Received: from malur.postgresql.org ([217.196.149.56])
	by arkaria.postgresql.org with esmtps  (TLS1.3) tls
 TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384
	(Exim 4.94.2)
	(envelope-from <buildfarm-members-owner+archive@lists.postgresql.org>)
	id 1rsO5k-006jG3-M1
	for buildfarm-members@arkaria.postgresql.org; Thu, 04 Apr 2024 14:29:25 +0000
Received: from localhost ([127.0.0.1] helo=malur.postgresql.org)
	by malur.postgresql.org with esmtp (Exim 4.94.2)
	(envelope-from <buildfarm-members-owner+archive@lists.postgresql.org>)
	id 1rsO5j-006L2x-Tq
	for buildfarm-members@arkaria.postgresql.org; Thu, 04 Apr 2024 14:29:23 +0000
Received: from magus.postgresql.org ([2a02:c0:301:0:ffff::29])
	by malur.postgresql.org with esmtps  (TLS1.3) tls
 TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384
	(Exim 4.94.2)
	(envelope-from <andrew@dunslane.net>)
	id 1rsO5j-006L1m-JX
	for buildfarm-members@lists.postgresql.org; Thu, 04 Apr 2024 14:29:23 +0000
Received: from mail-oi1-x234.google.com ([2607:f8b0:4864:20::234])
	by magus.postgresql.org with esmtps  (TLS1.3) tls
 TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256
	(Exim 4.94.2)
	(envelope-from <andrew@dunslane.net>)
	id 1rsO5g-000c70-HO
	for buildfarm-members@postgresql.org; Thu, 04 Apr 2024 14:29:23 +0000
Received: by mail-oi1-x234.google.com with SMTP id
 5614622812f47-3c5d9383118so356949b6e.1
        for <buildfarm-members@postgresql.org>;
 Thu, 04 Apr 2024 07:29:20 -0700 (PDT)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed;
        d=dunslane-net.20230601.gappssmtp.com; s=20230601; t=1712240959;
 x=1712845759; darn=postgresql.org;
        h=content-transfer-encoding:in-reply-to:autocrypt:content-language
         :from:references:cc:to:subject:user-agent:mime-version:date
         :message-id:from:to:cc:subject:date:message-id:reply-to;
        bh=gTLFuaPTLYI99EozXLS/STl2ujDzaS9l6Ct/7VvQpX0=;
        b=ui4JmpnnL4DNd4R1kqKXz9OkKps9Ntyrap8O0l7MOJ5M59r1aOO/unrQpM2SXeJUsZ
         LdiNpgHHRRCsnoNcZ5ZnaLHfpt0J8SQi7EXlZHHlNiHPwaynlIHoySeJAPG3REmYEJNO
         myKWiVflCCRhX9S6LeOhOLiPoCGPampyLKv+f/btOPFNUOE/ElQrxkQA6ycaA/AN7+MP
         QDssYK5CyQCRYwX9gkzaMr+MFNY/wld8Mhk9cmIFdwMfFZGG9jVmXI36hJZXlTiuU5TE
         KKTqN7ecbaFtDAvrs0X2ReR2PwIpP71RrYba7ypHxd8bdBdXawc3Omv6Z0laxgRvcpdZ
         J1uA==
X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed;
        d=1e100.net; s=20230601; t=1712240959; x=1712845759;
        h=content-transfer-encoding:in-reply-to:autocrypt:content-language
