diff options
| author | Bruce Momjian | 2015-05-24 01:35:49 +0000 |
|---|---|---|
| committer | Bruce Momjian | 2015-05-24 01:35:49 +0000 |
| commit | 807b9e0dff663c5da875af7907a5106c0ff90673 (patch) | |
| tree | 89a0cfbd3c9801dcb04aae4ccf2fee935092f958 /src/test | |
| parent | 225892552bd3052982d2b97b749e5945ea71facc (diff) | |
pgindent run for 9.5
Diffstat (limited to 'src/test')
| -rw-r--r-- | src/test/modules/test_ddl_deparse/test_ddl_deparse.c | 8 | ||||
| -rw-r--r-- | src/test/modules/test_rls_hooks/test_rls_hooks.c | 84 | ||||
| -rw-r--r-- | src/test/perl/TestLib.pm | 13 | ||||
| -rw-r--r-- | src/test/regress/pg_regress.c | 19 | ||||
| -rw-r--r-- | src/test/regress/regress.c | 22 | ||||
| -rw-r--r-- | src/test/ssl/ServerSetup.pm | 105 | ||||
| -rw-r--r-- | src/test/ssl/t/001_ssltests.pl | 110 |
7 files changed, 200 insertions, 161 deletions
diff --git a/src/test/modules/test_ddl_deparse/test_ddl_deparse.c b/src/test/modules/test_ddl_deparse/test_ddl_deparse.c index f9ba4132e7c..44a5cb0277e 100644 --- a/src/test/modules/test_ddl_deparse/test_ddl_deparse.c +++ b/src/test/modules/test_ddl_deparse/test_ddl_deparse.c @@ -63,8 +63,8 @@ Datum get_altertable_subcmdtypes(PG_FUNCTION_ARGS) { CollectedCommand *cmd = (CollectedCommand *) PG_GETARG_POINTER(0); - ArrayBuildState *astate = NULL; - ListCell *cell; + ArrayBuildState *astate = NULL; + ListCell *cell; if (cmd->type != SCT_AlterTable) elog(ERROR, "command is not ALTER TABLE"); @@ -72,8 +72,8 @@ get_altertable_subcmdtypes(PG_FUNCTION_ARGS) foreach(cell, cmd->d.alterTable.subcmds) { CollectedATSubcmd *sub = lfirst(cell); - AlterTableCmd *subcmd = (AlterTableCmd *) sub->parsetree; - const char *strtype; + AlterTableCmd *subcmd = (AlterTableCmd *) sub->parsetree; + const char *strtype; Assert(IsA(subcmd, AlterTableCmd)); diff --git a/src/test/modules/test_rls_hooks/test_rls_hooks.c b/src/test/modules/test_rls_hooks/test_rls_hooks.c index c2122e7981a..61b62d55b4c 100644 --- a/src/test/modules/test_rls_hooks/test_rls_hooks.c +++ b/src/test/modules/test_rls_hooks/test_rls_hooks.c @@ -35,11 +35,12 @@ PG_MODULE_MAGIC; static row_security_policy_hook_type prev_row_security_policy_hook_permissive = NULL; static row_security_policy_hook_type prev_row_security_policy_hook_restrictive = NULL; -void _PG_init(void); -void _PG_fini(void); +void _PG_init(void); +void _PG_fini(void); /* Install hooks */ -void _PG_init(void) +void +_PG_init(void) { /* Save values for unload */ prev_row_security_policy_hook_permissive = row_security_policy_hook_permissive; @@ -51,7 +52,8 @@ void _PG_init(void) } /* Uninstall hooks */ -void _PG_fini(void) +void +_PG_fini(void) { row_security_policy_hook_permissive = prev_row_security_policy_hook_permissive; row_security_policy_hook_restrictive = prev_row_security_policy_hook_restrictive; @@ -60,20 +62,20 @@ void _PG_fini(void) /* * Return permissive policies to be added */ -List* +List * test_rls_hooks_permissive(CmdType cmdtype, Relation relation) { - List *policies = NIL; - RowSecurityPolicy *policy = palloc0(sizeof(RowSecurityPolicy)); - Datum role; - FuncCall *n; - Node *e; - ColumnRef *c; - ParseState *qual_pstate; - RangeTblEntry *rte; - - if (strcmp(RelationGetRelationName(relation),"rls_test_permissive") - && strcmp(RelationGetRelationName(relation),"rls_test_both")) + List *policies = NIL; + RowSecurityPolicy *policy = palloc0(sizeof(RowSecurityPolicy)); + Datum role; + FuncCall *n; + Node *e; + ColumnRef *c; + ParseState *qual_pstate; + RangeTblEntry *rte; + + if (strcmp(RelationGetRelationName(relation), "rls_test_permissive") + && strcmp(RelationGetRelationName(relation), "rls_test_both")) return NIL; qual_pstate = make_parsestate(NULL); @@ -88,11 +90,11 @@ test_rls_hooks_permissive(CmdType cmdtype, Relation relation) policy->policy_id = InvalidOid; policy->polcmd = '*'; policy->roles = construct_array(&role, 1, OIDOID, sizeof(Oid), true, 'i'); + /* - policy->qual = (Expr *) makeConst(BOOLOID, -1, InvalidOid, - sizeof(bool), BoolGetDatum(true), - false, true); - */ + * policy->qual = (Expr *) makeConst(BOOLOID, -1, InvalidOid, + * sizeof(bool), BoolGetDatum(true), false, true); + */ n = makeFuncCall(list_make2(makeString("pg_catalog"), makeString("current_user")), NIL, 0); @@ -101,11 +103,11 @@ test_rls_hooks_permissive(CmdType cmdtype, Relation relation) c->fields = list_make1(makeString("username")); c->location = 0; - e = (Node*) makeSimpleA_Expr(AEXPR_OP, "=", (Node*) n, (Node*) c, 0); + e = (Node *) makeSimpleA_Expr(AEXPR_OP, "=", (Node *) n, (Node *) c, 0); - policy->qual = (Expr*) transformWhereClause(qual_pstate, copyObject(e), - EXPR_KIND_WHERE, - "POLICY"); + policy->qual = (Expr *) transformWhereClause(qual_pstate, copyObject(e), + EXPR_KIND_WHERE, + "POLICY"); policy->with_check_qual = copyObject(policy->qual); policy->hassublinks = false; @@ -118,21 +120,21 @@ test_rls_hooks_permissive(CmdType cmdtype, Relation relation) /* * Return restrictive policies to be added */ -List* +List * test_rls_hooks_restrictive(CmdType cmdtype, Relation relation) { - List *policies = NIL; - RowSecurityPolicy *policy = palloc0(sizeof(RowSecurityPolicy)); - Datum role; - FuncCall *n; - Node *e; - ColumnRef *c; - ParseState *qual_pstate; - RangeTblEntry *rte; - - - if (strcmp(RelationGetRelationName(relation),"rls_test_restrictive") - && strcmp(RelationGetRelationName(relation),"rls_test_both")) + List *policies = NIL; + RowSecurityPolicy *policy = palloc0(sizeof(RowSecurityPolicy)); + Datum role; + FuncCall *n; + Node *e; + ColumnRef *c; + ParseState *qual_pstate; + RangeTblEntry *rte; + + + if (strcmp(RelationGetRelationName(relation), "rls_test_restrictive") + && strcmp(RelationGetRelationName(relation), "rls_test_both")) return NIL; qual_pstate = make_parsestate(NULL); @@ -155,11 +157,11 @@ test_rls_hooks_restrictive(CmdType cmdtype, Relation relation) c->fields = list_make1(makeString("supervisor")); c->location = 0; - e = (Node*) makeSimpleA_Expr(AEXPR_OP, "=", (Node*) n, (Node*) c, 0); + e = (Node *) makeSimpleA_Expr(AEXPR_OP, "=", (Node *) n, (Node *) c, 0); - policy->qual = (Expr*) transformWhereClause(qual_pstate, copyObject(e), - EXPR_KIND_WHERE, - "POLICY"); + policy->qual = (Expr *) transformWhereClause(qual_pstate, copyObject(e), + EXPR_KIND_WHERE, + "POLICY"); policy->with_check_qual = copyObject(policy->qual); policy->hassublinks = false; diff --git a/src/test/perl/TestLib.pm b/src/test/perl/TestLib.pm index 003cd9a2cca..ef42366888e 100644 --- a/src/test/perl/TestLib.pm +++ b/src/test/perl/TestLib.pm @@ -60,11 +60,15 @@ $ENV{PGPORT} = int($ENV{PGPORT}) % 65536; sub tempdir { - return File::Temp::tempdir('tmp_testXXXX', DIR => $ENV{TESTDIR} || cwd(), CLEANUP => 1); + return File::Temp::tempdir( + 'tmp_testXXXX', + DIR => $ENV{TESTDIR} || cwd(), + CLEANUP => 1); } sub tempdir_short { + # Use a separate temp