From c3b34a0ff4a00d00d6ea364c85201e155ca7ef6b Mon Sep 17 00:00:00 2001 From: Daniel Gustafsson Date: Wed, 1 Dec 2021 14:59:51 +0100 Subject: [PATCH] Fix certificate paths to use perl2host Commit c113d8ad50 moved the copying of certificates into a temporary path for the duration of the tests, instead of using the source tree. This broke the tests on msys as the absolute path wasn't adapted for the msys platform. Ensure to convert the path with perl2host before copying and passing in the connection string. While there also make certificate copying error handling uniform across all the test suites. Discussion: https://postgr.es/m/YacT3tm97xziSUFw@paquier.xyz --- src/test/ssl/t/001_ssltests.pl | 21 ++++++++++++--------- src/test/ssl/t/002_scram.pl | 10 +++++++--- src/test/ssl/t/003_sslinfo.pl | 12 +++++++----- 3 files changed, 26 insertions(+), 17 deletions(-) diff --git a/src/test/ssl/t/001_ssltests.pl b/src/test/ssl/t/001_ssltests.pl index 37ea9ee687..4eb181bd04 100644 --- a/src/test/ssl/t/001_ssltests.pl +++ b/src/test/ssl/t/001_ssltests.pl @@ -42,6 +42,7 @@ my $common_connstr; # This changes to using keys stored in a temporary path for the rest of # the tests. To get the full path for inclusion in connection strings, the # %key hash can be interrogated. +my $cert_tempdir = PostgreSQL::Test::Utils::tempdir(); my %key; my @keys = ( "client.key", "client-revoked.key", @@ -49,21 +50,23 @@ my @keys = ( "client-encrypted-der.key", "client-dn.key"); foreach my $keyfile (@keys) { - copy("ssl/${keyfile}", "${PostgreSQL::Test::Utils::tmp_check}/${keyfile}") + copy("ssl/$keyfile", "$cert_tempdir/$keyfile") or die - "couldn't copy ssl/${keyfile} to ${PostgreSQL::Test::Utils::tmp_check}/${keyfile} for permissions change: $!"; - chmod 0600, "${PostgreSQL::Test::Utils::tmp_check}/${keyfile}" - or die "failed to change permissions on ${PostgreSQL::Test::Utils::tmp_check}/${keyfile}: $!"; - - $key{$keyfile} = "${PostgreSQL::Test::Utils::tmp_check}/$keyfile"; + "couldn't copy ssl/$keyfile to $cert_tempdir/$keyfile for permissions change: $!"; + chmod 0600, "$cert_tempdir/$keyfile" + or die "failed to change permissions on $cert_tempdir/$keyfile: $!"; + $key{$keyfile} = PostgreSQL::Test::Utils::perl2host("$cert_tempdir/$keyfile"); } # Also make a copy of that explicitly world-readable. We can't # necessarily rely on the file in the source tree having those # permissions. -copy("ssl/client.key", "${PostgreSQL::Test::Utils::tmp_check}/client_wrongperms.key"); -chmod 0644, "${PostgreSQL::Test::Utils::tmp_check}/client_wrongperms.key"; -$key{'client_wrongperms.key'} = "${PostgreSQL::Test::Utils::tmp_check}/client_wrongperms.key"; +copy("ssl/client.key", "$cert_tempdir/client_wrongperms.key") + or die + "couldn't copy ssl/client_key to $cert_tempdir/client_wrongperms.key for permission change: $!"; +chmod 0644, "$cert_tempdir/client_wrongperms.key" + or die "failed to change permissions on $cert_tempdir/client_wrongperms.key: $!"; +$key{'client_wrongperms.key'} = PostgreSQL::Test::Utils::perl2host("$cert_tempdir/client_wrongperms.key"); #### Set up the server. diff --git a/src/test/ssl/t/002_scram.pl b/src/test/ssl/t/002_scram.pl index e8831e5ee8..b965ff038a 100644 --- a/src/test/ssl/t/002_scram.pl +++ b/src/test/ssl/t/002_scram.pl @@ -95,9 +95,13 @@ $node->connect_fails( # because channel binding is not performed. Note that ssl/client.key may # be used in a different test, so the name of this temporary client key # is chosen here to be unique. -my $client_tmp_key = "${PostgreSQL::Test::Utils::tmp_check}/client_scram.key"; -copy("ssl/client.key", $client_tmp_key); -chmod 0600, $client_tmp_key; +my $cert_tempdir = PostgreSQL::Test::Utils::tempdir(); +my $client_tmp_key = PostgreSQL::Test::Utils::perl2host("$cert_tempdir/client_scram.key"); +copy("ssl/client.key", "$cert_tempdir/client_scram.key") + or die + "couldn't copy ssl/client_key to $cert_tempdir/client_scram.key for permission change: $!"; +chmod 0600, "$cert_tempdir/client_scram.key" + or die "failed to change permissions on $cert_tempdir/client_scram.key: $!"; $node->connect_fails( "sslcert=ssl/client.crt sslkey=$client_tmp_key sslrootcert=invalid hostaddr=$SERVERHOSTADDR dbname=certdb user=ssltestuser channel_binding=require", "Cert authentication and channel_binding=require", diff --git a/src/test/ssl/t/003_sslinfo.pl b/src/test/ssl/t/003_sslinfo.pl index cf2e8dde0f..448742129f 100644 --- a/src/test/ssl/t/003_sslinfo.pl +++ b/src/test/ssl/t/003_sslinfo.pl @@ -37,11 +37,13 @@ my $common_connstr; # The client's private key must not be world-readable, so take a copy # of the key stored in the code tree and update its permissions. -my $client_tmp_key = "${PostgreSQL::Test::Utils::tmp_check}/client_ext.key"; -copy("ssl/client_ext.key", $client_tmp_key) - or die "couldn't copy ssl/client_ext.key to $client_tmp_key for permissions change: $!"; -chmod 0600, $client_tmp_key - or die "failed to change permissions on $client_tmp_key: $!"; +my $cert_tempdir = PostgreSQL::Test::Utils::tempdir(); +my $client_tmp_key = PostgreSQL::Test::Utils::perl2host("$cert_tempdir/client_ext.key"); +copy("ssl/client_ext.key", "$cert_tempdir/client_ext.key") + or die + "couldn't copy ssl/client_ext.key to $cert_tempdir/client_ext.key for permissions change: $!"; +chmod 0600, "$cert_tempdir/client_ext.key" + or die "failed to change permissions on $cert_tempdir/client_ext.key: $!"; #### Set up the server.