Skip to content

Commit 79eada4

Browse files
danielgustafssonpull[bot]
danielgustafsson
authored and
pull[bot]
committed
Use library functions to edit config in SSL tests
The SSL tests were editing the postgres configuration by directly reading and writing the files rather than using append_conf() from the testcode library. Reviewed-by: Peter Eisentraut <peter@eisentraut.org> Discussion: https://postgr.es/m/01F4684C-8C98-4BBE-AB83-AC8D7C746AF8@yesql.se
1 parent 54e7c2e commit 79eada4

File tree

1 file changed

+39
-42
lines changed

1 file changed

+39
-42
lines changed

src/test/ssl/t/SSL/Server.pm

Lines changed: 39 additions & 42 deletions
Original file line numberDiff line numberDiff line change
@@ -197,17 +197,18 @@ sub configure_test_server_for_ssl
197197
}
198198

199199
# enable logging etc.
200-
open my $conf, '>>', "$pgdata/postgresql.conf" or die $!;
201-
print $conf "fsync=off\n";
202-
print $conf "log_connections=on\n";
203-
print $conf "log_hostname=on\n";
204-
print $conf "listen_addresses='$serverhost'\n";
205-
print $conf "log_statement=all\n";
200+
$node->append_conf(
201+
'postgresql.conf', <<EOF
202+
fsync=off
203+
log_connections=on
204+
log_hostname=on
205+
listen_addresses='$serverhost'
206+
log_statement=all
207+
EOF
208+
);
206209

207210
# enable SSL and set up server key
208-
print $conf "include 'sslconfig.conf'\n";
209-
210-
close $conf;
211+
$node->append_conf('postgresql.conf', "include 'sslconfig.conf'");
211212

212213
# SSL configuration will be placed here
213214
open my $sslconf, '>', "$pgdata/sslconfig.conf" or die $!;
@@ -296,13 +297,12 @@ sub switch_server_cert
296297
my %params = @_;
297298
my $pgdata = $node->data_dir;
298299

299-
open my $sslconf, '>', "$pgdata/sslconfig.conf" or die $!;
300-
print $sslconf "ssl=on\n";
301-
print $sslconf $backend->set_server_cert(\%params);
302-
print $sslconf "ssl_passphrase_command='"
303-
. $params{passphrase_cmd} . "'\n"
300+
ok(unlink($node->data_dir . '/sslconfig.conf'));
301+
$node->append_conf('sslconfig.conf', "ssl=on");
302+
$node->append_conf('sslconfig.conf', $backend->set_server_cert(\%params));
303+
$node->append_conf('sslconfig.conf',
304+
"ssl_passphrase_command='" . $params{passphrase_cmd} . "'")
304305
if defined $params{passphrase_cmd};
305-
close $sslconf;
306306

307307
return if (defined($params{restart}) && $params{restart} eq 'no');
308308

@@ -321,35 +321,32 @@ sub _configure_hba_for_ssl
321321
# but seems best to keep it as narrow as possible for security reasons.
322322
#
323323
# When connecting to certdb, also check the client certificate.
324-
open my $hba, '>', "$pgdata/pg_hba.conf" or die $!;
325-
print $hba
326-
"# TYPE DATABASE USER ADDRESS METHOD OPTIONS\n";
327-
print $hba
328-
"hostssl trustdb md5testuser $servercidr md5\n";
329-
print $hba
330-
"hostssl trustdb all $servercidr $authmethod\n";
331-
print $hba
332-
"hostssl verifydb ssltestuser $servercidr $authmethod clientcert=verify-full\n";
333-
print $hba
334-
"hostssl verifydb anotheruser $servercidr $authmethod clientcert=verify-full\n";
335-
print $hba
336-
"hostssl verifydb yetanotheruser $servercidr $authmethod clientcert=verify-ca\n";
337-
print $hba
338-
"hostssl certdb all $servercidr cert\n";
339-
print $hba
340-
"hostssl certdb_dn all $servercidr cert clientname=DN map=dn\n",
341-
"hostssl certdb_dn_re all $servercidr cert clientname=DN map=dnre\n",
342-
"hostssl certdb_cn all $servercidr cert clientname=CN map=cn\n";
343-
close $hba;
324+
ok(unlink($node->data_dir . '/pg_hba.conf'));
325+
$node->append_conf(
326+
'pg_hba.conf', <<EOF
327+
# TYPE DATABASE USER ADDRESS METHOD OPTIONS
328+
hostssl trustdb md5testuser $servercidr md5
329+
hostssl trustdb all $servercidr $authmethod
330+
hostssl verifydb ssltestuser $servercidr $authmethod clientcert=verify-full
331+
hostssl verifydb anotheruser $servercidr $authmethod clientcert=verify-full
332+
hostssl verifydb yetanotheruser $servercidr $authmethod clientcert=verify-ca
333+
hostssl certdb all $servercidr cert
334+
hostssl certdb_dn all $servercidr cert clientname=DN map=dn
335+
hostssl certdb_dn_re all $servercidr cert clientname=DN map=dnre
336+
hostssl certdb_cn all $servercidr cert clientname=CN map=cn
337+
EOF
338+
);
344339

345340
# Also set the ident maps. Note: fields with commas must be quoted
346-
open my $map, ">", "$pgdata/pg_ident.conf" or die $!;
347-
print $map
348-
"# MAPNAME SYSTEM-USERNAME PG-USERNAME\n",
349-
"dn \"CN=ssltestuser-dn,OU=Testing,OU=Engineering,O=PGDG\" ssltestuser\n",
350-
"dnre \"/^.*OU=Testing,.*\$\" ssltestuser\n",
351-
"cn ssltestuser-dn ssltestuser\n";
352-
341+
ok(unlink($node->data_dir . '/pg_ident.conf'));
342+
$node->append_conf(
343+
'pg_ident.conf', <<EOF
344+
# MAPNAME SYSTEM-USERNAME PG-USERNAME
345+
dn "CN=ssltestuser-dn,OU=Testing,OU=Engineering,O=PGDG" ssltestuser
346+
dnre "/^.*OU=Testing,.*\$" ssltestuser
347+
cn ssltestuser-dn ssltestuser
348+
EOF
349+
);
353350
return;
354351
}
355352

0 commit comments

Comments
 (0)