dir outside the build tree for the # Unix-domain socket, to avoid file name length issues. return File::Temp::tempdir(CLEANUP => 1); @@ -75,7 +79,7 @@ sub standard_initdb my $pgdata = shift; system_or_bail("initdb -D '$pgdata' -A trust -N >/dev/null"); system_or_bail("$ENV{top_builddir}/src/test/regress/pg_regress", - '--config-auth', $pgdata); + '--config-auth', $pgdata); } my ($test_server_datadir, $test_server_logfile); @@ -90,7 +94,7 @@ sub start_test_server standard_initdb "$tempdir/pgdata"; $ret = system 'pg_ctl', '-D', "$tempdir/pgdata", '-s', '-w', '-l', "$tempdir/logfile", '-o', - "--fsync=off -k $tempdir_short --listen-addresses='' --log-statement=all", +"--fsync=off -k $tempdir_short --listen-addresses='' --log-statement=all", 'start'; if ($ret != 0) @@ -185,7 +189,8 @@ sub program_options_handling_ok { my ($cmd) = @_; my ($stdout, $stderr); - my $result = run [ $cmd, '--not-a-valid-option' ], '>', \$stdout, '2>', \$stderr; + my $result = run [ $cmd, '--not-a-valid-option' ], '>', \$stdout, '2>', + \$stderr; ok(!$result, "$cmd with invalid option nonzero exit code"); isnt($stderr, '', "$cmd with invalid option prints error message"); } diff --git a/src/test/regress/pg_regress.c b/src/test/regress/pg_regress.c index 2df5c1b5d6a..cc260169a48 100644 --- a/src/test/regress/pg_regress.c +++ b/src/test/regress/pg_regress.c @@ -1139,15 +1139,15 @@ spawn_process(const char *cmdline) /* in parent */ return pid; #else - PROCESS_INFORMATION pi; - char *cmdline2; - HANDLE restrictedToken; + PROCESS_INFORMATION pi; + char *cmdline2; + HANDLE restrictedToken; memset(&pi, 0, sizeof(pi)); cmdline2 = psprintf("cmd /c \"%s\"", cmdline); - if((restrictedToken = - CreateRestrictedProcess(cmdline2, &pi, progname)) == 0) + if ((restrictedToken = + CreateRestrictedProcess(cmdline2, &pi, progname)) == 0) exit(2); CloseHandle(pi.hThread); @@ -1973,8 +1973,9 @@ help(void) printf(_(" --schedule=FILE use test ordering schedule from FILE\n")); printf(_(" (can be used multiple times to concatenate)\n")); printf(_(" --temp-instance=DIR create a temporary instance in DIR\n")); - printf(_(" --use-existing use an existing installation\n")); // XXX - printf(_("\n")); + printf(_(" --use-existing use an existing installation\n")); + //XXX + printf(_("\n")); printf(_("Options for \"temp-instance\" mode:\n")); printf(_(" --no-locale use C locale\n")); printf(_(" --port=PORT start postmaster on PORT\n")); @@ -2446,8 +2447,8 @@ regression_main(int argc, char *argv[], init_function ifunc, test_function tfunc /* * If there were no errors, remove the temp instance immediately to - * conserve disk space. (If there were errors, we leave the instance - * in place for possible manual investigation.) + * conserve disk space. (If there were errors, we leave the instance in + * place for possible manual investigation.) */ if (temp_instance && fail_count == 0 && fail_ignore_count == 0) { diff --git a/src/test/regress/regress.c b/src/test/regress/regress.c index d68c90cd9bb..bd31a3d3825 100644 --- a/src/test/regress/regress.c +++ b/src/test/regress/regress.c @@ -1,8 +1,8 @@ /*------------------------------------------------------------------------ * * regress.c - * Code for various C-language functions defined as part of the - * regression tests. + * Code for various C-language functions defined as part of the + * regression tests. * * This code is released under the terms of the PostgreSQL