Avoid generating SSL certs for LDAP tests
We don't generate SSL certificates for running the SSL tests, but
instead use pregenerated certificates that are part of our source code.
This patch applies the same policy to the LDAP tests, and in fact simply
reuses certificates from the SSL test suite by copying them. It won't
save much but it should save a handful of cycles at run time.
cheers
andrew
--
Andrew Dunstan
EDB: https://www.enterprisedb.com
Attachments:
0001-Use-existing-SSL-certs-in-LDAP-tests-instead-of-gene.patchtext/x-patch; charset=UTF-8; name=0001-Use-existing-SSL-certs-in-LDAP-tests-instead-of-gene.patchDownload
From 5a58ef37a20cd229a74ffa4b9b5d52a47a38f020 Mon Sep 17 00:00:00 2001
From: Andrew Dunstan <andrew@dunslane.net>
Date: Mon, 19 Dec 2022 05:58:08 -0500
Subject: [PATCH] Use existing SSL certs in LDAP tests instead of generating
them
The SSL test suite has a bunch of pre-existing certificates, so it's
better simply to use what we already have than generate new certificates
each time the LDAP tests are run.
---
src/test/ldap/Makefile | 1 -
src/test/ldap/meson.build | 1 -
src/test/ldap/t/001_auth.pl | 19 ++++++++-----------
3 files changed, 8 insertions(+), 13 deletions(-)
diff --git a/src/test/ldap/Makefile b/src/test/ldap/Makefile
index b1e4a7be67..e5fa3d8610 100644
--- a/src/test/ldap/Makefile
+++ b/src/test/ldap/Makefile
@@ -14,7 +14,6 @@ top_builddir = ../../..
include $(top_builddir)/src/Makefile.global
export with_ldap
-export OPENSSL
check:
$(prove_check)
diff --git a/src/test/ldap/meson.build b/src/test/ldap/meson.build
index 020f6e7f08..8577385ee5 100644
--- a/src/test/ldap/meson.build
+++ b/src/test/ldap/meson.build
@@ -8,7 +8,6 @@ tests += {
],
'env': {
'with_ldap': ldap.found() ? 'yes' : 'no',
- 'OPENSSL': openssl.path(),
},
},
}
diff --git a/src/test/ldap/t/001_auth.pl b/src/test/ldap/t/001_auth.pl
index fd90832b75..0ea274c383 100644
--- a/src/test/ldap/t/001_auth.pl
+++ b/src/test/ldap/t/001_auth.pl
@@ -3,6 +3,7 @@
use strict;
use warnings;
+use File::Copy;
use PostgreSQL::Test::Utils;
use PostgreSQL::Test::Cluster;
use Test::More;
@@ -113,17 +114,13 @@ append_to_file(
mkdir $ldap_datadir or die;
mkdir $slapd_certs or die;
-my $openssl = $ENV{OPENSSL};
-
-system_or_bail $openssl, "req", "-new", "-nodes", "-keyout",
- "$slapd_certs/ca.key", "-x509", "-out", "$slapd_certs/ca.crt", "-subj",
- "/CN=CA";
-system_or_bail $openssl, "req", "-new", "-nodes", "-keyout",
- "$slapd_certs/server.key", "-out", "$slapd_certs/server.csr", "-subj",
- "/CN=server";
-system_or_bail $openssl, "x509", "-req", "-in", "$slapd_certs/server.csr",
- "-CA", "$slapd_certs/ca.crt", "-CAkey", "$slapd_certs/ca.key",
- "-CAcreateserial", "-out", "$slapd_certs/server.crt";
+# use existing certs from nearby SSL test suite
+copy "../ssl/ssl/server_ca.crt", "$slapd_certs/ca.crt"
+ || die "copying ca.crt: $!";
+copy "../ssl/ssl/server-cn-only.crt", "$slapd_certs/server.crt"
+ || die "copying server.crt: $!";;
+copy "../ssl/ssl/server-cn-only.key", "$slapd_certs/server.key"
+ || die "copying server.key: $!";;
system_or_bail $slapd, '-f', $slapd_conf, '-h', "$ldap_url $ldaps_url";
--
2.34.1
Andrew Dunstan <andrew@dunslane.net> writes:
We don't generate SSL certificates for running the SSL tests, but
instead use pregenerated certificates that are part of our source code.
This patch applies the same policy to the LDAP tests, and in fact simply
reuses certificates from the SSL test suite by copying them. It won't
save much but it should save a handful of cycles at run time.
+1, but should there be a comment somewhere under test/ssl pointing
out this external use of the certs?
Also, I bet this needs some adjustment for VPATH builds.
regards, tom lane
On 2022-12-19 Mo 10:25, Tom Lane wrote:
Andrew Dunstan <andrew@dunslane.net> writes:
We don't generate SSL certificates for running the SSL tests, but
instead use pregenerated certificates that are part of our source code.
This patch applies the same policy to the LDAP tests, and in fact simply
reuses certificates from the SSL test suite by copying them. It won't
save much but it should save a handful of cycles at run time.+1, but should there be a comment somewhere under test/ssl pointing
out this external use of the certs?
OK, I'll find a place to mention that.
Also, I bet this needs some adjustment for VPATH builds.
I have tested it with both a make style vpath build and with meson - it
works fine.
cheers
andrew
--
Andrew Dunstan
EDB: https://www.enterprisedb.com
On 2022-12-19 Mo 11:04, Andrew Dunstan wrote:
On 2022-12-19 Mo 10:25, Tom Lane wrote:
Andrew Dunstan <andrew@dunslane.net> writes:
We don't generate SSL certificates for running the SSL tests, but
instead use pregenerated certificates that are part of our source code.
This patch applies the same policy to the LDAP tests, and in fact simply
reuses certificates from the SSL test suite by copying them. It won't
save much but it should save a handful of cycles at run time.+1, but should there be a comment somewhere under test/ssl pointing
out this external use of the certs?OK, I'll find a place to mention that.
Done.
cheers
andrew
--
Andrew Dunstan
EDB: https://www.enterprisedb.com