3, 'read-only queries on standby 2');
# Tests for connection parameter target_session_attrs
-diag "testing connection parameter \"target_session_attrs\"";
+note "testing connection parameter \"target_session_attrs\"";
# Routine designed to run tests on the connection parameter
# target_session_attrs with multiple nodes.
test_target_session_attrs($node_standby_1, $node_master, $node_standby_1,
"any", 0);
-diag "switching to physical replication slot";
+note "switching to physical replication slot";
# Switch to using a physical replication slot. We can do this without a new
# backup since physical slots can go backwards if needed. Do so on both
# standbys. Since we're going to be testing things that affect the slot state,
replay_check();
-diag "enabling hot_standby_feedback";
+note "enabling hot_standby_feedback";
# Enable hs_feedback. The slot should gain an xmin. We set the status interval
# so we'll see the results promptly.
$node_standby_1->safe_psql('postgres', 'ALTER SYSTEM SET hot_standby_feedback = on;');
isnt($xmin, '', 'cascaded slot xmin non-null with hs feedback');
is($catalog_xmin, '', 'cascaded slot xmin still null with hs_feedback');
-diag "doing some work to advance xmin";
+note "doing some work to advance xmin";
for my $i (10000..11000) {
$node_master->safe_psql('postgres', qq[INSERT INTO tab_int VALUES ($i);]);
}
$node_master->safe_psql('postgres', 'CHECKPOINT;');
my ($xmin2, $catalog_xmin2) = get_slot_xmins($node_master, $slotname_1);
-diag "new xmin $xmin2, old xmin $xmin";
+note "new xmin $xmin2, old xmin $xmin";
isnt($xmin2, $xmin, 'non-cascaded slot xmin with hs feedback has changed');
is($catalog_xmin2, '', 'non-cascaded slot xmin still null with hs_feedback unchanged');
($xmin2, $catalog_xmin2) = get_slot_xmins($node_standby_1, $slotname_2);
-diag "new xmin $xmin2, old xmin $xmin";
+note "new xmin $xmin2, old xmin $xmin";
isnt($xmin2, $xmin, 'cascaded slot xmin with hs feedback has changed');
is($catalog_xmin2, '', 'cascaded slot xmin still null with hs_feedback unchanged');
-diag "disabling hot_standby_feedback";
+note "disabling hot_standby_feedback";
# Disable hs_feedback. Xmin should be cleared.
$node_standby_1->safe_psql('postgres', 'ALTER SYSTEM SET hot_standby_feedback = off;');
$node_standby_1->reload;
is($xmin, '', 'cascaded slot xmin null with hs feedback reset');
is($catalog_xmin, '', 'cascaded slot xmin still null with hs_feedback reset');
-diag "re-enabling hot_standby_feedback and disabling while stopped";
+note "re-enabling hot_standby_feedback and disabling while stopped";
$node_standby_2->safe_psql('postgres', 'ALTER SYSTEM SET hot_standby_feedback = on;');
$node_standby_2->reload;
#### Part 0. Set up the server.
-diag "setting up data directory...";
+note "setting up data directory";
my $node = get_new_node('master');
$node->init;
