The following bug has been logged on the website:

Bug reference: 17391
Logged by: Nazir Bilal Yavuz
Email address: byavuz81(at)gmail(dot)com
PostgreSQL version: 14.1
Operating system: OpenBSD 7.0
Description:

Hi,

While installing PostgreSQL from source code, SSL tests fail on OpenBSD
7.0.

The commands I used are:

./configure \
--enable-tap-tests \
--with-ssl=openssl \
\
--with-includes=/usr/local/include --with-libs=/usr/local/lib && \
gmake -s world-bin && gmake -s check-world PG_TEST_EXTRA='ssl'

OS:
OpenBSD openbsd-host.my.domain 7.0 GENERIC#224 amd64

OpenSSL Version:
LibreSSL 3.4.1

Error message:
t/001_ssltests.pl (Wstat: 5632 Tests: 110 Failed: 22)
t/002_scram.pl (Wstat: 1792 Tests: 11 Failed: 7)
t/003_sslinfo.pl (Wstat: 7424 Tests: 1 Failed: 1)

Example Logs(001_ssltests_primary.log and regress_log_001_ssltests):

001_ssltests_primary.log:

2022-02-03 00:26:51.127 +03 [88304] LOG: starting PostgreSQL 15devel on
x86_64-unknown-openbsd7.0, compiled by OpenBSD clang version 11.1.0,
64-bit
2022-02-03 00:26:51.127 +03 [88304] LOG: listening on Unix socket
"/tmp/rkGcakKpBu/.s.PGSQL.56010"
2022-02-03 00:26:51.147 +03 [63726] LOG: database system was shut down at
2022-02-03 00:26:51 +03
2022-02-03 00:26:51.149 +03 [88304] LOG: database system is ready to accept
connections
2022-02-03 00:26:51.172 +03 [59203] 001_ssltests.pl LOG: statement: SHOW
ssl_library
2022-02-03 00:26:51.230 +03 [30464] 001_ssltests.pl LOG: statement: CREATE
USER ssltestuser
2022-02-03 00:26:51.278 +03 [14697] 001_ssltests.pl LOG: statement: CREATE
USER md5testuser
2022-02-03 00:26:51.302 +03 [3601] 001_ssltests.pl LOG: statement: CREATE
USER anotheruser
2022-02-03 00:26:51.327 +03 [63049] 001_ssltests.pl LOG: statement: CREATE
USER yetanotheruser
2022-02-03 00:26:51.533 +03 [3961] 001_ssltests.pl LOG: statement: CREATE
DATABASE trustdb
2022-02-03 00:26:51.533 +03 [89906] LOG: checkpoint starting: immediate
force wait flush-all
2022-02-03 00:26:51.535 +03 [89906] LOG: checkpoint complete: wrote 10
buffers (0.1%); 0 WAL file(s) added, 0 removed, 0 recycled; write=0.001 s,
sync=0.001 s, total=0.003 s; sync files=0, longest=0.000 s, average=0.000 s;
distance=4 kB, estimate=4 kB
2022-02-03 00:26:52.959 +03 [89906] LOG: checkpoint starting: immediate
force wait
2022-02-03 00:26:52.959 +03 [89906] LOG: checkpoint complete: wrote 0
buffers (0.0%); 0 WAL file(s) added, 0 removed, 0 recycled; write=0.001 s,
sync=0.001 s, total=0.001 s; sync files=0, longest=0.000 s, average=0.000 s;
distance=0 kB, estimate=4 kB
2022-02-03 00:26:53.282 +03 [17946] 001_ssltests.pl LOG: statement: CREATE
DATABASE certdb
2022-02-03 00:26:53.283 +03 [89906] LOG: checkpoint starting: immediate
force wait flush-all
2022-02-03 00:26:53.284 +03 [89906] LOG: checkpoint complete: wrote 4
buffers (0.0%); 0 WAL file(s) added, 0 removed, 0 recycled; write=0.001 s,
sync=0.001 s, total=0.002 s; sync files=0, longest=0.000 s, average=0.000 s;
distance=1 kB, estimate=4 kB
2022-02-03 00:26:53.586 +03 [89906] LOG: checkpoint starting: immediate
force wait
2022-02-03 00:26:53.587 +03 [89906] LOG: checkpoint complete: wrote 0
buffers (0.0%); 0 WAL file(s) added, 0 removed, 0 recycled; write=0.001 s,
sync=0.001 s, total=0.001 s; sync files=0, longest=0.000 s, average=0.000 s;
distance=0 kB, estimate=3 kB
2022-02-03 00:26:53.679 +03 [69142] 001_ssltests.pl LOG: statement: CREATE
DATABASE certdb_dn
2022-02-03 00:26:53.679 +03 [89906] LOG: checkpoint starting: immediate
force wait flush-all
2022-02-03 00:26:53.680 +03 [89906] LOG: checkpoint complete: wrote 4
buffers (0.0%); 0 WAL file(s) added, 0 removed, 0 recycled; write=0.001 s,
sync=0.001 s, total=0.001 s; sync files=0, longest=0.000 s, average=0.000 s;
distance=1 kB, estimate=3 kB
2022-02-03 00:26:54.163 +03 [89906] LOG: checkpoint starting: immediate
force wait
2022-02-03 00:26:54.163 +03 [89906] LOG: checkpoint complete: wrote 0
buffers (0.0%); 0 WAL file(s) added, 0 removed, 0 recycled; write=0.001 s,
sync=0.001 s, total=0.001 s; sync files=0, longest=0.000 s, average=0.000 s;
distance=0 kB, estimate=3 kB
2022-02-03 00:26:54.597 +03 [87708] 001_ssltests.pl LOG: statement: CREATE
DATABASE certdb_dn_re
2022-02-03 00:26:54.597 +03 [89906] LOG: checkpoint starting: immediate
force wait flush-all
2022-02-03 00:26:54.598 +03 [89906] LOG: checkpoint complete: wrote 4
buffers (0.0%); 0 WAL file(s) added, 0 removed, 0 recycled; write=0.001 s,
sync=0.001 s, total=0.001 s; sync files=0, longest=0.000 s, average=0.000 s;
distance=1 kB, estimate=3 kB
2022-02-03 00:26:54.730 +03 [89906] LOG: checkpoint starting: immediate
force wait
2022-02-03 00:26:54.730 +03 [89906] LOG: checkpoint complete: wrote 0
buffers (0.0%); 0 WAL file(s) added, 0 removed, 0 recycled; write=0.001 s,
sync=0.001 s, total=0.001 s; sync files=0, longest=0.000 s, average=0.000 s;
distance=0 kB, estimate=2 kB
2022-02-03 00:26:54.874 +03 [73405] 001_ssltests.pl LOG: statement: CREATE
DATABASE certdb_cn
2022-02-03 00:26:54.881 +03 [89906] LOG: checkpoint starting: immediate
force wait flush-all
2022-02-03 00:26:54.882 +03 [89906] LOG: checkpoint complete: wrote 4
buffers (0.0%); 0 WAL file(s) added, 0 removed, 0 recycled; write=0.001 s,
sync=0.001 s, total=0.001 s; sync files=0, longest=0.000 s, average=0.000 s;
distance=2 kB, estimate=2 kB
2022-02-03 00:26:54.951 +03 [89906] LOG: checkpoint starting: immediate
force wait
2022-02-03 00:26:54.951 +03 [89906] LOG: checkpoint complete: wrote 0
buffers (0.0%); 0 WAL file(s) added, 0 removed, 0 recycled; write=0.001 s,
sync=0.001 s, total=0.001 s; sync files=0, longest=0.000 s, average=0.000 s;
distance=0 kB, estimate=2 kB
2022-02-03 00:26:55.254 +03 [83428] 001_ssltests.pl LOG: statement: CREATE
DATABASE verifydb
2022-02-03 00:26:55.254 +03 [89906] LOG: checkpoint starting: immediate
force wait flush-all
2022-02-03 00:26:55.257 +03 [89906] LOG: checkpoint complete: wrote 4
buffers (0.0%); 0 WAL file(s) added, 0 removed, 0 recycled; write=0.001 s,
sync=0.001 s, total=0.003 s; sync files=0, longest=0.000 s, average=0.000 s;
distance=2 kB, estimate=2 kB
2022-02-03 00:26:55.362 +03 [89906] LOG: checkpoint starting: immediate
force wait
2022-02-03 00:26:55.363 +03 [89906] LOG: checkpoint complete: wrote 0
buffers (0.0%); 0 WAL file(s) added, 0 removed, 0 recycled; write=0.001 s,
sync=0.001 s, total=0.001 s; sync files=0, longest=0.000 s, average=0.000 s;
distance=0 kB, estimate=2 kB
2022-02-03 00:26:55.542 +03 [88304] LOG: received fast shutdown request
2022-02-03 00:26:55.542 +03 [88304] LOG: aborting any active transactions
2022-02-03 00:26:55.544 +03 [88304] LOG: background worker "logical
replication launcher" (PID 56614) exited with exit code 1
2022-02-03 00:26:55.544 +03 [89906] LOG: shutting down
2022-02-03 00:26:55.544 +03 [89906] LOG: checkpoint starting: shutdown
immediate
2022-02-03 00:26:55.548 +03 [89906] LOG: checkpoint complete: wrote 1
buffers (0.0%); 0 WAL file(s) added, 0 removed, 0 recycled; write=0.000 s,
sync=0.000 s, total=0.004 s; sync files=0, longest=0.000 s, average=0.000 s;
distance=0 kB, estimate=2 kB
2022-02-03 00:26:55.553 +03 [88304] LOG: database system is shut down
2022-02-03 00:26:55.603 +03 [80056] LOG: starting PostgreSQL 15devel on
x86_64-unknown-openbsd7.0, compiled by OpenBSD clang version 11.1.0,
64-bit
2022-02-03 00:26:55.603 +03 [80056] LOG: listening on IPv4 address
"127.0.0.1", port 56010
2022-02-03 00:26:55.620 +03 [80056] LOG: listening on Unix socket
"/tmp/rkGcakKpBu/.s.PGSQL.56010"
2022-02-03 00:26:55.678 +03 [41931] LOG: database system was shut down at
2022-02-03 00:26:55 +03
2022-02-03 00:26:55.688 +03 [80056] LOG: database system is ready to accept
connections
2022-02-03 00:26:55.825 +03 [80056] LOG: received fast shutdown request
2022-02-03 00:26:55.825 +03 [80056] LOG: aborting any active transactions
2022-02-03 00:26:55.827 +03 [80056] LOG: background worker "logical
replication launcher" (PID 65521) exited with exit code 1
2022-02-03 00:26:55.827 +03 [87556] LOG: shutting down
