Add test case for sslinfo
Started by Hao Wuover 6 years ago6 messages
Hi Hackers,
I see there is no test case for sslinfo. I have added a test case for it in
my project.
Do you mind if I apply this test case to postgresql?
Best regards,
Hao Wu
Attachments:
0001-Add-certificates-keys-and-test-cases-for-contrib-ssl.patchapplication/octet-stream; name=0001-Add-certificates-keys-and-test-cases-for-contrib-ssl.patchDownload
From 82e8917f555dc85fef278f81cd09f6d09442c684 Mon Sep 17 00:00:00 2001
From: Hao Wu <hawu@pivotal.io>
Date: Wed, 20 Mar 2019 09:21:37 +0000
Subject: [PATCH] Add certificates & keys and test cases for contrib/sslinfo
---
contrib/sslinfo/Makefile | 3 +
contrib/sslinfo/config.bash | 44 ++++++++++++
contrib/sslinfo/data/postgresql.crt | 28 ++++++++
contrib/sslinfo/data/postgresql.key | 28 ++++++++
contrib/sslinfo/data/root.crt | 33 +++++++++
contrib/sslinfo/data/server.crt | 28 ++++++++
contrib/sslinfo/data/server.key | 28 ++++++++
contrib/sslinfo/expected/sslinfo.out | 136 +++++++++++++++++++++++++++++++++++
contrib/sslinfo/sql/sslinfo.sql | 38 ++++++++++
9 files changed, 366 insertions(+)
create mode 100644 contrib/sslinfo/config.bash
create mode 100644 contrib/sslinfo/data/postgresql.crt
create mode 100644 contrib/sslinfo/data/postgresql.key
create mode 100644 contrib/sslinfo/data/root.crt
create mode 100644 contrib/sslinfo/data/server.crt
create mode 100644 contrib/sslinfo/data/server.key
create mode 100644 contrib/sslinfo/expected/sslinfo.out
create mode 100644 contrib/sslinfo/sql/sslinfo.sql
diff --git a/contrib/sslinfo/Makefile b/contrib/sslinfo/Makefile
index 5a972db703..c416eba53f 100644
--- a/contrib/sslinfo/Makefile
+++ b/contrib/sslinfo/Makefile
@@ -8,6 +8,9 @@ DATA = sslinfo--1.2.sql sslinfo--1.1--1.2.sql sslinfo--1.0--1.1.sql \
sslinfo--unpackaged--1.0.sql
PGFILEDESC = "sslinfo - information about client SSL certificate"
+REGRESS = sslinfo
+REGRESS_OPT = --temp-config=$(top_srcdir)/contrib/sslinfo/sslinfo.conf
+
ifdef USE_PGXS
PG_CONFIG = pg_config
PGXS := $(shell $(PG_CONFIG) --pgxs)
diff --git a/contrib/sslinfo/config.bash b/contrib/sslinfo/config.bash
new file mode 100644
index 0000000000..1bc90e7e8d
--- /dev/null
+++ b/contrib/sslinfo/config.bash
@@ -0,0 +1,44 @@
+#!/bin/bash
+
+function sslinfo_prepare() {
+
