From bdd6e9ba171765ae34d320e1be17717620cb491c Mon Sep 17 00:00:00 2001 From: Peter Eisentraut Date: Tue, 29 Jan 2019 10:29:07 +0100 Subject: [PATCH] Make SSL tests more robust Someone running these test could have key or certificate files in their ~/.postgresql/, which would interfere with the tests. The way to override that is to specify sslcert=invalid and/or sslrootcert=invalid if no actual certificate is used for a particular test. Document that and fix up one test that had a risk of failing in these circumstances. Discussion: https://www.postgresql.org/message-id/flat/398754d8-6bb5-c5cf-e7b8-22e5f0983caf@2ndquadrant.com/ --- src/test/ssl/ServerSetup.pm | 10 ++++++++++ src/test/ssl/t/002_scram.pl | 2 +- 2 files changed, 11 insertions(+), 1 deletion(-) diff --git a/src/test/ssl/ServerSetup.pm b/src/test/ssl/ServerSetup.pm index 3b451a360a..5acba52310 100644 --- a/src/test/ssl/ServerSetup.pm +++ b/src/test/ssl/ServerSetup.pm @@ -14,6 +14,16 @@ # The server is configured to only accept connections from localhost. If you # want to run the client from another host, you'll have to configure that # manually. +# +# Note: Someone running these test could have key or certificate files +# in their ~/.postgresql/, which would interfere with the tests. The +# way to override that is to specify sslcert=invalid and/or +# sslrootcert=invalid if no actual certificate is used for a +# particular test. libpq will ignore specifications that name +# nonexisting files. (sslkey and sslcrl do not need to specified +# explicitly because an invalid sslcert or sslrootcert, respectively, +# causes those to be ignored.) + package ServerSetup; use strict; diff --git a/src/test/ssl/t/002_scram.pl b/src/test/ssl/t/002_scram.pl index b460a7fa8a..d45b9c5db3 100644 --- a/src/test/ssl/t/002_scram.pl +++ b/src/test/ssl/t/002_scram.pl @@ -39,7 +39,7 @@ configure_test_server_for_ssl($node, $SERVERHOSTADDR, "scram-sha-256", switch_server_cert($node, 'server-cn-only'); $ENV{PGPASSWORD} = "pass"; $common_connstr = - "user=ssltestuser dbname=trustdb sslmode=require hostaddr=$SERVERHOSTADDR"; + "user=ssltestuser dbname=trustdb sslmode=require sslcert=invalid sslrootcert=invalid hostaddr=$SERVERHOSTADDR"; # Default settings test_connect_ok($common_connstr, '', -- 2.40.0