310] LOG: checkpoint complete: wrote 3
buffers (0.0%); 0 WAL file(s) added, 0 removed, 0 recycled; write=0.001 s,
sync=0.001 s, total=0.010 s; sync files=0, longest=0.000 s, average=0.000 s;
distance=0 kB, estimate=0 kB
2022-06-17 11:41:27.828 UTC [8665] LOG: database system is shut down
2022-06-17 11:41:27.925 UTC [92989] LOG: starting PostgreSQL 15beta1 on
x86_64-unknown-openbsd7.1, compiled by OpenBSD clang version 13.0.0,
64-bit
2022-06-17 11:41:27.925 UTC [92989] LOG: listening on IPv4 address
"127.0.0.1", port 60779
2022-06-17 11:41:27.930 UTC [92989] LOG: listening on Unix socket
"/tmp/j3eM1DJbn4/.s.PGSQL.60779"
2022-06-17 11:41:27.935 UTC [35440] LOG: database system was shut down at
2022-06-17 11:41:27 UTC
2022-06-17 11:41:27.952 UTC [92989] LOG: database system is ready to accept
connections
2022-06-17 11:41:28.006 UTC [88293] [unknown] LOG: connection received:
host=localhost port=18104
2022-06-17 11:41:28.032 UTC [88293] [unknown] LOG: connection authorized:
user=ssltestuser database=trustdb application_name=001_ssltests.pl SSL
enabled (protocol=TLSv1.3, cipher=TLS_AES_256_GCM_SHA384, bits=256)
2022-06-17 11:41:28.051 UTC [88293] 001_ssltests.pl LOG: statement: SELECT
$$connected with sslkey=invalid sslcert=invalid sslrootcert=invalid
sslcrl=invalid sslcrldir=invalid user=ssltestuser dbname=trustdb
sslrootcert=ssl/root+server_ca.crt hostaddr=127.0.0.1 sslmode=verify-full
host=dns1.alt-name.pg-ssltest.test$$
2022-06-17 11:41:28.082 UTC [57200] [unknown] LOG: connection received:
host=localhost port=45622
2022-06-17 11:41:28.109 UTC [57200] [unknown] LOG: connection authorized:
user=ssltestuser database=trustdb application_name=001_ssltests.pl SSL
enabled (protocol=TLSv1.3, cipher=TLS_AES_256_GCM_SHA384, bits=256)
2022-06-17 11:41:28.111 UTC [57200] 001_ssltests.pl LOG: statement: SELECT
$$connected with sslkey=invalid sslcert=invalid sslrootcert=invalid
sslcrl=invalid sslcrldir=invalid user=ssltestuser dbname=trustdb
sslrootcert=ssl/root+server_ca.crt hostaddr=127.0.0.1 sslmode=verify-full
host=dns2.alt-name.pg-ssltest.test$$
2022-06-17 11:41:28.139 UTC [21427] [unknown] LOG: connection received:
host=localhost port=22541
2022-06-17 11:41:28.166 UTC [21427] [unknown] LOG: connection authorized:
user=ssltestuser database=trustdb application_name=001_ssltests.pl SSL
enabled (protocol=TLSv1.3, cipher=TLS_AES_256_GCM_SHA384, bits=256)
2022-06-17 11:41:28.169 UTC [21427] 001_ssltests.pl LOG: statement: SELECT
$$connected with sslkey=invalid sslcert=invalid sslrootcert=invalid
sslcrl=invalid sslcrldir=invalid user=ssltestuser dbname=trustdb
sslrootcert=ssl/root+server_ca.crt hostaddr=127.0.0.1 sslmode=verify-full
host=foo.wildcard.pg-ssltest.test$$
2022-06-17 11:41:28.197 UTC [70804] [unknown] LOG: connection received:
host=localhost port=40533
2022-06-17 11:41:28.244 UTC [89045] [unknown] LOG: connection received:
host=localhost port=47885
2022-06-17 11:41:28.290 UTC [92989] LOG: received fast shutdown request
2022-06-17 11:41:28.290 UTC [92989] LOG: aborting any active transactions
2022-06-17 11:41:28.292 UTC [92989] LOG: background worker "logical
replication launcher" (PID 39291) exited with exit code 1
2022-06-17 11:41:28.292 UTC [47704] LOG: shutting down
2022-06-17 11:41:28.292 UTC [47704] LOG: checkpoint starting: shutdown
immediate
2022-06-17 11:41:28.301 UTC [47704] LOG: checkpoint complete: wrote 3
buffers (0.0%); 0 WAL file(s) added, 0 removed, 0 recycled; write=0.001 s,
sync=0.001 s, total=0.009 s; sync files=0, longest=0.000 s, average=0.000 s;
distance=0 kB, estimate=0 kB
2022-06-17 11:41:28.325 UTC [92989] LOG: database system is shut down
2022-06-17 11:41:28.420 UTC [36115] LOG: starting PostgreSQL 15beta1 on
x86_64-unknown-openbsd7.1, compiled by OpenBSD clang version 13.0.0,
64-bit
2022-06-17 11:41:28.420 UTC [36115] LOG: listening on IPv4 address
"127.0.0.1", port 60779
2022-06-17 11:41:28.424 UTC [36115] LOG: listening on Unix socket
"/tmp/j3eM1DJbn4/.s.PGSQL.60779"
2022-06-17 11:41:28.429 UTC [35498] LOG: database system was shut down at
2022-06-17 11:41:28 UTC
2022-06-17 11:41:28.443 UTC [36115] LOG: database system is ready to accept
connections
2022-06-17 11:41:28.500 UTC [2647] [unknown] LOG: connection received:
host=localhost port=37073
2022-06-17 11:41:28.527 UTC [2647] [unknown] LOG: connection authorized:
user=ssltestuser database=trustdb application_name=001_ssltests.pl SSL
enabled (protocol=TLSv1.3, cipher=TLS_AES_256_GCM_SHA384, bits=256)
2022-06-17 11:41:28.546 UTC [2647] 001_ssltests.pl LOG: statement: SELECT
$$connected with sslkey=invalid sslcert=invalid sslrootcert=invalid
sslcrl=invalid sslcrldir=invalid user=ssltestuser dbname=trustdb
sslrootcert=ssl/root+server_ca.crt hostaddr=127.0.0.1 sslmode=verify-full
host=single.alt-name.pg-ssltest.test$$
2022-06-17 11:41:28.576 UTC [81617] [unknown] LOG: connection received:
host=localhost port=43340
2022-06-17 11:41:28.624 UTC [63450] [unknown] LOG: connection received:
host=localhost port=30939
2022-06-17 11:41:28.679 UTC [36115] LOG: received fast shutdown request
2022-06-17 11:41:28.679 UTC [36115] LOG: aborting any active transactions
2022-06-17 11:41:28.682 UTC [36115] LOG: background worker "logical
replication launcher" (PID 71329) exited with exit code 1
2022-06-17 11:41:28.682 UTC [85867] LOG: shutting down
2022-06-17 11:41:28.682 UTC [85867] LOG: checkpoint starting: shutdown
immediate
2022-06-17 11:41:28.690 UTC [85867] LOG: checkpoint complete: wrote 3
buffers (0.0%); 0 WAL file(s) added, 0 removed, 0 recycled; write=0.001 s,
sync=0.001 s, total=0.009 s; sync files=0, longest=0.000 s, average=0.000 s;
distance=0 kB, estimate=0 kB
2022-06-17 11:41:28.710 UTC [36115] LOG: database system is shut down
2022-06-17 11:41:28.812 UTC [16329] LOG: starting PostgreSQL 15beta1 on
x86_64-unknown-openbsd7.1, compiled by OpenBSD clang version 13.0.0,
64-bit
2022-06-17 11:41:28.812 UTC [16329] LOG: listening on IPv4 address
"127.0.0.1", port 60779
2022-06-17 11:41:28.817 UTC [16329] LOG: listening on Unix socket
"/tmp/j3eM1DJbn4/.s.PGSQL.60779"
2022-06-17 11:41:28.822 UTC [77896] LOG: database system was shut down at
2022-06-17 11:41:28 UTC
2022-06-17 11:41:28.839 UTC [16329] LOG: database system is ready to accept
connections
2022-06-17 11:41:28.890 UTC [19765] [unknown] LOG: connection received:
host=localhost port=16839