2022-02-03 00:26:55.827 +03 [87556] LOG: checkpoint starting: shutdown
immediate
2022-02-03 00:26:55.829 +03 [87556] LOG: checkpoint complete: wrote 4
buffers (0.0%); 0 WAL file(s) added, 0 removed, 0 recycled; write=0.001 s,
sync=0.001 s, total=0.002 s; sync files=0, longest=0.000 s, average=0.000 s;
distance=0 kB, estimate=0 kB
2022-02-03 00:26:55.832 +03 [80056] LOG: database system is shut down
2022-02-03 00:26:55.902 +03 [26092] FATAL: could not load private key file
"server-password.key": bad decrypt
2022-02-03 00:26:55.902 +03 [26092] LOG: database system is shut down
2022-02-03 00:26:56.194 +03 [59483] LOG: starting PostgreSQL 15devel on
x86_64-unknown-openbsd7.0, compiled by OpenBSD clang version 11.1.0,
64-bit
2022-02-03 00:26:56.194 +03 [59483] LOG: listening on IPv4 address
"127.0.0.1", port 56010
2022-02-03 00:26:56.194 +03 [59483] LOG: listening on Unix socket
"/tmp/rkGcakKpBu/.s.PGSQL.56010"
2022-02-03 00:26:56.274 +03 [91273] LOG: database system was shut down at
2022-02-03 00:26:55 +03
2022-02-03 00:26:56.279 +03 [59483] LOG: database system is ready to accept
connections
2022-02-03 00:26:56.507 +03 [59483] LOG: received fast shutdown request
2022-02-03 00:26:56.507 +03 [59483] LOG: aborting any active transactions
2022-02-03 00:26:56.509 +03 [59483] LOG: background worker "logical
replication launcher" (PID 21939) exited with exit code 1
2022-02-03 00:26:56.509 +03 [9455] LOG: shutting down
2022-02-03 00:26:56.509 +03 [9455] LOG: checkpoint starting: shutdown
immediate
2022-02-03 00:26:56.511 +03 [9455] LOG: checkpoint complete: wrote 3
buffers (0.0%); 0 WAL file(s) added, 0 removed, 0 recycled; write=0.001 s,
sync=0.001 s, total=0.002 s; sync files=0, longest=0.000 s, average=0.000 s;
distance=0 kB, estimate=0 kB
2022-02-03 00:26:56.515 +03 [59483] LOG: database system is shut down
2022-02-03 00:26:56.794 +03 [45020] FATAL: could not set maximum SSL
protocol version
2022-02-03 00:26:56.794 +03 [45020] LOG: database system is shut down
2022-02-03 00:26:56.990 +03 [56065] LOG: starting PostgreSQL 15devel on
x86_64-unknown-openbsd7.0, compiled by OpenBSD clang version 11.1.0,
64-bit
2022-02-03 00:26:56.991 +03 [56065] LOG: listening on IPv4 address
"127.0.0.1", port 56010
2022-02-03 00:26:56.991 +03 [56065] LOG: listening on Unix socket
"/tmp/rkGcakKpBu/.s.PGSQL.56010"
2022-02-03 00:26:57.015 +03 [99076] LOG: database system was shut down at
2022-02-03 00:26:56 +03
2022-02-03 00:26:57.017 +03 [56065] LOG: database system is ready to accept
connections
2022-02-03 00:26:57.107 +03 [56065] LOG: received fast shutdown request
2022-02-03 00:26:57.107 +03 [56065] LOG: aborting any active transactions
2022-02-03 00:26:57.109 +03 [56065] LOG: background worker "logical
replication launcher" (PID 34941) exited with exit code 1
2022-02-03 00:26:57.109 +03 [33335] LOG: shutting down
2022-02-03 00:26:57.109 +03 [33335] LOG: checkpoint starting: shutdown
immediate
2022-02-03 00:26:57.110 +03 [33335] LOG: checkpoint complete: wrote 3
buffers (0.0%); 0 WAL file(s) added, 0 removed, 0 recycled; write=0.001 s,
sync=0.001 s, total=0.002 s; sync files=0, longest=0.000 s, average=0.000 s;
distance=0 kB, estimate=0 kB
2022-02-03 00:26:57.115 +03 [56065] LOG: database system is shut down
2022-02-03 00:26:57.161 +03 [87966] LOG: starting PostgreSQL 15devel on
x86_64-unknown-openbsd7.0, compiled by OpenBSD clang version 11.1.0,
64-bit
2022-02-03 00:26:57.162 +03 [87966] LOG: listening on IPv4 address
"127.0.0.1", port 56010
2022-02-03 00:26:57.162 +03 [87966] LOG: listening on Unix socket
"/tmp/rkGcakKpBu/.s.PGSQL.56010"
2022-02-03 00:26:57.187 +03 [29490] LOG: database system was shut down at
2022-02-03 00:26:57 +03
2022-02-03 00:26:57.194 +03 [87966] LOG: database system is ready to accept
connections
2022-02-03 00:26:57.262 +03 [68121] [unknown] LOG: connection received:
host=localhost port=41336
2022-02-03 00:26:57.268 +03 [68121] [unknown] FATAL: no pg_hba.conf entry
for host "127.0.0.1", user "ssltestuser", database "trustdb", no
encryption
2022-02-03 00:26:57.268 +03 [68121] [unknown] DETAIL: Client IP address
resolved to "localhost", forward lookup not checked.
2022-02-03 00:26:57.328 +03 [84039] [unknown] LOG: connection received:
host=localhost port=12182
2022-02-03 00:26:57.361 +03 [84039] [unknown] LOG: connection authorized:
user=ssltestuser database=trustdb application_name=001_ssltests.pl SSL
enabled (protocol=TLSv1.3, cipher=AEAD-AES256-GCM-SHA384, bits=256)
2022-02-03 00:26:57.376 +03 [84039] 001_ssltests.pl LOG: statement: SELECT
$$connected with user=ssltestuser dbname=trustdb sslcert=invalid
hostaddr=127.0.0.1 host=common-name.pg-ssltest.test sslrootcert=invalid
sslmode=require$$
2022-02-03 00:26:57.415 +03 [76636] [unknown] LOG: connection received:
host=localhost port=49071
2022-02-03 00:26:57.442 +03 [76636] [unknown] LOG: could not accept SSL
connection: EOF detected
2022-02-03 00:26:57.469 +03 [63906] [unknown] LOG: connection received:
host=localhost port=29901
2022-02-03 00:26:57.488 +03 [63906] [unknown] LOG: could not accept SSL
connection: EOF detected
2022-02-03 00:26:57.550 +03 [57856] [unknown] LOG: connection received:
host=localhost port=9741
2022-02-03 00:26:57.574 +03 [57856] [unknown] LOG: could not accept SSL
connection: tlsv1 alert unknown ca
2022-02-03 00:26:57.609 +03 [10201] [unknown] LOG: connection received:
host=localhost port=29429
2022-02-03 00:26:57.653 +03 [10201] [unknown] LOG: could not accept SSL
connection: tlsv1 alert unknown ca
2022-02-03 00:26:57.690 +03 [22036] [unknown] LOG: connection received:
host=localhost port=22975
2022-02-03 00:26:57.784 +03 [22036] [unknown] LOG: could not accept SSL
connection: tlsv1 alert unknown ca
2022-02-03 00:26:57.823 +03 [42487] [unknown] LOG: connection received:
host=localhost port=45404
2022-02-03 00:26:57.859 +03 [42487] [unknown] LOG: could not accept SSL
connection: tlsv1 alert unknown ca
2022-02-03 00:26:57.967 +03 [80741] [unknown] LOG: connection received:
host=localhost port=6033
2022-02-03 00:26:58.065 +03 [80741] [unknown] LOG: connection authorized:
user=ssltestuser database=trustdb application_name=001_ssltests.pl SSL
enabled (protocol=TLSv1.3, cipher=AEAD-AES256-GCM-SHA384, bits=256)
2022-02-03 00:26:58.078 +03 [80741] 001_ssltests.pl LOG: statement: SELECT
$$connected with user=ssltestuser dbname=trustdb sslcert=invalid
hostaddr=127.0.0.1 host=common-name.pg-ssltest.test
sslrootcert=ssl/root+server_ca.crt sslmode=require$$
2022-02-03 00:26:58.149 +03 [89578] [unknown] LOG: connection received:
host=localhost port=48381
2022-02-03 00:26:58.262 +03 [89578] [unknown] LOG: connection authorized:
user=ssltestuser database=trustdb application_name=001_ssltests.pl SSL
enabled (protocol=TLSv1.3, cipher=AEAD-AES256-GCM-SHA384, bits=256)
2022-02-03 00:26:58.269 +03 [89578] 001_ssltests.pl LOG: statement: SELECT
$$connected with user=ssltestuser dbname=trustdb sslcert=invalid
hostaddr=127.0.0.1 host=common-name.pg-ssltest.test
sslrootcert=ssl/root+server_ca.crt sslmode=verify-ca$$
2022-02-03 00:26:58.412 +03 [55012] [unknown] LOG: connection received:
host=localhost port=28357
2022-02-03 00:26:58.566 +03 [55012] [unknown] LOG: connection authorized:
user=ssltestuser database=trustdb application_name=001_ssltests.pl SSL
enabled (protocol=TLSv1.3, cipher=AEAD-AES256-GCM-SHA384, bits=256)
2022-02-03 00:26:58.595 +03 [55012] 001_ssltests.pl LOG: statement: SELECT
$$connected with user=ssltestuser dbname=trustdb sslcert=invalid
hostaddr=127.0.0.1 host=common-name.pg-ssltest.test
sslrootcert=ssl/root+server_ca.crt sslmode=verify-full$$
2022-02-03 00:26:58.831 +03 [28146] [unknown] LOG: connection received:
host=localhost port=24203
2022-02-03 00:26:59.245 +03 [28146] [unknown] LOG: connection authorized:
user=ssltestuser database=trustdb application_name=001_ssltests.pl SSL
enabled (protocol=TLSv1.3, cipher=AEAD-AES256-GCM-SHA384, bits=256)
2022-02-03 00:26:59.293 +03 [28146] 001_ssltests.pl LOG: statement: SELECT
