# This changes to using keys stored in a temporary path for the rest of
# the tests. To get the full path for inclusion in connection strings, the
# %key hash can be interrogated.
+my $cert_tempdir = PostgreSQL::Test::Utils::tempdir();
my %key;
my @keys = (
"client.key", "client-revoked.key",
"client-encrypted-der.key", "client-dn.key");
foreach my $keyfile (@keys)
{
- copy("ssl/${keyfile}", "${PostgreSQL::Test::Utils::tmp_check}/${keyfile}")
+ copy("ssl/$keyfile", "$cert_tempdir/$keyfile")
or die
- "couldn't copy ssl/${keyfile} to ${PostgreSQL::Test::Utils::tmp_check}/${keyfile} for permissions change: $!";
- chmod 0600, "${PostgreSQL::Test::Utils::tmp_check}/${keyfile}"
- or die "failed to change permissions on ${PostgreSQL::Test::Utils::tmp_check}/${keyfile}: $!";
-
- $key{$keyfile} = "${PostgreSQL::Test::Utils::tmp_check}/$keyfile";
+ "couldn't copy ssl/$keyfile to $cert_tempdir/$keyfile for permissions change: $!";
+ chmod 0600, "$cert_tempdir/$keyfile"
+ or die "failed to change permissions on $cert_tempdir/$keyfile: $!";
+ $key{$keyfile} = PostgreSQL::Test::Utils::perl2host("$cert_tempdir/$keyfile");
}
# Also make a copy of that explicitly world-readable. We can't
# necessarily rely on the file in the source tree having those
# permissions.
-copy("ssl/client.key", "${PostgreSQL::Test::Utils::tmp_check}/client_wrongperms.key");
-chmod 0644, "${PostgreSQL::Test::Utils::tmp_check}/client_wrongperms.key";
-$key{'client_wrongperms.key'} = "${PostgreSQL::Test::Utils::tmp_check}/client_wrongperms.key";
+copy("ssl/client.key", "$cert_tempdir/client_wrongperms.key")
+ or die
+ "couldn't copy ssl/client_key to $cert_tempdir/client_wrongperms.key for permission change: $!";
+chmod 0644, "$cert_tempdir/client_wrongperms.key"
+ or die "failed to change permissions on $cert_tempdir/client_wrongperms.key: $!";
+$key{'client_wrongperms.key'} = PostgreSQL::Test::Utils::perl2host("$cert_tempdir/client_wrongperms.key");
#### Set up the server.
# because channel binding is not performed. Note that ssl/client.key may
# be used in a different test, so the name of this temporary client key
# is chosen here to be unique.
-my $client_tmp_key = "${PostgreSQL::Test::Utils::tmp_check}/client_scram.key";
-copy("ssl/client.key", $client_tmp_key);
-chmod 0600, $client_tmp_key;
+my $cert_tempdir = PostgreSQL::Test::Utils::tempdir();
+my $client_tmp_key = PostgreSQL::Test::Utils::perl2host("$cert_tempdir/client_scram.key");
+copy("ssl/client.key", "$cert_tempdir/client_scram.key")
+ or die
+ "couldn't copy ssl/client_key to $cert_tempdir/client_scram.key for permission change: $!";
+chmod 0600, "$cert_tempdir/client_scram.key"
+ or die "failed to change permissions on $cert_tempdir/client_scram.key: $!";
$node->connect_fails(
"sslcert=ssl/client.crt sslkey=$client_tmp_key sslrootcert=invalid hostaddr=$SERVERHOSTADDR dbname=certdb user=ssltestuser channel_binding=require",
"Cert authentication and channel_binding=require",
# The client's private key must not be world-readable, so take a copy
# of the key stored in the code tree and update its permissions.
-my $client_tmp_key = "${PostgreSQL::Test::Utils::tmp_check}/client_ext.key";
-copy("ssl/client_ext.key", $client_tmp_key)
- or die "couldn't copy ssl/client_ext.key to $client_tmp_key for permissions change: $!";
-chmod 0600, $client_tmp_key
- or die "failed to change permissions on $client_tmp_key: $!";
+my $cert_tempdir = PostgreSQL::Test::Utils::tempdir();
+my $client_tmp_key = PostgreSQL::Test::Utils::perl2host("$cert_tempdir/client_ext.key");
+copy("ssl/client_ext.key", "$cert_tempdir/client_ext.key")
+ or die
+ "couldn't copy ssl/client_ext.key to $cert_tempdir/client_ext.key for permissions change: $!";
+chmod 0600, "$cert_tempdir/client_ext.key"
+ or die "failed to change permissions on $cert_tempdir/client_ext.key: $!";
#### Set up the server.
projects / users / rhaas / postgres.git / commitdiff