License. * @@ -911,14 +911,14 @@ test_atomic_flag(void) pg_atomic_clear_flag(&flag); } -#endif /* PG_HAVE_ATOMIC_FLAG_SIMULATION */ +#endif /* PG_HAVE_ATOMIC_FLAG_SIMULATION */ static void test_atomic_uint32(void) { pg_atomic_uint32 var; - uint32 expected; - int i; + uint32 expected; + int i; pg_atomic_init_u32(&var, 0); @@ -955,7 +955,7 @@ test_atomic_uint32(void) if (pg_atomic_fetch_add_u32(&var, INT_MAX) != INT_MAX) elog(ERROR, "pg_atomic_add_fetch_u32() #3 wrong"); - pg_atomic_fetch_add_u32(&var, 1); /* top up to UINT_MAX */ + pg_atomic_fetch_add_u32(&var, 1); /* top up to UINT_MAX */ if (pg_atomic_read_u32(&var) != UINT_MAX) elog(ERROR, "atomic_read_u32() #2 wrong"); @@ -963,7 +963,7 @@ test_atomic_uint32(void) if (pg_atomic_fetch_sub_u32(&var, INT_MAX) != UINT_MAX) elog(ERROR, "pg_atomic_fetch_sub_u32() #2 wrong"); - if (pg_atomic_read_u32(&var) != (uint32)INT_MAX + 1) + if (pg_atomic_read_u32(&var) != (uint32) INT_MAX + 1) elog(ERROR, "atomic_read_u32() #3 wrong: %u", pg_atomic_read_u32(&var)); expected = pg_atomic_sub_fetch_u32(&var, INT_MAX); @@ -1018,8 +1018,8 @@ static void test_atomic_uint64(void) { pg_atomic_uint64 var; - uint64 expected; - int i; + uint64 expected; + int i; pg_atomic_init_u64(&var, 0); @@ -1083,13 +1083,13 @@ test_atomic_uint64(void) elog(ERROR, "pg_atomic_fetch_and_u64() #1 wrong"); if (pg_atomic_fetch_and_u64(&var, ~1) != 1) - elog(ERROR, "pg_atomic_fetch_and_u64() #2 wrong: is "UINT64_FORMAT, + elog(ERROR, "pg_atomic_fetch_and_u64() #2 wrong: is " UINT64_FORMAT, pg_atomic_read_u64(&var)); /* no bits set anymore */ if (pg_atomic_fetch_and_u64(&var, ~0) != 0) elog(ERROR, "pg_atomic_fetch_and_u64() #3 wrong"); } -#endif /* PG_HAVE_ATOMIC_U64_SUPPORT */ +#endif /* PG_HAVE_ATOMIC_U64_SUPPORT */ PG_FUNCTION_INFO_V1(test_atomic_ops); diff --git a/src/test/ssl/ServerSetup.pm b/src/test/ssl/ServerSetup.pm index fda3afebc18..4ce4a69e741 100644 --- a/src/test/ssl/ServerSetup.pm +++ b/src/test/ssl/ServerSetup.pm @@ -38,74 +38,81 @@ sub copy_files foreach my $orig_file (@orig_files) { my $base_file = basename($orig_file); - copy($orig_file, "$dest/$base_file") or die "Could not copy $orig_file to $dest"; + copy($orig_file, "$dest/$base_file") + or die "Could not copy $orig_file to $dest"; } } sub configure_test_server_for_ssl { - my $tempdir = $_[0]; + my $tempdir = $_[0]; - # Create test users and databases - psql 'postgres', "CREATE USER ssltestuser"; - psql 'postgres', "CREATE USER anotheruser"; - psql 'postgres', "CREATE DATABASE trustdb"; - psql 'postgres', "CREATE DATABASE certdb"; + # Create test users and databases + psql 'postgres', "CREATE USER ssltestuser"; + psql 'postgres', "CREATE USER anotheruser"; + psql 'postgres', "CREATE DATABASE trustdb"; + psql 'postgres', "CREATE DATABASE certdb"; - # enable logging etc. - open CONF, ">>$tempdir/pgdata/postgresql.conf"; - print CONF "fsync=off\n"; - print CONF "log_connections=on\n"; - print CONF "log_hostname=on\n"; - print CONF "log_statement=all\n"; + # enable logging etc. + open CONF, ">>$tempdir/pgdata/postgresql.conf"; + print CONF "fsync=off\n"; + print CONF "log_connections=on\n"; + print CONF "log_hostname=on\n"; + print CONF "log_statement=all\n"; - # enable SSL and set up server key - print CONF "include 'sslconfig.conf'"; + # enable SSL and set up server key + print CONF "include 'sslconfig.conf'"; - close CONF; + close CONF; - # Copy all server certificates