$$connected with user=ssltestuser dbname=trustdb sslcert=invalid
hostaddr=127.0.0.1 host=common-name.pg-ssltest.test
sslrootcert=ssl/both-cas-1.crt sslmode=verify-ca$$
2022-02-03 00:26:59.403 +03 [68249] [unknown] LOG: connection received:
host=localhost port=31654
2022-02-03 00:26:59.614 +03 [68249] [unknown] LOG: connection authorized:
user=ssltestuser database=trustdb application_name=001_ssltests.pl SSL
enabled (protocol=TLSv1.3, cipher=AEAD-AES256-GCM-SHA384, bits=256)
2022-02-03 00:26:59.616 +03 [68249] 001_ssltests.pl LOG: statement: SELECT
$$connected with user=ssltestuser dbname=trustdb sslcert=invalid
hostaddr=127.0.0.1 host=common-name.pg-ssltest.test
sslrootcert=ssl/both-cas-2.crt sslmode=verify-ca$$
2022-02-03 00:26:59.784 +03 [48189] [unknown] LOG: connection received:
host=localhost port=29141
2022-02-03 00:27:00.017 +03 [48189] [unknown] LOG: connection authorized:
user=ssltestuser database=trustdb application_name=001_ssltests.pl SSL
enabled (protocol=TLSv1.3, cipher=AEAD-AES256-GCM-SHA384, bits=256)
2022-02-03 00:27:00.033 +03 [48189] 001_ssltests.pl LOG: statement: SELECT
$$connected with user=ssltestuser dbname=trustdb sslcert=invalid
hostaddr=127.0.0.1 host=common-name.pg-ssltest.test
sslrootcert=ssl/root+server_ca.crt sslmode=verify-ca sslcrl=invalid$$
2022-02-03 00:27:00.156 +03 [66329] [unknown] LOG: connection received:
host=localhost port=18238
2022-02-03 00:27:00.324 +03 [66329] [unknown] LOG: could not accept SSL
connection: tlsv1 alert unknown ca
2022-02-03 00:27:00.491 +03 [24932] [unknown] LOG: connection received:
host=localhost port=24603
2022-02-03 00:27:00.569 +03 [24932] [unknown] LOG: could not accept SSL
connection: tlsv1 alert unknown ca
2022-02-03 00:27:00.856 +03 [37114] [unknown] LOG: connection received:
host=localhost port=30183
2022-02-03 00:27:01.150 +03 [37114] [unknown] LOG: connection authorized:
user=ssltestuser database=trustdb application_name=001_ssltests.pl SSL
enabled (protocol=TLSv1.3, cipher=AEAD-AES256-GCM-SHA384, bits=256)
2022-02-03 00:27:01.183 +03 [37114] 001_ssltests.pl LOG: statement: SELECT
$$connected with user=ssltestuser dbname=trustdb sslcert=invalid
hostaddr=127.0.0.1 host=common-name.pg-ssltest.test
sslrootcert=ssl/root+server_ca.crt sslmode=verify-ca
sslcrl=ssl/root+server.crl$$
2022-02-03 00:27:01.246 +03 [67656] [unknown] LOG: connection received:
host=localhost port=42539
2022-02-03 00:27:01.333 +03 [67656] [unknown] LOG: connection authorized:
user=ssltestuser database=trustdb application_name=001_ssltests.pl SSL
enabled (protocol=TLSv1.3, cipher=AEAD-AES256-GCM-SHA384, bits=256)
2022-02-03 00:27:01.337 +03 [67656] 001_ssltests.pl LOG: statement: SELECT
$$connected with user=ssltestuser dbname=trustdb sslcert=invalid
hostaddr=127.0.0.1 host=common-name.pg-ssltest.test
sslrootcert=ssl/root+server_ca.crt sslmode=verify-ca
sslcrldir=ssl/root+server-crldir$$
2022-02-03 00:27:01.398 +03 [52851] [unknown] LOG: connection received:
host=localhost port=41360
2022-02-03 00:27:01.484 +03 [52851] [unknown] LOG: connection authorized:
user=ssltestuser database=trustdb application_name=001_ssltests.pl SSL
enabled (protocol=TLSv1.3, cipher=AEAD-AES256-GCM-SHA384, bits=256)
2022-02-03 00:27:01.498 +03 [52851] 001_ssltests.pl LOG: statement: SELECT
$$connected with user=ssltestuser dbname=trustdb sslcert=invalid
sslrootcert=ssl/root+server_ca.crt hostaddr=127.0.0.1 sslmode=require
host=wronghost.test$$
2022-02-03 00:27:01.585 +03 [40160] [unknown] LOG: connection received:
host=localhost port=37625
2022-02-03 00:27:01.987 +03 [40160] [unknown] LOG: connection authorized:
user=ssltestuser database=trustdb application_name=001_ssltests.pl SSL
enabled (protocol=TLSv1.3, cipher=AEAD-AES256-GCM-SHA384, bits=256)
2022-02-03 00:27:02.047 +03 [40160] 001_ssltests.pl LOG: statement: SELECT
$$connected with user=ssltestuser dbname=trustdb sslcert=invalid
sslrootcert=ssl/root+server_ca.crt hostaddr=127.0.0.1 sslmode=verify-ca
host=wronghost.test$$
2022-02-03 00:27:02.189 +03 [61439] [unknown] LOG: connection received:
host=localhost port=42493
2022-02-03 00:27:02.436 +03 [87966] LOG: received fast shutdown request
2022-02-03 00:27:02.436 +03 [87966] LOG: aborting any active transactions
2022-02-03 00:27:02.441 +03 [87966] LOG: background worker "logical
replication launcher" (PID 15053) exited with exit code 1
2022-02-03 00:27:02.441 +03 [95537] LOG: shutting down
2022-02-03 00:27:02.441 +03 [95537] LOG: checkpoint starting: shutdown
immediate
2022-02-03 00:27:02.443 +03 [95537] LOG: checkpoint complete: wrote 4
buffers (0.0%); 0 WAL file(s) added, 0 removed, 0 recycled; write=0.001 s,
sync=0.001 s, total=0.002 s; sync files=0, longest=0.000 s, average=0.000 s;
distance=0 kB, estimate=0 kB
2022-02-03 00:27:02.451 +03 [87966] LOG: database system is shut down
2022-02-03 00:27:02.583 +03 [54211] LOG: starting PostgreSQL 15devel on
x86_64-unknown-openbsd7.0, compiled by OpenBSD clang version 11.1.0,
64-bit
2022-02-03 00:27:02.583 +03 [54211] LOG: listening on IPv4 address
"127.0.0.1", port 56010
2022-02-03 00:27:02.585 +03 [54211] LOG: listening on Unix socket
"/tmp/rkGcakKpBu/.s.PGSQL.56010"
2022-02-03 00:27:02.632 +03 [33944] LOG: database system was shut down at
2022-02-03 00:27:02 +03
2022-02-03 00:27:02.681 +03 [54211] LOG: database system is ready to accept
connections
2022-02-03 00:27:02.854 +03 [5733] [unknown] LOG: connection received:
host=localhost port=32424
2022-02-03 00:27:02.993 +03 [5733] [unknown] LOG: connection authorized:
user=ssltestuser database=trustdb application_name=001_ssltests.pl SSL
enabled (protocol=TLSv1.3, cipher=AEAD-AES256-GCM-SHA384, bits=256)
2022-02-03 00:27:03.114 +03 [5733] 001_ssltests.pl LOG: statement: SELECT
$$connected with user=ssltestuser dbname=trustdb sslcert=invalid
sslrootcert=ssl/root+server_ca.crt hostaddr=127.0.0.1 sslmode=verify-full
host=dns1.alt-name.pg-ssltest.test$$
2022-02-03 00:27:03.205 +03 [87701] [unknown] LOG: connection received:
host=localhost port=15430
2022-02-03 00:27:03.314 +03 [87701] [unknown] LOG: connection authorized:
user=ssltestuser database=trustdb application_name=001_ssltests.pl SSL
enabled (protocol=TLSv1.3, cipher=AEAD-AES256-GCM-SHA384, bits=256)
2022-02-03 00:27:03.326 +03 [87701] 001_ssltests.pl LOG: statement: SELECT
$$connected with user=ssltestuser dbname=trustdb sslcert=invalid
sslrootcert=ssl/root+server_ca.crt hostaddr=127.0.0.1 sslmode=verify-full
host=dns2.alt-name.pg-ssltest.test$$
2022-02-03 00:27:03.472 +03 [99455] [unknown] LOG: connection received:
host=localhost port=13487
2022-02-03 00:27:03.668 +03 [99455] [unknown] LOG: connection authorized:
user=ssltestuser database=trustdb application_name=001_ssltests.pl SSL
enabled (protocol=TLSv1.3, cipher=AEAD-AES256-GCM-SHA384, bits=256)
2022-02-03 00:27:03.694 +03 [99455] 001_ssltests.pl LOG: statement: SELECT
$$connected with user=ssltestuser dbname=trustdb sslcert=invalid
sslrootcert=ssl/root+server_ca.crt hostaddr=127.0.0.1 sslmode=verify-full
host=foo.wildcard.pg-ssltest.test$$
2022-02-03 00:27:03.958 +03 [56631] [unknown] LOG: connection received:
host=localhost port=17831
2022-02-03 00:27:04.300 +03 [35125] [unknown] LOG: connection received:
host=localhost port=48918
2022-02-03 00:27:04.949 +03 [54211] LOG: received fast shutdown request
2022-02-03 00:27:04.949 +03 [54211] LOG: aborting any active transactions
2022-02-03 00:27:04.953 +03 [54211] LOG: background worker "logical
replication launcher" (PID 38490) exited with exit code 1
2022-02-03 00:27:04.953 +03 [69508] LOG: shutting down
2022-02-03 00:27:04.953 +03 [69508] LOG: checkpoint starting: shutdown
immediate
2022-02-03 00:27:04.955 +03 [69508] LOG: checkpoint complete: wrote 3
buffers (0.0%); 0 WAL file(s) added, 0 removed, 0 recycled; write=0.001 s,
sync=0.001 s, total=0.002 s; sync files=0, longest=0.000 s, average=0.000 s;
distance=0 kB, estimate=0 kB
2022-02-03 00:27:04.961 +03 [54211] LOG: database system is shut down
2022-02-03 00:27:06.096 +03 [65102] LOG: starting PostgreSQL 15devel on
