Fix certificate paths to use perl2host
Commit c113d8ad50 moved the copying of certificates into a temporary path
for the duration of the tests, instead of using the source tree. This broke
the tests on msys as the absolute path wasn't adapted for the msys platform.
Ensure to convert the path with perl2host before copying and passing in the
connection string.
While there also make certificate copying error handling uniform across all
the test suites.
Discussion: https://postgr.es/m/YacT3tm97xziSUFw@paquier.xyz
This commit is contained in:
Daniel Gustafsson
parent
81fca310b3
commit
c3b34a0ff4
|
|
@ -42,6 +42,7 @@ my $common_connstr;
|
|||
# This changes to using keys stored in a temporary path for the rest of
|
||||
# the tests. To get the full path for inclusion in connection strings, the
|
||||
# %key hash can be interrogated.
|
||||
my $cert_tempdir = PostgreSQL::Test::Utils::tempdir();
|
||||
my %key;
|
||||
my @keys = (
|
||||
"client.key", "client-revoked.key",
|
||||
|
|
@ -49,21 +50,23 @@ my @keys = (
|
|||
"client-encrypted-der.key", "client-dn.key");
|
||||
foreach my $keyfile (@keys)
|
||||
{
|
||||
copy("ssl/${keyfile}", "${PostgreSQL::Test::Utils::tmp_check}/${keyfile}")
|
||||
copy("ssl/$keyfile", "$cert_tempdir/$keyfile")
|
||||
or die
|
||||
"couldn't copy ssl/${keyfile} to ${PostgreSQL::Test::Utils::tmp_check}/${keyfile} for permissions change: $!";
|
||||
chmod 0600, "${PostgreSQL::Test::Utils::tmp_check}/${keyfile}"
|
||||
or die "failed to change permissions on ${PostgreSQL::Test::Utils::tmp_check}/${keyfile}: $!";
|
||||
|
||||
$key{$keyfile} = "${PostgreSQL::Test::Utils::tmp_check}/$keyfile";
|
||||
"couldn't copy ssl/$keyfile to $cert_tempdir/$keyfile for permissions change: $!";
|
||||
chmod 0600, "$cert_tempdir/$keyfile"
|
||||
or die "failed to change permissions on $cert_tempdir/$keyfile: $!";
|
||||
$key{$keyfile} = PostgreSQL::Test::Utils::perl2host("$cert_tempdir/$keyfile");
|
||||
}
|
||||
|
||||
# Also make a copy of that explicitly world-readable. We can't
|
||||
# necessarily rely on the file in the source tree having those
|
||||
# permissions.
|
||||
copy("ssl/client.key", "${PostgreSQL::Test::Utils::tmp_check}/client_wrongperms.key");
|
||||
chmod 0644, "${PostgreSQL::Test::Utils::tmp_check}/client_wrongperms.key";
|
||||
$key{'client_wrongperms.key'} = "${PostgreSQL::Test::Utils::tmp_check}/client_wrongperms.key";
|
||||
copy("ssl/client.key", "$cert_tempdir/client_wrongperms.key")
|
||||
or die
|
||||
"couldn't copy ssl/client_key to $cert_tempdir/client_wrongperms.key for permission change: $!";
|
||||
chmod 0644, "$cert_tempdir/client_wrongperms.key"
|
||||
or die "failed to change permissions on $cert_tempdir/client_wrongperms.key: $!";
|
||||
$key{'client_wrongperms.key'} = PostgreSQL::Test::Utils::perl2host("$cert_tempdir/client_wrongperms.key");
|
||||
|
||||
#### Set up the server.
|
||||
|
||||
|
|
|
|||
|
|
@ -95,9 +95,13 @@ $node->connect_fails(
|
|||
# because channel binding is not performed. Note that ssl/client.key may
|
||||
# be used in a different test, so the name of this temporary client key
|
||||
# is chosen here to be unique.
|
||||
my $client_tmp_key = "${PostgreSQL::Test::Utils::tmp_check}/client_scram.key";
|
||||
copy("ssl/client.key", $client_tmp_key);
|
||||
chmod 0600, $client_tmp_key;
|
||||
my $cert_tempdir = PostgreSQL::Test::Utils::tempdir();
|
||||
my $client_tmp_key = PostgreSQL::Test::Utils::perl2host("$cert_tempdir/client_scram.key");
|
||||
copy("ssl/client.key", "$cert_tempdir/client_scram.key")
|
||||
or die
|
||||
"couldn't copy ssl/client_key to $cert_tempdir/client_scram.key for permission change: $!";
|
||||
chmod 0600, "$cert_tempdir/client_scram.key"
|
||||
or die "failed to change permissions on $cert_tempdir/client_scram.key: $!";
|
||||
$node->connect_fails(
|
||||
"sslcert=ssl/client.crt sslkey=$client_tmp_key sslrootcert=invalid hostaddr=$SERVERHOSTADDR dbname=certdb user=ssltestuser channel_binding=require",
|
||||
"Cert authentication and channel_binding=require",
|
||||
|
|
|
|||
|
|
@ -37,11 +37,13 @@ my $common_connstr;
|
|||
|
||||
# The client's private key must not be world-readable, so take a copy
|
||||
# of the key stored in the code tree and update its permissions.
|
||||
my $client_tmp_key = "${PostgreSQL::Test::Utils::tmp_check}/client_ext.key";
|
||||
copy("ssl/client_ext.key", $client_tmp_key)
|
||||
or die "couldn't copy ssl/client_ext.key to $client_tmp_key for permissions change: $!";
|
||||
chmod 0600, $client_tmp_key
|
||||
or die "failed to change permissions on $client_tmp_key: $!";
|
||||
my $cert_tempdir = PostgreSQL::Test::Utils::tempdir();
|
||||
my $client_tmp_key = PostgreSQL::Test::Utils::perl2host("$cert_tempdir/client_ext.key");
|
||||
copy("ssl/client_ext.key", "$cert_tempdir/client_ext.key")
|
||||
or die
|
||||
"couldn't copy ssl/client_ext.key to $cert_tempdir/client_ext.key for permissions change: $!";
|
||||
chmod 0600, "$cert_tempdir/client_ext.key"
|
||||
or die "failed to change permissions on $cert_tempdir/client_ext.key: $!";
|
||||
|
||||
#### Set up the server.
|
||||
|
||||
|
|
|
|||
Loading…
Reference in New Issue