mirror of https://github.com/citusdata/citus.git
6251eab9b7
fixes #8277 https://git.postgresql.org/gitweb/?p=postgresql.git;a=commitdiff;h=45188c2ea PostgreSQL 18 + newer OpenSSL builds surface `ssl_ciphers` as a **rule string** (e.g., `HIGH:MEDIUM:+3DES:!aNULL`) instead of an expanded cipher list. Our tests hard-pinned the literal list and started failing on PG18. Also, with TLS 1.3 in the picture, we need to assert that cipher configuration is sane without coupling to OpenSSL’s expansion. **What changed** * **sql/ssl_by_default.sql** * Replace brittle `SHOW ssl_ciphers` string matching with invariant checks: * non-empty ciphers: `current_setting('ssl_ciphers') <> ''` * looks like a rule/list: `position(':' in current_setting('ssl_ciphers')) > 0` * Run the same checks on **workers** via `run_command_on_workers`. * Keep existing validations for `ssl=on`, `sslmode=require` in `citus.node_conninfo`, and `pg_stat_ssl.ssl = true`. * **expected/ssl_by_default.out** * Update expected output to booleans for the new checks (less diff-prone across PG/SSL variants). |
||
|---|---|---|
| .. | ||
| cdc | ||
| hammerdb | ||
| regress | ||