Hello.
While poking at ssl code, I noticed that 002_scram.pl fails if
~/.postgresql/root.crt exists. This has been fixed once but
d6e612f837 reintroduced one. The attached fixes that. Applies to
14devel and 13.
regards.
--
Kyotaro Horiguchi
NTT Open Source Software Center
From a29eceb4732ecef0e74058e5f7032882df7cd325 Mon Sep 17 00:00:00 2001
From: Kyotaro Horiguchi <horikyoga.ntt@gmail.com>
Date: Mon, 3 Aug 2020 23:32:38 +0900
Subject: [PATCH] Avoid using foreign certificates in a ssl test.
To prevent default files from being used during tests, the connection
options sslcert, sslkey and sslrootcert should be explicitly
invalidated if not in-use. One of the test forgets to do that and
fails from such alien certificates. Fix it.
---
src/test/ssl/t/002_scram.pl | 2 +-
1 file changed, 1 insertion(+), 1 deletion(-)
diff --git a/src/test/ssl/t/002_scram.pl b/src/test/ssl/t/002_scram.pl
index 01231f8ba0..20ab0d5b0b 100644
--- a/src/test/ssl/t/002_scram.pl
+++ b/src/test/ssl/t/002_scram.pl
@@ -97,7 +97,7 @@ my $client_tmp_key = "ssl/client_scram_tmp.key";
copy("ssl/client.key", $client_tmp_key);
chmod 0600, $client_tmp_key;
test_connect_fails(
- "sslcert=ssl/client.crt sslkey=$client_tmp_key hostaddr=$SERVERHOSTADDR",
+ "sslcert=ssl/client.crt sslkey=$client_tmp_key sslrootcert=invalid hostaddr=$SERVERHOSTADDR",
"dbname=certdb user=ssltestuser channel_binding=require",
qr/channel binding required, but server authenticated client without channel binding/,
"Cert authentication and channel_binding=require");
--
2.18.4