Commitef7fa90

committed

Add tests for errors during SSL or GSSAPI handshake

These test that libpq correctly falls back to a plaintext connectionon handshake error, in the "prefer" modes.Reviewed-by: Michael PaquierDiscussion:https://www.postgresql.org/message-id/CAOYmi%2Bnwvu21mJ4DYKUa98HdfM_KZJi7B1MhyXtnsyOO-PB6Ww%40mail.gmail.com

1 parent20e0e7d commitef7fa90Copy full SHA for ef7fa90

File tree

+26

-0

lines changed

+26

-0

lines changed

Lines changed: 3 additions & 0 deletions

Original file line number	Diff line number	Diff line change
`@@ -21,6 +21,7 @@`
`21`	`21`	`#include"libpq/pqformat.h"`
`22`	`22`	`#include"miscadmin.h"`
`23`	`23`	`#include"pgstat.h"`
	`24`	`+#include"utils/injection_point.h"`
`24`	`25`	`#include"utils/memutils.h"`
`25`	`26`
`26`	`27`
`@@ -499,6 +500,8 @@ secure_open_gssapi(Port *port)`
`499`	`500`	`minor;`
`500`	`501`	`gss_cred_id_tdelegated_creds;`
`501`	`502`
	`503`	`+INJECTION_POINT("backend-gssapi-startup");`
	`504`	`+`
`502`	`505`	`/*`
`503`	`506`	`* Allocate subsidiary Port data for GSSAPI operations.`
`504`	`507`	`*/`

Lines changed: 3 additions & 0 deletions

Original file line number	Diff line number	Diff line change
`@@ -30,6 +30,7 @@`
`30`	`30`	`#include"libpq/libpq.h"`
`31`	`31`	`#include"miscadmin.h"`
`32`	`32`	`#include"tcop/tcopprot.h"`
	`33`	`+#include"utils/injection_point.h"`
`33`	`34`	`#include"utils/wait_event.h"`
`34`	`35`
`35`	`36`	`char*ssl_library;`
`@@ -129,6 +130,8 @@ secure_open_server(Port *port)`
`129`	`130`	`}`
`130`	`131`	`Assert(pq_buffer_remaining_data()==0);`
`131`	`132`
	`133`	`+INJECTION_POINT("backend-ssl-startup");`
	`134`	`+`
`132`	`135`	`r=be_tls_open_server(port);`
`133`	`136`
`134`	`137`	`if (port->raw_buf_remaining>0)`

Lines changed: 20 additions & 0 deletions

Original file line number	Diff line number	Diff line change
`@@ -339,6 +339,16 @@ BEGIN`
`339`	`339`	`"user=testuser sslmode=prefer",`
`340`	`340`	`'connect, v2error -> fail');`
`341`	`341`	`$node->restart;`
	`342`	`+`
	`343`	`+$node->safe_psql(`
	`344`	`+'postgres',`
	`345`	`+"SELECT injection_points_attach('backend-ssl-startup', 'error');",`
	`346`	`+connstr=>"user=localuser host=$unixdir");`
	`347`	`+connect_test(`
	`348`	`+$node,`
	`349`	`+"user=testuser sslmode=prefer",`
	`350`	`+'connect, sslaccept, backenderror, reconnect, authok -> plain');`
	`351`	`+$node->restart;`
`342`	`352`	`}`
`343`	`353`
`344`	`354`	`# Disable SSL again`
`@@ -444,6 +454,16 @@ BEGIN`
`444`	`454`	`"user=testuser gssencmode=prefer sslmode=disable",`
`445`	`455`	`'connect, v2error -> fail');`
`446`	`456`	`$node->restart;`
	`457`	`+`
	`458`	`+$node->safe_psql(`
	`459`	`+'postgres',`
	`460`	`+"SELECT injection_points_attach('backend-gssapi-startup', 'error');",`
	`461`	`+connstr=>"user=localuser host=$unixdir");`
	`462`	`+connect_test(`
	`463`	`+$node,`
	`464`	`+"user=testuser gssencmode=prefer sslmode=disable",`
	`465`	`+'connect, gssaccept, backenderror, reconnect, authok -> plain');`
	`466`	`+$node->restart;`
`447`	`467`	`}`
`448`	`468`	`}`
`449`	`469`

Comments

(0)