diff options
| author | Tom Lane <tgl@sss.pgh.pa.us> | 2017-05-15 23:27:51 -0400 |
|---|---|---|
| committer | Tom Lane <tgl@sss.pgh.pa.us> | 2017-05-15 23:27:51 -0400 |
| commit | ce80240a7d3a0732cf36fe5068e5899a89c1f7ff (patch) | |
| tree | 0125eb14d279d56ec446b6ca7b20cbce6801ed24 /src | |
| parent | 53a1aa9f9a6f3711ff5766beca135ddce3f3b4ad (diff) | |
| download | postgresql-ce80240a7d3a0732cf36fe5068e5899a89c1f7ff.tar.gz postgresql-ce80240a7d3a0732cf36fe5068e5899a89c1f7ff.zip | |
In SSL tests, don't scribble on permissions of a repo file.
Modifying the permissions of a persistent file isn't really much nicer
than modifying its contents, even if git doesn't currently notice it.
Adjust the test script to make a copy and set the permissions of that
instead.
Michael Paquier, per a gripe from me. Back-patch to 9.5 where these
tests were introduced.
Discussion: https://postgr.es/m/14836.1494885946@sss.pgh.pa.us
Diffstat (limited to 'src')
| -rw-r--r-- | src/test/ssl/ssl/.gitignore | 5 | ||||
| -rw-r--r-- | src/test/ssl/t/001_ssltests.pl | 17 |
2 files changed, 13 insertions, 9 deletions
diff --git a/src/test/ssl/ssl/.gitignore b/src/test/ssl/ssl/.gitignore index 8feb8643ff4..10b74f08480 100644 --- a/src/test/ssl/ssl/.gitignore +++ b/src/test/ssl/ssl/.gitignore @@ -1,2 +1,3 @@ -*.old -new_certs_dir +/*.old +/new_certs_dir/ +/client_tmp.key diff --git a/src/test/ssl/t/001_ssltests.pl b/src/test/ssl/t/001_ssltests.pl index 48106bc9d96..03a381f6360 100644 --- a/src/test/ssl/t/001_ssltests.pl +++ b/src/test/ssl/t/001_ssltests.pl @@ -75,10 +75,10 @@ sub test_connect_fails ok(!$result, "$connstr (should fail)"); } -# The client's private key must not be world-readable. Git doesn't track -# permissions (except for the executable bit), so they might be wrong after -# a checkout. -chmod 0600, "ssl/client.key"; +# The client's private key must not be world-readable, so take a copy +# of the key stored in the code tree and update its permissions. +copy("ssl/client.key", "ssl/client_tmp.key"); +chmod 0600, "ssl/client_tmp.key"; #### Part 0. Set up the server. @@ -231,11 +231,11 @@ test_connect_fails("user=ssltestuser sslcert=invalid"); # correct client cert test_connect_ok( - "user=ssltestuser sslcert=ssl/client.crt sslkey=ssl/client.key"); + "user=ssltestuser sslcert=ssl/client.crt sslkey=ssl/client_tmp.key"); # client cert belonging to another user test_connect_fails( - "user=anotheruser sslcert=ssl/client.crt sslkey=ssl/client.key"); + "user=anotheruser sslcert=ssl/client.crt sslkey=ssl/client_tmp.key"); # revoked client cert test_connect_fails( @@ -245,10 +245,13 @@ test_connect_fails( # intermediate client_ca.crt is provided by client, and isn't in server's ssl_ca_file switch_server_cert($tempdir, 'server-cn-only', 'root_ca'); $common_connstr = -"user=ssltestuser dbname=certdb sslkey=ssl/client.key sslrootcert=ssl/root+server_ca.crt hostaddr=$SERVERHOSTADDR"; +"user=ssltestuser dbname=certdb sslkey=ssl/client_tmp.key sslrootcert=ssl/root+server_ca.crt hostaddr=$SERVERHOSTADDR"; test_connect_ok("sslmode=require sslcert=ssl/client+client_ca.crt"); test_connect_fails("sslmode=require sslcert=ssl/client.crt"); # All done! Save the log, before the temporary installation is deleted copy("$tempdir/client-log", "./client-log"); + +# clean up +unlink "ssl/client_tmp.key"; |