+echo "#BEGIN SSLINFO CONF : BEGIN ANCHOR##" >> $PGDATA/postgresql.conf
+echo "ssl=on" >> $PGDATA/postgresql.conf
+echo "ssl_ciphers='HIGH:MEDIUM:+3DES:!aNULL'" >> $PGDATA/postgresql.conf
+echo "ssl_cert_file='server.crt'" >> $PGDATA/postgresql.conf
+echo "ssl_key_file='server.key'" >> $PGDATA/postgresql.conf
+echo "ssl_ca_file='root.crt'" >> $PGDATA/postgresql.conf
+echo "#END SSLINFO CONF : END ANCHOR##" >> $PGDATA/postgresql.conf
+
+echo "preparing CRTs and KEYs"
+cp -f data/root.crt $PGDATA/
+cp -f data/server.crt $PGDATA/
+cp -f data/server.key $PGDATA/
+chmod 400 $PGDATA/server.key
+chmod 644 $PGDATA/server.crt
+chmod 644 $PGDATA/root.crt
+
+mkdir -p ~/.postgresql
+cp -f data/root.crt ~/.postgresql/
+cp -f data/postgresql.crt ~/.postgresql/
+cp -f data/postgresql.key ~/.postgresql/
+chmod 400 ~/.postgresql/postgresql.key
+chmod 644 ~/.postgresql/postgresql.crt
+chmod 644 ~/.postgresql/root.crt
+}
+
+function sslinfo_clean() {
+sed -i '/#BEGIN SSLINFO CONF : BEGIN ANCHOR##/,/#END SSLINFO CONF : END ANCHOR##/d' $PGDATA/postgresql.conf
+}
+
+case "$1" in
+prepare)
+ sslinfo_prepare
+ ;;
+clean)
+ sslinfo_clean
+ ;;
+*)
+ echo "$0 { prepare | clean }"
+ exit 1
+esac
diff --git a/contrib/sslinfo/data/postgresql.crt b/contrib/sslinfo/data/postgresql.crt
new file mode 100644
index 0000000000..2669eab9f0
--- /dev/null
+++ b/contrib/sslinfo/data/postgresql.crt
@@ -0,0 +1,28 @@
+-----BEGIN CERTIFICATE-----
+MIIEyDCCArCgAwIBAgIJANI3fEfqiJWrMA0GCSqGSIb3DQEBCwUAMHYxGTAXBgNV
+BAMMEHJvb3QuZXhhbXBsZS5jb20xCzAJBgNVBAYTAkNOMRAwDgYDVQQIDAdCZWlq
+aW5nMRUwEwYDVQQHDAxSb290TG9jYWxpdHkxFDASBgNVBAoMC1NTTElORk8tZGV2
+MQ0wCwYDVQQLDARUZXN0MB4XDTE5MDMyNTAyMzk1MFoXDTI5MDMyMjAyMzk1MFow
+fzEbMBkGA1UEAwwSY2xpZW50LmV4YW1wbGUuY29tMQswCQYDVQQGEwJDTjEQMA4G
+A1UECAwHUWluZ2RhbzEXMBUGA1UEBwwOQ2xpZW50TG9jYWxpdHkxFzAVBgNVBAoM
+DlNTTElORk8tQ2xpZW50MQ8wDQYDVQQLDAZDbGllbnQwggEiMA0GCSqGSIb3DQEB
+AQUAA4IBDwAwggEKAoIBAQC/yRHtprgZEOSzfyzie6wWnCoc0RkhzIeHR0+i0p1A
+vZamxGMb2NwlphoZV3/eXYjb1ocVCqnfiUkPjFQClVOmhyRV3qs9qvRq3kx2wHSP
+1EfCwX+P7u0F0cOEbTjkfzaUmDr/f6jHl/GwOogQF2ws8tITLdVWjudQfoY7tXsC
+kRc5NqARFY0R6xV6AoQU8OqTXHUkZoAE9CZu93f5DQ6t+on9dYP3tT/kOZLcngnV
+hqCvKrNJQyryjqT0pQqlMEhA7f8CvztBVtP+t3lKOLCe8+6ZTZmn8iKgqab7tMNE
+SAZr985ftamNVDJ9m0vJkRCc6dTVxDt6u4titanL/p35AgMBAAGjUDBOMB0GA1Ud
+DgQWBBQGLZpXzMeD/NF/B2jWCXrocq/3XDAfBgNVHSMEGDAWgBQrI82U2eYK0vis
