open-dsi
/
postgres
mirror of https://github.com/postgres/postgres
1
0
Fork 0
Code Issues Packages Projects Releases Wiki Activity

Fix certificate paths to use perl2host

Browse Source 
Commit c113d8ad50 moved the copying of certificates into a temporary path
for the duration of the tests, instead of using the source tree. This broke
the tests on msys as the absolute path wasn't adapted for the msys platform.
Ensure to convert the path with perl2host before copying and passing in the
connection string.

While there also make certificate copying error handling uniform across all
the test suites.

Discussion: https://postgr.es/m/YacT3tm97xziSUFw@paquier.xyz
pull/73/head
Daniel Gustafsson 4 years ago
parent 81fca310b3
commit c3b34a0ff4
3 changed files with 26 additions and 17 deletions
Show all changes Ignore whitespace when comparing lines Ignore changes in amount of whitespace Ignore changes in whitespace at EOL
Show Stats Download Patch File Download Diff File
  1. 21
      src/test/ssl/t/001_ssltests.pl
  2. 10
      src/test/ssl/t/002_scram.pl
  3. 12
      src/test/ssl/t/003_sslinfo.pl

21
src/test/ssl/t/001_ssltests.pl
Unescape View File

@ -42,6 +42,7 @@ my $common_connstr;
# This changes to using keys stored in a temporary path for the rest of # This changes to using keys stored in a temporary path for the rest of
# the tests. To get the full path for inclusion in connection strings, the # the tests. To get the full path for inclusion in connection strings, the
# %key hash can be interrogated. # %key hash can be interrogated.
my $cert_tempdir = PostgreSQL::Test::Utils::tempdir();
my %key; my %key;
my @keys = ( my @keys = (
"client.key", "client-revoked.key", "client.key", "client-revoked.key",
@ -49,21 +50,23 @@ my @keys = (
"client-encrypted-der.key", "client-dn.key"); "client-encrypted-der.key", "client-dn.key");
foreach my $keyfile (@keys) foreach my $keyfile (@keys)
{ {
copy("ssl/${keyfile}", "${PostgreSQL::Test::Utils::tmp_check}/${keyfile}") copy("ssl/$keyfile", "$cert_tempdir/$keyfile")
or die or die
"couldn't copy ssl/${keyfile} to ${PostgreSQL::Test::Utils::tmp_check}/${keyfile} for permissions change: $!"; "couldn't copy ssl/$keyfile to $cert_tempdir/$keyfile for permissions change: $!";
chmod 0600, "${PostgreSQL::Test::Utils::tmp_check}/${keyfile}" chmod 0600, "$cert_tempdir/$keyfile"
or die "failed to change permissions on ${PostgreSQL::Test::Utils::tmp_check}/${keyfile}: $!"; or die "failed to change permissions on $cert_tempdir/$keyfile: $!";
$key{$keyfile} = PostgreSQL::Test::Utils::perl2host("$cert_tempdir/$keyfile");
$key{$keyfile} = "${PostgreSQL::Test::Utils::tmp_check}/$keyfile";
} }
# Also make a copy of that explicitly world-readable. We can't # Also make a copy of that explicitly world-readable. We can't
# necessarily rely on the file in the source tree having those # necessarily rely on the file in the source tree having those
# permissions. # permissions.
copy("ssl/client.key", "${PostgreSQL::Test::Utils::tmp_check}/client_wrongperms.key"); copy("ssl/client.key", "$cert_tempdir/client_wrongperms.key")
chmod 0644, "${PostgreSQL::Test::Utils::tmp_check}/client_wrongperms.key"; or die
$key{'client_wrongperms.key'} = "${PostgreSQL::Test::Utils::tmp_check}/client_wrongperms.key"; "couldn't copy ssl/client_key to $cert_tempdir/client_wrongperms.key for permission change: $!";
chmod 0644, "$cert_tempdir/client_wrongperms.key"
or die "failed to change permissions on $cert_tempdir/client_wrongperms.key: $!";
$key{'client_wrongperms.key'} = PostgreSQL::Test::Utils::perl2host("$cert_tempdir/client_wrongperms.key");
#### Set up the server. #### Set up the server.

10
src/test/ssl/t/002_scram.pl
Unescape View File

@ -95,9 +95,13 @@ $node->connect_fails(
# because channel binding is not performed. Note that ssl/client.key may # because channel binding is not performed. Note that ssl/client.key may
# be used in a different test, so the name of this temporary client key # be used in a different test, so the name of this temporary client key
# is chosen here to be unique. # is chosen here to be unique.
my $client_tmp_key = "${PostgreSQL::Test::Utils::tmp_check}/client_scram.key"; my $cert_tempdir = PostgreSQL::Test::Utils::tempdir();
copy("ssl/client.key", $client_tmp_key); my $client_tmp_key = PostgreSQL::Test::Utils::perl2host("$cert_tempdir/client_scram.key");
chmod 0600, $client_tmp_key; copy("ssl/client.key", "$cert_tempdir/client_scram.key")
or die
"couldn't copy ssl/client_key to $cert_tempdir/client_scram.key for permission change: $!";
chmod 0600, "$cert_tempdir/client_scram.key"
or die "failed to change permissions on $cert_tempdir/client_scram.key: $!";
$node->connect_fails( $node->connect_fails(
"sslcert=ssl/client.crt sslkey=$client_tmp_key sslrootcert=invalid hostaddr=$SERVERHOSTADDR dbname=certdb user=ssltestuser channel_binding=require", "sslcert=ssl/client.crt sslkey=$client_tmp_key sslrootcert=invalid hostaddr=$SERVERHOSTADDR dbname=certdb user=ssltestuser channel_binding=require",
"Cert authentication and channel_binding=require", "Cert authentication and channel_binding=require",

12
src/test/ssl/t/003_sslinfo.pl
Unescape View File

@ -37,11 +37,13 @@ my $common_connstr;
# The client's private key must not be world-readable, so take a copy # The client's private key must not be world-readable, so take a copy
# of the key stored in the code tree and update its permissions. # of the key stored in the code tree and update its permissions.
my $client_tmp_key = "${PostgreSQL::Test::Utils::tmp_check}/client_ext.key"; my $cert_tempdir = PostgreSQL::Test::Utils::tempdir();
copy("ssl/client_ext.key", $client_tmp_key) my $client_tmp_key = PostgreSQL::Test::Utils::perl2host("$cert_tempdir/client_ext.key");
or die "couldn't copy ssl/client_ext.key to $client_tmp_key for permissions change: $!"; copy("ssl/client_ext.key", "$cert_tempdir/client_ext.key")
chmod 0600, $client_tmp_key or die
or die "failed to change permissions on $client_tmp_key: $!"; "couldn't copy ssl/client_ext.key to $cert_tempdir/client_ext.key for permissions change: $!";
chmod 0600, "$cert_tempdir/client_ext.key"
or die "failed to change permissions on $cert_tempdir/client_ext.key: $!";
#### Set up the server. #### Set up the server.

Write Preview
Loading…
Cancel
Save