mirror of
https://git.postgresql.org/git/postgresql.git
synced 2024-09-30 12:51:22 +02:00
Fix certificate paths to use perl2host
Commit c113d8ad50
moved the copying of certificates into a temporary path
for the duration of the tests, instead of using the source tree. This broke
the tests on msys as the absolute path wasn't adapted for the msys platform.
Ensure to convert the path with perl2host before copying and passing in the
connection string.
While there also make certificate copying error handling uniform across all
the test suites.
Discussion: https://postgr.es/m/YacT3tm97xziSUFw@paquier.xyz
This commit is contained in:
parent
81fca310b3
commit
c3b34a0ff4
@ -42,6 +42,7 @@ my $common_connstr;
|
|||||||
# This changes to using keys stored in a temporary path for the rest of
|
# This changes to using keys stored in a temporary path for the rest of
|
||||||
# the tests. To get the full path for inclusion in connection strings, the
|
# the tests. To get the full path for inclusion in connection strings, the
|
||||||
# %key hash can be interrogated.
|
# %key hash can be interrogated.
|
||||||
|
my $cert_tempdir = PostgreSQL::Test::Utils::tempdir();
|
||||||
my %key;
|
my %key;
|
||||||
my @keys = (
|
my @keys = (
|
||||||
"client.key", "client-revoked.key",
|
"client.key", "client-revoked.key",
|
||||||
@ -49,21 +50,23 @@ my @keys = (
|
|||||||
"client-encrypted-der.key", "client-dn.key");
|
"client-encrypted-der.key", "client-dn.key");
|
||||||
foreach my $keyfile (@keys)
|
foreach my $keyfile (@keys)
|
||||||
{
|
{
|
||||||
copy("ssl/${keyfile}", "${PostgreSQL::Test::Utils::tmp_check}/${keyfile}")
|
copy("ssl/$keyfile", "$cert_tempdir/$keyfile")
|
||||||
or die
|
or die
|
||||||
"couldn't copy ssl/${keyfile} to ${PostgreSQL::Test::Utils::tmp_check}/${keyfile} for permissions change: $!";
|
"couldn't copy ssl/$keyfile to $cert_tempdir/$keyfile for permissions change: $!";
|
||||||
chmod 0600, "${PostgreSQL::Test::Utils::tmp_check}/${keyfile}"
|
chmod 0600, "$cert_tempdir/$keyfile"
|
||||||
or die "failed to change permissions on ${PostgreSQL::Test::Utils::tmp_check}/${keyfile}: $!";
|
or die "failed to change permissions on $cert_tempdir/$keyfile: $!";
|
||||||
|
$key{$keyfile} = PostgreSQL::Test::Utils::perl2host("$cert_tempdir/$keyfile");
|
||||||
$key{$keyfile} = "${PostgreSQL::Test::Utils::tmp_check}/$keyfile";
|
|
||||||
}
|
}
|
||||||
|
|
||||||
# Also make a copy of that explicitly world-readable. We can't
|
# Also make a copy of that explicitly world-readable. We can't
|
||||||
# necessarily rely on the file in the source tree having those
|
# necessarily rely on the file in the source tree having those
|
||||||
# permissions.
|
# permissions.
|
||||||
copy("ssl/client.key", "${PostgreSQL::Test::Utils::tmp_check}/client_wrongperms.key");
|
copy("ssl/client.key", "$cert_tempdir/client_wrongperms.key")
|
||||||
chmod 0644, "${PostgreSQL::Test::Utils::tmp_check}/client_wrongperms.key";
|
or die
|
||||||
$key{'client_wrongperms.key'} = "${PostgreSQL::Test::Utils::tmp_check}/client_wrongperms.key";
|
"couldn't copy ssl/client_key to $cert_tempdir/client_wrongperms.key for permission change: $!";
|
||||||
|
chmod 0644, "$cert_tempdir/client_wrongperms.key"
|
||||||
|
or die "failed to change permissions on $cert_tempdir/client_wrongperms.key: $!";
|
||||||
|
$key{'client_wrongperms.key'} = PostgreSQL::Test::Utils::perl2host("$cert_tempdir/client_wrongperms.key");
|
||||||
|
|
||||||
#### Set up the server.
|
#### Set up the server.
|
||||||
|
|
||||||
|
@ -95,9 +95,13 @@ $node->connect_fails(
|
|||||||
# because channel binding is not performed. Note that ssl/client.key may
|
# because channel binding is not performed. Note that ssl/client.key may
|
||||||
# be used in a different test, so the name of this temporary client key
|
# be used in a different test, so the name of this temporary client key
|
||||||
# is chosen here to be unique.
|
# is chosen here to be unique.
|
||||||
my $client_tmp_key = "${PostgreSQL::Test::Utils::tmp_check}/client_scram.key";
|
my $cert_tempdir = PostgreSQL::Test::Utils::tempdir();
|
||||||
copy("ssl/client.key", $client_tmp_key);
|
my $client_tmp_key = PostgreSQL::Test::Utils::perl2host("$cert_tempdir/client_scram.key");
|
||||||
chmod 0600, $client_tmp_key;
|
copy("ssl/client.key", "$cert_tempdir/client_scram.key")
|
||||||
|
or die
|
||||||
|
"couldn't copy ssl/client_key to $cert_tempdir/client_scram.key for permission change: $!";
|
||||||
|
chmod 0600, "$cert_tempdir/client_scram.key"
|
||||||
|
or die "failed to change permissions on $cert_tempdir/client_scram.key: $!";
|
||||||
$node->connect_fails(
|
$node->connect_fails(
|
||||||
"sslcert=ssl/client.crt sslkey=$client_tmp_key sslrootcert=invalid hostaddr=$SERVERHOSTADDR dbname=certdb user=ssltestuser channel_binding=require",
|
"sslcert=ssl/client.crt sslkey=$client_tmp_key sslrootcert=invalid hostaddr=$SERVERHOSTADDR dbname=certdb user=ssltestuser channel_binding=require",
|
||||||
"Cert authentication and channel_binding=require",
|
"Cert authentication and channel_binding=require",
|
||||||
|
@ -37,11 +37,13 @@ my $common_connstr;
|
|||||||
|
|
||||||
# The client's private key must not be world-readable, so take a copy
|
# The client's private key must not be world-readable, so take a copy
|
||||||
# of the key stored in the code tree and update its permissions.
|
# of the key stored in the code tree and update its permissions.
|
||||||
my $client_tmp_key = "${PostgreSQL::Test::Utils::tmp_check}/client_ext.key";
|
my $cert_tempdir = PostgreSQL::Test::Utils::tempdir();
|
||||||
copy("ssl/client_ext.key", $client_tmp_key)
|
my $client_tmp_key = PostgreSQL::Test::Utils::perl2host("$cert_tempdir/client_ext.key");
|
||||||
or die "couldn't copy ssl/client_ext.key to $client_tmp_key for permissions change: $!";
|
copy("ssl/client_ext.key", "$cert_tempdir/client_ext.key")
|
||||||
chmod 0600, $client_tmp_key
|
or die
|
||||||
or die "failed to change permissions on $client_tmp_key: $!";
|
"couldn't copy ssl/client_ext.key to $cert_tempdir/client_ext.key for permissions change: $!";
|
||||||
|
chmod 0600, "$cert_tempdir/client_ext.key"
|
||||||
|
or die "failed to change permissions on $cert_tempdir/client_ext.key: $!";
|
||||||
|
|
||||||
#### Set up the server.
|
#### Set up the server.
|
||||||
|
|
||||||
|
Loading…
Reference in New Issue
Block a user