x86_64-unknown-openbsd7.0, compiled by OpenBSD clang version 11.1.0,
64-bit
2022-02-03 00:27:06.096 +03 [65102] LOG: listening on IPv4 address
"127.0.0.1", port 56010
2022-02-03 00:27:06.097 +03 [65102] LOG: listening on Unix socket
"/tmp/rkGcakKpBu/.s.PGSQL.56010"
2022-02-03 00:27:06.123 +03 [9859] LOG: database system was shut down at
2022-02-03 00:27:04 +03
2022-02-03 00:27:06.131 +03 [65102] LOG: database system is ready to accept
connections
2022-02-03 00:27:06.410 +03 [10840] [unknown] LOG: connection received:
host=localhost port=10396
2022-02-03 00:27:07.129 +03 [10840] [unknown] LOG: connection authorized:
user=ssltestuser database=trustdb application_name=001_ssltests.pl SSL
enabled (protocol=TLSv1.3, cipher=AEAD-AES256-GCM-SHA384, bits=256)
2022-02-03 00:27:07.182 +03 [10840] 001_ssltests.pl LOG: statement: SELECT
$$connected with user=ssltestuser dbname=trustdb sslcert=invalid
sslrootcert=ssl/root+server_ca.crt hostaddr=127.0.0.1 sslmode=verify-full
host=single.alt-name.pg-ssltest.test$$
2022-02-03 00:27:07.417 +03 [18339] [unknown] LOG: connection received:
host=localhost port=45593
2022-02-03 00:27:07.757 +03 [38783] [unknown] LOG: connection received:
host=localhost port=43413
2022-02-03 00:27:07.977 +03 [65102] LOG: received fast shutdown request
2022-02-03 00:27:07.977 +03 [65102] LOG: aborting any active transactions
2022-02-03 00:27:07.980 +03 [65102] LOG: background worker "logical
replication launcher" (PID 75820) exited with exit code 1
2022-02-03 00:27:07.980 +03 [39362] LOG: shutting down
2022-02-03 00:27:07.980 +03 [39362] LOG: checkpoint starting: shutdown
immediate
2022-02-03 00:27:07.981 +03 [39362] LOG: checkpoint complete: wrote 3
buffers (0.0%); 0 WAL file(s) added, 0 removed, 0 recycled; write=0.001 s,
sync=0.001 s, total=0.002 s; sync files=0, longest=0.000 s, average=0.000 s;
distance=0 kB, estimate=0 kB
2022-02-03 00:27:07.985 +03 [65102] LOG: database system is shut down
2022-02-03 00:27:08.117 +03 [28120] LOG: starting PostgreSQL 15devel on
x86_64-unknown-openbsd7.0, compiled by OpenBSD clang version 11.1.0,
64-bit
2022-02-03 00:27:08.117 +03 [28120] LOG: listening on IPv4 address
"127.0.0.1", port 56010
2022-02-03 00:27:08.117 +03 [28120] LOG: listening on Unix socket
"/tmp/rkGcakKpBu/.s.PGSQL.56010"
2022-02-03 00:27:08.134 +03 [76752] LOG: database system was shut down at
2022-02-03 00:27:07 +03
2022-02-03 00:27:08.136 +03 [28120] LOG: database system is ready to accept
connections
2022-02-03 00:27:08.300 +03 [7921] [unknown] LOG: connection received:
host=localhost port=1235
2022-02-03 00:27:08.575 +03 [7921] [unknown] LOG: connection authorized:
user=ssltestuser database=trustdb application_name=001_ssltests.pl SSL
enabled (protocol=TLSv1.3, cipher=AEAD-AES256-GCM-SHA384, bits=256)
2022-02-03 00:27:08.860 +03 [7921] 001_ssltests.pl LOG: statement: SELECT
$$connected with user=ssltestuser dbname=trustdb sslcert=invalid
sslrootcert=ssl/root+server_ca.crt hostaddr=127.0.0.1 sslmode=verify-full
host=dns1.alt-name.pg-ssltest.test$$
2022-02-03 00:27:09.027 +03 [33529] [unknown] LOG: connection received:
host=localhost port=3769
2022-02-03 00:27:09.227 +03 [33529] [unknown] LOG: connection authorized:
user=ssltestuser database=trustdb application_name=001_ssltests.pl SSL
enabled (protocol=TLSv1.3, cipher=AEAD-AES256-GCM-SHA384, bits=256)
2022-02-03 00:27:09.234 +03 [33529] 001_ssltests.pl LOG: statement: SELECT
$$connected with user=ssltestuser dbname=trustdb sslcert=invalid
sslrootcert=ssl/root+server_ca.crt hostaddr=127.0.0.1 sslmode=verify-full
host=dns2.alt-name.pg-ssltest.test$$
2022-02-03 00:27:09.315 +03 [69195] [unknown] LOG: connection received:
host=localhost port=39582
2022-02-03 00:27:09.525 +03 [28120] LOG: received fast shutdown request
2022-02-03 00:27:09.525 +03 [28120] LOG: aborting any active transactions
2022-02-03 00:27:09.528 +03 [28120] LOG: background worker "logical
replication launcher" (PID 61885) exited with exit code 1
2022-02-03 00:27:09.528 +03 [4767] LOG: shutting down
2022-02-03 00:27:09.529 +03 [4767] LOG: checkpoint starting: shutdown
immediate
2022-02-03 00:27:09.530 +03 [4767] LOG: checkpoint complete: wrote 3
buffers (0.0%); 0 WAL file(s) added, 0 removed, 0 recycled; write=0.001 s,
sync=0.001 s, total=0.002 s; sync files=0, longest=0.000 s, average=0.000 s;
distance=0 kB, estimate=0 kB
2022-02-03 00:27:09.535 +03 [28120] LOG: database system is shut down
2022-02-03 00:27:09.707 +03 [50785] LOG: starting PostgreSQL 15devel on
x86_64-unknown-openbsd7.0, compiled by OpenBSD clang version 11.1.0,
64-bit
2022-02-03 00:27:09.707 +03 [50785] LOG: listening on IPv4 address
"127.0.0.1", port 56010
2022-02-03 00:27:09.707 +03 [50785] LOG: listening on Unix socket
"/tmp/rkGcakKpBu/.s.PGSQL.56010"
2022-02-03 00:27:09.742 +03 [24937] LOG: database system was shut down at
2022-02-03 00:27:09 +03
2022-02-03 00:27:09.754 +03 [50785] LOG: database system is ready to accept
connections
2022-02-03 00:27:09.862 +03 [70733] [unknown] LOG: connection received:
host=localhost port=31324
2022-02-03 00:27:09.971 +03 [70733] [unknown] LOG: connection authorized:
user=ssltestuser database=trustdb application_name=001_ssltests.pl SSL
enabled (protocol=TLSv1.3, cipher=AEAD-AES256-GCM-SHA384, bits=256)
2022-02-03 00:27:09.992 +03 [70733] 001_ssltests.pl LOG: statement: SELECT
$$connected with user=ssltestuser dbname=trustdb sslcert=invalid
sslrootcert=ssl/root+server_ca.crt hostaddr=127.0.0.1 sslmode=verify-ca
host=common-name.pg-ssltest.test$$
2022-02-03 00:27:10.151 +03 [42736] [unknown] LOG: connection received:
host=localhost port=11626
2022-02-03 00:27:10.338 +03 [50785] LOG: received fast shutdown request
2022-02-03 00:27:10.338 +03 [50785] LOG: aborting any active transactions
2022-02-03 00:27:10.340 +03 [50785] LOG: background worker "logical
replication launcher" (PID 25760) exited with exit code 1
2022-02-03 00:27:10.340 +03 [63437] LOG: shutting down
2022-02-03 00:27:10.340 +03 [63437] LOG: checkpoint starting: shutdown
immediate
2022-02-03 00:27:10.343 +03 [63437] LOG: checkpoint complete: wrote 3
buffers (0.0%); 0 WAL file(s) added, 0 removed, 0 recycled; write=0.001 s,
sync=0.001 s, total=0.003 s; sync files=0, longest=0.000 s, average=0.000 s;
distance=0 kB, estimate=0 kB
2022-02-03 00:27:10.348 +03 [50785] LOG: database system is shut down
2022-02-03 00:27:10.444 +03 [83429] LOG: starting PostgreSQL 15devel on
x86_64-unknown-openbsd7.0, compiled by OpenBSD clang version 11.1.0,
64-bit
2022-02-03 00:27:10.444 +03 [83429] LOG: listening on IPv4 address
"127.0.0.1", port 56010
2022-02-03 00:27:10.444 +03 [83429] LOG: listening on Unix socket
"/tmp/rkGcakKpBu/.s.PGSQL.56010"
2022-02-03 00:27:10.459 +03 [64141] LOG: database system was shut down at
2022-02-03 00:27:10 +03
2022-02-03 00:27:10.461 +03 [83429] LOG: database system is ready to accept
connections
2022-02-03 00:27:10.598 +03 [59512] [unknown] LOG: connection received:
host=localhost port=36151
2022-02-03 00:27:10.660 +03 [59512] [unknown] LOG: connection authorized:
user=ssltestuser database=trustdb application_name=001_ssltests.pl SSL
enabled (protocol=TLSv1.3, cipher=AEAD-AES256-GCM-SHA384, bits=256)
2022-02-03 00:27:10.870 +03 [59512] 001_ssltests.pl LOG: statement: SELECT
$$connected with user=ssltestuser dbname=trustdb sslcert=invalid
hostaddr=127.0.0.1 host=common-name.pg-ssltest.test
sslrootcert=ssl/root+server_ca.crt sslmode=verify-ca$$
2022-02-03 00:27:10.998 +03 [44649] [unknown] LOG: connection received:
host=localhost port=3558
2022-02-03 00:27:11.336 +03 [44649] [unknown] LOG: could not accept SSL
connection: sslv3 alert certificate revoked
2022-02-03 00:27:11.430 +03 [36439] [unknown] LOG: connection received:
host=localhost port=12757
2022-02-03 00:27:11.472 +03 [36439] [unknown] LOG: could not accept SSL
connection: sslv3 alert certificate revoked
2022-02-03 00:27:11.543 +03 [27312] [unknown] LOG: connection received:
host=localhost port=22355
