database/postgres
1
0
Fork 0
mirror of https://github.com/postgres/postgres.git synced 2025-10-31 10:30:33 +03:00
Code Activity

Avoid warnings in tests when openssl binary isn't available

Browse Source 
The SSL tests for pg_stat_ssl tries to exactly match the serial
from the certificate by extracting it with the openssl binary.
If that fails due to the binary not being available, a fallback
match is used, but the attempt to execute a missing binary adds
a warning to the output which can confuse readers for a failure
in the test.  Fix by only attempting if the openssl binary was
found by autoconf/meson.

Backpatch down to v16 where commit c8e4030d1b made the test
use the OPENSSL variable from autoconf/meson instead of a hard-
coded value.

Author: Daniel Gustafsson <daniel@yesql.se>
Reported-by: Christoph Berg <myon@debian.org>
Discussion: https://postgr.es/m/aNPSp1-RIAs3skZm@msg.df7cb.de
Backpatch-through: 16
This commit is contained in:
Daniel Gustafsson
2025-10-17 14:21:26 +02:00
parent a506b0c0ac
commit bf5b26525b
1 changed files with 19 additions and 21 deletions
Download Patch File Download Diff File Expand all files Collapse all files

40
src/test/ssl/t/001_ssltests.pl
View File

@@ -702,30 +702,28 @@ TODO:
# pg_stat_ssl # pg_stat_ssl
my $serialno = `$ENV{OPENSSL} x509 -serial -noout -in ssl/client.crt`; # If the openssl program isn't available, or fails to run, fall back to a
if ($? == 0) # generic integer match rather than skipping the test.
my $serialno = '\d+';
if ($ENV{OPENSSL} ne '')
{ {
# OpenSSL prints serial numbers in hexadecimal and converting the serial $serialno = `$ENV{OPENSSL} x509 -serial -noout -in ssl/client.crt`;
# from hex requires a 64-bit capable Perl as the serialnumber is based on if ($? == 0)
# the current timestamp. On 32-bit fall back to checking for it being an
# integer like how we do when grabbing the serial fails.
if ($Config{ivsize} == 8)
{ {
$serialno =~ s/^serial=//; # OpenSSL prints serial numbers in hexadecimal and converting the serial
$serialno =~ s/\s+//g; # from hex requires a 64-bit capable Perl as the serialnumber is based on
$serialno = hex($serialno); # the current timestamp. On 32-bit fall back to checking for it being an
# integer like how we do when grabbing the serial fails.
if ($Config{ivsize} == 8)
{
no warnings qw(portable);
$serialno =~ s/^serial=//;
$serialno =~ s/\s+//g;
$serialno = hex($serialno);
}
} }
else
{
$serialno = '\d+';
}
}
else
{
# OpenSSL isn't functioning on the user's PATH. This probably isn't worth
# skipping the test over, so just fall back to a generic integer match.
warn "couldn't run \"$ENV{OPENSSL} x509\" to get client cert serialno";
$serialno = '\d+';
} }
command_like( command_like(