From 023d81df78a3961258344d00c1e21e62792f55dc Mon Sep 17 00:00:00 2001 From: Daniel Gustafsson Date: Wed, 19 May 2021 14:49:20 +0200 Subject: [PATCH 1/2] Extend configure_test_server_for_ssl to add extensions In order to be able to test extensions with SSL connections, allow configure_test_server_for_ssl to create any extensions passed as comma separated list. Each extension is created in all the test databases which may or may not be useful. --- src/test/ssl/t/002_scram.pl | 2 +- src/test/ssl/t/SSLServer.pm | 29 ++++++++++++++++++++++------- 2 files changed, 23 insertions(+), 8 deletions(-) diff --git a/src/test/ssl/t/002_scram.pl b/src/test/ssl/t/002_scram.pl index 9143fa515f..d8cd8a9976 100644 --- a/src/test/ssl/t/002_scram.pl +++ b/src/test/ssl/t/002_scram.pl @@ -49,7 +49,7 @@ $node->start; # Configure server for SSL connections, with password handling. configure_test_server_for_ssl($node, $SERVERHOSTADDR, $SERVERHOSTCIDR, - "scram-sha-256", "pass", "scram-sha-256"); + "scram-sha-256", 'password' => "pass", 'password_enc' => "scram-sha-256"); switch_server_cert($node, 'server-cn-only'); $ENV{PGPASSWORD} = "pass"; $common_connstr = diff --git a/src/test/ssl/t/SSLServer.pm b/src/test/ssl/t/SSLServer.pm index 804d008245..71cd6882b7 100644 --- a/src/test/ssl/t/SSLServer.pm +++ b/src/test/ssl/t/SSLServer.pm @@ -62,9 +62,7 @@ sub copy_files # servercidr: what to put in pg_hba.conf, e.g. '127.0.0.1/32' sub configure_test_server_for_ssl { - my ($node, $serverhost, $servercidr, $authmethod, $password, - $password_enc) = @_; - + my ($node, $serverhost, $servercidr, $authmethod, %params) = @_; my $pgdata = $node->data_dir; # Create test users and databases @@ -80,20 +78,37 @@ sub configure_test_server_for_ssl $node->psql('postgres', "CREATE DATABASE verifydb"); # Update password of each user as needed. - if (defined($password)) + if (defined($params{password})) { + die "Password encoding must be specified when password is set" + unless defined($params{password_enc}); + $node->psql('postgres', - "SET password_encryption='$password_enc'; ALTER USER ssltestuser PASSWORD '$password';" + "SET password_encryption='$params{password_enc}'; ALTER USER ssltestuser PASSWORD '$params{password}';" ); # A special user that always has an md5-encrypted password $node->psql('postgres', - "SET password_encryption='md5'; ALTER USER md5testuser PASSWORD '$password';" + "SET password_encryption='md5'; ALTER USER md5testuser PASSWORD '$params{password}';" ); $node->psql('postgres', - "SET password_encryption='$password_enc'; ALTER USER anotheruser PASSWORD '$password';" + "SET password_encryption='$params{password_enc}'; ALTER USER anotheruser PASSWORD '$params{password}';" ); } + # Create any extensions requested in the setup + if (defined($params{extensions})) + { + for my $extension (split(/,/,$params{extensions})) + { + $node->psql('trustdb', "CREATE EXTENSION $extension;"); + $node->psql('certdb', "CREATE EXTENSION $extension;"); + $node->psql('certdb_dn', "CREATE EXTENSION $extension;"); + $node->psql('certdb_dn_re', "CREATE EXTENSION $extension;"); + $node->psql('certdb_cn', "CREATE EXTENSION $extension;"); + $node->psql('verifydb', "CREATE EXTENSION $extension;"); + } + } + # enable logging etc. open my $conf, '>>', "$pgdata/postgresql.conf"; print $conf "fsync=off\n"; -- 2.30.1 (Apple Git-130)