[pgpool-hackers: 3531] Re: [PATCH] Feature: Support for CRL (Certificate Revocation List)

Wed Mar 4 15:52:15 JST 2020

Hi Umar,

Any update on this?

From: Tatsuo Ishii <ishii at sraoss.co.jp>
Subject: [pgpool-hackers: 3523] Re: [PATCH] Feature: Support for CRL (Certificate Revocation List)
Date: Fri, 28 Feb 2020 14:27:55 +0900 (JST)
Message-ID: <20200228.142755.205379439290164558.t-ishii at sraoss.co.jp>

> Here are comments on your patch.
> 
> - There are some extra trailing spaces.
> 
> $ git apply ~/crl_support_with_testcase.diff 
> /home/t-ishii/crl_support_with_testcase.diff:42: trailing whitespace.
>       Specifies the name of the file containing the SSL server 
> /home/t-ishii/crl_support_with_testcase.diff:43: trailing whitespace.
>       certificate revocation list (CRL). The default is empty, 
> /home/t-ishii/crl_support_with_testcase.diff:199: new blank line at EOF.
> +
> warning: 3 lines add whitespace errors.
> 
> - The pached source code compililes without any error.
> 
> - the regression test (024.cert_auth) failed.
> 
> ./regress.sh 024
> creating pgpool-II temporary installation ...
> moving pgpool_setup to temporary installation path ...
> moving watchdog_setup to temporary installation path ...
> using pgpool-II at /home/t-ishii/work/Pgpool-II/current/pgpool2/src/test/regression/temp/installed
> *************************
> REGRESSION MODE          : install
> PGPOOL-II                : /home/t-ishii/work/Pgpool-II/current/pgpool2/src/test/regression/temp/installed
> PostgreSQL bin           : /usr/local/pgsql/bin
> PostgreSQL Major version : 12
> pgbench                  : /usr/local/pgsql/bin/pgbench
> PostgreSQL jdbc          : /usr/local/pgsql/share/postgresql-9.2-1003.jdbc4.jar
> *************************
> testing 024.cert_auth...failed.
> out of 1 ok:0 failed:1 timeout:0
> 
> This is Ubuntu 18.04.4 LTS.
> 
> $ openssl version
> OpenSSL 1.1.1  11 Sep 2018
> 
> Please find attached log file for the
> regression test.
> 
> Best regards,
> --
> Tatsuo Ishii
> SRA OSS, Inc. Japan
> English: http://www.sraoss.co.jp/index_en.php
> Japanese:http://www.sraoss.co.jp
> 
>> Hi Umar,
>> 
>> I seemed to miss your last email. I will take care your patch
>> tomorrow morning.
>> 
>> Best regards,
>> --
>> Tatsuo Ishii
>> SRA OSS, Inc. Japan
>> English: http://www.sraoss.co.jp/index_en.php
>> Japanese:http://www.sraoss.co.jp
>> 
>>> Hi Tatsuo,
>>> Any update for last patch?
>>> I will be sending more patches in the same area of SSL ( for few other
>>> features ) and the those patches might create conflict on merge.
>>> 
>>> Regards,
>>> Umar Hayat
>>> Principal Software Engineer
>>> EnterpriseDB: https://www.enterprisedb.com
>>> 
>>> On Wed, Feb 19, 2020 at 1:39 PM Umar Hayat <m.umarkiani at gmail.com> wrote:
>>> 
>>>> Hi Tatsuo,
>>>> Please find the attached updated patch with following changes:
>>>> 1. Updated the description of '*ssl_crl_file'* configuration variable.
>>>> 2. Updated test case '024.cert_auth' which verify valid CRL and invalid
>>>> CRL ( CRL with revocation entry )
>>>>
>>>> Regards,
>>>> Umar Hayat
>>>>
>>>>
>>>> On Thu, Feb 13, 2020 at 3:43 AM Tatsuo Ishii <ishii at sraoss.co.jp> wrote:
>>>>
>>>>> > I just followed the description pattern used for other ssl variables. We
>>>>> > can use PostgreSQL doc if we remove following two line from that:
>>>>> > "Relative paths are relative to the data
>>>>> > directory. This parameter can only be set in the postgresql.conf file
>>>>> > or on the server command line.
>>>>> > "
>>>>>
>>>>> Sounds good to me.
>>>>>
>>>>> > - It would be nice to include regression test patch. See
>>>>> >>   src/test/023.ssl_connection for an example.
>>>>> >>
>>>>> >
>>>>> > Sure, I will create and send test patch in src/test/023.ssl_connection.
>>>>> > I will try to generate CRL file for existing certification file in this
>>>>> > this test. If thats not possible, then I have to generate new
>>>>> certification
>>>>> > and CRL file.
>>>>>
>>>>> Thank you. Looking forward to the new patch.
>>>>>
>>>>> Best regards,
>>>>> --
>>>>> Tatsuo Ishii
>>>>> SRA OSS, Inc. Japan
>>>>> English: http://www.sraoss.co.jp/index_en.php
>>>>> Japanese:http://www.sraoss.co.jp
>>>>>
>>>>
>> _______________________________________________
>> pgpool-hackers mailing list
>> pgpool-hackers at pgpool.net
>> http://www.pgpool.net/mailman/listinfo/pgpool-hackers