diff options
| author | Daniel Gustafsson <dgustafsson@postgresql.org> | 2025-10-17 14:21:26 +0200 |
|---|---|---|
| committer | Daniel Gustafsson <dgustafsson@postgresql.org> | 2025-10-17 14:21:26 +0200 |
| commit | 7d129ba54e7425baf43aa518d417ba3e4e94a443 (patch) | |
| tree | d643dc4b515cac6ab361df6f2b237ec272cdb7f1 /src | |
| parent | e1a912c86d5205371b043772aa89908f2452cbf0 (diff) | |
Avoid warnings in tests when openssl binary isn't available
The SSL tests for pg_stat_ssl tries to exactly match the serial
from the certificate by extracting it with the openssl binary.
If that fails due to the binary not being available, a fallback
match is used, but the attempt to execute a missing binary adds
a warning to the output which can confuse readers for a failure
in the test. Fix by only attempting if the openssl binary was
found by autoconf/meson.
Backpatch down to v16 where commit c8e4030d1bdd made the test
use the OPENSSL variable from autoconf/meson instead of a hard-
coded value.
Author: Daniel Gustafsson <daniel@yesql.se>
Reported-by: Christoph Berg <myon@debian.org>
Discussion: https://postgr.es/m/aNPSp1-RIAs3skZm@msg.df7cb.de
Backpatch-through: 16
Diffstat (limited to 'src')
| -rw-r--r-- | src/test/ssl/t/001_ssltests.pl | 42 |
1 files changed, 19 insertions, 23 deletions
diff --git a/src/test/ssl/t/001_ssltests.pl b/src/test/ssl/t/001_ssltests.pl index b2eb18d3e81..eaee88d027e 100644 --- a/src/test/ssl/t/001_ssltests.pl +++ b/src/test/ssl/t/001_ssltests.pl @@ -748,33 +748,29 @@ TODO: # pg_stat_ssl -my $serialno = `$ENV{OPENSSL} x509 -serial -noout -in ssl/client.crt`; -if ($? == 0) -{ - # OpenSSL prints serial numbers in hexadecimal and converting the serial - # from hex requires a 64-bit capable Perl as the serialnumber is based on - # the current timestamp. On 32-bit fall back to checking for it being an - # integer like how we do when grabbing the serial fails. - if ($Config{ivsize} == 8) - { - no warnings qw(portable); +# If the openssl program isn't available, or fails to run, fall back to a +# generic integer match rather than skipping the test. +my $serialno = '\d+'; - $serialno =~ s/^serial=//; - $serialno =~ s/\s+//g; - $serialno = hex($serialno); - } - else +if ($ENV{OPENSSL} ne '') +{ + $serialno = `$ENV{OPENSSL} x509 -serial -noout -in ssl/client.crt`; + if ($? == 0) { - $serialno = '\d+'; + # OpenSSL prints serial numbers in hexadecimal and converting the serial + # from hex requires a 64-bit capable Perl as the serialnumber is based on + # the current timestamp. On 32-bit fall back to checking for it being an + # integer like how we do when grabbing the serial fails. + if ($Config{ivsize} == 8) + { + no warnings qw(portable); + + $serialno =~ s/^serial=//; + $serialno =~ s/\s+//g; + $serialno = hex($serialno); + } } } -else -{ - # OpenSSL isn't functioning on the user's PATH. This probably isn't worth - # skipping the test over, so just fall back to a generic integer match. - warn "couldn't run \"$ENV{OPENSSL} x509\" to get client cert serialno"; - $serialno = '\d+'; -} command_like( [ |