2022-06-17 11:41:28.915 UTC [19765] [unknown] LOG: connection authorized:
user=ssltestuser database=trustdb application_name=001_ssltests.pl SSL
enabled (protocol=TLSv1.3, cipher=TLS_AES_256_GCM_SHA384, bits=256)
2022-06-17 11:41:28.935 UTC [19765] 001_ssltests.pl LOG: statement: SELECT
$$connected with sslkey=invalid sslcert=invalid sslrootcert=invalid
sslcrl=invalid sslcrldir=invalid user=ssltestuser dbname=trustdb
sslrootcert=ssl/root+server_ca.crt hostaddr=127.0.0.1 sslmode=verify-full
host=192.0.2.1$$
2022-06-17 11:41:28.966 UTC [68733] [unknown] LOG: connection received:
host=localhost port=19018
2022-06-17 11:41:28.992 UTC [68733] [unknown] LOG: connection authorized:
user=ssltestuser database=trustdb application_name=001_ssltests.pl SSL
enabled (protocol=TLSv1.3, cipher=TLS_AES_256_GCM_SHA384, bits=256)
2022-06-17 11:41:28.994 UTC [68733] 001_ssltests.pl LOG: statement: SELECT
$$connected with sslkey=invalid sslcert=invalid sslrootcert=invalid
sslcrl=invalid sslcrldir=invalid user=ssltestuser dbname=trustdb
sslrootcert=ssl/root+server_ca.crt hostaddr=127.0.0.1 sslmode=verify-full
host=192.000.002.001$$
2022-06-17 11:41:29.023 UTC [47936] [unknown] LOG: connection received:
host=localhost port=11131
2022-06-17 11:41:29.070 UTC [88014] [unknown] LOG: connection received:
host=localhost port=45722
2022-06-17 11:41:29.079 UTC [88014] [unknown] LOG: could not accept SSL
connection: EOF detected
2022-06-17 11:41:29.109 UTC [8786] [unknown] LOG: connection received:
host=localhost port=33286
2022-06-17 11:41:29.135 UTC [8786] [unknown] LOG: connection authorized:
user=ssltestuser database=trustdb application_name=001_ssltests.pl SSL
enabled (protocol=TLSv1.3, cipher=TLS_AES_256_GCM_SHA384, bits=256)
2022-06-17 11:41:29.137 UTC [8786] 001_ssltests.pl LOG: statement: SELECT
$$connected with sslkey=invalid sslcert=invalid sslrootcert=invalid
sslcrl=invalid sslcrldir=invalid user=ssltestuser dbname=trustdb
sslrootcert=ssl/root+server_ca.crt hostaddr=127.0.0.1 sslmode=verify-full
host=2001:DB8::1$$
2022-06-17 11:41:29.166 UTC [17365] [unknown] LOG: connection received:
host=localhost port=17614
2022-06-17 11:41:29.191 UTC [17365] [unknown] LOG: connection authorized:
user=ssltestuser database=trustdb application_name=001_ssltests.pl SSL
enabled (protocol=TLSv1.3, cipher=TLS_AES_256_GCM_SHA384, bits=256)
2022-06-17 11:41:29.193 UTC [17365] 001_ssltests.pl LOG: statement: SELECT
$$connected with sslkey=invalid sslcert=invalid sslrootcert=invalid
sslcrl=invalid sslcrldir=invalid user=ssltestuser dbname=trustdb
sslrootcert=ssl/root+server_ca.crt hostaddr=127.0.0.1 sslmode=verify-full
host=2001:db8:0:0:0:0:0:1$$
2022-06-17 11:41:29.222 UTC [39750] [unknown] LOG: connection received:
host=localhost port=32076
2022-06-17 11:41:29.250 UTC [39750] [unknown] LOG: connection authorized:
user=ssltestuser database=trustdb application_name=001_ssltests.pl SSL
enabled (protocol=TLSv1.3, cipher=TLS_AES_256_GCM_SHA384, bits=256)
2022-06-17 11:41:29.253 UTC [39750] 001_ssltests.pl LOG: statement: SELECT
$$connected with sslkey=invalid sslcert=invalid sslrootcert=invalid
sslcrl=invalid sslcrldir=invalid user=ssltestuser dbname=trustdb
sslrootcert=ssl/root+server_ca.crt hostaddr=127.0.0.1 sslmode=verify-full
host=2001:db8::0.0.0.1$$
2022-06-17 11:41:29.279 UTC [97578] [unknown] LOG: connection received:
host=localhost port=11656
2022-06-17 11:41:29.327 UTC [4085] [unknown] LOG: connection received:
host=localhost port=17670
2022-06-17 11:41:29.372 UTC [16329] LOG: received fast shutdown request
2022-06-17 11:41:29.372 UTC [16329] LOG: aborting any active transactions
2022-06-17 11:41:29.374 UTC [16329] LOG: background worker "logical
replication launcher" (PID 46756) exited with exit code 1
2022-06-17 11:41:29.375 UTC [4330] LOG: shutting down
2022-06-17 11:41:29.375 UTC [4330] LOG: checkpoint starting: shutdown
immediate
2022-06-17 11:41:29.383 UTC [4330] LOG: checkpoint complete: wrote 3
buffers (0.0%); 0 WAL file(s) added, 0 removed, 0 recycled; write=0.001 s,
sync=0.001 s, total=0.009 s; sync files=0, longest=0.000 s, average=0.000 s;
distance=0 kB, estimate=0 kB
2022-06-17 11:41:29.404 UTC [16329] LOG: database system is shut down
2022-06-17 11:41:29.505 UTC [72297] LOG: starting PostgreSQL 15beta1 on
x86_64-unknown-openbsd7.1, compiled by OpenBSD clang version 13.0.0,
64-bit
2022-06-17 11:41:29.505 UTC [72297] LOG: listening on IPv4 address
"127.0.0.1", port 60779
2022-06-17 11:41:29.510 UTC [72297] LOG: listening on Unix socket
"/tmp/j3eM1DJbn4/.s.PGSQL.60779"
2022-06-17 11:41:29.516 UTC [50268] LOG: database system was shut down at
2022-06-17 11:41:29 UTC
2022-06-17 11:41:29.532 UTC [72297] LOG: database system is ready to accept
connections
2022-06-17 11:41:29.584 UTC [32470] [unknown] LOG: connection received:
host=localhost port=38919
2022-06-17 11:41:29.611 UTC [32470] [unknown] LOG: connection authorized:
user=ssltestuser database=trustdb application_name=001_ssltests.pl SSL
enabled (protocol=TLSv1.3, cipher=TLS_AES_256_GCM_SHA384, bits=256)
2022-06-17 11:41:29.631 UTC [32470] 001_ssltests.pl LOG: statement: SELECT
$$connected with sslkey=invalid sslcert=invalid sslrootcert=invalid
sslcrl=invalid sslcrldir=invalid user=ssltestuser dbname=trustdb
sslrootcert=ssl/root+server_ca.crt hostaddr=127.0.0.1 sslmode=verify-full
host=dns1.alt-name.pg-ssltest.test$$
2022-06-17 11:41:29.660 UTC [66739] [unknown] LOG: connection received:
host=localhost port=32896
2022-06-17 11:41:29.686 UTC [66739] [unknown] LOG: connection authorized:
user=ssltestuser database=trustdb application_name=001_ssltests.pl SSL
enabled (protocol=TLSv1.3, cipher=TLS_AES_256_GCM_SHA384, bits=256)
2022-06-17 11:41:29.689 UTC [66739] 001_ssltests.pl LOG: statement: SELECT
$$connected with sslkey=invalid sslcert=invalid sslrootcert=invalid
sslcrl=invalid sslcrldir=invalid user=ssltestuser dbname=trustdb
sslrootcert=ssl/root+server_ca.crt hostaddr=127.0.0.1 sslmode=verify-full
host=dns2.alt-name.pg-ssltest.test$$
2022-06-17 11:41:29.717 UTC [77143] [unknown] LOG: connection received:
host=localhost port=32697
2022-06-17 11:41:29.782 UTC [72297] LOG: received fast shutdown request
2022-06-17 11:41:29.782 UTC [72297] LOG: aborting any active transactions
2022-06-17 11:41:29.785 UTC [72297] LOG: background worker "logical
replication launcher" (PID 30496) exited with exit code 1
