diff options
| author | Andrew Dunstan | 2022-12-19 10:58:08 +0000 |
|---|---|---|
| committer | Andrew Dunstan | 2022-12-20 15:02:49 +0000 |
| commit | f03bd5717eaf31569ca797a2f7d65608f88ac2a2 (patch) | |
| tree | d9012db64a24e59ae43c30f4df37dc8685901e82 | |
| parent | 8284cf5f746f84303eda34d213e89c8439a83a42 (diff) | |
Use existing SSL certs in LDAP tests instead of generating them
The SSL test suite has a bunch of pre-existing certificates, so it's
better simply to use what we already have than generate new certificates
each time the LDAP tests are run.
Discussion: https://postgr.es/m/[email protected]
| -rw-r--r-- | src/test/ldap/Makefile | 1 | ||||
| -rw-r--r-- | src/test/ldap/meson.build | 1 | ||||
| -rw-r--r-- | src/test/ldap/t/001_auth.pl | 19 | ||||
| -rw-r--r-- | src/test/ssl/README | 5 |
4 files changed, 13 insertions, 13 deletions
diff --git a/src/test/ldap/Makefile b/src/test/ldap/Makefile index b1e4a7be677..e5fa3d86104 100644 --- a/src/test/ldap/Makefile +++ b/src/test/ldap/Makefile @@ -14,7 +14,6 @@ top_builddir = ../../.. include $(top_builddir)/src/Makefile.global export with_ldap -export OPENSSL check: $(prove_check) diff --git a/src/test/ldap/meson.build b/src/test/ldap/meson.build index 6088d63bae8..90d88138e7b 100644 --- a/src/test/ldap/meson.build +++ b/src/test/ldap/meson.build @@ -10,7 +10,6 @@ tests += { ], 'env': { 'with_ldap': ldap.found() ? 'yes' : 'no', - 'OPENSSL': openssl.path(), }, }, } diff --git a/src/test/ldap/t/001_auth.pl b/src/test/ldap/t/001_auth.pl index fd90832b755..0ea274c383e 100644 --- a/src/test/ldap/t/001_auth.pl +++ b/src/test/ldap/t/001_auth.pl @@ -3,6 +3,7 @@ use strict; use warnings; +use File::Copy; use PostgreSQL::Test::Utils; use PostgreSQL::Test::Cluster; use Test::More; @@ -113,17 +114,13 @@ append_to_file( mkdir $ldap_datadir or die; mkdir $slapd_certs or die; -my $openssl = $ENV{OPENSSL}; - -system_or_bail $openssl, "req", "-new", "-nodes", "-keyout", - "$slapd_certs/ca.key", "-x509", "-out", "$slapd_certs/ca.crt", "-subj", - "/CN=CA"; -system_or_bail $openssl, "req", "-new", "-nodes", "-keyout", - "$slapd_certs/server.key", "-out", "$slapd_certs/server.csr", "-subj", - "/CN=server"; -system_or_bail $openssl, "x509", "-req", "-in", "$slapd_certs/server.csr", - "-CA", "$slapd_certs/ca.crt", "-CAkey", "$slapd_certs/ca.key", - "-CAcreateserial", "-out", "$slapd_certs/server.crt"; +# use existing certs from nearby SSL test suite +copy "../ssl/ssl/server_ca.crt", "$slapd_certs/ca.crt" + || die "copying ca.crt: $!"; +copy "../ssl/ssl/server-cn-only.crt", "$slapd_certs/server.crt" + || die "copying server.crt: $!";; +copy "../ssl/ssl/server-cn-only.key", "$slapd_certs/server.key" + || die "copying server.key: $!";; system_or_bail $slapd, '-f', $slapd_conf, '-h', "$ldap_url $ldaps_url"; diff --git a/src/test/ssl/README b/src/test/ssl/README index 7e607006520..287b512dc2a 100644 --- a/src/test/ssl/README +++ b/src/test/ssl/README @@ -93,6 +93,11 @@ recreate them if you need to make changes. "make sslfiles-clean" is required in order to recreate the full set of keypairs and certificates. To rebuild separate files, touch (or remove) the files in question and run "make sslfiles". +Note +==== + +These certificates are also used in other tests, e.g. the LDAP tests. + TODO ==== |