         :from:references:cc:to:subject:user-agent:mime-version:date
         :message-id:x-gm-message-state:from:to:cc:subject:date:message-id
         :reply-to;
        bh=gTLFuaPTLYI99EozXLS/STl2ujDzaS9l6Ct/7VvQpX0=;
        b=OyUL10HTFmga4hncgOodOs3M2DtV8UdWIgnk7WJkLaZUI6q5+lpAe8vUNGGt74E6Z+
         MBNW7JXTkyqDFOP6wz6URWWudZSM9DRwRf4wZifQEFjwai0z1Th1j4ywchz7T26Ugj2a
         N+pezNFbQmWFuH3jOBBGSNQb/N7DkRzJzHB7eq80KoCHETa5Fa9CkrSidH4vsxHRGbbs
         b27+gO3DhQXaIO8lUg88I5whbVj8AVwhlDViW2JwCoDuFGt2GOLVKUEybvpbx0Xukqbc
         xdC7BAWr12dMTMxHf0yyGA8+1r5wutXrVRhciTo5zEzLUHMYpj5YUJkAicgqXV8vpNpr
         gdiA==
X-Gm-Message-State: AOJu0YxfGGVH7xdp9/tFe5a8Fngar+XfynZZE9EusQ+iEi9RStXno1yz
	SwqBHIYEgT4tQ66p0ZmmmCW1llYI5yLGAZ6y+7RWL2tKbL5Ea9wiIAqLvXth7z9iz7PGCiYXWB/
	4Gto=
X-Google-Smtp-Source: 
 AGHT+IFoWRxJRQCYZVMvFxN8dDGtEaSA5rjpunIFXW3aAjDMZuNamhJoGZ5BJ3w2+abZheAQUPYNow==
X-Received: by 2002:a05:6808:1587:b0:3c3:c594:d924 with SMTP id
 t7-20020a056808158700b003c3c594d924mr2550523oiw.8.1712240958906;
        Thu, 04 Apr 2024 07:29:18 -0700 (PDT)
Received: from ?IPV6:2605:a601:9180:9800::2bb? ([2605:a601:9180:9800::2bb])
        by smtp.googlemail.com with ESMTPSA id
 bz23-20020a05622a1e9700b00432bd632dcdsm6916755qtb.18.2024.04.04.07.29.18
        (version=TLS1_3 cipher=TLS_AES_128_GCM_SHA256 bits=128/128);
        Thu, 04 Apr 2024 07:29:18 -0700 (PDT)
Message-ID: <192d7b4f-16e4-404c-ac4b-9f8fa680f5cf@dunslane.net>
Date: Thu, 4 Apr 2024 10:29:17 -0400
MIME-Version: 1.0
User-Agent: Mozilla Thunderbird
Subject: Re: SSL tests
To: Olaf Bohlen <olbohlen@eenfach.de>
Cc: buildfarm-members@postgresql.org
References: <c2474e21-4528-4042-9b98-d88ab21f7efa@dunslane.net>
 <wu3jzldp6tf.fsf@eenfach.de>
From: Andrew Dunstan <andrew@dunslane.net>
Content-Language: en-US
Autocrypt: addr=andrew@dunslane.net; keydata=
 xsBNBE7KWFkBCAClridxur2AIc7eW2AR7izbfp3EnNefie2HbLF0izW5Ik5UjX2HBXBx4syI
 gY6b0ugohXrr274+baoAlvSbq6cAoQuEVrk5IZFzt20b1Xkx65FwGSEj526yiKLocqkJceSq
 Xr9xcA5SGY+FZv441chh5SU92v4q6z+6LPpoHOh97ptAVXZYNTtU0LevyvD5lja0TzbvJm6C
 eFXitJfnm1pLEr0DGJCR/iUOl/N62Kh4855zZC7NHIjQHPOvV5Stz/l5ilDhvGVk+xkXFPys
 SjZoUr1rXhYLpiyi5sR0X9FHXT0KnGuz1F5ERO7ZTLSSQ6fJwPj6gOk9K+vvoKvoeql5ABEB
 AAHNJEFuZHJldyBEdW5zdGFuIDxhbmRyZXdAZHVuc2xhbmUubmV0PsLAmwQTAQgARQIbAwIX
 gAIZAQULCQgHAgMiAgEGFQoJCAsCBBYCAwECHgcWIQTkPlhGHfx8v0RpFaWZ+n/LWfw7gQUC
 ZFlxxwUJGVGAbgAKCRCZ+n/LWfw7gXikB/9ZdcUy6CTBFIIuL/bVsc1eLEW/gJBjJBF6HxNY
 xgEkAgXAp4Lg4A5U+QB9GouFr7+GYxF0BU4hzoGhNPUWltxnHdMWP8nC/38LAqgMi8L/bbsm