2022-02-03 00:27:11.838 +03 [27312] [unknown] LOG: connection authorized:
user=ssltestuser database=trustdb application_name=001_ssltests.pl SSL
enabled (protocol=TLSv1.3, cipher=AEAD-AES256-GCM-SHA384, bits=256)
2022-02-03 00:27:11.897 +03 [27312] 001_ssltests.pl LOG: statement: SELECT
* FROM pg_stat_ssl WHERE pid = pg_backend_pid()
2022-02-03 00:27:12.189 +03 [52690] [unknown] LOG: connection received:
host=localhost port=23076
2022-02-03 00:27:12.245 +03 [52690] [unknown] LOG: connection authorized:
user=ssltestuser database=trustdb application_name=001_ssltests.pl SSL
enabled (protocol=TLSv1.2, cipher=ECDHE-RSA-AES256-GCM-SHA384, bits=256)
2022-02-03 00:27:12.256 +03 [52690] 001_ssltests.pl LOG: statement: SELECT
$$connected with user=ssltestuser dbname=trustdb sslcert=invalid
hostaddr=127.0.0.1 host=common-name.pg-ssltest.test
sslrootcert=ssl/root+server_ca.crt sslmode=require
ssl_min_protocol_version=TLSv1.2 ssl_max_protocol_version=TLSv1.2$$
2022-02-03 00:27:12.793 +03 [36971] [unknown] LOG: connection received:
host=localhost port=2717
2022-02-03 00:27:12.851 +03 [36971] [unknown] LOG: could not accept SSL
connection: sslv3 alert illegal parameter
2022-02-03 00:27:13.139 +03 [67032] [unknown] LOG: connection received:
host=localhost port=14305
2022-02-03 00:27:13.215 +03 [67032] [unknown] LOG: could not accept SSL
connection: sslv3 alert illegal parameter
2022-02-03 00:27:13.390 +03 [67442] [unknown] LOG: connection received:
host=localhost port=13873
2022-02-03 00:27:13.434 +03 [67442] [unknown] LOG: could not accept SSL
connection: sslv3 alert illegal parameter
2022-02-03 00:27:13.774 +03 [9375] [unknown] LOG: connection received:
host=localhost port=20439
2022-02-03 00:27:13.834 +03 [9375] [unknown] LOG: could not accept SSL
connection: sslv3 alert illegal parameter
2022-02-03 00:27:14.016 +03 [49711] [unknown] LOG: connection received:
host=localhost port=19814
2022-02-03 00:27:14.052 +03 [49711] [unknown] LOG: could not accept SSL
connection: sslv3 alert illegal parameter
2022-02-03 00:27:14.292 +03 [28112] [unknown] LOG: connection received:
host=localhost port=44709
2022-02-03 00:27:14.356 +03 [28112] [unknown] LOG: could not accept SSL
connection: EOF detected
2022-02-03 00:27:14.421 +03 [73952] [unknown] LOG: connection received:
host=localhost port=26092
2022-02-03 00:27:14.433 +03 [73952] [unknown] LOG: could not accept SSL
connection: sslv3 alert illegal parameter
2022-02-03 00:27:14.758 +03 [48484] [unknown] LOG: connection received:
host=localhost port=19155
2022-02-03 00:27:14.773 +03 [48484] [unknown] LOG: could not accept SSL
connection: sslv3 alert illegal parameter
2022-02-03 00:27:14.839 +03 [74476] [unknown] LOG: connection received:
host=localhost port=20094
2022-02-03 00:27:14.851 +03 [74476] [unknown] LOG: could not accept SSL
connection: sslv3 alert illegal parameter
2022-02-03 00:27:14.995 +03 [25958] [unknown] LOG: connection received:
host=localhost port=5219
2022-02-03 00:27:15.008 +03 [25958] [unknown] LOG: could not accept SSL
connection: sslv3 alert illegal parameter
2022-02-03 00:27:15.127 +03 [60506] [unknown] LOG: connection received:
host=localhost port=41191
2022-02-03 00:27:15.159 +03 [60506] [unknown] LOG: could not accept SSL
connection: EOF detected
2022-02-03 00:27:15.207 +03 [395] [unknown] LOG: connection received:
host=localhost port=1925
2022-02-03 00:27:15.227 +03 [395] [unknown] LOG: could not accept SSL
connection: sslv3 alert illegal parameter
2022-02-03 00:27:15.312 +03 [7195] [unknown] LOG: connection received:
host=localhost port=4367
2022-02-03 00:27:15.332 +03 [7195] [unknown] LOG: could not accept SSL
connection: sslv3 alert illegal parameter
2022-02-03 00:27:15.439 +03 [75715] [unknown] LOG: connection received:
host=localhost port=44836
2022-02-03 00:27:15.457 +03 [75715] [unknown] LOG: could not accept SSL
connection: sslv3 alert illegal parameter
2022-02-03 00:27:15.586 +03 [95142] [unknown] LOG: connection received:
host=localhost port=8336
2022-02-03 00:27:15.606 +03 [95142] [unknown] LOG: could not accept SSL
connection: sslv3 alert illegal parameter
2022-02-03 00:27:15.702 +03 [98682] [unknown] LOG: connection received:
host=localhost port=12937
2022-02-03 00:27:15.729 +03 [98682] [unknown] LOG: could not accept SSL
connection: sslv3 alert illegal parameter
2022-02-03 00:27:15.809 +03 [83429] LOG: received fast shutdown request
2022-02-03 00:27:15.809 +03 [83429] LOG: aborting any active transactions
2022-02-03 00:27:15.812 +03 [83429] LOG: background worker "logical
replication launcher" (PID 47697) exited with exit code 1
2022-02-03 00:27:15.812 +03 [61954] LOG: shutting down
2022-02-03 00:27:15.812 +03 [61954] LOG: checkpoint starting: shutdown
immediate
2022-02-03 00:27:15.813 +03 [61954] LOG: checkpoint complete: wrote 3
buffers (0.0%); 0 WAL file(s) added, 0 removed, 0 recycled; write=0.001 s,
sync=0.001 s, total=0.002 s; sync files=0, longest=0.000 s, average=0.000 s;
distance=0 kB, estimate=0 kB
2022-02-03 00:27:15.818 +03 [83429] LOG: database system is shut down
2022-02-03 00:27:16.026 +03 [65607] LOG: starting PostgreSQL 15devel on
x86_64-unknown-openbsd7.0, compiled by OpenBSD clang version 11.1.0,
64-bit
2022-02-03 00:27:16.026 +03 [65607] LOG: listening on IPv4 address
"127.0.0.1", port 56010
2022-02-03 00:27:16.026 +03 [65607] LOG: listening on Unix socket
"/tmp/rkGcakKpBu/.s.PGSQL.56010"
2022-02-03 00:27:16.130 +03 [46774] LOG: database system was shut down at
2022-02-03 00:27:15 +03
2022-02-03 00:27:16.132 +03 [65607] LOG: database system is ready to accept
connections
2022-02-03 00:27:16.166 +03 [163] [unknown] LOG: connection received:
host=localhost port=30758
2022-02-03 00:27:16.210 +03 [163] [unknown] LOG: could not accept SSL
connection: sslv3 alert illegal parameter
2022-02-03 00:27:16.381 +03 [81662] [unknown] LOG: connection received:
host=localhost port=32497
2022-02-03 00:27:16.428 +03 [81662] [unknown] LOG: could not accept SSL
connection: sslv3 alert illegal parameter
2022-02-03 00:27:16.576 +03 [65607] LOG: received fast shutdown request
2022-02-03 00:27:16.576 +03 [65607] LOG: aborting any active transactions
2022-02-03 00:27:16.579 +03 [65607] LOG: background worker "logical
replication launcher" (PID 96725) exited with exit code 1
2022-02-03 00:27:16.579 +03 [84662] LOG: shutting down
2022-02-03 00:27:16.579 +03 [84662] LOG: checkpoint starting: shutdown
immediate
2022-02-03 00:27:16.581 +03 [84662] LOG: checkpoint complete: wrote 3
buffers (0.0%); 0 WAL file(s) added, 0 removed, 0 recycled; write=0.001 s,
sync=0.001 s, total=0.003 s; sync files=0, longest=0.000 s, average=0.000 s;
distance=0 kB, estimate=0 kB
2022-02-03 00:27:16.585 +03 [65607] LOG: database system is shut down
2022-02-03 00:27:16.979 +03 [47738] LOG: starting PostgreSQL 15devel on
x86_64-unknown-openbsd7.0, compiled by OpenBSD clang version 11.1.0,
64-bit
2022-02-03 00:27:16.979 +03 [47738] LOG: listening on IPv4 address
"127.0.0.1", port 56010
2022-02-03 00:27:16.980 +03 [47738] LOG: listening on Unix socket
"/tmp/rkGcakKpBu/.s.PGSQL.56010"
2022-02-03 00:27:17.007 +03 [75810] LOG: database system was shut down at
2022-02-03 00:27:16 +03
2022-02-03 00:27:17.009 +03 [47738] LOG: database system is ready to accept
connections
2022-02-03 00:27:17.200 +03 [88500] [unknown] LOG: connection received:
host=localhost port=27583
2022-02-03 00:27:17.286 +03 [88500] [unknown] LOG: could not accept SSL
connection: sslv3 alert illegal parameter
2022-02-03 00:27:17.306 +03 [5933] [unknown] LOG: connection received:
host=localhost port=10939
2022-02-03 00:27:17.311 +03 [5933] [unknown] FATAL: no pg_hba.conf entry
for host "127.0.0.1", user "ssltestuser", database "certdb", no encryption
2022-02-03 00:27:17.311 +03 [5933] [unknown] DETAIL: Client IP address
resolved to "localhost", forward lookup not checked.
2022-02-03 00:27:17.631 +03 [47738] LOG: received immediate shutdown
request
2022-02-03 00:27:17.637 +03 [47738] LOG: database system is shut down

