Check error messages in SSL tests

In tests that check whether a connection fails, also check the error message. That makes sure that the connection was rejected for the right reason. This discovered that two tests had their connection failing for the wrong reason. One test failed because pg_hba.conf was not set up to allow that user, one test failed because the client key file did not have the right permissions. Fix those tests and add a new one that is really supposed to check the file permission issue. Reviewed-by: Michael Paquier <michael@paquier.xyz>
2025-12-21 05:21:08 +03:00 · 2018-02-23 13:54:45 -05:00
parent bc1adc651b
commit 081bfc19b3
4 changed files with 59 additions and 32 deletions
--- a/src/test/ssl/ServerSetup.pm
+++ b/src/test/ssl/ServerSetup.pm
@@ -27,7 +27,6 @@ use Test::More;
 use Exporter 'import';
 our @EXPORT = qw(
  configure_test_server_for_ssl
-  run_test_psql
  switch_server_cert
  test_connect_fails
  test_connect_ok
@@ -35,37 +34,28 @@ our @EXPORT = qw(

 # Define a couple of helper functions to test connecting to the server.

-# Attempt connection to server with given connection string.
-sub run_test_psql
-{
-	my $connstr   = $_[0];
-
-	my $cmd = [
-		'psql', '-X', '-A', '-t', '-c', "SELECT \$\$connected with $connstr\$\$",
-		'-d', "$connstr" ];
-
-	my $result = run_log($cmd);
-	return $result;
-}
-
 # The first argument is a base connection string to use for connection.
 # The second argument is a complementary connection string.
 sub test_connect_ok
 {
-	my $common_connstr = $_[0];
-	my $connstr = $_[1];
-	my $test_name = $_[2];
+	my ($common_connstr, $connstr, $test_name) = @_;

-	ok(run_test_psql("$common_connstr $connstr"), $test_name);
+	my $cmd = [
+		'psql', '-X', '-A', '-t', '-c', "SELECT \$\$connected with $connstr\$\$",
+		'-d', "$common_connstr $connstr" ];
+
+	command_ok($cmd, $test_name);
 }

 sub test_connect_fails
 {
-	my $common_connstr = $_[0];
-	my $connstr = $_[1];
-	my $test_name = $_[2];
+	my ($common_connstr, $connstr, $expected_stderr, $test_name) = @_;

-	ok(!run_test_psql("$common_connstr $connstr"), $test_name);
+	my $cmd = [
+		'psql', '-X', '-A', '-t', '-c', "SELECT \$\$connected with $connstr\$\$",
+		'-d', "$common_connstr $connstr" ];
+
+	command_fails_like($cmd, $expected_stderr, $test_name);
 }

 # Copy a set of files, taking into account wildcards
@@ -169,12 +159,12 @@ sub configure_hba_for_ssl
 	print $hba
 "# TYPE  DATABASE        USER            ADDRESS                 METHOD\n";
 	print $hba
-"hostssl trustdb         ssltestuser     $serverhost/32            $authmethod\n";
+"hostssl trustdb         all             $serverhost/32            $authmethod\n";
 	print $hba
-"hostssl trustdb         ssltestuser     ::1/128                 $authmethod\n";
+"hostssl trustdb         all             ::1/128                 $authmethod\n";
 	print $hba
-"hostssl certdb          ssltestuser     $serverhost/32            cert\n";
+"hostssl certdb          all             $serverhost/32            cert\n";
 	print $hba
-"hostssl certdb          ssltestuser     ::1/128                 cert\n";
+"hostssl certdb          all             ::1/128                 cert\n";
 	close $hba;
 }