+P3JF3fah+Ee5gjAMBgNVHRMEBTADAQH/MA0GCSqGSIb3DQEBCwUAA4ICAQCULD4Z
+5MBu6axs0aly0mITsN/wYm5yUd09oqsetKNUmn7Ki9Ut0uVlb5fRUVm+EfOtVgQV
+UJ3Xv78b3DD12b6AkcF9Kaw09uPo74Bv4hpXhWK/3i55Jdx4RvgQq/kjEXLnZqmK
+8vU97TgnnkAIBHlA3VMO35wPVlVXwARnrBuJuk2afWfCxlm0L7CqtrsEHphhUD1M
+OJ3heLikKs5LwLaRmxtznYWeEU47f8YgIrc9MmHiWDqgjBS/he4zVz04nnxiK4qR
+L35gMTacE/jRczB1TQeJX0IVIwWIN2yCZhvxQuWDa4fq/NfCORRwm3SBzEbmvV5/
+U+s/6KTEXkBaBexFXu4X2tCfyByhRy0/6U0CbLbAPYgZQfKKTtFdVDWo14slHrxx
+730WByfHePeZgTCKpobRSSvRxD6ihQICrLerMzUClR8762uIg2OLbpHiF6k4D/gX
+EOP1UwxD6IDX8jlJRICHO9HxpuXxr7v+CMihxUvQ/cPLyPiPZ8bDWJcDkUSkDo9Q
+lXyDS9cjrhr3fVoYnUV92F4/LKyxof7lnCy+rXrR2IZM75d6Co6MmcEkXBrEnLW1
+XTyewRByxwuWJ69vM9GDhTR2Gsi7RZbXfkLUnbaqIhwOeRDnT1ubaNHF09dytbXM
+DU5ToLhzZZcrrCD1TZGZ0zecLyVfIZ2YGcCmMg==
+-----END CERTIFICATE-----
diff --git a/contrib/sslinfo/data/postgresql.key b/contrib/sslinfo/data/postgresql.key
new file mode 100644
index 0000000000..afec51fff2
--- /dev/null
+++ b/contrib/sslinfo/data/postgresql.key
@@ -0,0 +1,28 @@
+-----BEGIN PRIVATE KEY-----
+MIIEvgIBADANBgkqhkiG9w0BAQEFAASCBKgwggSkAgEAAoIBAQC/yRHtprgZEOSz
+fyzie6wWnCoc0RkhzIeHR0+i0p1AvZamxGMb2NwlphoZV3/eXYjb1ocVCqnfiUkP
+jFQClVOmhyRV3qs9qvRq3kx2wHSP1EfCwX+P7u0F0cOEbTjkfzaUmDr/f6jHl/Gw
+OogQF2ws8tITLdVWjudQfoY7tXsCkRc5NqARFY0R6xV6AoQU8OqTXHUkZoAE9CZu
+93f5DQ6t+on9dYP3tT/kOZLcngnVhqCvKrNJQyryjqT0pQqlMEhA7f8CvztBVtP+
+t3lKOLCe8+6ZTZmn8iKgqab7tMNESAZr985ftamNVDJ9m0vJkRCc6dTVxDt6u4ti
+tanL/p35AgMBAAECggEBAJWd0A29bYuogTKC+UoqvwLYi4X1ngyfGe/wMvFMK3+R
+KBErzkGwOXZpkZzJhSi9gYI3ZySEMCgCWuv1RqjJQ/v7G96dmqu+TXV9vNs7ovN9
+4QnPmKt58pECpuwNpT+k+riL1iLyvYIQSG16DCG5lBuwxzBNJkyjqVNDkYbNOoyx
+tVwiXv6kVWbwtHye52xw6CyUQVBiKzV9YPiCDvS9Hinf16gzubuyQxr5p8/Ty4De
+etT3u1WJ1NvPolrpLYtdS4+wSolJ27zSpt5Bhu8H7sZGZ7Rs6pa90AchYxCSAKzj
+6FJzo6gGMOgwrH+qV/buTBgMTX74SI9dFsiSg6laujECgYEA/LccG+1tiDgZcN50
+zdKAvrUQ9rWfcyh0xe0mTR/hti1KXg0u0Zh/sMcUWSlFEICY9UAPJTSv0Ztgm2lY
+t9gN9Pz9fqVTJIlIstBJMC/iQ2sG2/7cX+INGgOSFZTesRVPG5PTEApXbtveP56W
+tOPodFTwJff+lz9eBeDlZYVppo0CgYEAwkc4kYDWaO1bMm2fAaKg8BSmdtBMlnG2
+Xjq7BgMGDEtIMNNIbK95QvWGbhfFz/6XI0XLwTT4j7Hgbkj4jT3uQurLCCkgLOWt
+pMJqMZtJgQ4bMtM4WsG7UgDpjSfmsYlF7lzO0MBchGV5eGUUcaM6RJ1LhFv88+b6
+DIgCyZ3RwB0CgYEAwpXDgQV6Fy8K98tyKKDzHOSSYURLuAHomBYYLb5krz+ESZLg
+/+XqPBWt51FNqn06SWy/vKgq0LxQ0Jl3BGfJp1+9WGy37iP+5CBYmk/kaoDYUUCW
