diff options
| -rw-r--r-- | src/test/ssl/t/001_ssltests.pl | 21 | ||||
| -rw-r--r-- | src/test/ssl/t/002_scram.pl | 10 | ||||
| -rw-r--r-- | src/test/ssl/t/003_sslinfo.pl | 12 |
3 files changed, 26 insertions, 17 deletions
diff --git a/src/test/ssl/t/001_ssltests.pl b/src/test/ssl/t/001_ssltests.pl index 37ea9ee6874..4eb181bd041 100644 --- a/src/test/ssl/t/001_ssltests.pl +++ b/src/test/ssl/t/001_ssltests.pl @@ -42,6 +42,7 @@ my $common_connstr; # This changes to using keys stored in a temporary path for the rest of # the tests. To get the full path for inclusion in connection strings, the # %key hash can be interrogated. +my $cert_tempdir = PostgreSQL::Test::Utils::tempdir(); my %key; my @keys = ( "client.key", "client-revoked.key", @@ -49,21 +50,23 @@ my @keys = ( "client-encrypted-der.key", "client-dn.key"); foreach my $keyfile (@keys) { - copy("ssl/${keyfile}", "${PostgreSQL::Test::Utils::tmp_check}/${keyfile}") + copy("ssl/$keyfile", "$cert_tempdir/$keyfile") or die - "couldn't copy ssl/${keyfile} to ${PostgreSQL::Test::Utils::tmp_check}/${keyfile} for permissions change: $!"; - chmod 0600, "${PostgreSQL::Test::Utils::tmp_check}/${keyfile}" - or die "failed to change permissions on ${PostgreSQL::Test::Utils::tmp_check}/${keyfile}: $!"; - - $key{$keyfile} = "${PostgreSQL::Test::Utils::tmp_check}/$keyfile"; + "couldn't copy ssl/$keyfile to $cert_tempdir/$keyfile for permissions change: $!"; + chmod 0600, "$cert_tempdir/$keyfile" + or die "failed to change permissions on $cert_tempdir/$keyfile: $!"; + $key{$keyfile} = PostgreSQL::Test::Utils::perl2host("$cert_tempdir/$keyfile"); } # Also make a copy of that explicitly world-readable. We can't # necessarily rely on the file in the source tree having those # permissions. -copy("ssl/client.key", "${PostgreSQL::Test::Utils::tmp_check}/client_wrongperms.key"); -chmod 0644, "${PostgreSQL::Test::Utils::tmp_check}/client_wrongperms.key"; -$key{'client_wrongperms.key'} = "${PostgreSQL::Test::Utils::tmp_check}/client_wrongperms.key"; +copy("ssl/client.key", "$cert_tempdir/client_wrongperms.key") + or die + "couldn't copy ssl/client_key to $cert_tempdir/client_wrongperms.key for permission change: $!"; +chmod 0644, "$cert_tempdir/client_wrongperms.key" + or die "failed to change permissions on $cert_tempdir/client_wrongperms.key: $!"; +$key{'client_wrongperms.key'} = PostgreSQL::Test::Utils::perl2host("$cert_tempdir/client_wrongperms.key"); #### Set up the server. diff --git a/src/test/ssl/t/002_scram.pl b/src/test/ssl/t/002_scram.pl index e8831e5ee88..b965ff038a5 100644 --- a/src/test/ssl/t/002_scram.pl +++ b/src/test/ssl/t/002_scram.pl @@ -95,9 +95,13 @@ $node->connect_fails( # because channel binding is not performed. Note that ssl/client.key may # be used in a different test, so the name of this temporary client key # is chosen here to be unique. -my $client_tmp_key = "${PostgreSQL::Test::Utils::tmp_check}/client_scram.key"; -copy("ssl/client.key", $client_tmp_key); -chmod 0600, $client_tmp_key; +my $cert_tempdir = PostgreSQL::Test::Utils::tempdir(); +my $client_tmp_key = PostgreSQL::Test::Utils::perl2host("$cert_tempdir/client_scram.key"); +copy("ssl/client.key", "$cert_tempdir/client_scram.key") + or die + "couldn't copy ssl/client_key to $cert_tempdir/client_scram.key for permission change: $!"; +chmod 0600, "$cert_tempdir/client_scram.key" + or die "failed to change permissions on $cert_tempdir/client_scram.key: $!"; $node->connect_fails( "sslcert=ssl/client.crt sslkey=$client_tmp_key sslrootcert=invalid hostaddr=$SERVERHOSTADDR dbname=certdb user=ssltestuser channel_binding=require", "Cert authentication and channel_binding=require", diff --git a/src/test/ssl/t/003_sslinfo.pl b/src/test/ssl/t/003_sslinfo.pl index cf2e8dde0f3..448742129f4 100644 --- a/src/test/ssl/t/003_sslinfo.pl +++ b/src/test/ssl/t/003_sslinfo.pl @@ -37,11 +37,13 @@ my $common_connstr; # The client's private key must not be world-readable, so take a copy # of the key stored in the code tree and update its permissions. -my $client_tmp_key = "${PostgreSQL::Test::Utils::tmp_check}/client_ext.key"; -copy("ssl/client_ext.key", $client_tmp_key) - or die "couldn't copy ssl/client_ext.key to $client_tmp_key for permissions change: $!"; -chmod 0600, $client_tmp_key - or die "failed to change permissions on $client_tmp_key: $!"; +my $cert_tempdir = PostgreSQL::Test::Utils::tempdir(); +my $client_tmp_key = PostgreSQL::Test::Utils::perl2host("$cert_tempdir/client_ext.key"); +copy("ssl/client_ext.key", "$cert_tempdir/client_ext.key") + or die + "couldn't copy ssl/client_ext.key to $cert_tempdir/client_ext.key for permissions change: $!"; +chmod 0600, "$cert_tempdir/client_ext.key" + or die "failed to change permissions on $cert_tempdir/client_ext.key: $!"; #### Set up the server. |