Skip to content

P
Postgres FD Implementation
Commit 91102dab authored by Tom Lane's avatar Tom Lane
Browse files
Options

In SSL tests, don't scribble on permissions of a repo file. 

Modifying the permissions of a persistent file isn't really much nicer
than modifying its contents, even if git doesn't currently notice it.
Adjust the test script to make a copy and set the permissions of that
instead.

Michael Paquier, per a gripe from me.  Back-patch to 9.5 where these
tests were introduced.

Discussion: https://postgr.es/m/14836.1494885946@sss.pgh.pa.us
parent 6accefd4
Hide whitespace changes
Inline Side-by-side
Showing with 13 additions and 9 deletions
src/test/ssl/ssl/.gitignore
View file @ 91102dab
*.old /*.old
new_certs_dir /new_certs_dir/
/client_tmp.key
src/test/ssl/t/001_ssltests.pl
View file @ 91102dab
...@@ -66,10 +66,10 @@ sub test_connect_fails ...@@ -66,10 +66,10 @@ sub test_connect_fails
ok(!$result, "$connstr (should fail)"); ok(!$result, "$connstr (should fail)");
} }
# The client's private key must not be world-readable. Git doesn't track # The client's private key must not be world-readable, so take a copy
# permissions (except for the executable bit), so they might be wrong after # of the key stored in the code tree and update its permissions.
# a checkout. copy("ssl/client.key", "ssl/client_tmp.key");
chmod 0600, "ssl/client.key"; chmod 0600, "ssl/client_tmp.key";
#### Part 0. Set up the server. #### Part 0. Set up the server.
...@@ -229,11 +229,11 @@ test_connect_fails("user=ssltestuser sslcert=invalid"); ...@@ -229,11 +229,11 @@ test_connect_fails("user=ssltestuser sslcert=invalid");
# correct client cert # correct client cert
test_connect_ok( test_connect_ok(
"user=ssltestuser sslcert=ssl/client.crt sslkey=ssl/client.key"); "user=ssltestuser sslcert=ssl/client.crt sslkey=ssl/client_tmp.key");
# client cert belonging to another user # client cert belonging to another user
test_connect_fails( test_connect_fails(
"user=anotheruser sslcert=ssl/client.crt sslkey=ssl/client.key"); "user=anotheruser sslcert=ssl/client.crt sslkey=ssl/client_tmp.key");
# revoked client cert # revoked client cert
test_connect_fails( test_connect_fails(
...@@ -243,7 +243,10 @@ test_connect_fails( ...@@ -243,7 +243,10 @@ test_connect_fails(
# intermediate client_ca.crt is provided by client, and isn't in server's ssl_ca_file # intermediate client_ca.crt is provided by client, and isn't in server's ssl_ca_file
switch_server_cert($node, 'server-cn-only', 'root_ca'); switch_server_cert($node, 'server-cn-only', 'root_ca');
$common_connstr = $common_connstr =
"user=ssltestuser dbname=certdb sslkey=ssl/client.key sslrootcert=ssl/root+server_ca.crt hostaddr=$SERVERHOSTADDR"; "user=ssltestuser dbname=certdb sslkey=ssl/client_tmp.key sslrootcert=ssl/root+server_ca.crt hostaddr=$SERVERHOSTADDR";
test_connect_ok("sslmode=require sslcert=ssl/client+client_ca.crt"); test_connect_ok("sslmode=require sslcert=ssl/client+client_ca.crt");
test_connect_fails("sslmode=require sslcert=ssl/client.crt"); test_connect_fails("sslmode=require sslcert=ssl/client.crt");
# clean up
unlink "ssl/client_tmp.key";
Markdown is supported
0% or
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment