projects / postgresql.git / commit
? search:
summary | shortlog | log | commit | commitdiff | tree
(parent: 3e310d8) | patch
Refactor the sslfiles Makefile target for ease of use
authorDaniel Gustafsson <dgustafsson@postgresql.org>
Tue, 19 Oct 2021 18:11:42 +0000 (20:11 +0200)
committerDaniel Gustafsson <dgustafsson@postgresql.org>
Tue, 19 Oct 2021 18:11:42 +0000 (20:11 +0200)
commitb4c4a00eada3c512e819e9163114a5ad1606bc7e
treee9b916270e6d2c0134711c7f6ef6c93f52fe08bftree
parent3e310d837a9b3de8ad977c0a3e2a769bcdf61cc9commit | diff
Refactor the sslfiles Makefile target for ease of use

The Makefile handling of certificate and keypairs used for TLS testing
had become quite difficult to work with. Adding a new cert without the
need to regenerate everything was too complicated. This patch refactors
the sslfiles make target such that adding a new certificate requires
only adding a .config file, adding it to the top of the Makefile, and
running make sslfiles.

Improvements:
- Interfile dependencies should be fixed, with the exception of the CRL
  dirs.
- New certificates have serial numbers based on the current time,
  reducing the chance of collision.
- The CA index state is created on demand and cleaned up automatically
  at the end of the Make run.
- *.config files are now self-contained; one certificate needs one
  config file instead of two.
- Duplication is reduced, and along with it some unneeded code (and
  possible copy-paste errors).
- all configuration files underneath the conf/ directory.

The target is moved to its own makefile in order to avoid colliding
with global make settings.

Author: Jacob Champion <pchampion@vmware.com>
Reviewed-by: Michael Paquier <michael@paquier.xyz>
Discussion: https://postgr.es/m/d15a9838344ba090e09fd866abf913584ea19fb7.camel@vmware.com
45 files changed:
src/test/ssl/Makefile diff | blob | blame | history
src/test/ssl/README diff | blob | blame | history
src/test/ssl/conf/cas.config [moved from src/test/ssl/cas.config with 93% similarity] diff | blob | blame | history
src/test/ssl/conf/client-dn.config [moved from src/test/ssl/client-dn.config with 97% similarity] diff | blob | blame | history
src/test/ssl/conf/client-revoked.config [new file with mode: 0644] blob
src/test/ssl/conf/client.config [moved from src/test/ssl/client.config with 96% similarity] diff | blob | blame | history
src/test/ssl/conf/client_ca.config [moved from src/test/ssl/client_ca.config with 81% similarity] diff | blob | blame | history
src/test/ssl/conf/root_ca.config [moved from src/test/ssl/root_ca.config with 92% similarity] diff | blob | blame | history
src/test/ssl/conf/server-cn-and-alt-names.config [moved from src/test/ssl/server-cn-and-alt-names.config with 100% similarity] blob | blame | history
src/test/ssl/conf/server-cn-only.config [moved from src/test/ssl/server-cn-only.config with 85% similarity] diff | blob | blame | history
src/test/ssl/conf/server-multiple-alt-names.config [moved from src/test/ssl/server-multiple-alt-names.config with 100% similarity] blob | blame | history
src/test/ssl/conf/server-no-names.config [moved from src/test/ssl/server-no-names.config with 85% similarity] diff | blob | blame | history
src/test/ssl/conf/server-revoked.config [moved from src/test/ssl/server-revoked.config with 88% similarity] diff | blob | blame | history
src/test/ssl/conf/server-single-alt-name.config [moved from src/test/ssl/server-single-alt-name.config with 100% similarity] blob | blame | history
src/test/ssl/conf/server_ca.config [moved from src/test/ssl/server_ca.config with 81% similarity] diff | blob | blame | history
src/test/ssl/ssl/both-cas-1.crt diff | blob | blame | history
src/test/ssl/ssl/both-cas-2.crt diff | blob | blame | history
src/test/ssl/ssl/client+client_ca.crt diff | blob | blame | history
src/test/ssl/ssl/client-crldir/9bb9e3c3.r0 diff | blob | blame | history
src/test/ssl/ssl/client-dn.crt diff | blob | blame | history
src/test/ssl/ssl/client-revoked.crt diff | blob | blame | history
src/test/ssl/ssl/client.crl diff | blob | blame | history
src/test/ssl/ssl/client.crt diff | blob | blame | history
src/test/ssl/ssl/client_ca.crt diff | blob | blame | history
src/test/ssl/ssl/root+client-crldir/9bb9e3c3.r0 diff | blob | blame | history
src/test/ssl/ssl/root+client-crldir/a3d11bff.r0 diff | blob | blame | history
src/test/ssl/ssl/root+client.crl diff | blob | blame | history
src/test/ssl/ssl/root+client_ca.crt diff | blob | blame | history
src/test/ssl/ssl/root+server-crldir/a3d11bff.r0 diff | blob | blame | history
src/test/ssl/ssl/root+server-crldir/a836cc2d.r0 diff | blob | blame | history
src/test/ssl/ssl/root+server.crl diff | blob | blame | history
src/test/ssl/ssl/root+server_ca.crt diff | blob | blame | history
src/test/ssl/ssl/root.crl diff | blob | blame | history
src/test/ssl/ssl/root_ca.crt diff | blob | blame | history
src/test/ssl/ssl/server-cn-and-alt-names.crt diff | blob | blame | history
src/test/ssl/ssl/server-cn-only.crt diff | blob | blame | history
src/test/ssl/ssl/server-crldir/a836cc2d.r0 diff | blob | blame | history
src/test/ssl/ssl/server-multiple-alt-names.crt diff | blob | blame | history
src/test/ssl/ssl/server-no-names.crt diff | blob | blame | history
src/test/ssl/ssl/server-revoked.crt diff | blob | blame | history
src/test/ssl/ssl/server-single-alt-name.crt diff | blob | blame | history
src/test/ssl/ssl/server.crl diff | blob | blame | history
src/test/ssl/ssl/server_ca.crt diff | blob | blame | history
src/test/ssl/sslfiles.mk [new file with mode: 0644] blob
src/test/ssl/t/001_ssltests.pl diff | blob | blame | history
This is the main PostgreSQL git repository.