diff options
Diffstat (limited to 'src/test/ssl/t/001_ssltests.pl')
| -rw-r--r-- | src/test/ssl/t/001_ssltests.pl | 27 |
1 files changed, 27 insertions, 0 deletions
diff --git a/src/test/ssl/t/001_ssltests.pl b/src/test/ssl/t/001_ssltests.pl index 5422511d4ab..086abf3b8b3 100644 --- a/src/test/ssl/t/001_ssltests.pl +++ b/src/test/ssl/t/001_ssltests.pl @@ -147,6 +147,33 @@ my $default_ssl_connstr = $common_connstr = "$default_ssl_connstr user=ssltestuser dbname=trustdb hostaddr=$SERVERHOSTADDR host=common-name.pg-ssltest.test"; +SKIP: +{ + skip "Keylogging is not supported with LibreSSL", 5 if $libressl; + + my $tempdir = PostgreSQL::Test::Utils::tempdir; + my @status; + + # Properly escape backslashes in the path + $tempdir =~ s/\\/\\\\/g; + + # Connect should work with a given sslkeylogfile + $node->connect_ok( + "$common_connstr sslrootcert=ssl/root+server_ca.crt sslkeylogfile=$tempdir/key.txt sslmode=require", + "connect with server root cert and sslkeylogfile=$tempdir/key.txt"); + + # Verify the key file exists + ok(-f "$tempdir/key.txt", "keylog file exists at: $tempdir/key.txt"); + + # Skip permission checks on Windows/Cygwin + skip "Permissions check not enforced on Windows", 2 + if ($windows_os || $Config::Config{osname} eq 'cygwin'); + + ok( (@status = stat("$tempdir/key.txt")), + "keylog file exists and returned status"); + ok(@status && !($status[2] & 0006), "keylog file is not world readable"); +} + # The server should not accept non-SSL connections. $node->connect_fails( "$common_connstr sslmode=disable", |