diff options
Diffstat (limited to 'src')
| -rw-r--r-- | src/test/ssl/ssl/.gitignore | 5 | ||||
| -rw-r--r-- | src/test/ssl/t/001_ssltests.pl | 17 |
2 files changed, 13 insertions, 9 deletions
diff --git a/src/test/ssl/ssl/.gitignore b/src/test/ssl/ssl/.gitignore index 8feb8643ff4..10b74f08480 100644 --- a/src/test/ssl/ssl/.gitignore +++ b/src/test/ssl/ssl/.gitignore @@ -1,2 +1,3 @@ -*.old -new_certs_dir +/*.old +/new_certs_dir/ +/client_tmp.key diff --git a/src/test/ssl/t/001_ssltests.pl b/src/test/ssl/t/001_ssltests.pl index 48106bc9d96..03a381f6360 100644 --- a/src/test/ssl/t/001_ssltests.pl +++ b/src/test/ssl/t/001_ssltests.pl @@ -75,10 +75,10 @@ sub test_connect_fails ok(!$result, "$connstr (should fail)"); } -# The client's private key must not be world-readable. Git doesn't track -# permissions (except for the executable bit), so they might be wrong after -# a checkout. -chmod 0600, "ssl/client.key"; +# The client's private key must not be world-readable, so take a copy +# of the key stored in the code tree and update its permissions. +copy("ssl/client.key", "ssl/client_tmp.key"); +chmod 0600, "ssl/client_tmp.key"; #### Part 0. Set up the server. @@ -231,11 +231,11 @@ test_connect_fails("user=ssltestuser sslcert=invalid"); # correct client cert test_connect_ok( - "user=ssltestuser sslcert=ssl/client.crt sslkey=ssl/client.key"); + "user=ssltestuser sslcert=ssl/client.crt sslkey=ssl/client_tmp.key"); # client cert belonging to another user test_connect_fails( - "user=anotheruser sslcert=ssl/client.crt sslkey=ssl/client.key"); + "user=anotheruser sslcert=ssl/client.crt sslkey=ssl/client_tmp.key"); # revoked client cert test_connect_fails( @@ -245,10 +245,13 @@ test_connect_fails( # intermediate client_ca.crt is provided by client, and isn't in server's ssl_ca_file switch_server_cert($tempdir, 'server-cn-only', 'root_ca'); $common_connstr = -"user=ssltestuser dbname=certdb sslkey=ssl/client.key sslrootcert=ssl/root+server_ca.crt hostaddr=$SERVERHOSTADDR"; +"user=ssltestuser dbname=certdb sslkey=ssl/client_tmp.key sslrootcert=ssl/root+server_ca.crt hostaddr=$SERVERHOSTADDR"; test_connect_ok("sslmode=require sslcert=ssl/client+client_ca.crt"); test_connect_fails("sslmode=require sslcert=ssl/client.crt"); # All done! Save the log, before the temporary installation is deleted copy("$tempdir/client-log", "./client-log"); + +# clean up +unlink "ssl/client_tmp.key"; |