database/postgres
database/postgres
1
0
Fork 0
mirror of https://github.com/postgres/postgres.git synced 2025-06-05 23:56:58 +03:00
Code

In SSL tests, don't scribble on permissions of a repo file.

Browse Source 
Modifying the permissions of a persistent file isn't really much nicer
than modifying its contents, even if git doesn't currently notice it.
Adjust the test script to make a copy and set the permissions of that
instead.

Michael Paquier, per a gripe from me.  Back-patch to 9.5 where these
tests were introduced.

Discussion: https://postgr.es/m/14836.1494885946@sss.pgh.pa.us
This commit is contained in:
Tom Lane 2017-05-15 23:27:51 -04:00
parent 53a1aa9f9a
commit ce80240a7d
2 changed files with 13 additions and 9 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

5
src/test/ssl/ssl/.gitignore vendored
View File

@ -1,2 +1,3 @@
*.old
new_certs_dir
/*.old
/new_certs_dir/
/client_tmp.key

17
src/test/ssl/t/001_ssltests.pl
View File

@ -75,10 +75,10 @@ sub test_connect_fails
ok(!$result, "$connstr (should fail)");
}
# The client's private key must not be world-readable. Git doesn't track
# permissions (except for the executable bit), so they might be wrong after
# a checkout.
chmod 0600, "ssl/client.key";
# The client's private key must not be world-readable, so take a copy
# of the key stored in the code tree and update its permissions.
copy("ssl/client.key", "ssl/client_tmp.key");
chmod 0600, "ssl/client_tmp.key";
#### Part 0. Set up the server.
@ -231,11 +231,11 @@ test_connect_fails("user=ssltestuser sslcert=invalid");
# correct client cert
test_connect_ok(
"user=ssltestuser sslcert=ssl/client.crt sslkey=ssl/client.key");
"user=ssltestuser sslcert=ssl/client.crt sslkey=ssl/client_tmp.key");
# client cert belonging to another user
test_connect_fails(
"user=anotheruser sslcert=ssl/client.crt sslkey=ssl/client.key");
"user=anotheruser sslcert=ssl/client.crt sslkey=ssl/client_tmp.key");
# revoked client cert
test_connect_fails(
@ -245,10 +245,13 @@ test_connect_fails(
# intermediate client_ca.crt is provided by client, and isn't in server's ssl_ca_file
switch_server_cert($tempdir, 'server-cn-only', 'root_ca');
$common_connstr =
"user=ssltestuser dbname=certdb sslkey=ssl/client.key sslrootcert=ssl/root+server_ca.crt hostaddr=$SERVERHOSTADDR";
"user=ssltestuser dbname=certdb sslkey=ssl/client_tmp.key sslrootcert=ssl/root+server_ca.crt hostaddr=$SERVERHOSTADDR";
test_connect_ok("sslmode=require sslcert=ssl/client+client_ca.crt");
test_connect_fails("sslmode=require sslcert=ssl/client.crt");
# All done! Save the log, before the temporary installation is deleted
copy("$tempdir/client-log", "./client-log");
# clean up
unlink "ssl/client_tmp.key";