Make SSL tests more robust

Someone running these test could have key or certificate files in their ~/.postgresql/, which would interfere with the tests. The way to override that is to specify sslcert=invalid and/or sslrootcert=invalid if no actual certificate is used for a particular test. Document that and fix up one test that had a risk of failing in these circumstances. Discussion: https://www.postgresql.org/message-id/flat/398754d8-6bb5-c5cf-e7b8-22e5f0983caf@2ndquadrant.com/
2019-01-29 10:29:07 +01:00 · 2019-01-29 10:29:07 +01:00 · bdd6e9ba17
parent 9745b528f7
commit bdd6e9ba17
2 changed files with 11 additions and 1 deletions
--- a/src/test/ssl/ServerSetup.pm
+++ b/src/test/ssl/ServerSetup.pm
@ -14,6 +14,16 @@
 # The server is configured to only accept connections from localhost. If you
 # want to run the client from another host, you'll have to configure that
 # manually.
+#
+# Note: Someone running these test could have key or certificate files
+# in their ~/.postgresql/, which would interfere with the tests.  The
+# way to override that is to specify sslcert=invalid and/or
+# sslrootcert=invalid if no actual certificate is used for a
+# particular test.  libpq will ignore specifications that name
+# nonexisting files.  (sslkey and sslcrl do not need to specified
+# explicitly because an invalid sslcert or sslrootcert, respectively,
+# causes those to be ignored.)
+
 package ServerSetup;

 use strict;
--- a/src/test/ssl/t/002_scram.pl
+++ b/src/test/ssl/t/002_scram.pl
@ -39,7 +39,7 @@ configure_test_server_for_ssl($node, $SERVERHOSTADDR, "scram-sha-256",
 switch_server_cert($node, 'server-cn-only');
 $ENV{PGPASSWORD} = "pass";
 $common_connstr =
-  "user=ssltestuser dbname=trustdb sslmode=require hostaddr=$SERVERHOSTADDR";
+  "user=ssltestuser dbname=trustdb sslmode=require sslcert=invalid sslrootcert=invalid hostaddr=$SERVERHOSTADDR";

 # Default settings
 test_connect_ok($common_connstr, '',