database/postgres
database/postgres
1
0
Fork 0
mirror of https://github.com/postgres/postgres.git synced 2025-04-25 21:42:33 +03:00
Code

In SSL tests, don't scribble on permissions of a repo file.

Browse Source 
Modifying the permissions of a persistent file isn't really much nicer
than modifying its contents, even if git doesn't currently notice it.
Adjust the test script to make a copy and set the permissions of that
instead.

Michael Paquier, per a gripe from me.  Back-patch to 9.5 where these
tests were introduced.

Discussion: https://postgr.es/m/14836.1494885946@sss.pgh.pa.us
This commit is contained in:
Tom Lane 2017-05-15 23:27:51 -04:00
parent b35cce914c
commit 21c2c3d75e
2 changed files with 13 additions and 9 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

5
src/test/ssl/ssl/.gitignore vendored
View File

@ -1,2 +1,3 @@
*.old
new_certs_dir
/*.old
/new_certs_dir/
/client_tmp.key

17
src/test/ssl/t/001_ssltests.pl
View File

@ -66,10 +66,10 @@ sub test_connect_fails
ok(!$result, "$connstr (should fail)");
}
# The client's private key must not be world-readable. Git doesn't track
# permissions (except for the executable bit), so they might be wrong after
# a checkout.
chmod 0600, "ssl/client.key";
# The client's private key must not be world-readable, so take a copy
# of the key stored in the code tree and update its permissions.
copy("ssl/client.key", "ssl/client_tmp.key");
chmod 0600, "ssl/client_tmp.key";
#### Part 0. Set up the server.
@ -229,11 +229,11 @@ test_connect_fails("user=ssltestuser sslcert=invalid");
# correct client cert
test_connect_ok(
"user=ssltestuser sslcert=ssl/client.crt sslkey=ssl/client.key");
"user=ssltestuser sslcert=ssl/client.crt sslkey=ssl/client_tmp.key");
# client cert belonging to another user
test_connect_fails(
"user=anotheruser sslcert=ssl/client.crt sslkey=ssl/client.key");
"user=anotheruser sslcert=ssl/client.crt sslkey=ssl/client_tmp.key");
# revoked client cert
test_connect_fails(
@ -243,7 +243,10 @@ test_connect_fails(
# intermediate client_ca.crt is provided by client, and isn't in server's ssl_ca_file
switch_server_cert($node, 'server-cn-only', 'root_ca');
$common_connstr =
"user=ssltestuser dbname=certdb sslkey=ssl/client.key sslrootcert=ssl/root+server_ca.crt hostaddr=$SERVERHOSTADDR";
"user=ssltestuser dbname=certdb sslkey=ssl/client_tmp.key sslrootcert=ssl/root+server_ca.crt hostaddr=$SERVERHOSTADDR";
test_connect_ok("sslmode=require sslcert=ssl/client+client_ca.crt");
test_connect_fails("sslmode=require sslcert=ssl/client.crt");
# clean up
unlink "ssl/client_tmp.key";