2022-06-17 11:41:29.785 UTC [50777] LOG: shutting down
2022-06-17 11:41:29.785 UTC [50777] LOG: checkpoint starting: shutdown
immediate
2022-06-17 11:41:29.796 UTC [50777] LOG: checkpoint complete: wrote 3
buffers (0.0%); 0 WAL file(s) added, 0 removed, 0 recycled; write=0.001 s,
sync=0.001 s, total=0.011 s; sync files=0, longest=0.000 s, average=0.000 s;
distance=0 kB, estimate=0 kB
2022-06-17 11:41:29.817 UTC [72297] LOG: database system is shut down
2022-06-17 11:41:29.921 UTC [78347] LOG: starting PostgreSQL 15beta1 on
x86_64-unknown-openbsd7.1, compiled by OpenBSD clang version 13.0.0,
64-bit
2022-06-17 11:41:29.921 UTC [78347] LOG: listening on IPv4 address
"127.0.0.1", port 60779
2022-06-17 11:41:29.926 UTC [78347] LOG: listening on Unix socket
"/tmp/j3eM1DJbn4/.s.PGSQL.60779"
2022-06-17 11:41:29.931 UTC [42086] LOG: database system was shut down at
2022-06-17 11:41:29 UTC
2022-06-17 11:41:29.948 UTC [78347] LOG: database system is ready to accept
connections
2022-06-17 11:41:30.002 UTC [67653] [unknown] LOG: connection received:
host=localhost port=25293
2022-06-17 11:41:30.027 UTC [67653] [unknown] LOG: connection authorized:
user=ssltestuser database=trustdb application_name=001_ssltests.pl SSL
enabled (protocol=TLSv1.3, cipher=TLS_AES_256_GCM_SHA384, bits=256)
2022-06-17 11:41:30.047 UTC [67653] 001_ssltests.pl LOG: statement: SELECT
$$connected with sslkey=invalid sslcert=invalid sslrootcert=invalid
sslcrl=invalid sslcrldir=invalid user=ssltestuser dbname=trustdb
sslrootcert=ssl/root+server_ca.crt hostaddr=127.0.0.1 sslmode=verify-full
host=common-name.pg-ssltest.test$$
2022-06-17 11:41:30.079 UTC [42393] [unknown] LOG: connection received:
host=localhost port=44334
2022-06-17 11:41:30.107 UTC [42393] [unknown] LOG: connection authorized:
user=ssltestuser database=trustdb application_name=001_ssltests.pl SSL
enabled (protocol=TLSv1.3, cipher=TLS_AES_256_GCM_SHA384, bits=256)
2022-06-17 11:41:30.109 UTC [42393] 001_ssltests.pl LOG: statement: SELECT
$$connected with sslkey=invalid sslcert=invalid sslrootcert=invalid
sslcrl=invalid sslcrldir=invalid user=ssltestuser dbname=trustdb
sslrootcert=ssl/root+server_ca.crt hostaddr=127.0.0.1 sslmode=verify-full
host=192.0.2.1$$
2022-06-17 11:41:30.136 UTC [976] [unknown] LOG: connection received:
host=localhost port=18090
2022-06-17 11:41:30.163 UTC [976] [unknown] LOG: connection authorized:
user=ssltestuser database=trustdb application_name=001_ssltests.pl SSL
enabled (protocol=TLSv1.3, cipher=TLS_AES_256_GCM_SHA384, bits=256)
2022-06-17 11:41:30.165 UTC [976] 001_ssltests.pl LOG: statement: SELECT
$$connected with sslkey=invalid sslcert=invalid sslrootcert=invalid
sslcrl=invalid sslcrldir=invalid user=ssltestuser dbname=trustdb
sslrootcert=ssl/root+server_ca.crt hostaddr=127.0.0.1 sslmode=verify-full
host=2001:db8::1$$
2022-06-17 11:41:30.190 UTC [78347] LOG: received fast shutdown request
2022-06-17 11:41:30.190 UTC [78347] LOG: aborting any active transactions
2022-06-17 11:41:30.191 UTC [78347] LOG: background worker "logical
replication launcher" (PID 92912) exited with exit code 1
2022-06-17 11:41:30.192 UTC [82153] LOG: shutting down
2022-06-17 11:41:30.192 UTC [82153] LOG: checkpoint starting: shutdown
immediate
2022-06-17 11:41:30.203 UTC [82153] LOG: checkpoint complete: wrote 3
buffers (0.0%); 0 WAL file(s) added, 0 removed, 0 recycled; write=0.001 s,
sync=0.001 s, total=0.011 s; sync files=0, longest=0.000 s, average=0.000 s;
distance=0 kB, estimate=0 kB
2022-06-17 11:41:30.227 UTC [78347] LOG: database system is shut down
2022-06-17 11:41:30.323 UTC [11103] LOG: starting PostgreSQL 15beta1 on
x86_64-unknown-openbsd7.1, compiled by OpenBSD clang version 13.0.0,
64-bit
2022-06-17 11:41:30.324 UTC [11103] LOG: listening on IPv4 address
"127.0.0.1", port 60779
2022-06-17 11:41:30.329 UTC [11103] LOG: listening on Unix socket
"/tmp/j3eM1DJbn4/.s.PGSQL.60779"
2022-06-17 11:41:30.334 UTC [52864] LOG: database system was shut down at
2022-06-17 11:41:30 UTC
2022-06-17 11:41:30.350 UTC [11103] LOG: database system is ready to accept
connections
2022-06-17 11:41:30.402 UTC [43187] [unknown] LOG: connection received:
host=localhost port=36382
2022-06-17 11:41:30.430 UTC [43187] [unknown] LOG: connection authorized:
user=ssltestuser database=trustdb application_name=001_ssltests.pl SSL
enabled (protocol=TLSv1.3, cipher=TLS_AES_256_GCM_SHA384, bits=256)
2022-06-17 11:41:30.451 UTC [43187] 001_ssltests.pl LOG: statement: SELECT
$$connected with sslkey=invalid sslcert=invalid sslrootcert=invalid
sslcrl=invalid sslcrldir=invalid user=ssltestuser dbname=trustdb
sslrootcert=ssl/root+server_ca.crt hostaddr=127.0.0.1 sslmode=verify-full
host=192.0.2.2$$
2022-06-17 11:41:30.477 UTC [66403] [unknown] LOG: connection received:
host=localhost port=12213
2022-06-17 11:41:30.505 UTC [66403] [unknown] LOG: connection authorized:
user=ssltestuser database=trustdb application_name=001_ssltests.pl SSL
enabled (protocol=TLSv1.3, cipher=TLS_AES_256_GCM_SHA384, bits=256)
2022-06-17 11:41:30.507 UTC [66403] 001_ssltests.pl LOG: statement: SELECT
$$connected with sslkey=invalid sslcert=invalid sslrootcert=invalid
sslcrl=invalid sslcrldir=invalid user=ssltestuser dbname=trustdb
sslrootcert=ssl/root+server_ca.crt hostaddr=127.0.0.1 sslmode=verify-full
host=2001:db8::1$$
2022-06-17 11:41:30.533 UTC [51855] [unknown] LOG: connection received:
host=localhost port=14070
2022-06-17 11:41:30.579 UTC [11103] LOG: received fast shutdown request
2022-06-17 11:41:30.580 UTC [11103] LOG: aborting any active transactions
2022-06-17 11:41:30.581 UTC [11103] LOG: background worker "logical
replication launcher" (PID 19121) exited with exit code 1
2022-06-17 11:41:30.582 UTC [5786] LOG: shutting down
2022-06-17 11:41:30.582 UTC [5786] LOG: checkpoint starting: shutdown
immediate
2022-06-17 11:41:30.593 UTC [5786] LOG: checkpoint complete: wrote 3
buffers (0.0%); 0 WAL file(s) added, 0 removed, 0 recycled; write=0.001 s,
sync=0.001 s, total=0.011 s; sync files=0, longest=0.000 s, average=0.000 s;
distance=0 kB, estimate=0 kB
2022-06-17 11:41:30.621 UTC [11103] LOG: database system is shut down
2022-06-17 11:41:30.716 UTC [51804] LOG: starting PostgreSQL 15beta1 on
x86_64-unknown-openbsd7.1, compiled by OpenBSD clang version 13.0.0,
64-bit
