v10-0004-fix-tests.diff

application/octet-stream

Filename: v10-0004-fix-tests.diff
Type: application/octet-stream
Part: 3
Message: Re: [PATCH] Accept IP addresses in server certificate SANs

Patch

Format: unified
Series: patch v10-0004
File+
src/test/ssl/t/001_ssltests.pl 7 7
diff --git a/src/test/ssl/t/001_ssltests.pl b/src/test/ssl/t/001_ssltests.pl
index 96d3536090..9cc6fed51f 100644
--- a/src/test/ssl/t/001_ssltests.pl
+++ b/src/test/ssl/t/001_ssltests.pl
@@ -231,10 +231,10 @@ $node->connect_fails(
 
 # Test with an IP address in the Common Name. This is a strange corner case that
 # nevertheless is supported, as long as the address string matches exactly.
-switch_server_cert($node, 'server-ip-cn-only');
+switch_server_cert($node, certfile => 'server-ip-cn-only');
 
 $common_connstr =
-  "user=ssltestuser dbname=trustdb sslcert=invalid sslrootcert=ssl/root+server_ca.crt hostaddr=$SERVERHOSTADDR sslmode=verify-full";
+  "$default_ssl_connstr user=ssltestuser dbname=trustdb sslrootcert=ssl/root+server_ca.crt hostaddr=$SERVERHOSTADDR sslmode=verify-full";
 
 $node->connect_ok("$common_connstr host=192.0.2.1",
 	"IP address in the Common Name");
@@ -248,7 +248,7 @@ $node->connect_fails(
 
 # Similarly, we'll also match an IP address in a dNSName SAN. (This is
 # long-standing behavior.)
-switch_server_cert($node, 'server-ip-in-dnsname');
+switch_server_cert($node, certfile => 'server-ip-in-dnsname');
 
 $node->connect_ok("$common_connstr host=192.0.2.1",
 	"IP address in a dNSName");
@@ -306,7 +306,7 @@ $node->connect_fails(
 );
 
 # Test certificate with IP addresses in the SANs.
-switch_server_cert($node, 'server-ip-alt-names');
+switch_server_cert($node, certfile => 'server-ip-alt-names');
 
 $node->connect_ok(
 	"$common_connstr host=192.0.2.1",
@@ -371,7 +371,7 @@ $node->connect_fails(
 );
 
 # But we will fall back to check the CN if the SANs contain only IP addresses.
-switch_server_cert($node, 'server-cn-and-ip-alt-names');
+switch_server_cert($node, certfile => 'server-cn-and-ip-alt-names');
 
 $node->connect_ok("$common_connstr host=common-name.pg-ssltest.test",
 	"certificate with both a CN and IP SANs matches CN");
@@ -381,7 +381,7 @@ $node->connect_ok("$common_connstr host=2001:db8::1",
 	"certificate with both a CN and IP SANs matches SAN 2");
 
 # And now the same tests, but with IP addresses and DNS names swapped.
-switch_server_cert($node, 'server-ip-cn-and-alt-names');
+switch_server_cert($node, certfile => 'server-ip-cn-and-alt-names');
 
 $node->connect_ok("$common_connstr host=192.0.2.2",
 	"certificate with both an IP CN and IP SANs 1");
@@ -394,7 +394,7 @@ $node->connect_fails(
 	  qr/\Qserver certificate for "192.0.2.2" (and 1 other name) does not match host name "192.0.2.1"\E/
 );
 
-switch_server_cert($node, 'server-ip-cn-and-dns-alt-names');
+switch_server_cert($node, certfile => 'server-ip-cn-and-dns-alt-names');
 
 $node->connect_ok("$common_connstr host=192.0.2.1",
 	"certificate with both an IP CN and DNS SANs matches CN");