and keys, and client root cert, to the data dir - copy_files("ssl/server-*.crt", "$tempdir/pgdata"); - copy_files("ssl/server-*.key", "$tempdir/pgdata"); - system_or_bail "chmod 0600 '$tempdir'/pgdata/server-*.key"; - copy_files("ssl/root+client_ca.crt", "$tempdir/pgdata"); - copy_files("ssl/root+client.crl", "$tempdir/pgdata"); +# Copy all server certificates and keys, and client root cert, to the data dir + copy_files("ssl/server-*.crt", "$tempdir/pgdata"); + copy_files("ssl/server-*.key", "$tempdir/pgdata"); + system_or_bail "chmod 0600 '$tempdir'/pgdata/server-*.key"; + copy_files("ssl/root+client_ca.crt", "$tempdir/pgdata"); + copy_files("ssl/root+client.crl", "$tempdir/pgdata"); # Only accept SSL connections from localhost. Our tests don't depend on this # but seems best to keep it as narrow as possible for security reasons. # # When connecting to certdb, also check the client certificate. - open HBA, ">$tempdir/pgdata/pg_hba.conf"; - print HBA "# TYPE DATABASE USER ADDRESS METHOD\n"; - print HBA "hostssl trustdb ssltestuser 127.0.0.1/32 trust\n"; - print HBA "hostssl trustdb ssltestuser ::1/128 trust\n"; - print HBA "hostssl certdb ssltestuser 127.0.0.1/32 cert\n"; - print HBA "hostssl certdb ssltestuser ::1/128 cert\n"; - close HBA; + open HBA, ">$tempdir/pgdata/pg_hba.conf"; + print HBA +"# TYPE DATABASE USER ADDRESS METHOD\n"; + print HBA +"hostssl trustdb ssltestuser 127.0.0.1/32 trust\n"; + print HBA +"hostssl trustdb ssltestuser ::1/128 trust\n"; + print HBA +"hostssl certdb ssltestuser 127.0.0.1/32 cert\n"; + print HBA +"hostssl certdb ssltestuser ::1/128 cert\n"; + close HBA; } # Change the configuration to use given server cert file, and restart # the server so that the configuration takes effect. sub switch_server_cert { - my $tempdir = $_[0]; - my $certfile = $_[1]; - - diag "Restarting server with certfile \"$certfile\"..."; - - open SSLCONF, ">$tempdir/pgdata/sslconfig.conf"; - print SSLCONF "ssl=on\n"; - print SSLCONF "ssl_ca_file='root+client_ca.crt'\n"; - print SSLCONF "ssl_cert_file='$certfile.crt'\n"; - print SSLCONF "ssl_key_file='$certfile.key'\n"; - print SSLCONF "ssl_crl_file='root+client.crl'\n"; - close SSLCONF; - - # Stop and restart server to reload the new config. We cannot use - # restart_test_server() because that overrides listen_addresses to only all - # Unix domain socket connections. - - system_or_bail 'pg_ctl', 'stop', '-s', '-D', "$tempdir/pgdata", '-w'; - system_or_bail 'pg_ctl', 'start', '-s', '-D', "$tempdir/pgdata", '-w', '-l', - "$tempdir/logfile"; + my $tempdir = $_[0]; + my $certfile = $_[1]; + + diag "Restarting server with certfile \"$certfile\"..."; + + open SSLCONF, ">$tempdir/pgdata/sslconfig.conf"; + print SSLCONF "ssl=on\n"; + print SSLCONF "ssl_ca_file='root+client_ca.crt'\n"; + print SSLCONF "ssl_cert_file='$certfile.crt'\n"; + print SSLCONF "ssl_key_file='$certfile.key'\n"; + print SSLCONF "ssl_crl_file='root+client.crl'\n"; + close SSLCONF; + + # Stop and restart server to reload the new config. We cannot use + # restart_test_server() because that overrides listen_addresses to only all + # Unix domain socket connections. + + system_or_bail 'pg_ctl', 'stop', '-s', '-D', "$tempdir/pgdata", '-w'; + system_or_bail 'pg_ctl', 'start', '-s', '-D', "$tempdir/pgdata", '-w', + '-l', + "$tempdir/logfile"; } diff --git a/src/test/ssl/t/001_ssltests.pl b/src/test/ssl/t/001_ssltests.pl index