2022-06-17 11:41:30.717 UTC [51804] LOG: listening on IPv4 address
"127.0.0.1", port 60779
2022-06-17 11:41:30.723 UTC [51804] LOG: listening on Unix socket
"/tmp/j3eM1DJbn4/.s.PGSQL.60779"
2022-06-17 11:41:30.728 UTC [55266] LOG: database system was shut down at
2022-06-17 11:41:30 UTC
2022-06-17 11:41:30.746 UTC [51804] LOG: database system is ready to accept
connections
2022-06-17 11:41:30.790 UTC [52575] [unknown] LOG: connection received:
host=localhost port=47052
2022-06-17 11:41:30.817 UTC [52575] [unknown] LOG: connection authorized:
user=ssltestuser database=trustdb application_name=001_ssltests.pl SSL
enabled (protocol=TLSv1.3, cipher=TLS_AES_256_GCM_SHA384, bits=256)
2022-06-17 11:41:30.837 UTC [52575] 001_ssltests.pl LOG: statement: SELECT
$$connected with sslkey=invalid sslcert=invalid sslrootcert=invalid
sslcrl=invalid sslcrldir=invalid user=ssltestuser dbname=trustdb
sslrootcert=ssl/root+server_ca.crt hostaddr=127.0.0.1 sslmode=verify-full
host=192.0.2.1$$
2022-06-17 11:41:30.867 UTC [49622] [unknown] LOG: connection received:
host=localhost port=6826
2022-06-17 11:41:30.893 UTC [49622] [unknown] LOG: connection authorized:
user=ssltestuser database=trustdb application_name=001_ssltests.pl SSL
enabled (protocol=TLSv1.3, cipher=TLS_AES_256_GCM_SHA384, bits=256)
2022-06-17 11:41:30.896 UTC [49622] 001_ssltests.pl LOG: statement: SELECT
$$connected with sslkey=invalid sslcert=invalid sslrootcert=invalid
sslcrl=invalid sslcrldir=invalid user=ssltestuser dbname=trustdb
sslrootcert=ssl/root+server_ca.crt hostaddr=127.0.0.1 sslmode=verify-full
host=dns1.alt-name.pg-ssltest.test$$
2022-06-17 11:41:30.923 UTC [17067] [unknown] LOG: connection received:
host=localhost port=47285
2022-06-17 11:41:30.949 UTC [17067] [unknown] LOG: connection authorized:
user=ssltestuser database=trustdb application_name=001_ssltests.pl SSL
enabled (protocol=TLSv1.3, cipher=TLS_AES_256_GCM_SHA384, bits=256)
2022-06-17 11:41:30.951 UTC [17067] 001_ssltests.pl LOG: statement: SELECT
$$connected with sslkey=invalid sslcert=invalid sslrootcert=invalid
sslcrl=invalid sslcrldir=invalid user=ssltestuser dbname=trustdb
sslrootcert=ssl/root+server_ca.crt hostaddr=127.0.0.1 sslmode=verify-full
host=dns2.alt-name.pg-ssltest.test$$
2022-06-17 11:41:30.978 UTC [51804] LOG: received fast shutdown request
2022-06-17 11:41:30.978 UTC [51804] LOG: aborting any active transactions
2022-06-17 11:41:30.981 UTC [51804] LOG: background worker "logical
replication launcher" (PID 92360) exited with exit code 1
2022-06-17 11:41:30.981 UTC [60371] LOG: shutting down
2022-06-17 11:41:30.981 UTC [60371] LOG: checkpoint starting: shutdown
immediate
2022-06-17 11:41:30.988 UTC [60371] LOG: checkpoint complete: wrote 3
buffers (0.0%); 0 WAL file(s) added, 0 removed, 0 recycled; write=0.001 s,
sync=0.001 s, total=0.008 s; sync files=0, longest=0.000 s, average=0.000 s;
distance=0 kB, estimate=0 kB
2022-06-17 11:41:31.009 UTC [51804] LOG: database system is shut down
2022-06-17 11:41:31.109 UTC [44894] LOG: starting PostgreSQL 15beta1 on
x86_64-unknown-openbsd7.1, compiled by OpenBSD clang version 13.0.0,
64-bit
2022-06-17 11:41:31.110 UTC [44894] LOG: listening on IPv4 address
"127.0.0.1", port 60779
2022-06-17 11:41:31.114 UTC [44894] LOG: listening on Unix socket
"/tmp/j3eM1DJbn4/.s.PGSQL.60779"
2022-06-17 11:41:31.119 UTC [7543] LOG: database system was shut down at
2022-06-17 11:41:30 UTC
2022-06-17 11:41:31.134 UTC [44894] LOG: database system is ready to accept
connections
2022-06-17 11:41:31.189 UTC [78781] [unknown] LOG: connection received:
host=localhost port=39000
2022-06-17 11:41:31.216 UTC [78781] [unknown] LOG: connection authorized:
user=ssltestuser database=trustdb application_name=001_ssltests.pl SSL
enabled (protocol=TLSv1.3, cipher=TLS_AES_256_GCM_SHA384, bits=256)
2022-06-17 11:41:31.237 UTC [78781] 001_ssltests.pl LOG: statement: SELECT
$$connected with sslkey=invalid sslcert=invalid sslrootcert=invalid
sslcrl=invalid sslcrldir=invalid user=ssltestuser dbname=trustdb
sslrootcert=ssl/root+server_ca.crt hostaddr=127.0.0.1 sslmode=verify-ca
host=common-name.pg-ssltest.test$$
2022-06-17 11:41:31.265 UTC [678] [unknown] LOG: connection received:
host=localhost port=35290
2022-06-17 11:41:31.320 UTC [44894] LOG: received fast shutdown request
2022-06-17 11:41:31.320 UTC [44894] LOG: aborting any active transactions
2022-06-17 11:41:31.322 UTC [44894] LOG: background worker "logical
replication launcher" (PID 12390) exited with exit code 1
2022-06-17 11:41:31.322 UTC [49403] LOG: shutting down
2022-06-17 11:41:31.323 UTC [49403] LOG: checkpoint starting: shutdown
immediate
2022-06-17 11:41:31.330 UTC [49403] LOG: checkpoint complete: wrote 3
buffers (0.0%); 0 WAL file(s) added, 0 removed, 0 recycled; write=0.001 s,
sync=0.001 s, total=0.008 s; sync files=0, longest=0.000 s, average=0.000 s;
distance=0 kB, estimate=0 kB
2022-06-17 11:41:31.350 UTC [44894] LOG: database system is shut down
2022-06-17 11:41:31.451 UTC [76454] LOG: starting PostgreSQL 15beta1 on
x86_64-unknown-openbsd7.1, compiled by OpenBSD clang version 13.0.0,
64-bit
2022-06-17 11:41:31.451 UTC [76454] LOG: listening on IPv4 address
"127.0.0.1", port 60779
2022-06-17 11:41:31.456 UTC [76454] LOG: listening on Unix socket
"/tmp/j3eM1DJbn4/.s.PGSQL.60779"
2022-06-17 11:41:31.461 UTC [1523] LOG: database system was shut down at
2022-06-17 11:41:31 UTC
2022-06-17 11:41:31.475 UTC [76454] LOG: database system is ready to accept
connections
2022-06-17 11:41:31.531 UTC [23578] [unknown] LOG: connection received:
host=localhost port=33359
2022-06-17 11:41:31.556 UTC [23578] [unknown] LOG: connection authorized:
user=ssltestuser database=trustdb application_name=001_ssltests.pl SSL
enabled (protocol=TLSv1.3, cipher=TLS_AES_256_GCM_SHA384, bits=256)
2022-06-17 11:41:31.578 UTC [23578] 001_ssltests.pl LOG: statement: SELECT
$$connected with sslkey=invalid sslcert=invalid sslrootcert=invalid
sslcrl=invalid sslcrldir=invalid user=ssltestuser dbname=trustdb
hostaddr=127.0.0.1 host=common-name.pg-ssltest.test
sslrootcert=ssl/root+server_ca.crt sslmode=verify-ca$$
2022-06-17 11:41:31.607 UTC [88775] [unknown] LOG: connection received:
host=localhost port=16582
2022-06-17 11:41:31.632 UTC [88775] [unknown] LOG: could not accept SSL
connection: Broken pipe
2022-06-17 11:41:31.644 UTC [17489] [unknown] LOG: connection received:
host=localhost port=25811
2022-06-17 11:41:31.688 UTC [17489] [unknown] LOG: could not accept SSL
connection: sslv3 alert certificate revoked
2022-06-17 11:41:31.712 UTC [57150] [unknown] LOG: connection received:
host=localhost port=9442
2022-06-17 11:41:31.736 UTC [57150] [unknown] LOG: connection authorized:
user=ssltestuser database=trustdb application_name=001_ssltests.pl SSL
enabled (protocol=TLSv1.3, cipher=TLS_AES_256_GCM_SHA384, bits=256)
2022-06-17 11:41:31.738 UTC [57150] 001_ssltests.pl LOG: statement: SELECT
* FROM pg_stat_ssl WHERE pid = pg_backend_pid()
2022-06-17 11:41:31.769 UTC [87985] [unknown] LOG: connection received:
host=localhost port=9027
2022-06-17 11:41:31.926 UTC [87985] [unknown] LOG: connection authorized:
user=ssltestuser database=trustdb application_name=001_ssltests.pl SSL
enabled (protocol=TLSv1.2, cipher=ECDHE-RSA-AES256-GCM-SHA384, bits=256)
2022-06-17 11:41:31.929 UTC [87985] 001_ssltests.pl LOG: statement: SELECT
$$connected with sslkey=invalid sslcert=invalid sslrootcert=invalid
sslcrl=invalid sslcrldir=invalid user=ssltestuser dbname=trustdb
hostaddr=127.0.0.1 host=common-name.pg-ssltest.test
sslrootcert=ssl/root+server_ca.crt sslmode=require
ssl_min_protocol_version=TLSv1.2 ssl_max_protocol_version=TLSv1.2$$
2022-06-17 11:41:32.045 UTC [39006] [unknown] LOG: connection received:
host=localhost port=6084
2022-06-17 11:41:32.072 UTC [39006] [unknown] FATAL: connection requires a
valid client certificate
2022-06-17 11:41:32.102 UTC [55938] [unknown] LOG: connection received:
host=localhost port=5241
2022-06-17 11:41:32.134 UTC [55938] [unknown] LOG: connection
authenticated: identity="CN=ssltestuser" method=cert
(/home/nbyavuz/postgres/src/test/ssl/tmp_check/t_001_ssltests_primary_data/pgdata/pg_hba.conf:7)
2022-06-17 11:41:32.134 UTC [55938] [unknown] LOG: connection authorized:
user=ssltestuser database=certdb application_name=001_ssltests.pl SSL
enabled (protocol=TLSv1.3, cipher=TLS_AES_256_GCM_SHA384, bits=256)
2022-06-17 11:41:32.172 UTC [55938] 001_ssltests.pl LOG: statement: SELECT
$$connected with sslkey=invalid sslcert=invalid sslrootcert=invalid
sslcrl=invalid sslcrldir=invalid sslrootcert=ssl/root+server_ca.crt
sslmode=require dbname=certdb hostaddr=127.0.0.1 host=localhost
user=ssltestuser sslcert=ssl/client.crt
sslkey=/home/nbyavuz/postgres/src/test/ssl/tmp_check/tmp_test_Wgl4/client.key$$
2022-06-17 11:41:32.196 UTC [20788] [unknown] LOG: connection received:
host=localhost port=39105
2022-06-17 11:41:32.249 UTC [20788] [unknown] LOG: connection
authenticated: identity="CN=ssltestuser" method=cert
(/home/nbyavuz/postgres/src/test/ssl/tmp_check/t_001_ssltests_primary_data/pgdata/pg_hba.conf:7)
2022-06-17 11:41:32.250 UTC [20788] [unknown] LOG: connection authorized:
user=ssltestuser database=certdb application_name=001_ssltests.pl SSL
enabled (protocol=TLSv1.3, cipher=TLS_AES_256_GCM_SHA384, bits=256)
2022-06-17 11:41:32.252 UTC [20788] 001_ssltests.pl LOG: statement: SELECT
$$connected with sslkey=invalid sslcert=invalid sslrootcert=invalid
sslcrl=invalid sslcrldir=invalid sslrootcert=ssl/root+server_ca.crt
sslmode=require dbname=certdb hostaddr=127.0.0.1 host=localhost
user=ssltestuser sslcert=ssl/client.crt
sslkey=/home/nbyavuz/postgres/src/test/ssl/tmp_check/tmp_test_Wgl4/client-der.key$$
2022-06-17 11:41:32.282 UTC [22420] [unknown] LOG: connection received:
host=localhost port=35056
2022-06-17 11:41:32.312 UTC [22420] [unknown] LOG: connection
authenticated: identity="CN=ssltestuser" method=cert
(/home/nbyavuz/postgres/src/test/ssl/tmp_check/t_001_ssltests_primary_data/pgdata/pg_hba.conf:7)
2022-06-17 11:41:32.312 UTC [22420] [unknown] LOG: connection authorized:
user=ssltestuser database=certdb application_name=001_ssltests.pl SSL
enabled (protocol=TLSv1.3, cipher=TLS_AES_256_GCM_SHA384, bits=256)
2022-06-17 11:41:32.314 UTC [22420] 001_ssltests.pl LOG: statement: SELECT
$$connected with sslkey=invalid sslcert=invalid sslrootcert=invalid
sslcrl=invalid sslcrldir=invalid sslrootcert=ssl/root+server_ca.crt
sslmode=require dbname=certdb hostaddr=127.0.0.1 host=localhost
user=ssltestuser sslcert=ssl/client.crt
sslkey=/home/nbyavuz/postgres/src/test/ssl/tmp_check/tmp_test_Wgl4/client-encrypted-pem.key
sslpassword='dUmmyP^#+'$$
2022-06-17 11:41:32.339 UTC [71108] [unknown] LOG: connection received:
host=localhost port=42731
2022-06-17 11:41:32.368 UTC [71108] [unknown] LOG: connection
authenticated: identity="CN=ssltestuser" method=cert
(/home/nbyavuz/postgres/src/test/ssl/tmp_check/t_001_ssltests_primary_data/pgdata/pg_hba.conf:7)
2022-06-17 11:41:32.368 UTC [71108] [unknown] LOG: connection authorized:
user=ssltestuser database=certdb application_name=001_ssltests.pl SSL
enabled (protocol=TLSv1.3, cipher=TLS_AES_256_GCM_SHA384, bits=256)
2022-06-17 11:41:32.371 UTC [71108] 001_ssltests.pl LOG: statement: SELECT
$$connected with sslkey=invalid sslcert=invalid sslrootcert=invalid
sslcrl=invalid sslcrldir=invalid sslrootcert=ssl/root+server_ca.crt
sslmode=require dbname=certdb hostaddr=127.0.0.1 host=localhost
user=ssltestuser sslcert=ssl/client.crt
sslkey=/home/nbyavuz/postgres/src/test/ssl/tmp_check/tmp_test_Wgl4/client-encrypted-der.key
sslpassword='dUmmyP^#+'$$
2022-06-17 11:41:32.396 UTC [67680] [unknown] LOG: connection received:
host=localhost port=35717
2022-06-17 11:41:32.406 UTC [67680] [unknown] LOG: could not accept SSL
connection: EOF detected
2022-06-17 11:41:32.434 UTC [78178] [unknown] LOG: connection received:
host=localhost port=28010
2022-06-17 11:41:32.502 UTC [78178] [unknown] LOG: connection
authenticated: identity="CN=ssltestuser-dn,OU=Testing,OU=Engineering,O=PGDG"
method=cert
(/home/nbyavuz/postgres/src/test/ssl/tmp_check/t_001_ssltests_primary_data/pgdata/pg_hba.conf:8)
2022-06-17 11:41:32.502 UTC [78178] [unknown] LOG: connection authorized:
user=ssltestuser database=certdb_dn application_name=001_ssltests.pl SSL
enabled (protocol=TLSv1.3, cipher=TLS_AES_256_GCM_SHA384, bits=256)
2022-06-17 11:41:32.526 UTC [78178] 001_ssltests.pl LOG: statement: SELECT
$$connected with sslkey=invalid sslcert=invalid sslrootcert=invalid
sslcrl=invalid sslcrldir=invalid sslrootcert=ssl/root+server_ca.crt
sslmode=require dbname=certdb hostaddr=127.0.0.1 host=localhost
dbname=certdb_dn user=ssltestuser sslcert=ssl/client-dn.crt