+MwX9jJA/RXrRVYzQ0q0qEOnFlMibAmV8KWBrNlfIaZPgZlkWbnRSba8iQGkCgYAD
+7YayQmWTV4EpgtfdI5mXYQOAkXOK8x+Zxhwz4enEY91Ax3TGZcHQ3b/rB+YC74XE
+u8uDy3tfBFyiPi1wRZlElxSlxJcW8UnSc+/LsvUIe+2G2IhiJVqRLN2L8guS+VCF
+ojC4PbthHeAX1AtWxNMPwhJdybJSiA/0IufThbJQ7QKBgEsiIAtuYVVHNK5dhW5A
+5kihuBKRXjdOduLkL2FZab+PoNdJF6gw2LAq6s3RtLcl3u5kG+t/L7sHDuqflA/6
+CXT8Zwf5J4yfuFezZg+NKK/VI4x+nZJymioY/GOyoX7KgjICLHyyZ0gVGu0XSHkL
+OxqlBnUO8Jq7NxnJq6yVuEu9
+-----END PRIVATE KEY-----
diff --git a/contrib/sslinfo/data/root.crt b/contrib/sslinfo/data/root.crt
new file mode 100644
index 0000000000..750b31bbed
--- /dev/null
+++ b/contrib/sslinfo/data/root.crt
@@ -0,0 +1,33 @@
+-----BEGIN CERTIFICATE-----
+MIIFvzCCA6egAwIBAgIJAN1mnmY6kmCfMA0GCSqGSIb3DQEBCwUAMHYxGTAXBgNV
+BAMMEHJvb3QuZXhhbXBsZS5jb20xCzAJBgNVBAYTAkNOMRAwDgYDVQQIDAdCZWlq
+aW5nMRUwEwYDVQQHDAxSb290TG9jYWxpdHkxFDASBgNVBAoMC1NTTElORk8tZGV2
+MQ0wCwYDVQQLDARUZXN0MB4XDTE5MDMyNTAyMzk1MFoXDTI5MDMyNzAyMzk1MFow
+djEZMBcGA1UEAwwQcm9vdC5leGFtcGxlLmNvbTELMAkGA1UEBhMCQ04xEDAOBgNV
+BAgMB0JlaWppbmcxFTATBgNVBAcMDFJvb3RMb2NhbGl0eTEUMBIGA1UECgwLU1NM
+SU5GTy1kZXYxDTALBgNVBAsMBFRlc3QwggIiMA0GCSqGSIb3DQEBAQUAA4ICDwAw
+ggIKAoICAQDXWqhDEJH8qNxycPFM0ovhLWnktASG3dbklpaLCXOGKlTbbxjaJzbh
+3C+iBPOKqsPLZya3SgOnuOQr/WkM34gPBMtjqzBudQS1/+HD7r13/I9Nc4Sn7l3Y
+6KMVJ9JnyWmzp8bPSGV+3Jb4R/Cujkz+d8e9MhBL67x1yz+aQ3Z7gdiCKvDe6TS5
+hY4S4RvXuZ4FMw9nZSb2BH6UIkLs9aYnuiX0DCUasYEsOi1RhQI0m6OWjNU44zvQ
+yHou6hLUe/RfW2tzKSXByyiqTVYQnsC68awxs535n9etM6YJg13BV69+tQCIV4Z0
+RSbZfWdRYK6kHiAa2zYMl+LEP2ybE5LCbsGBOlUj6JgddFmrXFVGhK44GFVxDHlV
+78KImkbhN5Z/NEcY6exHoBnTgupJy5JgYIEhufgDGp2Mm59xLS9pjWYSZO+e5LXf
+sHUDQJQe+kyBTawbUP8KlCsIZNQfIQa5b3RjNRtOL4CtH4d1Mv9z/rNJ8NszsZBt
+BmY66HloKzYS2ljzecaiHLkSfNBSqidRtlFKYgAndVUgsvRs5K0Ok8nYDtzmMyXT
+K+GZ9EcozEI1QTM7oXYL/hcJqqgLeJYGMVxs02Ltf7UY/eaIlQAJ5cp9IvTFdA4V
+nQH9cnfgRThduxZCnaRbXIyz/4fWjd7xnn4J/jFzlfYUktKxNfDnwwIDAQABo1Aw
+TjAdBgNVHQ4EFgQUKyPNlNnmCtL4rD9yRd32ofhHuYIwHwYDVR0jBBgwFoAUKyPN
+lNnmCtL4rD9yRd32ofhHuYIwDAYDVR0TBAUwAwEB/zANBgkqhkiG9w0BAQsFAAOC
+AgEAZ6LdR4cBVavj/uDMUqH1LWyyhTBUBkzrqbQXpUeBECdxJMU6jmsWRkEd5A+8
+Tv8Cez0y8Wio4RcBl/YFSR9pHdWsVqCOwXUShcba2sMX+12SAxXplnIV3vqWlm2g
+nV5auO3kkI2rPDMD2qxoRswKOeJi3l/aThY6AfYIEeXqaj+fSoWVxrkYphgCvFF5
+aFSQYLRvtfw0ixPC1gklNFEnGzsLgiSxybaVXpv470Yp9seR6OFLlCqu+cYY+Z2G
+JfMc3IwYN3MKPJ6r7hr0p7L9qiYawbZ21rnuVoY+9gRTFKK/GVEAzgLB9T1jI4lC