### on sslmode and whether the server's certificate looks correct. No
### client certificate is used in these tests.
-diag "running client tests...";
+note "running client tests";
$common_connstr =
"user=ssltestuser dbname=trustdb sslcert=invalid hostaddr=$SERVERHOSTADDR host=common-name.pg-ssltest.test";
# The server should not accept non-SSL connections
-diag "test that the server doesn't accept non-SSL connections";
+note "test that the server doesn't accept non-SSL connections";
test_connect_fails("sslmode=disable");
# Try without a root cert. In sslmode=require, this should work. In verify-ca
# or verify-full mode it should fail
-diag "connect without server root cert";
+note "connect without server root cert";
test_connect_ok("sslrootcert=invalid sslmode=require");
test_connect_fails("sslrootcert=invalid sslmode=verify-ca");
test_connect_fails("sslrootcert=invalid sslmode=verify-full");
# Try with wrong root cert, should fail. (we're using the client CA as the
# root, but the server's key is signed by the server CA)
-diag "connect without wrong server root cert";
+note "connect without wrong server root cert";
test_connect_fails("sslrootcert=ssl/client_ca.crt sslmode=require");
test_connect_fails("sslrootcert=ssl/client_ca.crt sslmode=verify-ca");
test_connect_fails("sslrootcert=ssl/client_ca.crt sslmode=verify-full");
# Try with just the server CA's cert. This fails because the root file
# must contain the whole chain up to the root CA.
-diag "connect with server CA cert, without root CA";
+note "connect with server CA cert, without root CA";
test_connect_fails("sslrootcert=ssl/server_ca.crt sslmode=verify-ca");
# And finally, with the correct root cert.
-diag "connect with correct server CA cert file";
+note "connect with correct server CA cert file";
test_connect_ok("sslrootcert=ssl/root+server_ca.crt sslmode=require");
test_connect_ok("sslrootcert=ssl/root+server_ca.crt sslmode=verify-ca");
test_connect_ok("sslrootcert=ssl/root+server_ca.crt sslmode=verify-full");
test_connect_ok("sslrootcert=ssl/both-cas-1.crt sslmode=verify-ca");
test_connect_ok("sslrootcert=ssl/both-cas-2.crt sslmode=verify-ca");
-diag "testing sslcrl option with a non-revoked cert";
+note "testing sslcrl option with a non-revoked cert";
# Invalid CRL filename is the same as no CRL, succeeds
test_connect_ok(
# Check that connecting with verify-full fails, when the hostname doesn't
# match the hostname in the server's certificate.
-diag "test mismatch between hostname and server certificate";
+note "test mismatch between hostname and server certificate";
$common_connstr =
"user=ssltestuser dbname=trustdb sslcert=invalid sslrootcert=ssl/root+server_ca.crt hostaddr=$SERVERHOSTADDR sslmode=verify-full";
# Test Subject Alternative Names.
switch_server_cert($node, 'server-multiple-alt-names');
-diag "test hostname matching with X509 Subject Alternative Names";
+note "test hostname matching with X.509 Subject Alternative Names";
$common_connstr =
"user=ssltestuser dbname=trustdb sslcert=invalid sslrootcert=ssl/root+server_ca.crt hostaddr=$SERVERHOSTADDR sslmode=verify-full";
# slightly different error message, that's all)
switch_server_cert($node, 'server-single-alt-name');
-diag "test hostname matching with a single X509 Subject Alternative Name";
+note "test hostname matching with a single X.509 Subject Alternative Name";
$common_connstr =
"user=ssltestuser dbname=trustdb sslcert=invalid sslrootcert=ssl/root+server_ca.crt hostaddr=$SERVERHOSTADDR sslmode=verify-full";
# should be ignored when the certificate has both.
switch_server_cert($node, 'server-cn-and-alt-names');
-diag "test certificate with both a CN and SANs";
+note "test certificate with both a CN and SANs";
$common_connstr =
"user=ssltestuser dbname=trustdb sslcert=invalid sslrootcert=ssl/root+server_ca.crt hostaddr=$SERVERHOSTADDR sslmode=verify-full";
test_connect_fails("sslmode=verify-full host=common-name.pg-ssltest.test");
# Test that the CRL works
-diag "Testing client-side CRL";
+note "testing client-side CRL";
switch_server_cert($node, 'server-revoked');
$common_connstr =
###
### Test certificate authorization.
-diag "Testing certificate authorization...";
+note "testing certificate authorization";
$common_connstr =
"sslrootcert=ssl/root+server_ca.crt sslmode=require dbname=certdb hostaddr=$SERVERHOSTADDR";
projects / postgresql / commitdiff