summary | shortlog | log | commit | commitdiff | tree
raw | patch | inline | side by side (parent: e04a53a)
raw | patch | inline | side by side (parent: e04a53a)
| author | Andrew Dunstan <andrew@dunslane.net> | |
| Sun, 29 Sep 2019 21:32:46 +0000 (17:32 -0400) | ||
| committer | Andrew Dunstan <andrew@dunslane.net> | |
| Sun, 29 Sep 2019 21:48:37 +0000 (17:48 -0400) |
Windows does not enforce key file permissions checks in libpq, and psql
can produce CRLF line endings on Windows.
Backpatch to Release 12 (CRLF) and Release 11 (permissions check)
can produce CRLF line endings on Windows.
Backpatch to Release 12 (CRLF) and Release 11 (permissions check)
| src/test/ssl/t/001_ssltests.pl | patch | blob | blame | history |
index 3a02a7a654a49804a81a6eea11d45ab2157a751d..67a3a28db6a1d997cf8dbddb17d5b82bd25264af 100644 (file)
"$common_connstr sslrootcert=invalid", '-c',
"SELECT * FROM pg_stat_ssl WHERE pid = pg_backend_pid()"
],
- qr{^pid,ssl,version,cipher,bits,compression,client_dn,client_serial,issuer_dn\n
- ^\d+,t,TLSv[\d.]+,[\w-]+,\d+,f,_null_,_null_,_null_$}mx,
+ qr{^pid,ssl,version,cipher,bits,compression,client_dn,client_serial,issuer_dn\r?\n
+ ^\d+,t,TLSv[\d.]+,[\w-]+,\d+,f,_null_,_null_,_null_\r?$}mx,
'pg_stat_ssl view without client certificate');
### Server-side tests.
'-c',
"SELECT * FROM pg_stat_ssl WHERE pid = pg_backend_pid()"
],
- qr{^pid,ssl,version,cipher,bits,compression,client_dn,client_serial,issuer_dn\n
- ^\d+,t,TLSv[\d.]+,[\w-]+,\d+,f,/CN=ssltestuser,1,\Q/CN=Test CA for PostgreSQL SSL regression test client certs\E$}mx,
+ qr{^pid,ssl,version,cipher,bits,compression,client_dn,client_serial,issuer_dn\r?\n
+ ^\d+,t,TLSv[\d.]+,[\w-]+,\d+,f,/CN=ssltestuser,1,\Q/CN=Test CA for PostgreSQL SSL regression test client certs\E\r?$}mx,
'pg_stat_ssl with client certificate');
# client key with wrong permissions
-test_connect_fails(
- $common_connstr,
- "user=ssltestuser sslcert=ssl/client.crt sslkey=ssl/client_wrongperms_tmp.key",
- qr!\Qprivate key file "ssl/client_wrongperms_tmp.key" has group or world access\E!,
- "certificate authorization fails because of file permissions");
+SKIP:
+{
+ skip "Permissions check not enforced on Windows", 2 if ($windows_os);
+
+ test_connect_fails(
+ $common_connstr,
+ "user=ssltestuser sslcert=ssl/client.crt sslkey=ssl/client_wrongperms_tmp.key",
+ qr!\Qprivate key file "ssl/client_wrongperms_tmp.key" has group or world access\E!,
+ "certificate authorization fails because of file permissions");
+}
# client cert belonging to another user
test_connect_fails(