+M3867dP7VmpVJOgrsXV93+/uzwjji2ktpuohFls+P499cDrebtDeIwGVqlahrVE8
+ryFVRoxBiz/8rWBxkaezkzx7EyHiZG0x7EH28XBrFsQsBCqpn62PD0bAXn5vxWgU
+Q+O/KqwK0Nb+aWmYVv3qQ77Dd3+vwl2gJxozQgO/aD4BVDrE0aguejXoBTGpl+3c
+6p3JeUXC5nSQRAYJByHe2aLJ7oU2QNioOOVQwwhwi+Qdx6jxouUQFlSAVQQ6kh7p
+Kb7ZzdPmLGoeecQj2SncZ2mbV6iEoufYhIzynC/uTegjiDkRHnq8+smshd+nAY0p
+QJpOfp6whz8NMs0ee754bHmk0k1HJwfsXUJe1b1C07IQHZo=
+-----END CERTIFICATE-----
diff --git a/contrib/sslinfo/data/server.crt b/contrib/sslinfo/data/server.crt
new file mode 100644
index 0000000000..cd36aedb41
--- /dev/null
+++ b/contrib/sslinfo/data/server.crt
@@ -0,0 +1,28 @@
+-----BEGIN CERTIFICATE-----
+MIIEyjCCArKgAwIBAgIJANI3fEfqiJWqMA0GCSqGSIb3DQEBCwUAMHYxGTAXBgNV
+BAMMEHJvb3QuZXhhbXBsZS5jb20xCzAJBgNVBAYTAkNOMRAwDgYDVQQIDAdCZWlq
+aW5nMRUwEwYDVQQHDAxSb290TG9jYWxpdHkxFDASBgNVBAoMC1NTTElORk8tZGV2
+MQ0wCwYDVQQLDARUZXN0MB4XDTE5MDMyNTAyMzk1MFoXDTI5MDMyMjAyMzk1MFow
+gYAxGzAZBgNVBAMMEnNlcnZlci5leGFtcGxlLmNvbTELMAkGA1UEBhMCQ04xETAP
+BgNVBAgMCFNoYW5naGFpMRcwFQYDVQQHDA5TZXJ2ZXJMb2NhbGl0eTEXMBUGA1UE
+CgwOU1NMSU5GTy1TZXJ2ZXIxDzANBgNVBAsMBlNlcnZlcjCCASIwDQYJKoZIhvcN
+AQEBBQADggEPADCCAQoCggEBAN+D6B/0RJoPH8Gv9zGGVCxqXOMu4MXIaumetX/R
+la/KrxaFpSkEGIui6iXwTezanKyUZ6Cb4j0IEQZwnITzkchrWawj7xA2cCs25GH2
+UOARPo8V6J5oqy7p8mj/iytApfjllndvDEGqf/YZfd395qZIGv5UfDMB/A9sKch0
+UhwxSxWFHaCwpFU+ZLESE3H8/9yBwGQRZzYd8WyZsOCXK2m9IWGOAp1kH80SQ23F
+GJ7MThWjog76pJ87vfjouAvXaXhwxN36PaMxpx31i5m7epI0Wrvg1SIxeVnIVjw7
+UMGsE/h+Oj0jiPPiynUsPLZ1MCDy85pHvQFUfnFnVQ9fD2kCAwEAAaNQME4wHQYD
+VR0OBBYEFBoUI/bZg3fhCXEcv0iUd/aihrO9MB8GA1UdIwQYMBaAFCsjzZTZ5grS
++Kw/ckXd9qH4R7mCMAwGA1UdEwQFMAMBAf8wDQYJKoZIhvcNAQELBQADggIBABpO
+QRDT+YwOBlA/Nh5A98159zlpyHL7bUep/5v8rprQCWDaZRoxDJhSQ3lLbVzfPolL
+U+1XU3Ur4KitMapn0mRLs9Zso2ezDHhE7Nj2yqj/67H6XAHMc0/4WjUIJoYo0nLU
+oH9HUugMD1B5AKE0CHMKltwKesJoNv0MSr+shaf+y50iTQno5wigc3YIVdxDwgLt
+OW/pRUbcBKGwW9VlBlkaU0TfnWQlkgo9ER57wCp0xYFE1ndzsM6w2bRCxS5YqvHs
+xPN1fq9OVOr0dSH18jPXnWfgFK62YwMxppsEYZXElg237J7+ZElztfLW36ZF2t1v
+8E5r69M0mmbM4R1L3gcCaM/qWbCzitfY1W5ZcQnS6Oiu0EhYgiULPbnH1BEVlzAw
+Gyuav1cztLsxemryg7YvWzW7p3/h/nNdBpQgv8ZHysdrwBOgkD58zQzcqydqjdsZ
+eeAQ0zS3SvxZnjJeGJpd8KT0VoTA1OxEb9VkWHjuZvAxJNej1E0JpLjpV6lzuJz0
+NwH7RvuCI5cfvpICnhSqHtAQsycnMrNXp9F+1Zi0agFZlglrOze4AJSPc2i3maJu
+AJsd+/k972vuKG0W9PuPvprncp3UD/Rc6KGZInW4V1ThpfoAOGsVxL5FfAclKNai
+S3dqBd5vLJlbalFbTpcypxmeq2fUaPE/Xo8ArQAy
