diff options
| author | Daniel Gustafsson <dgustafsson@postgresql.org> | 2025-11-26 14:24:34 +0100 |
|---|---|---|
| committer | Daniel Gustafsson <dgustafsson@postgresql.org> | 2025-11-26 14:24:34 +0100 |
| commit | 348020caa7beaa2e4b1bc10b1ea6eb2c97b894c0 (patch) | |
| tree | f56ccd962335421ad4fd915349bc53efd047b2ed /src/test/ssl/t/SSL/Server.pm | |
| parent | b3fe098d330ff6a7c23019d66a600072b1d4664d (diff) | |
ssl: Add connection and reload tests for key passphrases
ssl_passphrase_command_supports_reload was not covered by the SSL
testsuite, and connection tests after unlocking secrets with the
passphrase was also missing. This adds test coverage for reloads
of passphrase commands as well as connection attempts which tests
the different codepaths for Windows and non-EXEC_BACKEND builds.
Author: Daniel Gustafsson <daniel@yesql.se>
Reviewed-by: Chao Li <li.evan.chao@gmail.com>
Reviewed-by: Álvaro Herrera <alvherre@kurilemu.de>
Reviewed-by: Peter Eisentraut <peter@eisentraut.org>
Discussion: https://postgr.es/m/5F301096-921A-427D-8EC1-EBAEC2A35082@yesql.se
Diffstat (limited to 'src/test/ssl/t/SSL/Server.pm')
| -rw-r--r-- | src/test/ssl/t/SSL/Server.pm | 14 |
1 files changed, 12 insertions, 2 deletions
diff --git a/src/test/ssl/t/SSL/Server.pm b/src/test/ssl/t/SSL/Server.pm index efbd0dafaf6..a0a786c2ef2 100644 --- a/src/test/ssl/t/SSL/Server.pm +++ b/src/test/ssl/t/SSL/Server.pm @@ -296,6 +296,11 @@ The CRL directory to use. Implementation is SSL backend specific. The passphrase command to use. If not set, an empty passphrase command will be set. +=item passphrase_cmd_reload => B<value> + +Whether or not to allow passphrase command reloading. If set the passphrase +command reload configuration setting will be set to the value. + =item restart => B<value> If set to 'no', the server won't be restarted after updating the settings. @@ -315,7 +320,7 @@ sub switch_server_cert my $pgdata = $node->data_dir; ok(unlink($node->data_dir . '/sslconfig.conf')); - $node->append_conf('sslconfig.conf', "ssl=on"); + $node->append_conf('sslconfig.conf', 'ssl=on'); $node->append_conf('sslconfig.conf', $backend->set_server_cert(\%params)); # use lists of ECDH curves and cipher suites for syntax testing $node->append_conf('sslconfig.conf', @@ -324,9 +329,14 @@ sub switch_server_cert 'ssl_tls13_ciphers=TLS_AES_256_GCM_SHA384:TLS_AES_128_GCM_SHA256'); $node->append_conf('sslconfig.conf', - "ssl_passphrase_command='" . $params{passphrase_cmd} . "'") + 'ssl_passphrase_command=\'' . $params{passphrase_cmd} . '\'') if defined $params{passphrase_cmd}; + $node->append_conf('sslconfig.conf', + 'ssl_passphrase_command_supports_reload=\'' + . $params{passphrase_cmd_reload} . '\'') + if defined $params{passphrase_cmd_reload}; + return if (defined($params{restart}) && $params{restart} eq 'no'); $node->restart; |