Centralize ssl tests' check for whether we're using LibreSSL.

Right now there's only one caller, so that this is merely
an exercise in shoving code from one module to another,
but there will shortly be another one.  It seems better to
avoid having two copies of this highly-subject-to-change test.

Back-patch to v15, where we first introduced some tests that
don't work with LibreSSL.

Reported-by: Thomas Munro <[email protected]>
Author: Tom Lane <[email protected]>
Reviewed-by: Daniel Gustafsson <[email protected]>
Discussion: https://postgr.es/m/CA+hUKG+fLqyweHqFSBcErueUVT0vDuSNWui-ySz3+d_APmq7dw@mail.gmail.com
Backpatch-through: 15

diff --git a/src/test/ssl/t/001_ssltests.pl b/src/test/ssl/t/001_ssltests.pl
index b8773270235aecf6e26de206daa85954aefac4b4..02353120f6b5b995487365c71ecea1f755d26143 100644 (file)
--- a/src/test/ssl/t/001_ssltests.pl
+++ b/src/test/ssl/t/001_ssltests.pl
@@ -35,10 +35,8 @@ sub switch_server_cert
    $ssl_server->switch_server_cert(@_);
 }
 
-# Determine whether this build uses OpenSSL or LibreSSL. As a heuristic, the
-# HAVE_SSL_CTX_SET_CERT_CB macro isn't defined for LibreSSL. (Nor for OpenSSL
-# 1.0.1, but that's old enough that accommodating it isn't worth the cost.)
-my $libressl = not check_pg_config("#define HAVE_SSL_CTX_SET_CERT_CB 1");
+# Determine whether this build uses OpenSSL or LibreSSL.
+my $libressl = $ssl_server->is_libressl;
 
 #### Some configuration
 

diff --git a/src/test/ssl/t/SSL/Backend/OpenSSL.pm b/src/test/ssl/t/SSL/Backend/OpenSSL.pm
index 410b4b1a3f5a8d8fe51d5f36814e061daff436f4..f28125d2b6e69d584cd76934e4562f87b3820602 100644 (file)
--- a/src/test/ssl/t/SSL/Backend/OpenSSL.pm
+++ b/src/test/ssl/t/SSL/Backend/OpenSSL.pm
@@ -26,6 +26,7 @@ package SSL::Backend::OpenSSL;
 
 use strict;
 use warnings FATAL => 'all';
+use PostgreSQL::Test::Utils;
 use File::Basename;
 use File::Copy;
 
@@ -205,6 +206,25 @@ sub get_library
    return $self->{_library};
 }
 
+=pod
+
+=item $backend->library_is_libressl()
+
+Detect whether the SSL library is LibreSSL.
+
+=cut
+
+sub library_is_libressl
+{
+   my ($self) = @_;
+
+   # The HAVE_SSL_CTX_SET_CERT_CB macro isn't defined for LibreSSL.
+   # (Nor for OpenSSL 1.0.1, but that's old enough that accommodating it
+   # isn't worth the cost.)
+   # We may eventually need a less-bogus heuristic.
+   return not check_pg_config("#define HAVE_SSL_CTX_SET_CERT_CB 1");
+}
+
 # Internal method for copying a set of files, taking into account wildcards
 sub _copy_files
 {

diff --git a/src/test/ssl/t/SSL/Server.pm b/src/test/ssl/t/SSL/Server.pm
index 021eec74abff0c7b263f3b03a7d85fc00d1b1ca6..88bf9ab63172a6dadf8cf6f7c10309a798828a4c 100644 (file)
--- a/src/test/ssl/t/SSL/Server.pm
+++ b/src/test/ssl/t/SSL/Server.pm
@@ -243,6 +243,23 @@ sub ssl_library
 
 =pod
 
+=item $server->is_libressl()
+
+Detect whether the currently used SSL backend is LibreSSL.
+(Ideally we'd not need this hack, but presently we do.)
+
+=cut
+
+sub is_libressl
+{
+   my $self = shift;
+   my $backend = $self->{backend};
+
+   return $backend->library_is_libressl();
+}
+
+=pod
+
 =item switch_server_cert(params)
 
 Change the configuration to use the given set of certificate, key, ca and