+-----END CERTIFICATE-----
diff --git a/contrib/sslinfo/data/server.key b/contrib/sslinfo/data/server.key
new file mode 100644
index 0000000000..642962f860
--- /dev/null
+++ b/contrib/sslinfo/data/server.key
@@ -0,0 +1,28 @@
+-----BEGIN PRIVATE KEY-----
+MIIEvQIBADANBgkqhkiG9w0BAQEFAASCBKcwggSjAgEAAoIBAQDfg+gf9ESaDx/B
+r/cxhlQsalzjLuDFyGrpnrV/0ZWvyq8WhaUpBBiLouol8E3s2pyslGegm+I9CBEG
+cJyE85HIa1msI+8QNnArNuRh9lDgET6PFeieaKsu6fJo/4srQKX45ZZ3bwxBqn/2
+GX3d/eamSBr+VHwzAfwPbCnIdFIcMUsVhR2gsKRVPmSxEhNx/P/cgcBkEWc2HfFs
+mbDglytpvSFhjgKdZB/NEkNtxRiezE4Vo6IO+qSfO7346LgL12l4cMTd+j2jMacd
+9YuZu3qSNFq74NUiMXlZyFY8O1DBrBP4fjo9I4jz4sp1LDy2dTAg8vOaR70BVH5x
+Z1UPXw9pAgMBAAECggEAFmn34RxxtLFHkfi/ZSv/TOTto6qTx8GtVvgfY031IMfG
+fw+v3EkY3QfdSyip59KUW4oWSjjXmx8v9eFdEMgMGnkJaQXBd3K+FNdQV7KHsbCJ
+AXhE932vjOjQ8k6N+ixleGwthpSQOhWK93be9F/9vTcF3fNC8SqFyFYkaoGfqkvn
+LVzau0CzfMZ41XKqShca0RMUv2jWeVPI4pzMMLcWiUcxmy+n6Tsp7e5yiU9zTCTy
+ngTYKlr1Ge3vtEDyybbwl2ogMjS/ZADpnFdm/oZAHviBRU8iCEEQWWNaC3fP8FVs
+r/dmOTis2Y0B08P8z0jS6LZdTKbYSRHbdoP6Ph5FwQKBgQDxZBRU9VtOjkLtfaSv
+yPbH5kTf9euXOuoon2VUP9NZyGWrwCiMeRuAOlSyk/3WkkkMcQcmyOdVjR/nVNR/
+x7OxrQtBYpaDTIUBcOteDJSAI7v6+m7WvlW6zUXuVGz3NmUlBdiAYfssuOiqJ/6G
++zVKP2iRmmpEeh6zQ3IYaLZK1QKBgQDtCuAvqD07svZC2drHqZfeNPTR/51nMN6f
+4qQgRQT6SHYKzmCCul4AmgyLaB0WSAYICFotFkZvwb8435LuxlTdaNEx+qbSJgyQ
+l6drLZc3ToEXE4rzCiVDrE6K2n1ZsbWtJAlcWCmGrjS8ZUJBNkcivm7hpfSmfwZA
+Bj9fyHNURQKBgCm5YspMnru1W1wxm4XG9uEWrFEJ8O7zAAaFhr5JSf765JgLXvbo
++Bfx/THg4r90Caxc3R+XGmVvP1R9FT4BBs5vWsKyh9GqKFNXcVeQVRrREm0PXJlB
+zQ+865mGfk88177Og92tEf1o+M5wm045nbx3uVtxlWzArw3NWqtdbiUBAoGBAIQp
+mC16JAnxEhTb2nuQNziRVh7v4hbyzG1gtBm54biaRhZoUq8QsfCr82qWtgECTzqT
+TZPt43/UCoXvQcEXm6GHG3w+QFzTEhZcN+AuHy2a+6aeIs63TWeZ3oDUqSclSiIr
+AX0XOq/42TZhTruFQ8w/WRs+qFVcZWO1GAiTfpnxAoGAL1OM25AufgJJd7GS72Yp
+hMMtx17PoknmehwxhEchfA0wphIhn9ScwPyJy6m4O6wxKEptnXFWE19xBbXJO0Pt
+Mr3HHhuqa/dgH7dqalbfubuydgxUkScvM9PI5KzqfcKDifkklBZTnWr6eMXbttam
+zk4WNpEluaYe5SG4EBNjmSQ=
+-----END PRIVATE KEY-----
diff --git a/contrib/sslinfo/expected/sslinfo.out b/contrib/sslinfo/expected/sslinfo.out
new file mode 100644
index 0000000000..fbc1782615
--- /dev/null
+++ b/contrib/sslinfo/expected/sslinfo.out
@@ -0,0 +1,136 @@
+\! bash config.bash prepare
+preparing CRTs and KEYs
+-- start_ignore
+\! pg_ctl restart 2>&1 >/dev/null
+-- end_ignore
+\! echo "restart code = $?"
