mirror of
				https://github.com/postgres/postgres.git
				synced 2025-10-25 00:03:23 -04:00 
			
		
		
		
	Fix certificate paths to use perl2host
Commit c113d8ad50 moved the copying of certificates into a temporary path for the duration of the tests, instead of using the source tree. This broke the tests on msys as the absolute path wasn't adapted for the msys platform. Ensure to convert the path with perl2host before copying and passing in the connection string. While there also make certificate copying error handling uniform across all the test suites. Discussion: https://postgr.es/m/YacT3tm97xziSUFw@paquier.xyz
This commit is contained in:
		
							parent
							
								
									81fca310b3
								
							
						
					
					
						commit
						c3b34a0ff4
					
				| @ -42,6 +42,7 @@ my $common_connstr; | ||||
| # This changes to using keys stored in a temporary path for the rest of | ||||
| # the tests. To get the full path for inclusion in connection strings, the | ||||
| # %key hash can be interrogated. | ||||
| my $cert_tempdir = PostgreSQL::Test::Utils::tempdir(); | ||||
| my %key; | ||||
| my @keys = ( | ||||
| 	"client.key",               "client-revoked.key", | ||||
| @ -49,21 +50,23 @@ my @keys = ( | ||||
| 	"client-encrypted-der.key", "client-dn.key"); | ||||
| foreach my $keyfile (@keys) | ||||
| { | ||||
| 	copy("ssl/${keyfile}", "${PostgreSQL::Test::Utils::tmp_check}/${keyfile}") | ||||
| 	copy("ssl/$keyfile", "$cert_tempdir/$keyfile") | ||||
| 	  or die | ||||
| 	  "couldn't copy ssl/${keyfile} to ${PostgreSQL::Test::Utils::tmp_check}/${keyfile} for permissions change: $!"; | ||||
| 	chmod 0600, "${PostgreSQL::Test::Utils::tmp_check}/${keyfile}" | ||||
| 	  or die "failed to change permissions on ${PostgreSQL::Test::Utils::tmp_check}/${keyfile}: $!"; | ||||
| 
 | ||||
| 	$key{$keyfile} = "${PostgreSQL::Test::Utils::tmp_check}/$keyfile"; | ||||
| 	  "couldn't copy ssl/$keyfile to $cert_tempdir/$keyfile for permissions change: $!"; | ||||
| 	chmod 0600, "$cert_tempdir/$keyfile" | ||||
| 	  or die "failed to change permissions on $cert_tempdir/$keyfile: $!"; | ||||
| 	$key{$keyfile} = PostgreSQL::Test::Utils::perl2host("$cert_tempdir/$keyfile"); | ||||
| } | ||||
| 
 | ||||
| # Also make a copy of that explicitly world-readable.  We can't | ||||
| # necessarily rely on the file in the source tree having those | ||||
| # permissions. | ||||
| copy("ssl/client.key", "${PostgreSQL::Test::Utils::tmp_check}/client_wrongperms.key"); | ||||
| chmod 0644, "${PostgreSQL::Test::Utils::tmp_check}/client_wrongperms.key"; | ||||
| $key{'client_wrongperms.key'} = "${PostgreSQL::Test::Utils::tmp_check}/client_wrongperms.key"; | ||||
| copy("ssl/client.key", "$cert_tempdir/client_wrongperms.key") | ||||
|   or die | ||||
|   "couldn't copy ssl/client_key to $cert_tempdir/client_wrongperms.key for permission change: $!"; | ||||
| chmod 0644, "$cert_tempdir/client_wrongperms.key" | ||||
|   or die "failed to change permissions on $cert_tempdir/client_wrongperms.key: $!"; | ||||
| $key{'client_wrongperms.key'} = PostgreSQL::Test::Utils::perl2host("$cert_tempdir/client_wrongperms.key"); | ||||
| 
 | ||||
| #### Set up the server. | ||||
| 
 | ||||
|  | ||||
| @ -95,9 +95,13 @@ $node->connect_fails( | ||||
| # because channel binding is not performed.  Note that ssl/client.key may | ||||
| # be used in a different test, so the name of this temporary client key | ||||
| # is chosen here to be unique. | ||||
| my $client_tmp_key = "${PostgreSQL::Test::Utils::tmp_check}/client_scram.key"; | ||||
| copy("ssl/client.key", $client_tmp_key); | ||||
| chmod 0600, $client_tmp_key; | ||||
| my $cert_tempdir = PostgreSQL::Test::Utils::tempdir(); | ||||
| my $client_tmp_key = PostgreSQL::Test::Utils::perl2host("$cert_tempdir/client_scram.key"); | ||||
| copy("ssl/client.key", "$cert_tempdir/client_scram.key") | ||||
|   or die | ||||
|   "couldn't copy ssl/client_key to $cert_tempdir/client_scram.key for permission change: $!"; | ||||
| chmod 0600, "$cert_tempdir/client_scram.key" | ||||
|   or die "failed to change permissions on $cert_tempdir/client_scram.key: $!"; | ||||
| $node->connect_fails( | ||||
| 	"sslcert=ssl/client.crt sslkey=$client_tmp_key sslrootcert=invalid hostaddr=$SERVERHOSTADDR dbname=certdb user=ssltestuser channel_binding=require", | ||||
| 	"Cert authentication and channel_binding=require", | ||||
|  | ||||
| @ -37,11 +37,13 @@ my $common_connstr; | ||||
| 
 | ||||
| # The client's private key must not be world-readable, so take a copy | ||||
| # of the key stored in the code tree and update its permissions. | ||||
| my $client_tmp_key = "${PostgreSQL::Test::Utils::tmp_check}/client_ext.key"; | ||||
| copy("ssl/client_ext.key", $client_tmp_key) | ||||
|   or die "couldn't copy ssl/client_ext.key to $client_tmp_key for permissions change: $!"; | ||||
| chmod 0600, $client_tmp_key | ||||
|   or die "failed to change permissions on $client_tmp_key: $!"; | ||||
| my $cert_tempdir = PostgreSQL::Test::Utils::tempdir(); | ||||
| my $client_tmp_key = PostgreSQL::Test::Utils::perl2host("$cert_tempdir/client_ext.key"); | ||||
| copy("ssl/client_ext.key", "$cert_tempdir/client_ext.key") | ||||
|   or die | ||||
|   "couldn't copy ssl/client_ext.key to $cert_tempdir/client_ext.key for permissions change: $!"; | ||||
| chmod 0600, "$cert_tempdir/client_ext.key" | ||||
|   or die "failed to change permissions on $cert_tempdir/client_ext.key: $!"; | ||||
| 
 | ||||
| #### Set up the server. | ||||
| 
 | ||||
|  | ||||
		Loading…
	
	
			
			x
			
			
		
	
		Reference in New Issue
	
	Block a user