b492a56688a..926b529198d 100644 --- a/src/test/ssl/t/001_ssltests.pl +++ b/src/test/ssl/t/001_ssltests.pl @@ -23,9 +23,10 @@ BEGIN # This is the hostname used to connect to the server. This cannot be a # hostname, because the server certificate is always for the domain # postgresql-ssl-regression.test. -my $SERVERHOSTADDR='127.0.0.1'; +my $SERVERHOSTADDR = '127.0.0.1'; my $tempdir = TestLib::tempdir; + #my $tempdir = "tmp_check"; @@ -33,17 +34,17 @@ my $tempdir = TestLib::tempdir; my $common_connstr; -sub run_test_psql { - my $connstr = $_[0]; +sub run_test_psql +{ + my $connstr = $_[0]; my $logstring = $_[1]; - my $cmd = [ 'psql', - '-A', '-t', - '-c', "SELECT 'connected with $connstr'", - '-d', "$connstr" - ]; + my $cmd = [ + 'psql', '-A', '-t', '-c', "SELECT 'connected with $connstr'", + '-d', "$connstr" ]; - open CLIENTLOG, ">>$tempdir/client-log" or die "Could not open client-log file"; + open CLIENTLOG, ">>$tempdir/client-log" + or die "Could not open client-log file"; print CLIENTLOG "\n# Running test: $connstr $logstring\n"; close CLIENTLOG; @@ -57,14 +58,17 @@ sub run_test_psql { # which also contains a libpq connection string. # # The second argument is a hostname to connect to. -sub test_connect_ok { +sub test_connect_ok +{ my $connstr = $_[0]; - my $result = run_test_psql("$common_connstr $connstr", "(should succeed)"); + my $result = + run_test_psql("$common_connstr $connstr", "(should succeed)"); ok($result, $connstr); } -sub test_connect_fails { +sub test_connect_fails +{ my $connstr = $_[0]; my $result = run_test_psql("$common_connstr $connstr", "(should fail)"); @@ -91,7 +95,8 @@ switch_server_cert($tempdir, 'server-cn-only'); diag "running client tests..."; -$common_connstr="user=ssltestuser dbname=trustdb sslcert=invalid hostaddr=$SERVERHOSTADDR host=common-name.pg-ssltest.test"; +$common_connstr = +"user=ssltestuser dbname=trustdb sslcert=invalid hostaddr=$SERVERHOSTADDR host=common-name.pg-ssltest.test"; # The server should not accept non-SSL connections diag "test that the server doesn't accept non-SSL connections"; @@ -100,7 +105,7 @@ test_connect_fails("sslmode=disable"); # Try without a root cert. In sslmode=require, this should work. In verify-ca # or verify-full mode it should fail diag "connect without server root cert"; -test_connect_ok ("sslrootcert=invalid sslmode=require"); +test_connect_ok("sslrootcert=invalid sslmode=require"); test_connect_fails("sslrootcert=invalid sslmode=verify-ca"); test_connect_fails("sslrootcert=invalid sslmode=verify-full"); @@ -118,42 +123,50 @@ test_connect_fails("sslrootcert=ssl/server_ca.crt sslmode=verify-ca"); # And finally, with the correct root cert. diag "connect with correct server CA cert file"; -test_connect_ok ("sslrootcert=ssl/root+server_ca.crt sslmode=require"); -test_connect_ok ("sslrootcert=ssl/root+server_ca.crt sslmode=verify-ca"); -test_connect_ok ("sslrootcert=ssl/root+server_ca.crt sslmode=verify-full"); +test_connect_ok("sslrootcert=ssl/root+server_ca.crt sslmode=require"); +test_connect_ok("sslrootcert=ssl/root+server_ca.crt sslmode=verify-ca"); +test_connect_ok("sslrootcert=ssl/root+server_ca.crt sslmode=verify-full"); # Test with cert root file that contains two certificates. The client should # be able to pick the right one, regardless of the order in the file. -test_connect_ok ("sslrootcert=ssl/both-cas-1.crt sslmode=verify-ca"); -test_connect_ok ("sslrootcert=ssl/both-cas-2.crt