sslkey=/home/nbyavuz/postgres/src/test/ssl/tmp_check/tmp_test_Wgl4/client-dn.key$$
2022-06-17 11:41:32.559 UTC [42327] [unknown] LOG: connection received:
host=localhost port=14444
2022-06-17 11:41:32.591 UTC [42327] [unknown] LOG: connection
authenticated: identity="CN=ssltestuser-dn,OU=Testing,OU=Engineering,O=PGDG"
method=cert
(/home/nbyavuz/postgres/src/test/ssl/tmp_check/t_001_ssltests_primary_data/pgdata/pg_hba.conf:9)
2022-06-17 11:41:32.591 UTC [42327] [unknown] LOG: connection authorized:
user=ssltestuser database=certdb_dn_re application_name=001_ssltests.pl SSL
enabled (protocol=TLSv1.3, cipher=TLS_AES_256_GCM_SHA384, bits=256)
2022-06-17 11:41:32.615 UTC [42327] 001_ssltests.pl LOG: statement: SELECT
$$connected with sslkey=invalid sslcert=invalid sslrootcert=invalid
sslcrl=invalid sslcrldir=invalid sslrootcert=ssl/root+server_ca.crt
sslmode=require dbname=certdb hostaddr=127.0.0.1 host=localhost
dbname=certdb_dn_re user=ssltestuser sslcert=ssl/client-dn.crt
sslkey=/home/nbyavuz/postgres/src/test/ssl/tmp_check/tmp_test_Wgl4/client-dn.key$$
2022-06-17 11:41:32.643 UTC [65112] [unknown] LOG: connection received:
host=localhost port=22348
2022-06-17 11:41:32.673 UTC [65112] [unknown] LOG: connection
authenticated: identity="CN=ssltestuser-dn,OU=Testing,OU=Engineering,O=PGDG"
method=cert
(/home/nbyavuz/postgres/src/test/ssl/tmp_check/t_001_ssltests_primary_data/pgdata/pg_hba.conf:10)
2022-06-17 11:41:32.673 UTC [65112] [unknown] LOG: connection authorized:
user=ssltestuser database=certdb_cn application_name=001_ssltests.pl SSL
enabled (protocol=TLSv1.3, cipher=TLS_AES_256_GCM_SHA384, bits=256)
2022-06-17 11:41:32.693 UTC [65112] 001_ssltests.pl LOG: statement: SELECT
$$connected with sslkey=invalid sslcert=invalid sslrootcert=invalid
sslcrl=invalid sslcrldir=invalid sslrootcert=ssl/root+server_ca.crt
sslmode=require dbname=certdb hostaddr=127.0.0.1 host=localhost
dbname=certdb_cn user=ssltestuser sslcert=ssl/client-dn.crt
sslkey=/home/nbyavuz/postgres/src/test/ssl/tmp_check/tmp_test_Wgl4/client-dn.key$$
2022-06-17 11:41:32.809 UTC [28814] [unknown] LOG: connection received:
host=localhost port=37615
2022-06-17 11:41:32.840 UTC [28814] [unknown] LOG: connection
authenticated: identity="CN=ssltestuser" method=cert
(/home/nbyavuz/postgres/src/test/ssl/tmp_check/t_001_ssltests_primary_data/pgdata/pg_hba.conf:7)
2022-06-17 11:41:32.840 UTC [28814] [unknown] LOG: connection authorized:
user=ssltestuser database=certdb application_name=001_ssltests.pl SSL
enabled (protocol=TLSv1.3, cipher=TLS_AES_256_GCM_SHA384, bits=256)
2022-06-17 11:41:32.842 UTC [28814] 001_ssltests.pl LOG: statement: SELECT
* FROM pg_stat_ssl WHERE pid = pg_backend_pid()
2022-06-17 11:41:32.871 UTC [50354] [unknown] LOG: connection received:
host=localhost port=33934
2022-06-17 11:41:32.881 UTC [50354] [unknown] LOG: could not accept SSL
connection: EOF detected
2022-06-17 11:41:32.909 UTC [5206] [unknown] LOG: connection received:
host=localhost port=26251
2022-06-17 11:41:32.939 UTC [5206] [unknown] LOG: connection authenticated:
identity="CN=ssltestuser" method=cert
(/home/nbyavuz/postgres/src/test/ssl/tmp_check/t_001_ssltests_primary_data/pgdata/pg_hba.conf:7)
2022-06-17 11:41:32.939 UTC [5206] [unknown] LOG: provided user name
(anotheruser) and authenticated user name (ssltestuser) do not match
2022-06-17 11:41:32.939 UTC [5206] [unknown] FATAL: certificate
authentication failed for user "anotheruser"
2022-06-17 11:41:32.939 UTC [5206] [unknown] DETAIL: Connection matched
pg_hba.conf line 7: "hostssl certdb all 127.0.0.1/32
cert"
2022-06-17 11:41:32.966 UTC [18161] [unknown] LOG: connection received:
host=localhost port=9908
2022-06-17 11:41:32.998 UTC [18161] [unknown] LOG: could not accept SSL
connection: certificate verify failed
2022-06-17 11:41:33.024 UTC [14080] [unknown] LOG: connection received:
host=localhost port=11577
2022-06-17 11:41:33.054 UTC [14080] [unknown] LOG: connection authorized:
user=ssltestuser database=verifydb application_name=001_ssltests.pl SSL
enabled (protocol=TLSv1.3, cipher=TLS_AES_256_GCM_SHA384, bits=256)
2022-06-17 11:41:33.076 UTC [14080] 001_ssltests.pl LOG: statement: SELECT
$$connected with sslkey=invalid sslcert=invalid sslrootcert=invalid
sslcrl=invalid sslcrldir=invalid sslrootcert=ssl/root+server_ca.crt
sslmode=require dbname=verifydb hostaddr=127.0.0.1 host=localhost
user=ssltestuser sslcert=ssl/client.crt
sslkey=/home/nbyavuz/postgres/src/test/ssl/tmp_check/tmp_test_Wgl4/client.key$$
2022-06-17 11:41:33.099 UTC [18167] [unknown] LOG: connection received:
host=localhost port=1910
2022-06-17 11:41:33.129 UTC [18167] [unknown] LOG: provided user name
(anotheruser) and authenticated user name (ssltestuser) do not match
2022-06-17 11:41:33.129 UTC [18167] [unknown] LOG: certificate validation
(clientcert=verify-full) failed for user "anotheruser": CN mismatch
2022-06-17 11:41:33.129 UTC [18167] [unknown] FATAL: "trust" authentication
failed for user "anotheruser"
2022-06-17 11:41:33.129 UTC [18167] [unknown] DETAIL: Connection matched
pg_hba.conf line 5: "hostssl verifydb anotheruser 127.0.0.1/32
trust clientcert=verify-full"
2022-06-17 11:41:33.156 UTC [28097] [unknown] LOG: connection received:
host=localhost port=35819
2022-06-17 11:41:33.187 UTC [28097] [unknown] LOG: connection authorized:
user=yetanotheruser database=verifydb application_name=001_ssltests.pl SSL
enabled (protocol=TLSv1.3, cipher=TLS_AES_256_GCM_SHA384, bits=256)
2022-06-17 11:41:33.190 UTC [28097] 001_ssltests.pl LOG: statement: SELECT
$$connected with sslkey=invalid sslcert=invalid sslrootcert=invalid
sslcrl=invalid sslcrldir=invalid sslrootcert=ssl/root+server_ca.crt
sslmode=require dbname=verifydb hostaddr=127.0.0.1 host=localhost
user=yetanotheruser sslcert=ssl/client.crt
sslkey=/home/nbyavuz/postgres/src/test/ssl/tmp_check/tmp_test_Wgl4/client.key$$
2022-06-17 11:41:33.222 UTC [76454] LOG: received fast shutdown request
2022-06-17 11:41:33.222 UTC [76454] LOG: aborting any active transactions
2022-06-17 11:41:33.224 UTC [76454] LOG: background worker "logical
replication launcher" (PID 90958) exited with exit code 1
2022-06-17 11:41:33.224 UTC [61985] LOG: shutting down
2022-06-17 11:41:33.225 UTC [61985] LOG: checkpoint starting: shutdown
immediate
2022-06-17 11:41:33.235 UTC [61985] LOG: checkpoint complete: wrote 3
