diff options
| author | Tom Lane <tgl@sss.pgh.pa.us> | 2017-05-15 23:27:51 -0400 |
|---|---|---|
| committer | Tom Lane <tgl@sss.pgh.pa.us> | 2017-05-15 23:27:51 -0400 |
| commit | 91102dab44c3406f21bbbc28c1032d49e0721710 (patch) | |
| tree | 45e37140901b05199b3871bf3107f7ae76bc033f /src | |
| parent | 6accefd46639db9f20bcc4c2e15c9844bae0d184 (diff) | |
| download | postgresql-91102dab44c3406f21bbbc28c1032d49e0721710.tar.gz postgresql-91102dab44c3406f21bbbc28c1032d49e0721710.zip | |
In SSL tests, don't scribble on permissions of a repo file.
Modifying the permissions of a persistent file isn't really much nicer
than modifying its contents, even if git doesn't currently notice it.
Adjust the test script to make a copy and set the permissions of that
instead.
Michael Paquier, per a gripe from me. Back-patch to 9.5 where these
tests were introduced.
Discussion: https://postgr.es/m/14836.1494885946@sss.pgh.pa.us
Diffstat (limited to 'src')
| -rw-r--r-- | src/test/ssl/ssl/.gitignore | 5 | ||||
| -rw-r--r-- | src/test/ssl/t/001_ssltests.pl | 17 |
2 files changed, 13 insertions, 9 deletions
diff --git a/src/test/ssl/ssl/.gitignore b/src/test/ssl/ssl/.gitignore index 8feb8643ff4..10b74f08480 100644 --- a/src/test/ssl/ssl/.gitignore +++ b/src/test/ssl/ssl/.gitignore @@ -1,2 +1,3 @@ -*.old -new_certs_dir +/*.old +/new_certs_dir/ +/client_tmp.key diff --git a/src/test/ssl/t/001_ssltests.pl b/src/test/ssl/t/001_ssltests.pl index 0c69bf08a5f..66fa790d12b 100644 --- a/src/test/ssl/t/001_ssltests.pl +++ b/src/test/ssl/t/001_ssltests.pl @@ -66,10 +66,10 @@ sub test_connect_fails ok(!$result, "$connstr (should fail)"); } -# The client's private key must not be world-readable. Git doesn't track -# permissions (except for the executable bit), so they might be wrong after -# a checkout. -chmod 0600, "ssl/client.key"; +# The client's private key must not be world-readable, so take a copy +# of the key stored in the code tree and update its permissions. +copy("ssl/client.key", "ssl/client_tmp.key"); +chmod 0600, "ssl/client_tmp.key"; #### Part 0. Set up the server. @@ -229,11 +229,11 @@ test_connect_fails("user=ssltestuser sslcert=invalid"); # correct client cert test_connect_ok( - "user=ssltestuser sslcert=ssl/client.crt sslkey=ssl/client.key"); + "user=ssltestuser sslcert=ssl/client.crt sslkey=ssl/client_tmp.key"); # client cert belonging to another user test_connect_fails( - "user=anotheruser sslcert=ssl/client.crt sslkey=ssl/client.key"); + "user=anotheruser sslcert=ssl/client.crt sslkey=ssl/client_tmp.key"); # revoked client cert test_connect_fails( @@ -243,7 +243,10 @@ test_connect_fails( # intermediate client_ca.crt is provided by client, and isn't in server's ssl_ca_file switch_server_cert($node, 'server-cn-only', 'root_ca'); $common_connstr = -"user=ssltestuser dbname=certdb sslkey=ssl/client.key sslrootcert=ssl/root+server_ca.crt hostaddr=$SERVERHOSTADDR"; +"user=ssltestuser dbname=certdb sslkey=ssl/client_tmp.key sslrootcert=ssl/root+server_ca.crt hostaddr=$SERVERHOSTADDR"; test_connect_ok("sslmode=require sslcert=ssl/client+client_ca.crt"); test_connect_fails("sslmode=require sslcert=ssl/client.crt"); + +# clean up +unlink "ssl/client_tmp.key"; |