Daniel Gustafsson <daniel@yesql.se> writes:
> Agreed. The attached v3 covers the issuer and extension function to at least
> some degree. In order to reliably test the extension I added a new cert with a
> CA extension.
I have two remaining trivial nitpicks, for which I attach an 0004
delta patch: the README change was fat-fingered slightly, and some
of the commentary about the key file seems now obsolete.
Otherwise I think it's good to go, so I marked it RFC.
regards, tom lane
diff --git a/src/test/ssl/README b/src/test/ssl/README
index ca30f9329a..7e60700652 100644
--- a/src/test/ssl/README
+++ b/src/test/ssl/README
@@ -12,14 +12,12 @@ TCP connections on localhost. Any user on the same host is able to
log in to the test server while the tests are running. Do not run this
suite on a multi-user system where you don't trust all local users!
-NOTE: You must have given the --enable-tap-tests argument to configure.
-Also, to use "make installcheck", you must have built and installed
-contrib/sslinfo in addition to the core code.
-
Running the tests
=================
NOTE: You must have given the --enable-tap-tests argument to configure.
+Also, to use "make installcheck", you must have built and installed
+contrib/sslinfo in addition to the core code.
Run
make check
diff --git a/src/test/ssl/t/003_sslinfo.pl b/src/test/ssl/t/003_sslinfo.pl
index 61b117e6c2..cf2e8dde0f 100644
--- a/src/test/ssl/t/003_sslinfo.pl
+++ b/src/test/ssl/t/003_sslinfo.pl
@@ -37,9 +37,6 @@ my $common_connstr;
# The client's private key must not be world-readable, so take a copy
# of the key stored in the code tree and update its permissions.
-#
-# This changes ssl/client.key to ssl/client_tmp.key etc for the rest
-# of the tests.
my $client_tmp_key = "${PostgreSQL::Test::Utils::tmp_check}/client_ext.key";
copy("ssl/client_ext.key", $client_tmp_key)
or die "couldn't copy ssl/client_ext.key to $client_tmp_key for permissions change: $!";