Received: from malur.postgresql.org ([217.196.149.56]) by arkaria.postgresql.org with esmtps (TLS1.3) tls TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384 (Exim 4.94.2) (envelope-from ) id 1uD8Ad-006pY5-O4 for pgsql-hackers@arkaria.postgresql.org; Thu, 08 May 2025 20:48:44 +0000 Received: from localhost ([127.0.0.1] helo=malur.postgresql.org) by malur.postgresql.org with esmtp (Exim 4.94.2) (envelope-from ) id 1uD8Ac-006Mez-GO for pgsql-hackers@arkaria.postgresql.org; Thu, 08 May 2025 20:48:42 +0000 Received: from magus.postgresql.org ([2a02:c0:301:0:ffff::29]) by malur.postgresql.org with esmtps (TLS1.3) tls TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384 (Exim 4.94.2) (envelope-from ) id 1uD8Ac-006Mej-3D for pgsql-hackers@lists.postgresql.org; Thu, 08 May 2025 20:48:42 +0000 Received: from smtp.outgoing.loopia.se ([93.188.3.37]) by magus.postgresql.org with esmtps (TLS1.3) tls TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384 (Exim 4.96) (envelope-from ) id 1uD8AZ-000tyc-1a for pgsql-hackers@postgresql.org; Thu, 08 May 2025 20:48:41 +0000 Received: from s807.loopia.se (localhost [127.0.0.1]) by s807.loopia.se (Postfix) with ESMTP id F3CCB3A050B for ; Thu, 08 May 2025 22:48:38 +0200 (CEST) Received: from s979.loopia.se (unknown [172.22.191.6]) by s807.loopia.se (Postfix) with ESMTP id E4FC83A0388; Thu, 08 May 2025 22:48:38 +0200 (CEST) Received: from s471.loopia.se (unknown [172.22.191.6]) by s979.loopia.se (Postfix) with ESMTP id E1C0810BC3C3; Thu, 08 May 2025 22:48:38 +0200 (CEST) X-Virus-Scanned: amavisd-new at amavis.loopia.se X-Spam-Flag: NO X-Spam-Score: -1.2 X-Spam-Level: X-Spam-Status: No, score=-1.2 tagged_above=-999 required=6.2 tests=[ALL_TRUSTED=-1, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, DKIM_VALID_EF=-0.1] autolearn=disabled Authentication-Results: s471.loopia.se (amavisd-new); dkim=pass (2048-bit key) header.d=yesql.se Received: from s934.loopia.se ([172.22.191.5]) by s471.loopia.se (s471.loopia.se [172.22.190.35]) (amavisd-new, port 10024) with LMTP id yZ0rzAqyDBAr; Thu, 8 May 2025 22:48:38 +0200 (CEST) X-Loopia-Auth: user X-Loopia-User: daniel@yesql.se X-Loopia-Originating-IP: 89.255.232.193 Received: from smtpclient.apple (customer-89-255-232-193.stosn.net [89.255.232.193]) (Authenticated sender: daniel@yesql.se) by s934.loopia.se (Postfix) with ESMTPSA id 1D1577CE982; Thu, 08 May 2025 22:48:38 +0200 (CEST) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=yesql.se; s=loopiadkim1707475645; t=1746737318; bh=eC7TECuk+tHKIHiApCM6FqelkJD5QOP+8x+VqH2Dv+c=; h=Subject:From:In-Reply-To:Date:Cc:References:To; b=Qlr+8ZU6Sue5YusR86vVTZQysf/FQwoxaT1PMeXd6bLeSscybf5fTW+WxaLpeEkN3 PESEHbEyWsu1tSV+lpIPwhexvjdbxZ7odhQZO2IQDHNeCi9JA51HCSQDZqMXDxvMMo Zkb4Y4SvgX7sX1pkuAzkWjkZHtJbGh9RdYZXHmJin7SzzOQZn2sHrxmwUA/jsisBke 0ERDhyGQiYrcgadq/DFWBrFI9KCKdydyCPZWQ0jm0hZp/vUFKI/5kVF2r1koTXxc7L IAjp0q5hziLt5/rCVJCraJol1cdu+90lsxfuF072/1GQUS4/G7RvUlLgOj2hr5DXsz DIjLmN4SaJnww== Content-Type: text/plain; charset=us-ascii Mime-Version: 1.0 (Mac OS X Mail 16.0 \(3776.700.51.11.1\)) Subject: Re: disabled SSL log_like tests From: Daniel Gustafsson In-Reply-To: <222848.1746735871@sss.pgh.pa.us> Date: Thu, 8 May 2025 22:48:27 +0200 Cc: Thomas Munro , Andrew Dunstan , PostgreSQL Hackers , Jacob Champion Content-Transfer-Encoding: quoted-printable Message-Id: <58BC3DE1-4D63-4D4E-823F-BE7BF74E272B@yesql.se> References: <984fca80-85a8-4c6f-a5cc-bb860950b435@dunslane.net> <2199758.1744901785@sss.pgh.pa.us> <1ce11d3f-624c-4003-a032-1b10cc138305@dunslane.net> <2814408.1745005558@sss.pgh.pa.us> <2859105.1745015195@sss.pgh.pa.us> <1120735.1745350422@sss.pgh.pa.us> <3058990.1746485124@sss.pgh.pa.us> <3227092.1746580691@sss.pgh.pa.us> <3248136.1746592452@sss.pgh.pa.us> <3004EFB2-8FFA-429A-AC5E-E3F40E002A94@yesql.se> <3320404.1746633879@sss.pgh.pa.us> <8E3E58BF-CC99-4C45-9FB8-3BA83AA6FDC8@yesql.se> <51363.1746646179@sss.pgh.pa.us> <8293D36E-8027-4DB8-AB41-5EA2C2A9A788@yesql.se> <80137.1746654871@sss.pgh.pa.us> <182014.1746712177@sss.pgh.pa.us> <2C91E50A-BBBF-4863-8582-6BF2C645CCC1@yesql.se> <222848.1746735871@sss.pgh.pa.us> To: Tom Lane X-Mailer: Apple Mail (2.3776.700.51.11.1) List-Id: List-Help: List-Subscribe: List-Post: List-Owner: List-Archive: Archived-At: Precedence: bulk > On 8 May 2025, at 22:24, Tom Lane wrote: >=20 > Daniel Gustafsson writes: >> On 8 May 2025, at 15:49, Tom Lane wrote: >>> I was feeling itchy about having two copies of code that looks none >>> too set-in-stone. Maybe we should just do that. Any preferences >>> on the API? >=20 >> There is already SSL::Server::ssl_library() which returns the = underlying >> library, but it's not smart enough to differentiate between which = flavour of >> OpenSSL compatible library is being used (OpenSSL, Libressl, = BoringSSL etc) as >> it's only returning a hardcoded string as of now. My plan was to = expand that >> at some point. >=20 > Hm. There is this bit in 001_ssltests.pl: >=20 > my $result =3D $node->safe_psql('postgres', "SHOW ssl_library"); > is($result, $ssl_server->ssl_library(), 'ssl_library parameter'); >=20 > which would break. Admittedly that's not a very exciting test, > so I wouldn't feel bad about dropping it, but maybe someone else > would. I have no problems dropping that, it's rather uninteresting. > Also, it seems like ssl_library is mainly intended to distinguish > which "backend" module is in use, so having the one string "OpenSSL" > seems to match up with the one backend "OpenSSL.pm". What we're > talking about here feels like a finer subdivision. I'm not quite > sure how it ought to fit into that "backend" structure. The backend concept was mostly intended to match up with the underlying = library. It get's a bit murky as OpenSSL tough since it's a library, but also a = popular API compatibility target implemented by multiple libraries (Libressl, = Boringssl, Wolfssl come to mind). Maybe the ssl_library function should return a hash with backend =3D> = 'OpenSSL' and library =3D> ? Then the test author = can decide which level of compatibility they want? If we were to end up = with a Libressl libtls implementation in libpq we'd still have to test with = Libressl against the OpenSSL compat layer in libssl since it could act as both. = Not a bridge we have to cross today but might be worth at least keeping in = mind when designing something to not make it impossible in the future. -- Daniel Gustafsson