buffers (0.0%); 0 WAL file(s) added, 0 removed, 0 recycled; write=0.001 s,
sync=0.001 s, total=0.011 s; sync files=0, longest=0.000 s, average=0.000 s;
distance=0 kB, estimate=0 kB
2022-06-17 11:41:33.258 UTC [76454] LOG: database system is shut down
2022-06-17 11:41:33.360 UTC [41620] LOG: starting PostgreSQL 15beta1 on
x86_64-unknown-openbsd7.1, compiled by OpenBSD clang version 13.0.0,
64-bit
2022-06-17 11:41:33.361 UTC [41620] LOG: listening on IPv4 address
"127.0.0.1", port 60779
2022-06-17 11:41:33.365 UTC [41620] LOG: listening on Unix socket
"/tmp/j3eM1DJbn4/.s.PGSQL.60779"
2022-06-17 11:41:33.370 UTC [48604] LOG: database system was shut down at
2022-06-17 11:41:33 UTC
2022-06-17 11:41:33.397 UTC [41620] LOG: database system is ready to accept
connections
2022-06-17 11:41:33.440 UTC [4459] [unknown] LOG: connection received:
host=localhost port=8487
2022-06-17 11:41:33.472 UTC [4459] [unknown] LOG: connection authenticated:
identity="CN=ssltestuser" method=cert
(/home/nbyavuz/postgres/src/test/ssl/tmp_check/t_001_ssltests_primary_data/pgdata/pg_hba.conf:7)
2022-06-17 11:41:33.472 UTC [4459] [unknown] LOG: connection authorized:
user=ssltestuser database=certdb application_name=001_ssltests.pl SSL
enabled (protocol=TLSv1.3, cipher=TLS_AES_256_GCM_SHA384, bits=256)
2022-06-17 11:41:33.492 UTC [4459] 001_ssltests.pl LOG: statement: SELECT
$$connected with sslkey=invalid sslcert=invalid sslrootcert=invalid
sslcrl=invalid sslcrldir=invalid user=ssltestuser dbname=certdb
sslkey=/home/nbyavuz/postgres/src/test/ssl/tmp_check/tmp_test_Wgl4/client.key
sslrootcert=ssl/root+server_ca.crt hostaddr=127.0.0.1 host=localhost
sslmode=require sslcert=ssl/client+client_ca.crt$$
2022-06-17 11:41:33.516 UTC [78286] [unknown] LOG: connection received:
host=localhost port=23121
2022-06-17 11:41:33.543 UTC [78286] [unknown] LOG: could not accept SSL
connection: certificate verify failed
2022-06-17 11:41:33.572 UTC [41620] LOG: received fast shutdown request
2022-06-17 11:41:33.572 UTC [41620] LOG: aborting any active transactions
2022-06-17 11:41:33.573 UTC [41620] LOG: background worker "logical
replication launcher" (PID 27857) exited with exit code 1
2022-06-17 11:41:33.574 UTC [9383] LOG: shutting down
2022-06-17 11:41:33.574 UTC [9383] LOG: checkpoint starting: shutdown
immediate
2022-06-17 11:41:33.584 UTC [9383] LOG: checkpoint complete: wrote 3
buffers (0.0%); 0 WAL file(s) added, 0 removed, 0 recycled; write=0.001 s,
sync=0.001 s, total=0.010 s; sync files=0, longest=0.000 s, average=0.000 s;
distance=0 kB, estimate=0 kB
2022-06-17 11:41:33.606 UTC [41620] LOG: database system is shut down
2022-06-17 11:41:33.702 UTC [11261] LOG: starting PostgreSQL 15beta1 on
x86_64-unknown-openbsd7.1, compiled by OpenBSD clang version 13.0.0,
64-bit
2022-06-17 11:41:33.702 UTC [11261] LOG: listening on IPv4 address
"127.0.0.1", port 60779
2022-06-17 11:41:33.707 UTC [11261] LOG: listening on Unix socket
"/tmp/j3eM1DJbn4/.s.PGSQL.60779"
2022-06-17 11:41:33.712 UTC [22198] LOG: database system was shut down at
2022-06-17 11:41:33 UTC
2022-06-17 11:41:33.728 UTC [11261] LOG: database system is ready to accept
connections
2022-06-17 11:41:33.783 UTC [76509] [unknown] LOG: connection received:
host=localhost port=7867
2022-06-17 11:41:33.809 UTC [76509] [unknown] LOG: could not accept SSL
connection: certificate verify failed
2022-06-17 11:41:33.838 UTC [11261] LOG: received immediate shutdown
request
2022-06-17 11:41:33.855 UTC [11261] LOG: database system is shut down
Thanks,
Nazir Bilal Yavuz
Re: BUG #17522: While using --with-ssl=openssl and PG_TEST_EXTRA='ssl' options, SSL test fails on OpenBSD 7.1
From
Michael Paquier
Date:
On Fri, Jun 17, 2022 at 12:03:16PM +0000, PG Bug reporting form wrote: Thanks for the report. > [11:41:29.100](0.001s) not ok 77 - IPv4 host with CIDR mask does not match: > matches > [11:41:29.100](0.000s) > [11:41:29.100](0.000s) # Failed test 'IPv4 host with CIDR mask does not > match: matches' > # at t/001_ssltests.pl line 336. > [11:41:29.100](0.000s) # 'psql: error: connection to > server at "127.0.0.1", port 60779 failed: could not set SSL Server Name > Indication (SNI): ssl3 ext invalid servername' > # doesn't match '(?^:server\ certificate\ for\ \"192\.0\.2\.1\"\ \(and\ > 1\ other\ name\)\ does\ not\ match\ host\ name\ \"192\.0\.2\.1\/32\")' There is only one failure. None of the buildfarm members running OpneBSD check the SSL tests, but this specific test has been introduced by c1932e5. I am adding Peter and Jacob in CC. This is a new open item for v15. -- Michael
Attachment
Re: BUG #17522: While using --with-ssl=openssl and PG_TEST_EXTRA='ssl' options, SSL test fails on OpenBSD 7.1
From
Michael Paquier
Date:
On Mon, Jun 20, 2022 at 12:05:00PM +0900, Michael Paquier wrote: > I am adding Peter and Jacob in CC. This is a new open item for v15. Nya. With both of them that's better. -- Michael
Attachment
Re: BUG #17522: While using --with-ssl=openssl and PG_TEST_EXTRA='ssl' options, SSL test fails on OpenBSD 7.1
From
Peter Eisentraut
Date:
On 20.06.22 05:05, Michael Paquier wrote:
> On Fri, Jun 17, 2022 at 12:03:16PM +0000, PG Bug reporting form wrote:
>
> Thanks for the report.
>
>> [11:41:29.100](0.001s) not ok 77 - IPv4 host with CIDR mask does not match:
>> matches
>> [11:41:29.100](0.000s)
>> [11:41:29.100](0.000s) # Failed test 'IPv4 host with CIDR mask does not
>> match: matches'
>> # at t/001_ssltests.pl line 336.
>> [11:41:29.100](0.000s) # 'psql: error: connection to
>> server at "127.0.0.1", port 60779 failed: could not set SSL Server Name
>> Indication (SNI): ssl3 ext invalid servername'
>> # doesn't match '(?^:server\ certificate\ for\ \"192\.0\.2\.1\"\ \(and\
>> 1\ other\ name\)\ does\ not\ match\ host\ name\ \"192\.0\.2\.1\/32\")'
>
> There is only one failure. None of the buildfarm members running
> OpneBSD check the SSL tests, but this specific test has been
> introduced by c1932e5.
>
> I am adding Peter and Jacob in CC. This is a new open item for v15.
The test is
$node->connect_fails(
"$common_connstr host=192.0.2.1/32",
"IPv4 host with CIDR mask does not match",
expected_stderr =>
qr/\Qserver certificate for "192.0.2.1" (and 1 other name)
does not match host name "192.0.2.1\/32"\E/
);
which is not using a valid host name to begin with. What is the purpose
of this test?