+restart code = 0
+\c - - localhost
+CREATE EXTENSION sslinfo;
+SHOW ssl;
+ ssl
+-----
+ on
+(1 row)
+
+SELECT ssl_is_used();
+ ssl_is_used
+-------------
+ t
+(1 row)
+
+SELECT ssl_version();
+ ssl_version
+-------------
+ TLSv1.2
+(1 row)
+
+SELECT ssl_cipher();
+ ssl_cipher
+-----------------------------
+ ECDHE-RSA-AES256-GCM-SHA384
+(1 row)
+
+SELECT ssl_client_cert_present();
+ ssl_client_cert_present
+-------------------------
+ t
+(1 row)
+
+SELECT ssl_client_serial();
+ ssl_client_serial
+----------------------
+ 15147712520003294635
+(1 row)
+
+SELECT ssl_client_dn();
+ ssl_client_dn
+------------------------------------------------------------------------------------
+ /CN=client.example.com/C=CN/ST=Qingdao/L=ClientLocality/O=SSLINFO-Client/OU=Client
+(1 row)
+
+SELECT ssl_issuer_dn();
+ ssl_issuer_dn
+---------------------------------------------------------------------------
+ /CN=root.example.com/C=CN/ST=Beijing/L=RootLocality/O=SSLINFO-dev/OU=Test
+(1 row)
+
+SELECT ssl_client_dn_field('CN') AS client_dn_CN;
+ client_dn_cn
+--------------------
+ client.example.com
+(1 row)
+
+SELECT ssl_client_dn_field('C') AS client_dn_C;
+ client_dn_c
+-------------
+ CN
+(1 row)
+
+SELECT ssl_client_dn_field('ST') AS client_dn_ST;
+ client_dn_st
+--------------
+ Qingdao
+(1 row)
+
+SELECT ssl_client_dn_field('L') AS client_dn_L;
+ client_dn_l
+----------------
+ ClientLocality
+(1 row)
+
+SELECT ssl_client_dn_field('O') AS client_dn_O;
+ client_dn_o
+----------------
+ SSLINFO-Client
+(1 row)
+
+SELECT ssl_client_dn_field('OU') AS client_dn_OU;
+ client_dn_ou
+--------------
+ Client
+(1 row)
+
+SELECT ssl_issuer_field('CN') AS issuer_CN;
+ issuer_cn
+------------------
+ root.example.com
+(1 row)
+
+SELECT ssl_issuer_field('C') AS issuer_C;
+ issuer_c
+----------
+ CN
+(1 row)
+
+SELECT ssl_issuer_field('ST') AS issuer_ST;
+ issuer_st
+-----------
+ Beijing
+(1 row)
+
+SELECT ssl_issuer_field('L') AS issuer_L;
+ issuer_l
+--------------
+ RootLocality
+(1 row)
+
+SELECT ssl_issuer_field('O') AS issuer_O;
+ issuer_o
+-------------
+ SSLINFO-dev
+(1 row)
+
+SELECT ssl_issuer_field('OU') AS issuer_OU;
+ issuer_ou
+-----------
+ Test
+(1 row)
+
+DROP EXTENSION sslinfo;
+-- start_ignore
+\! bash config.bash clean
+\! pg_ctl restart 2>&1 >/dev/null
+-- end_ignore
+\! echo "restart code = $?"
+restart code = 0
diff --git a/contrib/sslinfo/sql/sslinfo.sql b/contrib/sslinfo/sql/sslinfo.sql
new file mode 100644
index 0000000000..86a2a55b0e
--- /dev/null
+++ b/contrib/sslinfo/sql/sslinfo.sql
@@ -0,0 +1,38 @@
+\! bash config.bash prepare
+-- start_ignore
+\! pg_ctl restart 2>&1 >/dev/null
+-- end_ignore
+\! echo "restart code = $?"
+
+\c - - localhost
+
+CREATE EXTENSION sslinfo;
+
+SHOW ssl;
+SELECT ssl_is_used();
+SELECT ssl_version();
+SELECT ssl_cipher();
+SELECT ssl_client_cert_present();
+SELECT ssl_client_serial();
+SELECT ssl_client_dn();
+SELECT ssl_issuer_dn();
+SELECT ssl_client_dn_field('CN') AS client_dn_CN;
+SELECT ssl_client_dn_field('C') AS client_dn_C;
+SELECT ssl_client_dn_field('ST') AS client_dn_ST;
+SELECT ssl_client_dn_field('L') AS client_dn_L;
+SELECT ssl_client_dn_field('O') AS client_dn_O;
+SELECT ssl_client_dn_field('OU') AS client_dn_OU;
+SELECT ssl_issuer_field('CN') AS issuer_CN;
+SELECT ssl_issuer_field('C') AS issuer_C;
+SELECT ssl_issuer_field('ST') AS issuer_ST;
+SELECT ssl_issuer_field('L') AS issuer_L;
+SELECT ssl_issuer_field('O') AS issuer_O;
+SELECT ssl_issuer_field('OU') AS issuer_OU;
+
+DROP EXTENSION sslinfo;
+
+-- start_ignore
+\! bash config.bash clean
+\! pg_ctl restart 2>&1 >/dev/null
+-- end_ignore
+\! echo "restart code = $?"
--
2.16.1
Re: Add test case for sslinfo
On Mon, Jul 8, 2019 at 2:59 PM Hao Wu <hawu@pivotal.io> wrote:
I see there is no test case for sslinfo. I have added a test case for it in my project.
