0001-Use-existing-SSL-certs-in-LDAP-tests-instead-of-gene.patch
text/x-patch
Filename: 0001-Use-existing-SSL-certs-in-LDAP-tests-instead-of-gene.patch
Type: text/x-patch
Part: 0
Patch
Format: format-patch
Series: patch 0001
Subject: Use existing SSL certs in LDAP tests instead of generating them
| File | + | − |
|---|---|---|
| src/test/ldap/Makefile | 0 | 1 |
| src/test/ldap/meson.build | 0 | 1 |
| src/test/ldap/t/001_auth.pl | 8 | 11 |
From 5a58ef37a20cd229a74ffa4b9b5d52a47a38f020 Mon Sep 17 00:00:00 2001
From: Andrew Dunstan <andrew@dunslane.net>
Date: Mon, 19 Dec 2022 05:58:08 -0500
Subject: [PATCH] Use existing SSL certs in LDAP tests instead of generating
them
The SSL test suite has a bunch of pre-existing certificates, so it's
better simply to use what we already have than generate new certificates
each time the LDAP tests are run.
---
src/test/ldap/Makefile | 1 -
src/test/ldap/meson.build | 1 -
src/test/ldap/t/001_auth.pl | 19 ++++++++-----------
3 files changed, 8 insertions(+), 13 deletions(-)
diff --git a/src/test/ldap/Makefile b/src/test/ldap/Makefile
index b1e4a7be67..e5fa3d8610 100644
--- a/src/test/ldap/Makefile
+++ b/src/test/ldap/Makefile
@@ -14,7 +14,6 @@ top_builddir = ../../..
include $(top_builddir)/src/Makefile.global
export with_ldap
-export OPENSSL
check:
$(prove_check)
diff --git a/src/test/ldap/meson.build b/src/test/ldap/meson.build
index 020f6e7f08..8577385ee5 100644
--- a/src/test/ldap/meson.build
+++ b/src/test/ldap/meson.build
@@ -8,7 +8,6 @@ tests += {
],
'env': {
'with_ldap': ldap.found() ? 'yes' : 'no',
- 'OPENSSL': openssl.path(),
},
},
}
diff --git a/src/test/ldap/t/001_auth.pl b/src/test/ldap/t/001_auth.pl
index fd90832b75..0ea274c383 100644
--- a/src/test/ldap/t/001_auth.pl
+++ b/src/test/ldap/t/001_auth.pl
@@ -3,6 +3,7 @@
use strict;
use warnings;
+use File::Copy;
use PostgreSQL::Test::Utils;
use PostgreSQL::Test::Cluster;
use Test::More;
@@ -113,17 +114,13 @@ append_to_file(
mkdir $ldap_datadir or die;
mkdir $slapd_certs or die;
-my $openssl = $ENV{OPENSSL};
-
-system_or_bail $openssl, "req", "-new", "-nodes", "-keyout",
- "$slapd_certs/ca.key", "-x509", "-out", "$slapd_certs/ca.crt", "-subj",
- "/CN=CA";
-system_or_bail $openssl, "req", "-new", "-nodes", "-keyout",
- "$slapd_certs/server.key", "-out", "$slapd_certs/server.csr", "-subj",
- "/CN=server";
-system_or_bail $openssl, "x509", "-req", "-in", "$slapd_certs/server.csr",
- "-CA", "$slapd_certs/ca.crt", "-CAkey", "$slapd_certs/ca.key",
- "-CAcreateserial", "-out", "$slapd_certs/server.crt";
+# use existing certs from nearby SSL test suite
+copy "../ssl/ssl/server_ca.crt", "$slapd_certs/ca.crt"
+ || die "copying ca.crt: $!";
+copy "../ssl/ssl/server-cn-only.crt", "$slapd_certs/server.crt"
+ || die "copying server.crt: $!";;
+copy "../ssl/ssl/server-cn-only.key", "$slapd_certs/server.key"
+ || die "copying server.key: $!";;
system_or_bail $slapd, '-f', $slapd_conf, '-h', "$ldap_url $ldaps_url";
--
2.34.1