regress_log_001_ssltests:

1..110
# setting up data directory
# Checking port 56010
# Found port 56010
Name: primary
Data directory:
/home/postgres/postgres/src/test/ssl/tmp_check/t_001_ssltests_primary_data/pgdata
Backup directory:
/home/postgres/postgres/src/test/ssl/tmp_check/t_001_ssltests_primary_data/backup
Archive directory:
/home/postgres/postgres/src/test/ssl/tmp_check/t_001_ssltests_primary_data/archives
Connection string: port=56010 host=/tmp/rkGcakKpBu
Log file:
/home/postgres/postgres/src/test/ssl/tmp_check/log/001_ssltests_primary.log
# Running: initdb -D
/home/postgres/postgres/src/test/ssl/tmp_check/t_001_ssltests_primary_data/pgdata
-A trust -N
The files belonging to this database system will be owned by user
"postgres".
This user must also own the server process.

The database cluster will be initialized with locales
COLLATE: en_US.UTF-8
CTYPE: en_US.UTF-8
MESSAGES: C
MONETARY: en_US.UTF-8
NUMERIC: en_US.UTF-8
TIME: en_US.UTF-8
The default database encoding has accordingly been set to "UTF8".
The default text search configuration will be set to "english".

Data page checksums are disabled.

creating directory
/home/postgres/postgres/src/test/ssl/tmp_check/t_001_ssltests_primary_data/pgdata
... ok
creating subdirectories ... ok
selecting dynamic shared memory implementation ... posix
selecting default max_connections ... 100
selecting default shared_buffers ... 128MB
selecting default time zone ... Europe/Istanbul
creating configuration files ... ok
running bootstrap script ... ok
performing post-bootstrap initialization ... ok

Sync to disk skipped.
The data directory might become corrupt if the operating system crashes.

Success. You can now start the database server using:

pg_ctl -D
/home/postgres/postgres/src/test/ssl/tmp_check/t_001_ssltests_primary_data/pgdata
-l logfile start

