Make SSL tests more robust

petere · petere · commit bdd6e9ba1717 · 2019-01-29T13:04:35.000+01:00
Someone running these test could have key or certificate files in their ~/.postgresql/, which would interfere with the tests. The way to override that is to specify sslcert=invalid and/or sslrootcert=invalid if no actual certificate is used for a particular test. Document that and fix up one test that had a risk of failing in these circumstances. Discussion: https://www.postgresql.org/message-id/flat/398754d8-6bb5-c5cf-e7b8-22e5f0983caf@2ndquadrant.com/
diff --git a/src/test/ssl/ServerSetup.pm b/src/test/ssl/ServerSetup.pm
@@ -14,6 +14,16 @@
 # The server is configured to only accept connections from localhost. If you
 # want to run the client from another host, you'll have to configure that
 # manually.
+#
+# Note: Someone running these test could have key or certificate files
+# in their ~/.postgresql/, which would interfere with the tests.  The
+# way to override that is to specify sslcert=invalid and/or
+# sslrootcert=invalid if no actual certificate is used for a
+# particular test.  libpq will ignore specifications that name
+# nonexisting files.  (sslkey and sslcrl do not need to specified
+# explicitly because an invalid sslcert or sslrootcert, respectively,
+# causes those to be ignored.)
+
 package ServerSetup;
 
 use strict;
diff --git a/src/test/ssl/t/002_scram.pl b/src/test/ssl/t/002_scram.pl
@@ -39,7 +39,7 @@
 switch_server_cert($node, 'server-cn-only');
 $ENV{PGPASSWORD} = "pass";
 $common_connstr =
-  "user=ssltestuser dbname=trustdb sslmode=require hostaddr=$SERVERHOSTADDR";
+  "user=ssltestuser dbname=trustdb sslmode=require sslcert=invalid sslrootcert=invalid hostaddr=$SERVERHOSTADDR";
 
 # Default settings
 test_connect_ok($common_connstr, '',
