Use existing SSL certs in LDAP tests instead of generating them

The SSL test suite has a bunch of pre-existing certificates, so it's
better simply to use what we already have than generate new certificates
each time the LDAP tests are run.

Discussion: https://postgr.es/m/bc305c7a-f390-44f2-2e82-9bcaec6108da@dunslane.net

diff --git a/src/test/ldap/Makefile b/src/test/ldap/Makefile
index b1e4a7be677c58bfc4a66fd4a6c6d7b3aed9eb5b..e5fa3d86104c8092604de685860f411573664075 100644 (file)
--- a/src/test/ldap/Makefile
+++ b/src/test/ldap/Makefile
@@ -14,7 +14,6 @@ top_builddir = ../../..
 include $(top_builddir)/src/Makefile.global
 
 export with_ldap
-export OPENSSL
 
 check:
    $(prove_check)

diff --git a/src/test/ldap/meson.build b/src/test/ldap/meson.build
index 6088d63bae87b6cb6bde1dd78cb31c245449504e..90d88138e7bbdad9a59a98f6b8d2ff0c84b652c2 100644 (file)
--- a/src/test/ldap/meson.build
+++ b/src/test/ldap/meson.build
@@ -10,7 +10,6 @@ tests += {
     ],
     'env': {
       'with_ldap': ldap.found() ? 'yes' : 'no',
-      'OPENSSL': openssl.path(),
     },
   },
 }

diff --git a/src/test/ldap/t/001_auth.pl b/src/test/ldap/t/001_auth.pl
index fd90832b755a7dadc3f9c0774a297f0bde241277..0ea274c383ec5dc2755633b08b2c5058b36133a5 100644 (file)
--- a/src/test/ldap/t/001_auth.pl
+++ b/src/test/ldap/t/001_auth.pl
@@ -3,6 +3,7 @@
 
 use strict;
 use warnings;
+use File::Copy;
 use PostgreSQL::Test::Utils;
 use PostgreSQL::Test::Cluster;
 use Test::More;
@@ -113,17 +114,13 @@ append_to_file(
 mkdir $ldap_datadir or die;
 mkdir $slapd_certs  or die;
 
-my $openssl = $ENV{OPENSSL};
-
-system_or_bail $openssl, "req", "-new", "-nodes", "-keyout",
-  "$slapd_certs/ca.key", "-x509", "-out", "$slapd_certs/ca.crt", "-subj",
-  "/CN=CA";
-system_or_bail $openssl, "req", "-new", "-nodes", "-keyout",
-  "$slapd_certs/server.key", "-out", "$slapd_certs/server.csr", "-subj",
-  "/CN=server";
-system_or_bail $openssl, "x509", "-req", "-in", "$slapd_certs/server.csr",
-  "-CA", "$slapd_certs/ca.crt", "-CAkey", "$slapd_certs/ca.key",
-  "-CAcreateserial", "-out", "$slapd_certs/server.crt";
+# use existing certs from nearby SSL test suite
+copy "../ssl/ssl/server_ca.crt", "$slapd_certs/ca.crt"
+  || die "copying ca.crt: $!";
+copy "../ssl/ssl/server-cn-only.crt", "$slapd_certs/server.crt"
+  || die "copying server.crt: $!";;
+copy "../ssl/ssl/server-cn-only.key", "$slapd_certs/server.key"
+  || die "copying server.key: $!";;
 
 system_or_bail $slapd, '-f', $slapd_conf, '-h', "$ldap_url $ldaps_url";
 

diff --git a/src/test/ssl/README b/src/test/ssl/README
index 7e6070065204527b8dccee9dcedf1191e552438a..287b512dc2a697092ce643fe527c80cf90dc7350 100644 (file)
--- a/src/test/ssl/README
+++ b/src/test/ssl/README
@@ -93,6 +93,11 @@ recreate them if you need to make changes. "make sslfiles-clean" is required
 in order to recreate the full set of keypairs and certificates. To rebuild
 separate files, touch (or remove) the files in question and run "make sslfiles".
 
+Note
+====
+
+These certificates are also used in other tests, e.g. the LDAP tests.
+
 TODO
 ====