Re: [HACKERS] LDAPS

On Wed, Jan 3, 2018 at 5:31 AM, Peter Eisentraut
<peter.eisentraut@2ndquadrant.com> wrote:
> On 12/26/17 15:53, Peter Eisentraut wrote:
>> This patch looks reasonable to me.  I have also seen occasional requests
>> for this in the field.
>>
>> If someone could test this on Windows, I think we could move ahead with it.

Thanks for looking at this.

> A small point on the test changes.  You change the test under
> "diagnostic message", but I'm not sure why.  Do the changes invalidate
> the existing test?

Yeah.  In master, I was relying on the server rejecting ldaptls=1
requests due to lack of configured certificate in order to generate a
diagnostic message.  Now that there is a certificate, I needed to find
another way to get requests rejected with a diagnostic message.  I
have added a brief note to the commit message about this.

> We should probably also add another "note" call to introduce the LDAPS
> tests section.

I realised that I should probably also include a new test for
ldaptls=1, so that we can see that both ways of doing TLS are working.
I added that test, and added a "note" to label the whole section as
"TLS".  Please see attached.

-- 
Thomas Munro
http://www.enterprisedb.com