sslmode=verify-ca"); +test_connect_ok("sslrootcert=ssl/both-cas-1.crt sslmode=verify-ca"); +test_connect_ok("sslrootcert=ssl/both-cas-2.crt sslmode=verify-ca"); diag "testing sslcrl option with a non-revoked cert"; # Invalid CRL filename is the same as no CRL, succeeds -test_connect_ok ("sslrootcert=ssl/root+server_ca.crt sslmode=verify-ca sslcrl=invalid"); +test_connect_ok( + "sslrootcert=ssl/root+server_ca.crt sslmode=verify-ca sslcrl=invalid"); + # A CRL belonging to a different CA is not accepted, fails -test_connect_fails("sslrootcert=ssl/root+server_ca.crt sslmode=verify-ca sslcrl=ssl/client.crl"); +test_connect_fails( +"sslrootcert=ssl/root+server_ca.crt sslmode=verify-ca sslcrl=ssl/client.crl"); + # With the correct CRL, succeeds (this cert is not revoked) -test_connect_ok ("sslrootcert=ssl/root+server_ca.crt sslmode=verify-ca sslcrl=ssl/root+server.crl"); +test_connect_ok( +"sslrootcert=ssl/root+server_ca.crt sslmode=verify-ca sslcrl=ssl/root+server.crl" +); # Check that connecting with verify-full fails, when the hostname doesn't # match the hostname in the server's certificate. diag "test mismatch between hostname and server certificate"; -$common_connstr="user=ssltestuser dbname=trustdb sslcert=invalid sslrootcert=ssl/root+server_ca.crt hostaddr=$SERVERHOSTADDR sslmode=verify-full"; +$common_connstr = +"user=ssltestuser dbname=trustdb sslcert=invalid sslrootcert=ssl/root+server_ca.crt hostaddr=$SERVERHOSTADDR sslmode=verify-full"; -test_connect_ok ("sslmode=require host=wronghost.test"); -test_connect_ok ("sslmode=verify-ca host=wronghost.test"); +test_connect_ok("sslmode=require host=wronghost.test"); +test_connect_ok("sslmode=verify-ca host=wronghost.test"); test_connect_fails("sslmode=verify-full host=wronghost.test"); # Test Subject Alternative Names. switch_server_cert($tempdir, 'server-multiple-alt-names'); diag "test hostname matching with X509 Subject Alternative Names"; -$common_connstr="user=ssltestuser dbname=trustdb sslcert=invalid sslrootcert=ssl/root+server_ca.crt hostaddr=$SERVERHOSTADDR sslmode=verify-full"; +$common_connstr = +"user=ssltestuser dbname=trustdb sslcert=invalid sslrootcert=ssl/root+server_ca.crt hostaddr=$SERVERHOSTADDR sslmode=verify-full"; -test_connect_ok ("host=dns1.alt-name.pg-ssltest.test"); -test_connect_ok ("host=dns2.alt-name.pg-ssltest.test"); -test_connect_ok ("host=foo.wildcard.pg-ssltest.test"); +test_connect_ok("host=dns1.alt-name.pg-ssltest.test"); +test_connect_ok("host=dns2.alt-name.pg-ssltest.test"); +test_connect_ok("host=foo.wildcard.pg-ssltest.test"); test_connect_fails("host=wronghost.alt-name.pg-ssltest.test"); test_connect_fails("host=deep.subdomain.wildcard.pg-ssltest.test"); @@ -163,9 +176,10 @@ test_connect_fails("host=deep.subdomain.wildcard.pg-ssltest.test"); switch_server_cert($tempdir, 'server-single-alt-name'); diag "test hostname matching with a single X509 Subject Alternative Name"; -$common_connstr="user=ssltestuser dbname=trustdb sslcert=invalid sslrootcert=ssl/root+server_ca.crt hostaddr=$SERVERHOSTADDR sslmode=verify-full"; +$common_connstr = +"user=ssltestuser dbname=trustdb sslcert=invalid sslrootcert=ssl/root+server_ca.crt hostaddr=$SERVERHOSTADDR sslmode=verify-full"; -test_connect_ok ("host=single.alt-name.pg-ssltest.test"); +test_connect_ok("host=single.alt-name.pg-ssltest.test"); test_connect_fails("host=wronghost.alt-name.pg-ssltest.test"); test_connect_fails("host=deep.subdomain.wildcard.pg-ssltest.test"); @@ -175,48 +189,58 @@ test_connect_fails("host=deep.subdomain.wildcard.pg-ssltest.test"); switch_server_cert($tempdir, 'server-cn-and-alt-names'); diag "test certificate with both a CN and SANs"; -$common_connstr="user=ssltestuser dbname=trustdb sslcert=invalid sslrootcert=ssl/root+server_ca.crt hostaddr=$SERVERHOSTADDR sslmode=verify-full"; +$common_connstr = +"user=ssltestuser dbname=trustdb sslcert=invalid sslrootcert=ssl/root+server_ca.crt hostaddr=$SERVERHOSTADDR sslmode=verify-full"; -test_connect_ok ("host=dns1.alt-name.pg-ssltest.test"); -test_connect_ok ("host=dns2.alt-name.pg-ssltest.test"); +test_connect_ok("host=dns1.alt-name.pg-ssltest.test"); +test_connect_ok("host=dns2.alt-name.pg-ssltest.test"); test_connect_fails("host=common-name.pg-ssltest.test"); # Finally, test a server certificate that has no CN or SANs. Of course, that's # not a very sensible certificate, but libpq should handle it gracefully. switch_server_cert($tempdir, 'server-no-names'); -$common_connstr="user=ssltestuser dbname=trustdb sslcert=invalid sslrootcert=ssl/root+server_ca.crt hostaddr=$SERVERHOSTADDR"; +$common_connstr = +"user=ssltestuser dbname=trustdb sslcert=invalid sslrootcert=ssl/root+server_ca.crt hostaddr=$SERVERHOSTADDR"; -test_connect_ok ("sslmode=verify-ca host=common-name.pg-ssltest.test"); +test_connect_ok("sslmode=verify-ca host=common-name.pg-ssltest.test"); test_connect_fails("sslmode=verify-full host=common-name.pg-ssltest.test"); # Test that the CRL works diag "Testing client-side CRL"; switch_server_cert($tempdir, 'server-revoked'); -$common_connstr="user=ssltestuser dbname=trustdb sslcert=invalid hostaddr=$SERVERHOSTADDR host=common-name.pg-ssltest.test"; +$common_connstr = +"user=ssltestuser dbname=trustdb sslcert=invalid hostaddr=$SERVERHOSTADDR host=common-name.pg-ssltest.test"; # Without the CRL, succeeds. With it, fails. -test_connect_ok ("sslrootcert=ssl/root+server_ca.crt sslmode=verify-ca"); -test_connect_fails("sslrootcert=ssl/root+server_ca.crt sslmode=verify-ca sslcrl=ssl/root+server.crl"); +test_connect_ok("sslrootcert=ssl/root+server_ca.crt sslmode=verify-ca"); +test_connect_fails( +"sslrootcert=ssl/root+server_ca.crt sslmode=verify-ca sslcrl=ssl/root+server.crl" +); ### Part 2. Server-side tests. ### ### Test certificate authorization. diag "Testing certificate authorization..."; -$common_connstr="sslrootcert=ssl/root+server_ca.crt sslmode=require dbname=certdb hostaddr=$SERVERHOSTADDR"; +$common_connstr = +"sslrootcert=ssl/root+server_ca.crt sslmode=require dbname=certdb hostaddr=$SERVERHOSTADDR"; # no client cert test_connect_fails("user=ssltestuser sslcert=invalid"); # correct client cert -test_connect_ok ("user=ssltestuser sslcert=ssl/client.crt sslkey=ssl/client.key"); +test_connect_ok( + "user=ssltestuser sslcert=ssl/client.crt sslkey=ssl/client.key"); # client cert belonging to another user -test_connect_fails("user=anotheruser sslcert=ssl/client.crt sslkey=ssl/client.key"); +test_connect_fails( + "user=anotheruser sslcert=ssl/client.crt sslkey=ssl/client.key"); # revoked client cert -test_connect_fails("user=ssltestuser sslcert=ssl/client-revoked.crt sslkey=ssl/client-revoked.key"); +test_connect_fails( +"user=ssltestuser sslcert=ssl/client-revoked.crt sslkey=ssl/client-revoked.key" +); # All done! Save the log, before the temporary installation is deleted |