 HW5YPBdWYaAZAPJQVfOAgjTbRUb26KSprpyrrJKW0ZmrZfjhNPcQ72jpWzoPLQqx2X6B0fru
 1jq+cBh8lb6r1mJTim1T3JIn+F/v5VpdQS+EL8xqsHkfzKjIPsW3CIXpkypSk6saA55Rkkbl
 26AW8ftPVB0Q6Lnn6FLt9CP0MGNixBQ55yq8r1K+nCBvCCjvQjM8RDm0UUum0WNl+ifQgTLO
 E8TWEnwVtkBf+3QWzsBNBE7KWFkBCADRnOM0FCzsYW6jtncg+dWIagjUZpvaClmqn/sJluLa
 Q3v1VXMQJzYs3eC1gh386W+XBwLRpDj3jzH81lX+p73Re3d3oJW7X+ffsxuzu5ZVdMUkqBYo
 nkAbKxr6gyJ12F/+JkUVzLcoTN+d/7YsQvUVi7NaKH8mJgjz112O4fUe3p9wfAaFa0RXHc5S
 GPzRTYRRlv/XZBIho4J2tkZOnteZJZ+GbxQVlINt6fd8P6al3MWOvpP/ExJPguEfjOsO6Njy
 xjo3WfpD4lHMOR/Oc3/8mScEF84rF2jXbsFgelWnbPWAvXY+pD0dXOFRkagGmC/viwBDqq5b
 5tk76kKmUbZxABEBAAHCwHwEGAEIACYCGwwWIQTkPlhGHfx8v0RpFaWZ+n/LWfw7gQUCZFlx
 5wUJGVGAjgAKCRCZ+n/LWfw7gf+iB/4g8CPY5jihf5r/8EsoIGe2H+dpVmpPF8YGBzTIvCz/
 fQoOq8AX/pE76QEuFnFZWfjw+wgBXgCVmkox2Eflkk6z4ND3pcwGZ6CfCxTQCDk/dij+2DQ4
 6bmDCy/sBgcbz9mTpoLC11HLoPae6YN9nBNQRZDcEFEu54OaVOqlIdbA6m+POIBCXZdHOFc0
 WoDTgxHRzC1jgQNidyd6tKqcsVJs0dzF0oKTmFFmUAqTdJO12LBuNA1rlqrR3EtpYk8B/wtS
 5dIMD7Q8hwQpL+4C6GNpb6ZKnPkLi47pDOLhz2qBrqN+rqUEsT3YnExYpzj5yOBi+FlmV1Hw
 49QYe1sn2ZPs
In-Reply-To: <wu3jzldp6tf.fsf@eenfach.de>
Content-Type: text/plain; charset=UTF-8; format=flowed
Content-Transfer-Encoding: 7bit
List-Id: <buildfarm-members.lists.postgresql.org>
List-Help: <https://lists.postgresql.org/manage/>
List-Subscribe: <https://lists.postgresql.org/manage/>
List-Post: <mailto:buildfarm-members@lists.postgresql.org>
List-Owner: <mailto:buildfarm-members-owner@lists.postgresql.org>
List-Archive: <https://www.postgresql.org/list/buildfarm-members>
Archived-At: 
 <https://www.postgresql.org/message-id/192d7b4f-16e4-404c-ac4b-9f8fa680f5cf%40dunslane.net>
Precedence: bulk


On 2024-04-04 Th 09:59, Olaf Bohlen wrote:
> Andrew Dunstan <andrew@dunslane.net> writes:
>
> Hi Andres,
>
>> In general, unless your animal is running on a multi-user system,
>> enabling these tests should be safe, which you could do by
>> uncommenting the last line above or inserting it into your config file
>> if not present.
> Could you elaborate a bit on this? My animal is indeed running as
> a Container on a multi-user system. Is it "just" extreme cpu
> intensive or are there other aspects?
>

No, it's more a security issue. We have to run the server for SSL tests 
with TCP enabled, meaning other users on the localhost can connect to 
it. If untrusted users in your multi-user environment can connect to a 
socket in your container, then you probably should not turn this on.


cheers


andrew

--
Andrew Dunstan
EDB: https://www.enterprisedb.com