Re: BUG #17522: While using --with-ssl=openssl and PG_TEST_EXTRA='ssl' options, SSL test fails on OpenBSD 7.1
From
Kyotaro Horiguchi
Date:
At Mon, 20 Jun 2022 14:22:09 +0200, Peter Eisentraut <peter.eisentraut@enterprisedb.com> wrote in > On 20.06.22 05:05, Michael Paquier wrote: > > On Fri, Jun 17, 2022 at 12:03:16PM +0000, PG Bug reporting form wrote: > > Thanks for the report. > > > >> [11:41:29.100](0.001s) not ok 77 - IPv4 host with CIDR mask does not > >> match: > >> matches > >> [11:41:29.100](0.000s) > >> [11:41:29.100](0.000s) # Failed test 'IPv4 host with CIDR mask does > >> not > >> match: matches' > >> # at t/001_ssltests.pl line 336. > >> [11:41:29.100](0.000s) # 'psql: error: connection to > >> server at "127.0.0.1", port 60779 failed: could not set SSL Server > >> Name > >> Indication (SNI): ssl3 ext invalid servername' > >> # doesn't match '(?^:server\ certificate\ for\ \"192\.0\.2\.1\"\ \(and\ > >> 1\ other\ name\)\ does\ not\ match\ host\ name\ \"192\.0\.2\.1\/32\")' > > There is only one failure. None of the buildfarm members running > > OpneBSD check the SSL tests, but this specific test has been > > introduced by c1932e5. > > I am adding Peter and Jacob in CC. This is a new open item for v15. > > The test is > > $node->connect_fails( > "$common_connstr host=192.0.2.1/32", > "IPv4 host with CIDR mask does not match", > expected_stderr => > qr/\Qserver certificate for "192.0.2.1" (and 1 other name) does not > match host name "192.0.2.1\/32"\E/ > ); > > which is not using a valid host name to begin with. What is the > purpose of this test? It checks if that such invalid name is properly rejected. The certificate to match with is a IPv4 GEN_IPADD so the name "192.0.2.1/32" is fed to inet_pton() and the function is supposed to reject the invalid address. OpenBSD 7.1's inet_aton() seems like accepting the address as valid. regards. -- Kyotaro Horiguchi NTT Open Source Software Center
Re: BUG #17522: While using --with-ssl=openssl and PG_TEST_EXTRA='ssl' options, SSL test fails on OpenBSD 7.1
From
Jacob Champion
Date:
[note new email address; I've blocked the other] On Tue, Jun 21, 2022 at 1:24 PM Kyotaro Horiguchi <horikyota.ntt@gmail.com> wrote: > OpenBSD 7.1's inet_aton() seems like accepting the address as valid. Is it getting that far? I see > psql: error: connection to server at "127.0.0.1", port 60779 failed: could not set SSL Server Name Indication (SNI): ssl3ext invalid servername Is LibreSSL just less liberal in what it'll send via SNI? --Jacob
Re: BUG #17522: While using --with-ssl=openssl and PG_TEST_EXTRA='ssl' options, SSL test fails on OpenBSD 7.1
From
Jacob Champion
Date:
On Tue, Jun 21, 2022 at 1:34 PM Jacob Champion <jchampion@timescale.com> wrote: > Is LibreSSL just less liberal in what it'll send via SNI? Looks like it; I can reproduce with a local build against LibreSSL. On the one hand it seems like there might be a case for improving the guards around our call to SSL_set_tlsext_host_name(), but that seems like overkill for fixing this test -- we can just disable SNI. Attached is a patch which does that. There is also a question of why LibreSSL doesn't do the same for the IPv6 CIDR test. Should we proactively disable SNI for both of them? --Jacob
Attachment
Re: BUG #17522: While using --with-ssl=openssl and PG_TEST_EXTRA='ssl' options, SSL test fails on OpenBSD 7.1
From
Jacob Champion
Date:
On Tue, Jun 21, 2022 at 3:07 PM Jacob Champion <jchampion@timescale.com> wrote: > There is also a question of why LibreSSL doesn't do the same for the > IPv6 CIDR test. Should we proactively disable SNI for both of them? (Never mind; it's because we don't send SNI if there's a colon anywhere in the host string.) --Jacob
Re: BUG #17522: While using --with-ssl=openssl and PG_TEST_EXTRA='ssl' options, SSL test fails on OpenBSD 7.1
From
Tom Lane
Date:
Jacob Champion <jchampion@timescale.com> writes:
> On Tue, Jun 21, 2022 at 3:07 PM Jacob Champion <jchampion@timescale.com> wrote:
>> There is also a question of why LibreSSL doesn't do the same for the
>> IPv6 CIDR test. Should we proactively disable SNI for both of them?
> (Never mind; it's because we don't send SNI if there's a colon
> anywhere in the host string.)
So maybe the simplest fix is to do the same if there's a '/' anywhere?
More generally, should we limit the SNI host string to chars allowed in
DNS names?
regards, tom lane
Re: BUG #17522: While using --with-ssl=openssl and PG_TEST_EXTRA='ssl' options, SSL test fails on OpenBSD 7.1
From
Jacob Champion
Date:
On Tue, Jun 21, 2022 at 2:16 PM Tom Lane <tgl@sss.pgh.pa.us> wrote: > So maybe the simplest fix is to do the same if there's a '/' anywhere? > More generally, should we limit the SNI host string to chars allowed in > DNS names? That's certainly an option. Do you think it's still early enough in the cycle to make that change for 15? --Jacob
Re: BUG #17522: While using --with-ssl=openssl and PG_TEST_EXTRA='ssl' options, SSL test fails on OpenBSD 7.1
From
Tom Lane
Date:
Jacob Champion <jchampion@timescale.com> writes:
> On Tue, Jun 21, 2022 at 2:16 PM Tom Lane <tgl@sss.pgh.pa.us> wrote:
>> So maybe the simplest fix is to do the same if there's a '/' anywhere?
>> More generally, should we limit the SNI host string to chars allowed in
>> DNS names?
> That's certainly an option. Do you think it's still early enough in
> the cycle to make that change for 15?
Why not? We're still in beta, and pretty early at that.
regards, tom lane
Re: BUG #17522: While using --with-ssl=openssl and PG_TEST_EXTRA='ssl' options, SSL test fails on OpenBSD 7.1
From
Jacob Champion
Date:
On Wed, Jun 22, 2022 at 9:16 AM Tom Lane <tgl@sss.pgh.pa.us> wrote: > Jacob Champion <jchampion@timescale.com> writes: > > > That's certainly an option. Do you think it's still early enough in > > the cycle to make that change for 15? > > Why not? We're still in beta, and pretty early at that. Mostly just that the test failure isn't new behavior in 15, and a user would only see that if they deliberately shoved nonsense into the host while built against LibreSSL -- in which case they could also disable SNI to move forward. Moving from lax to strict validation means plenty of IETF spec reading to make sure we don't throw away useful hostnames by accident. But I really don't have a strong opinion here, if I'm honest. --Jacob
Re: BUG #17522: While using --with-ssl=openssl and PG_TEST_EXTRA='ssl' options, SSL test fails on OpenBSD 7.1
From
Tom Lane
Date:
Jacob Champion <jchampion@timescale.com> writes:
> On Wed, Jun 22, 2022 at 9:16 AM Tom Lane <tgl@sss.pgh.pa.us> wrote:
>> Why not? We're still in beta, and pretty early at that.
> Mostly just that the test failure isn't new behavior in 15,
... which raises the question of whether we should back-patch ...
> Moving from lax to strict validation means plenty
> of IETF spec reading to make sure we don't throw away useful hostnames
> by accident.
True. I'd be content to disallow '/' and move on.
Or we could just drop this test case.
regards, tom lane
Re: BUG #17522: While using --with-ssl=openssl and PG_TEST_EXTRA='ssl' options, SSL test fails on OpenBSD 7.1
From
Michael Paquier
Date:
On Wed, Jun 22, 2022 at 12:31:45PM -0400, Tom Lane wrote: > Jacob Champion <jchampion@timescale.com> writes: >> Moving from lax to strict validation means plenty >> of IETF spec reading to make sure we don't throw away useful hostnames >> by accident. > > True. I'd be content to disallow '/' and move on. It does not seem like this is strictly forbidden, either. This set of rules would be RFC 1035, section 2.3, I guess: https://datatracker.ietf.org/doc/html/rfc1035 > Or we could just drop this test case. I'd be fine with that. Disabling the SNI, as proposed upthread, would also be fine. -- Michael
Attachment
Re: BUG #17522: While using --with-ssl=openssl and PG_TEST_EXTRA='ssl' options, SSL test fails on OpenBSD 7.1
From
Peter Eisentraut
Date:
On 23.06.22 08:00, Michael Paquier wrote: > On Wed, Jun 22, 2022 at 12:31:45PM -0400, Tom Lane wrote: >> Jacob Champion <jchampion@timescale.com> writes: >>> Moving from lax to strict validation means plenty >>> of IETF spec reading to make sure we don't throw away useful hostnames >>> by accident. >> >> True. I'd be content to disallow '/' and move on. > > It does not seem like this is strictly forbidden, either. This set of > rules would be RFC 1035, section 2.3, I guess: > https://datatracker.ietf.org/doc/html/rfc1035 > >> Or we could just drop this test case. > > I'd be fine with that. Disabling the SNI, as proposed upthread, would > also be fine. I have proceeded with removing the test.