@@ -197,17 +197,18 @@ sub configure_test_server_for_ssl
197197}
198198
199199# enable logging etc.
200- open my $conf ,' >>' " $pgdata /postgresql.conf" or die $! ;
201- print $conf " fsync=off\n "
202- print $conf " log_connections=on\n "
203- print $conf " log_hostname=on\n "
204- print $conf " listen_addresses='$serverhost '\n "
205- print $conf " log_statement=all\n "
200+ $node -> append_conf(
201+ ' postgresql.conf' <<EOF
202+ fsync=off
203+ log_connections=on
204+ log_hostname=on
205+ listen_addresses='$serverhost '
206+ log_statement=all
207+ EOF
208+ );
206209
207210# enable SSL and set up server key
208- print $conf " include 'sslconfig.conf'\n "
209-
210- close $conf ;
211+ $node -> append_conf(' postgresql.conf' " include 'sslconfig.conf'"
211212
212213# SSL configuration will be placed here
213214open my $sslconf ,' >' " $pgdata /sslconfig.conf" or die $! ;
@@ -296,13 +297,12 @@ sub switch_server_cert
296297my %params =@_ ;
297298my $pgdata =$node -> data_dir;
298299
299- open my $sslconf , ' > ' , " $pgdata /sslconfig.conf" or die $! ;
300- print $sslconf " ssl=on\n "
301- print $sslconf $backend -> set_server_cert(\%params );
302- print $sslconf " ssl_passphrase_command=' "
303- $params {passphrase_cmd } ." '\n "
300+ ok( unlink ( $node -> data_dir . ' /sslconfig.conf' )) ;
301+ $node -> append_conf( ' sslconfig.conf ' , " ssl=on" ) ;
302+ $node -> append_conf( ' sslconfig.conf ' , $backend -> set_server_cert(\%params ) );
303+ $node -> append_conf( ' sslconfig.conf ' ,
304+ " ssl_passphrase_command=' " $params {passphrase_cmd } ." '" )
304305if defined $params {passphrase_cmd };
305- close $sslconf ;
306306
307307return if (defined ($params {restart }) &&$params {restart }eq ' no'
308308
@@ -321,35 +321,32 @@ sub _configure_hba_for_ssl
321321# but seems best to keep it as narrow as possible for security reasons.
322322#
323323# When connecting to certdb, also check the client certificate.
324- open my $hba ,' >' " $pgdata /pg_hba.conf" or die $! ;
325- print $hba
326- " # TYPE DATABASE USER ADDRESS METHOD OPTIONS\n "
327- print $hba
328- " hostssl trustdb md5testuser$servercidr md5\n "
329- print $hba
330- " hostssl trustdb all$servercidr $authmethod \n "
331- print $hba
332- " hostssl verifydb ssltestuser$servercidr $authmethod clientcert=verify-full\n "
333- print $hba
334- " hostssl verifydb anotheruser$servercidr $authmethod clientcert=verify-full\n "
335- print $hba
336- " hostssl verifydb yetanotheruser$servercidr $authmethod clientcert=verify-ca\n "
337- print $hba
338- " hostssl certdb all$servercidr cert\n "
339- print $hba
340- " hostssl certdb_dn all$servercidr cert clientname=DN map=dn\n "
341- " hostssl certdb_dn_re all$servercidr cert clientname=DN map=dnre\n "
342- " hostssl certdb_cn all$servercidr cert clientname=CN map=cn\n "
343- close $hba ;
324+ ok(unlink ($node -> data_dir .' /pg_hba.conf'
325+ $node -> append_conf(
326+ ' pg_hba.conf' <<EOF
327+ # TYPE DATABASE USER ADDRESS METHOD OPTIONS
328+ hostssl trustdb md5testuser$servercidr md5
329+ hostssl trustdb all$servercidr $authmethod
330+ hostssl verifydb ssltestuser$servercidr $authmethod clientcert=verify-full
331+ hostssl verifydb anotheruser$servercidr $authmethod clientcert=verify-full
332+ hostssl verifydb yetanotheruser$servercidr $authmethod clientcert=verify-ca
333+ hostssl certdb all$servercidr cert
334+ hostssl certdb_dn all$servercidr cert clientname=DN map=dn
335+ hostssl certdb_dn_re all$servercidr cert clientname=DN map=dnre
336+ hostssl certdb_cn all$servercidr cert clientname=CN map=cn
337+ EOF
338+ );
344339
345340# Also set the ident maps. Note: fields with commas must be quoted
346- open my $map ," >" " $pgdata /pg_ident.conf" or die $! ;
347- print $map
348- " # MAPNAME SYSTEM-USERNAME PG-USERNAME\n "
349- " dn\" CN=ssltestuser-dn,OU=Testing,OU=Engineering,O=PGDG\" ssltestuser\n "
350- " dnre\" /^.*OU=Testing,.*\$\" ssltestuser\n "
351- " cn ssltestuser-dn ssltestuser\n "
352-
341+ ok(unlink ($node -> data_dir .' /pg_ident.conf'
342+ $node -> append_conf(
343+ ' pg_ident.conf' <<EOF
344+ # MAPNAME SYSTEM-USERNAME PG-USERNAME
345+ dn "CN=ssltestuser-dn,OU=Testing,OU=Engineering,O=PGDG" ssltestuser
346+ dnre "/^.*OU=Testing,.*\$ " ssltestuser
347+ cn ssltestuser-dn ssltestuser
348+ EOF
349+ );
353350return ;
354351}
355352