Re: Avoid generating SSL certs for LDAP tests

2022-12-20 Thread Andrew Dunstan 


On 2022-12-19 Mo 11:04, Andrew Dunstan wrote:
> On 2022-12-19 Mo 10:25, Tom Lane wrote:
>> Andrew Dunstan  writes:
>>> We don't generate SSL certificates for running the SSL tests, but
>>> instead use pregenerated certificates that are part of our source code.
>>> This patch applies the same policy to the LDAP tests, and in fact simply
>>> reuses certificates from the SSL test suite by copying them. It won't
>>> save much but it should save a handful of cycles at run time.
>> +1, but should there be a comment somewhere under test/ssl pointing
>> out this external use of the certs?
>
> OK, I'll find a place to mention that.


Done.


cheers


andrew

--
Andrew Dunstan
EDB: https://www.enterprisedb.com

Re: Avoid generating SSL certs for LDAP tests

2022-12-19 Thread Andrew Dunstan 


On 2022-12-19 Mo 10:25, Tom Lane wrote:
> Andrew Dunstan  writes:
>> We don't generate SSL certificates for running the SSL tests, but
>> instead use pregenerated certificates that are part of our source code.
>> This patch applies the same policy to the LDAP tests, and in fact simply
>> reuses certificates from the SSL test suite by copying them. It won't
>> save much but it should save a handful of cycles at run time.
> +1, but should there be a comment somewhere under test/ssl pointing
> out this external use of the certs?


OK, I'll find a place to mention that.


> Also, I bet this needs some adjustment for VPATH builds.  


I have tested it with both a make style vpath build and with meson - it
works fine.


cheers


andrew

--
Andrew Dunstan
EDB: https://www.enterprisedb.com

Re: Avoid generating SSL certs for LDAP tests

2022-12-19 Thread Tom Lane 
Andrew Dunstan  writes:
> We don't generate SSL certificates for running the SSL tests, but
> instead use pregenerated certificates that are part of our source code.
> This patch applies the same policy to the LDAP tests, and in fact simply
> reuses certificates from the SSL test suite by copying them. It won't
> save much but it should save a handful of cycles at run time.

+1, but should there be a comment somewhere under test/ssl pointing
out this external use of the certs?

Also, I bet this needs some adjustment for VPATH builds.

regards, tom lane

Avoid generating SSL certs for LDAP tests

2022-12-19 Thread Andrew Dunstan 
We don't generate SSL certificates for running the SSL tests, but
instead use pregenerated certificates that are part of our source code.
This patch applies the same policy to the LDAP tests, and in fact simply
reuses certificates from the SSL test suite by copying them. It won't
save much but it should save a handful of cycles at run time.


cheers


andrew

--
Andrew Dunstan
EDB: https://www.enterprisedb.com
From 5a58ef37a20cd229a74ffa4b9b5d52a47a38f020 Mon Sep 17 00:00:00 2001
From: Andrew Dunstan 
Date: Mon, 19 Dec 2022 05:58:08 -0500
Subject: [PATCH] Use existing SSL certs in LDAP tests instead of generating
 them

The SSL test suite has a bunch of pre-existing certificates, so it's
better simply to use what we already have than generate new certificates
each time the LDAP tests are run.
---
 src/test/ldap/Makefile  |  1 -
 src/test/ldap/meson.build   |  1 -
 src/test/ldap/t/001_auth.pl | 19 ---
 3 files changed, 8 insertions(+), 13 deletions(-)

diff --git a/src/test/ldap/Makefile b/src/test/ldap/Makefile
index b1e4a7be67..e5fa3d8610 100644
--- a/src/test/ldap/Makefile
+++ b/src/test/ldap/Makefile
@@ -14,7 +14,6 @@ top_builddir = ../../..
 include $(top_builddir)/src/Makefile.global
 
 export with_ldap
-export OPENSSL
 
 check:
 	$(prove_check)
diff --git a/src/test/ldap/meson.build b/src/test/ldap/meson.build
index 020f6e7f08..8577385ee5 100644
--- a/src/test/ldap/meson.build
+++ b/src/test/ldap/meson.build
@@ -8,7 +8,6 @@ tests += {
 ],
 'env': {
   'with_ldap': ldap.found() ? 'yes' : 'no',
-  'OPENSSL': openssl.path(),
 },
   },
 }
diff --git a/src/test/ldap/t/001_auth.pl b/src/test/ldap/t/001_auth.pl
index fd90832b75..0ea274c383 100644
--- a/src/test/ldap/t/001_auth.pl
+++ b/src/test/ldap/t/001_auth.pl
@@ -3,6 +3,7 @@
 
 use strict;
 use warnings;
+use File::Copy;
 use PostgreSQL::Test::Utils;
 use PostgreSQL::Test::Cluster;
 use Test::More;
@@ -113,17 +114,13 @@ append_to_file(
 mkdir $ldap_datadir or die;
 mkdir $slapd_certs  or die;
 
-my $openssl = $ENV{OPENSSL};
-
-system_or_bail $openssl, "req", "-new", "-nodes", "-keyout",
-  "$slapd_certs/ca.key", "-x509", "-out", "$slapd_certs/ca.crt", "-subj",
-  "/CN=CA";
-system_or_bail $openssl, "req", "-new", "-nodes", "-keyout",
-  "$slapd_certs/server.key", "-out", "$slapd_certs/server.csr", "-subj",
-  "/CN=server";
-system_or_bail $openssl, "x509", "-req", "-in", "$slapd_certs/server.csr",
-  "-CA", "$slapd_certs/ca.crt", "-CAkey", "$slapd_certs/ca.key",
-  "-CAcreateserial", "-out", "$slapd_certs/server.crt";
+# use existing certs from nearby SSL test suite
+copy "../ssl/ssl/server_ca.crt", "$slapd_certs/ca.crt"
+  || die "copying ca.crt: $!";
+copy "../ssl/ssl/server-cn-only.crt", "$slapd_certs/server.crt"
+  || die "copying server.crt: $!";;
+copy "../ssl/ssl/server-cn-only.key", "$slapd_certs/server.key"
+  || die "copying server.key: $!";;
 
 system_or_bail $slapd, '-f', $slapd_conf, '-h', "$ldap_url $ldaps_url";
 
-- 
2.34.1