Hi Hao Wu,
Thanks! I see that you created a CF entry
https://commitfest.postgresql.org/24/2203/. While I was scanning
through the current CF looking for trouble, this one popped in front
of my eyes, so here's some quick feedback even though it's in the next
CF:
+#!/bin/bash
I don't think we can require that script interpreter.
This failed[1]https://travis-ci.org/postgresql-cfbot/postgresql/builds/555576601 with permissions errors:
+cp: cannot create regular file '/server.crt': Permission denied
It looks like that's because the script assumes that PGDATA is set.
I wonder if we want to include more SSL certificates, or if we want to
use the same set of fixed certificates (currently under
src/test/ssl/ssl) for all tests like this. I don't have a strong
opinion on that, but I wanted to mention that policy decision. (There
is also a test somewhere that creates a new one on the fly.)
[1]: https://travis-ci.org/postgresql-cfbot/postgresql/builds/555576601
--
Thomas Munro
https://enterprisedb.com
Re: Add test case for sslinfo
Hi Thomas,
Thank you for your quick response! I work on greenplum, and I didn't see
this folder(src/test/ssl/ssl) before.
I will add more certificates to test and resend again.
Do you have any suggestion about the missing PGDATA? Since the test needs
to configure postgresql.conf, maybe there are other ways to determine this
environment.
Thank you very much!
On Mon, Jul 8, 2019 at 12:05 PM Thomas Munro <thomas.munro@gmail.com> wrote:
Show quoted text
On Mon, Jul 8, 2019 at 2:59 PM Hao Wu <hawu@pivotal.io> wrote:
I see there is no test case for sslinfo. I have added a test case for it
in my project.
Hi Hao Wu,
Thanks! I see that you created a CF entry
https://commitfest.postgresql.org/24/2203/. While I was scanning
through the current CF looking for trouble, this one popped in front
of my eyes, so here's some quick feedback even though it's in the next
CF:+#!/bin/bash
I don't think we can require that script interpreter.
This failed[1] with permissions errors:
+cp: cannot create regular file '/server.crt': Permission denied
It looks like that's because the script assumes that PGDATA is set.
I wonder if we want to include more SSL certificates, or if we want to
use the same set of fixed certificates (currently under
src/test/ssl/ssl) for all tests like this. I don't have a strong
opinion on that, but I wanted to mention that policy decision. (There
is also a test somewhere that creates a new one on the fly.)--
Thomas Munro
Re: Add test case for sslinfo
On Mon, Jul 08, 2019 at 02:11:34PM +0800, Hao Wu wrote:
Thank you for your quick response! I work on greenplum, and I didn't see
this folder(src/test/ssl/ssl) before.
I will add more certificates to test and resend again.
Not having duplicates would be nice.
Do you have any suggestion about the missing PGDATA? Since the test needs
to configure postgresql.conf, maybe there are other ways to determine this
environment.
+REGRESS = sslinfo
+REGRESS_OPT = --temp-config=$(top_srcdir)/contrib/sslinfo/sslinfo.confWhen it comes to custom configuration files in the regression tests,
you should always have NO_INSTALLCHECK = 1 in the Makefile because
there is no guarantee that that the running server will have the
configuration you want when running an installcheck.
+echo "preparing CRTs and KEYs"
+cp -f data/root.crt $PGDATA/
+cp -f data/server.crt $PGDATA/
+cp -f data/server.key $PGDATA/
+chmod 400 $PGDATA/server.key
+chmod 644 $PGDATA/server.crt
+chmod 644 $PGDATA/root.crt
Using a TAP test here would be more adapted. Another idea would be to
add that directly into src/test/ssl/ and enforce the installation of
with EXTRA_INSTALL when running the tests.+-- start_ignore
+\! bash config.bash clean
+\! pg_ctl restart 2>&1 >/dev/null
+-- end_ignore
Please, no...
--
Michael
Re: Add test case for sslinfo
On 2019-07-08 10:18, Michael Paquier wrote:
On Mon, Jul 08, 2019 at 02:11:34PM +0800, Hao Wu wrote:
Thank you for your quick response! I work on greenplum, and I didn't see
this folder(src/test/ssl/ssl) before.
I will add more certificates to test and resend again.Not having duplicates would be nice.
I think sslinfo should be tested as an extension of src/test/ssl/
instead of its own test suite. There are too many complications that we
would otherwise have to solve again.
You might want to review commit f60a0e96778854ed0b7fd4737488ba88022e47bd
and how it adds test cases. You can't just hardcode a specific output
since different installations might report TLS 1.2 vs 1.3, different
ciphers etc.
--
Peter Eisentraut http://www.2ndQuadrant.com/
PostgreSQL Development, 24x7 Support, Remote DBA, Training & Services
Re: Add test case for sslinfo
Hao Wu,
Are you submitting an updated version of this patch soon?
Thanks,
--
�lvaro Herrera https://www.2ndQuadrant.com/
PostgreSQL Development, 24x7 Support, Remote DBA, Training & Services