Movatterモバイル変換

[0]ホーム
URL:

Skip to content

Navigation Menu

Sign in
Appearance settings

Search code, repositories, users, issues, pull requests...

Provide feedback

We read every piece of feedback, and take your input very seriously.

Saved searches

Use saved searches to filter your results more quickly

 Sign up
Appearance settings

Commit79eada4

Browse files
danielgustafssonpull[bot]
authored andcommitted
Use library functions to edit config in SSL tests
The SSL tests were editing the postgres configuration by directlyreading and writing the files rather than using append_conf() fromthe testcode library.Reviewed-by: Peter Eisentraut <peter@eisentraut.org>Discussion:https://postgr.es/m/01F4684C-8C98-4BBE-AB83-AC8D7C746AF8@yesql.se
1 parent54e7c2e commit79eada4

File tree

1 file changed

+39
-42
lines changed

1 file changed

+39
-42
lines changed

‎src/test/ssl/t/SSL/Server.pm

Lines changed: 39 additions & 42 deletions
Original file line numberDiff line numberDiff line change
@@ -197,17 +197,18 @@ sub configure_test_server_for_ssl
197197
}
198198

199199
# enable logging etc.
200-
openmy$conf,'>>',"$pgdata/postgresql.conf"ordie$!;
201-
print$conf"fsync=off\n";
202-
print$conf"log_connections=on\n";
203-
print$conf"log_hostname=on\n";
204-
print$conf"listen_addresses='$serverhost'\n";
205-
print$conf"log_statement=all\n";
200+
$node->append_conf(
201+
'postgresql.conf',<<EOF
202+
fsync=off
203+
log_connections=on
204+
log_hostname=on
205+
listen_addresses='$serverhost'
206+
log_statement=all
207+
EOF
208+
);
206209

207210
# enable SSL and set up server key
208-
print$conf"include 'sslconfig.conf'\n";
209-
210-
close$conf;
211+
$node->append_conf('postgresql.conf',"include 'sslconfig.conf'");
211212

212213
# SSL configuration will be placed here
213214
openmy$sslconf,'>',"$pgdata/sslconfig.conf"ordie$!;
@@ -296,13 +297,12 @@ sub switch_server_cert
296297
my%params =@_;
297298
my$pgdata =$node->data_dir;
298299

299-
openmy$sslconf,'>',"$pgdata/sslconfig.conf"ordie$!;
300-
print$sslconf"ssl=on\n";
301-
print$sslconf$backend->set_server_cert(\%params);
302-
print$sslconf"ssl_passphrase_command='"
303-
.$params{passphrase_cmd} ."'\n"
300+
ok(unlink($node->data_dir .'/sslconfig.conf'));
301+
$node->append_conf('sslconfig.conf',"ssl=on");
302+
$node->append_conf('sslconfig.conf',$backend->set_server_cert(\%params));
303+
$node->append_conf('sslconfig.conf',
304+
"ssl_passphrase_command='".$params{passphrase_cmd} ."'")
304305
ifdefined$params{passphrase_cmd};
305-
close$sslconf;
306306

307307
returnif (defined($params{restart}) &&$params{restart}eq'no');
308308

@@ -321,35 +321,32 @@ sub _configure_hba_for_ssl
321321
# but seems best to keep it as narrow as possible for security reasons.
322322
#
323323
# When connecting to certdb, also check the client certificate.
324-
openmy$hba,'>',"$pgdata/pg_hba.conf"ordie$!;
325-
print$hba
326-
"# TYPE DATABASE USER ADDRESS METHOD OPTIONS\n";
327-
print$hba
328-
"hostssl trustdb md5testuser$servercidr md5\n";
329-
print$hba
330-
"hostssl trustdb all$servercidr$authmethod\n";
331-
print$hba
332-
"hostssl verifydb ssltestuser$servercidr$authmethod clientcert=verify-full\n";
333-
print$hba
334-
"hostssl verifydb anotheruser$servercidr$authmethod clientcert=verify-full\n";
335-
print$hba
336-
"hostssl verifydb yetanotheruser$servercidr$authmethod clientcert=verify-ca\n";
337-
print$hba
338-
"hostssl certdb all$servercidr cert\n";
339-
print$hba
340-
"hostssl certdb_dn all$servercidr cert clientname=DN map=dn\n",
341-
"hostssl certdb_dn_re all$servercidr cert clientname=DN map=dnre\n",
342-
"hostssl certdb_cn all$servercidr cert clientname=CN map=cn\n";
343-
close$hba;
324+
ok(unlink($node->data_dir .'/pg_hba.conf'));
325+
$node->append_conf(
326+
'pg_hba.conf',<<EOF
327+
# TYPE DATABASE USER ADDRESS METHOD OPTIONS
328+
hostssl trustdb md5testuser$servercidr md5
329+
hostssl trustdb all$servercidr$authmethod
330+
hostssl verifydb ssltestuser$servercidr$authmethod clientcert=verify-full
331+
hostssl verifydb anotheruser$servercidr$authmethod clientcert=verify-full
332+
hostssl verifydb yetanotheruser$servercidr$authmethod clientcert=verify-ca
333+
hostssl certdb all$servercidr cert
334+
hostssl certdb_dn all$servercidr cert clientname=DN map=dn
335+
hostssl certdb_dn_re all$servercidr cert clientname=DN map=dnre
336+
hostssl certdb_cn all$servercidr cert clientname=CN map=cn
337+
EOF
338+
);
344339

345340
# Also set the ident maps. Note: fields with commas must be quoted
346-
openmy$map,">","$pgdata/pg_ident.conf"ordie$!;
347-
print$map
348-
"# MAPNAME SYSTEM-USERNAME PG-USERNAME\n",
349-
"dn\"CN=ssltestuser-dn,OU=Testing,OU=Engineering,O=PGDG\" ssltestuser\n",
350-
"dnre\"/^.*OU=Testing,.*\$\" ssltestuser\n",
351-
"cn ssltestuser-dn ssltestuser\n";
352-
341+
ok(unlink($node->data_dir .'/pg_ident.conf'));
342+
$node->append_conf(
343+
'pg_ident.conf',<<EOF
344+
# MAPNAME SYSTEM-USERNAME PG-USERNAME
345+
dn "CN=ssltestuser-dn,OU=Testing,OU=Engineering,O=PGDG" ssltestuser
346+
dnre "/^.*OU=Testing,.*\$" ssltestuser
347+
cn ssltestuser-dn ssltestuser
348+
EOF
349+
);
353350
return;
354351
}
355352

0 commit comments

Comments
 (0)
[8]ページ先頭
©2009-2025 Movatter.jp