On 6/1/20 8:03 AM, Daniel Gustafsson wrote: >> On 1 Jun 2020, at 13:58, Andrew Dunstan <andrew.duns...@2ndquadrant.com> >> wrote: >> If you want I can add a rule for it to the Makefile, although who knows >> what commands will actually apply when the certificate runs out? > Being able to easily regenerate the testdata, regardless of expiration status, > has proven very helpful for me when implementing support for new TLS backends. > +1 for adding it to the Makefile. >
OK, here's a patch. cheers andrew -- Andrew Dunstan https://www.2ndQuadrant.com PostgreSQL Development, 24x7 Support, Remote DBA, Training & Services
diff --git a/src/test/modules/ssl_passphrase_callback/Makefile b/src/test/modules/ssl_passphrase_callback/Makefile index a3b518b50d..f81265c296 100644 --- a/src/test/modules/ssl_passphrase_callback/Makefile +++ b/src/test/modules/ssl_passphrase_callback/Makefile @@ -20,3 +20,21 @@ include $(top_srcdir)/contrib/contrib-global.mk endif SHLIB_LINK += $(filter -lssl -lcrypto -lssleay32 -leay32, $(LIBS)) + +# Targets to generate or remove the ssl certificate and key +# Normally not needed. Don't run these targets in a vpath build, the results +# won't be in the right place if you do. + +# needs to agree with what's in the test script +PASS = FooBaR1 + +.PHONY: ssl-files ssl-files-clean + +ssl-files: + openssl req -new -x509 -days 10000 -nodes -out server.crt \ + -keyout server.ckey -subj "/CN=localhost" + openssl rsa -aes256 -in server.ckey -out server.key -passout pass:$(PASS) + rm server.ckey + +ssl-files-clean: + rm -f server.crt server.key
