database/postgres
database/postgres
1
0
Fork 0
mirror of https://github.com/postgres/postgres.git synced 2025-04-29 13:56:47 +03:00
Code

In SSL tests, don't scribble on permissions of a repo file.

Browse Source 
Modifying the permissions of a persistent file isn't really much nicer
than modifying its contents, even if git doesn't currently notice it.
Adjust the test script to make a copy and set the permissions of that
instead.

Michael Paquier, per a gripe from me.  Back-patch to 9.5 where these
tests were introduced.

Discussion: https://postgr.es/m/14836.1494885946@sss.pgh.pa.us
This commit is contained in:
Tom Lane 2017-05-15 23:27:51 -04:00
parent 6accefd466
commit 91102dab44
2 changed files with 13 additions and 9 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

5
src/test/ssl/ssl/.gitignore vendored
View File

@ -1,2 +1,3 @@
*.old /*.old
new_certs_dir /new_certs_dir/
/client_tmp.key

17
src/test/ssl/t/001_ssltests.pl
View File

@ -66,10 +66,10 @@ sub test_connect_fails
ok(!$result, "$connstr (should fail)"); ok(!$result, "$connstr (should fail)");
} }
# The client's private key must not be world-readable. Git doesn't track # The client's private key must not be world-readable, so take a copy
# permissions (except for the executable bit), so they might be wrong after # of the key stored in the code tree and update its permissions.
# a checkout. copy("ssl/client.key", "ssl/client_tmp.key");
chmod 0600, "ssl/client.key"; chmod 0600, "ssl/client_tmp.key";
#### Part 0. Set up the server. #### Part 0. Set up the server.
@ -229,11 +229,11 @@ test_connect_fails("user=ssltestuser sslcert=invalid");
# correct client cert # correct client cert
test_connect_ok( test_connect_ok(
"user=ssltestuser sslcert=ssl/client.crt sslkey=ssl/client.key"); "user=ssltestuser sslcert=ssl/client.crt sslkey=ssl/client_tmp.key");
# client cert belonging to another user # client cert belonging to another user
test_connect_fails( test_connect_fails(
"user=anotheruser sslcert=ssl/client.crt sslkey=ssl/client.key"); "user=anotheruser sslcert=ssl/client.crt sslkey=ssl/client_tmp.key");
# revoked client cert # revoked client cert
test_connect_fails( test_connect_fails(
@ -243,7 +243,10 @@ test_connect_fails(
# intermediate client_ca.crt is provided by client, and isn't in server's ssl_ca_file # intermediate client_ca.crt is provided by client, and isn't in server's ssl_ca_file
switch_server_cert($node, 'server-cn-only', 'root_ca'); switch_server_cert($node, 'server-cn-only', 'root_ca');
$common_connstr = $common_connstr =
"user=ssltestuser dbname=certdb sslkey=ssl/client.key sslrootcert=ssl/root+server_ca.crt hostaddr=$SERVERHOSTADDR"; "user=ssltestuser dbname=certdb sslkey=ssl/client_tmp.key sslrootcert=ssl/root+server_ca.crt hostaddr=$SERVERHOSTADDR";
test_connect_ok("sslmode=require sslcert=ssl/client+client_ca.crt"); test_connect_ok("sslmode=require sslcert=ssl/client+client_ca.crt");
test_connect_fails("sslmode=require sslcert=ssl/client.crt"); test_connect_fails("sslmode=require sslcert=ssl/client.crt");
# clean up
unlink "ssl/client_tmp.key";