# Running:
/home/postgres/postgres/src/test/ssl/../../../src/test/regress/pg_regress
--config-auth
/home/postgres/postgres/src/test/ssl/tmp_check/t_001_ssltests_primary_data/pgdata
### Starting node "primary"
# Running: pg_ctl -w -D
/home/postgres/postgres/src/test/ssl/tmp_check/t_001_ssltests_primary_data/pgdata
-l
/home/postgres/postgres/src/test/ssl/tmp_check/log/001_ssltests_primary.log
-o --cluster-name=primary start
waiting for server to start.... done
server started
# Postmaster PID for node "primary" is 88304
ok 1 - ssl_library parameter
### Restarting node "primary"
# Running: pg_ctl -w -D
/home/postgres/postgres/src/test/ssl/tmp_check/t_001_ssltests_primary_data/pgdata
-l
/home/postgres/postgres/src/test/ssl/tmp_check/log/001_ssltests_primary.log
restart
waiting for server to shut down... done
server stopped
waiting for server to start.... done
server started
# Postmaster PID for node "primary" is 80056
# testing password-protected keys
# Running: pg_ctl -D
/home/postgres/postgres/src/test/ssl/tmp_check/t_001_ssltests_primary_data/pgdata
-l
/home/postgres/postgres/src/test/ssl/tmp_check/log/001_ssltests_primary.log
restart
waiting for server to shut down... done
server stopped
waiting for server to start.... stopped waiting
pg_ctl: could not start server
Examine the log output.
ok 2 - restart fails with password-protected key file with wrong password
# No postmaster PID for node "primary"
# Running: pg_ctl -D
/home/postgres/postgres/src/test/ssl/tmp_check/t_001_ssltests_primary_data/pgdata
-l
/home/postgres/postgres/src/test/ssl/tmp_check/log/001_ssltests_primary.log
restart
pg_ctl: PID file
"/home/postgres/postgres/src/test/ssl/tmp_check/t_001_ssltests_primary_data/pgdata/postmaster.pid"
does not exist
Is server running?
trying to start server anyway
waiting for server to start.... done
server started
ok 3 - restart succeeds with password-protected key file
# Postmaster PID for node "primary" is 59483
# Running: pg_ctl -D
/home/postgres/postgres/src/test/ssl/tmp_check/t_001_ssltests_primary_data/pgdata
-l
/home/postgres/postgres/src/test/ssl/tmp_check/log/001_ssltests_primary.log
restart
waiting for server to shut down.... done
server stopped
waiting for server to start.... stopped waiting
pg_ctl: could not start server
Examine the log output.
ok 4 - restart fails with incorrect SSL protocol bounds
# Running: pg_ctl -D
/home/postgres/postgres/src/test/ssl/tmp_check/t_001_ssltests_primary_data/pgdata
-l
/home/postgres/postgres/src/test/ssl/tmp_check/log/001_ssltests_primary.log
restart
pg_ctl: PID file
"/home/postgres/postgres/src/test/ssl/tmp_check/t_001_ssltests_primary_data/pgdata/postmaster.pid"
does not exist
Is server running?
trying to start server anyway
waiting for server to start.... done
server started
ok 5 - restart succeeds with correct SSL protocol bounds
# running client tests
### Restarting node "primary"
# Running: pg_ctl -w -D
/home/postgres/postgres/src/test/ssl/tmp_check/t_001_ssltests_primary_data/pgdata
-l
/home/postgres/postgres/src/test/ssl/tmp_check/log/001_ssltests_primary.log
restart
waiting for server to shut down... done
server stopped
waiting for server to start.... done
server started
# Postmaster PID for node "primary" is 87966
ok 6 - server doesn't accept non-SSL connections
ok 7 - server doesn't accept non-SSL connections: matches
ok 8 - connect without server root cert sslmode=require
ok 9 - connect without server root cert sslmode=verify-ca
ok 10 - connect without server root cert sslmode=verify-ca: matches
ok 11 - connect without server root cert sslmode=verify-full
ok 12 - connect without server root cert sslmode=verify-full: matches
ok 13 - connect with wrong server root cert sslmode=require
ok 14 - connect with wrong server root cert sslmode=require: matches
ok 15 - connect with wrong server root cert sslmode=verify-ca
ok 16 - connect with wrong server root cert sslmode=verify-ca: matches
ok 17 - connect with wrong server root cert sslmode=verify-full
ok 18 - connect with wrong server root cert sslmode=verify-full: matches
ok 19 - connect with server CA cert, without root CA
ok 20 - connect with server CA cert, without root CA: matches
ok 21 - connect with correct server CA cert file sslmode=require
ok 22 - connect with correct server CA cert file sslmode=verify-ca
ok 23 - connect with correct server CA cert file sslmode=verify-full
ok 24 - cert root file that contains two certificates, order 1
ok 25 - cert root file that contains two certificates, order 2
ok 26 - sslcrl option with invalid file name
ok 27 - CRL belonging to a different CA
ok 28 - CRL belonging to a different CA: matches
ok 29 - directory CRL belonging to a different CA
ok 30 - directory CRL belonging to a different CA: matches
ok 31 - CRL with a non-revoked cert
ok 32 - directory CRL with a non-revoked cert
ok 33 - mismatch between host name and server certificate sslmode=require
ok 34 - mismatch between host name and server certificate
sslmode=verify-ca
ok 35 - mismatch between host name and server certificate
sslmode=verify-full
ok 36 - mismatch between host name and server certificate
sslmode=verify-full: matches
### Restarting node "primary"
# Running: pg_ctl -w -D
/home/postgres/postgres/src/test/ssl/tmp_check/t_001_ssltests_primary_data/pgdata
-l
/home/postgres/postgres/src/test/ssl/tmp_check/log/001_ssltests_primary.log
restart
waiting for server to shut down... done
server stopped
waiting for server to start.... done
server started
# Postmaster PID for node "primary" is 54211
ok 37 - host name matching with X.509 Subject Alternative Names 1
ok 38 - host name matching with X.509 Subject Alternative Names 2
ok 39 - host name matching with X.509 Subject Alternative Names wildcard
ok 40 - host name not matching with X.509 Subject Alternative Names
ok 41 - host name not matching with X.509 Subject Alternative Names:
matches
ok 42 - host name not matching with X.509 Subject Alternative Names
wildcard
ok 43 - host name not matching with X.509 Subject Alternative Names
wildcard: matches
### Restarting node "primary"
# Running: pg_ctl -w -D
/home/postgres/postgres/src/test/ssl/tmp_check/t_001_ssltests_primary_data/pgdata
-l
/home/postgres/postgres/src/test/ssl/tmp_check/log/001_ssltests_primary.log
restart
waiting for server to shut down... done
server stopped
waiting for server to start.... done
server started
# Postmaster PID for node "primary" is 65102
ok 44 - host name matching with a single X.509 Subject Alternative Name
ok 45 - host name not matching with a single X.509 Subject Alternative
Name
ok 46 - host name not matching with a single X.509 Subject Alternative Name:
matches
ok 47 - host name not matching with a single X.509 Subject Alternative Name
wildcard
ok 48 - host name not matching with a single X.509 Subject Alternative Name
wildcard: matches
### Restarting node "primary"
# Running: pg_ctl -w -D
/home/postgres/postgres/src/test/ssl/tmp_check/t_001_ssltests_primary_data/pgdata
-l
/home/postgres/postgres/src/test/ssl/tmp_check/log/001_ssltests_primary.log
restart
waiting for server to shut down.... done
server stopped
waiting for server to start.... done
server started
# Postmaster PID for node "primary" is 28120
ok 49 - certificate with both a CN and SANs 1
ok 50 - certificate with both a CN and SANs 2
ok 51 - certificate with both a CN and SANs ignores CN
ok 52 - certificate with both a CN and SANs ignores CN: matches
### Restarting node "primary"
# Running: pg_ctl -w -D
/home/postgres/postgres/src/test/ssl/tmp_check/t_001_ssltests_primary_data/pgdata
-l
/home/postgres/postgres/src/test/ssl/tmp_check/log/001_ssltests_primary.log
restart
waiting for server to shut down.... done
server stopped
waiting for server to start.... done
server started
# Postmaster PID for node "primary" is 50785
ok 53 - server certificate without CN or SANs sslmode=verify-ca
ok 54 - server certificate without CN or SANs sslmode=verify-full
ok 55 - server certificate without CN or SANs sslmode=verify-full: matches
### Restarting node "primary"
# Running: pg_ctl -w -D
/home/postgres/postgres/src/test/ssl/tmp_check/t_001_ssltests_primary_data/pgdata
-l
/home/postgres/postgres/src/test/ssl/tmp_check/log/001_ssltests_primary.log
restart
waiting for server to shut down... done
server stopped
waiting for server to start.... done
server started
# Postmaster PID for node "primary" is 83429
ok 56 - connects without client-side CRL
ok 57 - does not connect with client-side CRL file
ok 58 - does not connect with client-side CRL file: matches
ok 59 - does not connect with client-side CRL directory
ok 60 - does not connect with client-side CRL directory: matches
# Running: psql -X -A -F , -P null=_null_ -d user=ssltestuser dbname=trustdb
sslcert=invalid hostaddr=127.0.0.1 host=common-name.pg-ssltest.test
sslrootcert=invalid -c SELECT * FROM pg_stat_ssl WHERE pid =
pg_backend_pid()
ok 61 - pg_stat_ssl view without client certificate: exit code 0
ok 62 - pg_stat_ssl view without client certificate: no stderr
ok 63 - pg_stat_ssl view without client certificate: matches
ok 64 - connection success with correct range of TLS protocol versions
ok 65 - connection failure with incorrect range of TLS protocol versions
ok 66 - connection failure with incorrect range of TLS protocol versions:
matches
ok 67 - connection failure with an incorrect SSL protocol minimum bound
ok 68 - connection failure with an incorrect SSL protocol minimum bound:
matches
ok 69 - connection failure with an incorrect SSL protocol maximum bound
ok 70 - connection failure with an incorrect SSL protocol maximum bound:
matches
# running server tests
ok 71 - certificate authorization fails without client cert
not ok 72 - certificate authorization fails without client cert: matches

# Failed test 'certificate authorization fails without client cert:
matches'
# at t/001_ssltests.pl line 402.
# 'psql: error: connection to server at "127.0.0.1", port
56010 failed: SSL error: sslv3 alert illegal parameter'
# doesn't match '(?^:connection requires a valid client certificate)'
not ok 73 - certificate authorization succeeds with correct client cert in
PEM format

# Failed test 'certificate authorization succeeds with correct client cert
in PEM format'
# at t/001_ssltests.pl line 408.
# got: '2'
# expected: '0'
not ok 74 - certificate authorization succeeds with correct client cert in
DER format

# Failed test 'certificate authorization succeeds with correct client cert
in DER format'
# at t/001_ssltests.pl line 414.
# got: '2'
# expected: '0'
not ok 75 - certificate authorization succeeds with correct client cert in
encrypted PEM format

# Failed test 'certificate authorization succeeds with correct client cert
in encrypted PEM format'
# at t/001_ssltests.pl line 420.
# got: '2'
# expected: '0'
not ok 76 - certificate authorization succeeds with correct client cert in
encrypted DER format

# Failed test 'certificate authorization succeeds with correct client cert
in encrypted DER format'
# at t/001_ssltests.pl line 426.
# got: '2'
# expected: '0'
ok 77 - certificate authorization fails with correct client cert and wrong
password in encrypted PEM format
ok 78 - certificate authorization fails with correct client cert and wrong
password in encrypted PEM format: matches
not ok 79 - certificate authorization succeeds with DN mapping

# Failed test 'certificate authorization succeeds with DN mapping'
# at t/001_ssltests.pl line 443.
# got: '2'
# expected: '0'
not ok 80 - certificate authorization succeeds with DN mapping: log
matches

# Failed test 'certificate authorization succeeds with DN mapping: log
matches'
# at t/001_ssltests.pl line 443.
# '2022-02-03 00:27:14.421 +03 [73952] [unknown] LOG:
connection received: host=localhost port=26092
# 2022-02-03 00:27:14.433 +03 [73952] [unknown] LOG: could not accept SSL
connection: sslv3 alert illegal parameter
# '
# doesn't match '(?^:connection authenticated:
identity="CN=ssltestuser-dn,OU=Testing,OU=Engineering,O=PGDG"
method=cert)'
not ok 81 - certificate authorization succeeds with DN regex mapping

# Failed test 'certificate authorization succeeds with DN regex mapping'
# at t/001_ssltests.pl line 453.
# got: '2'
# expected: '0'
not ok 82 - certificate authorization succeeds with CN mapping

# Failed test 'certificate authorization succeeds with CN mapping'
# at t/001_ssltests.pl line 460.
# got: '2'
# expected: '0'
not ok 83 - certificate authorization succeeds with CN mapping: log
matches

# Failed test 'certificate authorization succeeds with CN mapping: log
matches'
# at t/001_ssltests.pl line 460.
# '2022-02-03 00:27:14.839 +03 [74476] [unknown] LOG:
connection received: host=localhost port=20094
# 2022-02-03 00:27:14.851 +03 [74476] [unknown] LOG: could not accept SSL
connection: sslv3 alert illegal parameter
# '
# doesn't match '(?^:connection authenticated:
identity="CN=ssltestuser-dn,OU=Testing,OU=Engineering,O=PGDG"
method=cert)'
not ok 84 # TODO & SKIP Need Pty support
not ok 85 # TODO & SKIP Need Pty support
not ok 86 # TODO & SKIP Need Pty support
not ok 87 # TODO & SKIP Need Pty support
Hexadecimal number > 0xffffffff non-portable at t/001_ssltests.pl line
508.
# Running: psql -X -A -F , -P null=_null_ -d
sslrootcert=ssl/root+server_ca.crt sslmode=require dbname=certdb
hostaddr=127.0.0.1 user=ssltestuser sslcert=ssl/client.crt
sslkey=/home/postgres/postgres/src/test/ssl/tmp_check/tmp_test_b1a4/client.key
-c SELECT * FROM pg_stat_ssl WHERE pid = pg_backend_pid()
not ok 88 - pg_stat_ssl with client certificate: exit code 0

# Failed test 'pg_stat_ssl with client certificate: exit code 0'
# at t/001_ssltests.pl line 523.
not ok 89 - pg_stat_ssl with client certificate: no stderr

# Failed test 'pg_stat_ssl with client certificate: no stderr'
# at t/001_ssltests.pl line 523.
# got: 'psql: error: connection to server at "127.0.0.1", port
56010 failed: SSL error: sslv3 alert illegal parameter
# '
# expected: ''
not ok 90 - pg_stat_ssl with client certificate: matches

# Failed test 'pg_stat_ssl with client certificate: matches'
# at t/001_ssltests.pl line 523.
# ''
# doesn't match
'(?^mx:^pid,ssl,version,cipher,bits,client_dn,client_serial,issuer_dn\r?\n
#
^\d+,t,TLSv[\d.]+,[\w-]+,\d+,/CN=ssltestuser,2315134995201656576,\/CN\=Test\
CA\ for\ PostgreSQL\ SSL\ regression\ test\ client\ certs\r?$)'
ok 91 - certificate authorization fails because of file permissions
ok 92 - certificate authorization fails because of file permissions:
matches
ok 93 - certificate authorization fails with client cert belonging to
another user
not ok 94 - certificate authorization fails with client cert belonging to
another user: matches

# Failed test 'certificate authorization fails with client cert belonging
to another user: matches'
# at t/001_ssltests.pl line 556.
# 'psql: error: connection to server at "127.0.0.1", port
56010 failed: SSL error: sslv3 alert illegal parameter'
# doesn't match '(?^:certificate authentication failed for user
"anotheruser")'
not ok 95 - certificate authorization fails with client cert belonging to
another user: log matches

# Failed test 'certificate authorization fails with client cert belonging
to another user: log matches'
# at t/001_ssltests.pl line 556.
# '2022-02-03 00:27:15.207 +03 [395] [unknown] LOG:
connection received: host=localhost port=1925
# 2022-02-03 00:27:15.227 +03 [395] [unknown] LOG: could not accept SSL
connection: sslv3 alert illegal parameter
# '
# doesn't match '(?^:connection authenticated: identity="CN=ssltestuser"
method=cert)'
ok 96 - certificate authorization fails with revoked client cert
not ok 97 - certificate authorization fails with revoked client cert:
matches

# Failed test 'certificate authorization fails with revoked client cert:
matches'
# at t/001_ssltests.pl line 565.
# 'psql: error: connection to server at "127.0.0.1", port
56010 failed: SSL error: sslv3 alert illegal parameter'
# doesn't match '(?^:SSL error: sslv3 alert certificate revoked)'
ok 98 - certificate authorization fails with revoked client cert: log does
not match
not ok 99 - auth_option clientcert=verify-full succeeds with matching
username and Common Name

# Failed test 'auth_option clientcert=verify-full succeeds with matching
username and Common Name'
# at t/001_ssltests.pl line 578.
# got: '2'
# expected: '0'
ok 100 - auth_option clientcert=verify-full succeeds with matching username
and Common Name: log does not match
ok 101 - auth_option clientcert=verify-full fails with mismatching username
and Common Name
not ok 102 - auth_option clientcert=verify-full fails with mismatching
username and Common Name: matches

# Failed test 'auth_option clientcert=verify-full fails with mismatching
username and Common Name: matches'
# at t/001_ssltests.pl line 584.
# 'psql: error: connection to server at "127.0.0.1", port
56010 failed: SSL error: sslv3 alert illegal parameter'
# doesn't match '(?^:FATAL: .* "trust" authentication failed for user
"anotheruser")'
ok 103 - auth_option clientcert=verify-full fails with mismatching username
and Common Name: log does not match
not ok 104 - auth_option clientcert=verify-ca succeeds with mismatching
username and Common Name

# Failed test 'auth_option clientcert=verify-ca succeeds with mismatching
username and Common Name'
# at t/001_ssltests.pl line 594.
# got: '2'
# expected: '0'
ok 105 - auth_option clientcert=verify-ca succeeds with mismatching username
and Common Name: log does not match
### Restarting node "primary"
# Running: pg_ctl -w -D
/home/postgres/postgres/src/test/ssl/tmp_check/t_001_ssltests_primary_data/pgdata
-l
/home/postgres/postgres/src/test/ssl/tmp_check/log/001_ssltests_primary.log
restart
waiting for server to shut down.... done
server stopped
waiting for server to start.... done
server started
# Postmaster PID for node "primary" is 65607
not ok 106 - intermediate client certificate is provided by client

# Failed test 'intermediate client certificate is provided by client'
# at t/001_ssltests.pl line 605.
# got: '2'
# expected: '0'
ok 107 - intermediate client certificate is missing
not ok 108 - intermediate client certificate is missing: matches

# Failed test 'intermediate client certificate is missing: matches'
# at t/001_ssltests.pl line 608.
# 'psql: error: connection to server at "127.0.0.1", port
56010 failed: SSL error: sslv3 alert illegal parameter'
# doesn't match '(?^:SSL error: tlsv1 alert unknown ca)'
### Restarting node "primary"
# Running: pg_ctl -w -D
/home/postgres/postgres/src/test/ssl/tmp_check/t_001_ssltests_primary_data/pgdata
-l
/home/postgres/postgres/src/test/ssl/tmp_check/log/001_ssltests_primary.log
restart
waiting for server to shut down.... done
server stopped
waiting for server to start.... done
server started
# Postmaster PID for node "primary" is 47738
ok 109 - certificate authorization fails with revoked client cert with
server-side CRL directory
not ok 110 - certificate authorization fails with revoked client cert with
server-side CRL directory: matches

# Failed test 'certificate authorization fails with revoked client cert
with server-side CRL directory: matches'
# at t/001_ssltests.pl line 618.
# 'psql: error: connection to server at "127.0.0.1", port
56010 failed: SSL error: sslv3 alert illegal parameter
# connection to server at "127.0.0.1", port 56010 failed: FATAL: no
pg_hba.conf entry for host "127.0.0.1", user "ssltestuser", database
"certdb", no encryption'
# doesn't match '(?^:SSL error: sslv3 alert certificate revoked)'
### Stopping node "primary" using mode immediate
# Running: pg_ctl -D
/home/postgres/postgres/src/test/ssl/tmp_check/t_001_ssltests_primary_data/pgdata
-m immediate stop
waiting for server to shut down... done
server stopped
# No postmaster PID for node "primary"
# Looks like you failed 22 tests of 110.

Thanks,
Nazir Bilal Yavuz