pgsql: Refactor the sslfiles Makefile target for ease of use - Mailing list pgsql-committers
| From | Daniel Gustafsson |
|---|---|
| Subject | pgsql: Refactor the sslfiles Makefile target for ease of use |
| Date | |
| Msg-id | E1mctg6-0002lC-7l@gemulon.postgresql.org Whole thread Raw |
| Responses |
Re: pgsql: Refactor the sslfiles Makefile target for ease of use
Re: pgsql: Refactor the sslfiles Makefile target for ease of use |
| List | pgsql-committers |
Refactor the sslfiles Makefile target for ease of use The Makefile handling of certificate and keypairs used for TLS testing had become quite difficult to work with. Adding a new cert without the need to regenerate everything was too complicated. This patch refactors the sslfiles make target such that adding a new certificate requires only adding a .config file, adding it to the top of the Makefile, and running make sslfiles. Improvements: - Interfile dependencies should be fixed, with the exception of the CRL dirs. - New certificates have serial numbers based on the current time, reducing the chance of collision. - The CA index state is created on demand and cleaned up automatically at the end of the Make run. - *.config files are now self-contained; one certificate needs one config file instead of two. - Duplication is reduced, and along with it some unneeded code (and possible copy-paste errors). - all configuration files underneath the conf/ directory. The target is moved to its own makefile in order to avoid colliding with global make settings. Author: Jacob Champion <pchampion@vmware.com> Reviewed-by: Michael Paquier <michael@paquier.xyz> Discussion: https://postgr.es/m/d15a9838344ba090e09fd866abf913584ea19fb7.camel@vmware.com Branch ------ master Details ------- https://git.postgresql.org/pg/commitdiff/b4c4a00eada3c512e819e9163114a5ad1606bc7e Modified Files -------------- src/test/ssl/Makefile | 167 +------------- src/test/ssl/README | 4 +- src/test/ssl/{ => conf}/cas.config | 10 +- src/test/ssl/{ => conf}/client-dn.config | 1 - src/test/ssl/conf/client-revoked.config | 13 ++ src/test/ssl/{ => conf}/client.config | 1 - src/test/ssl/{ => conf}/client_ca.config | 5 + src/test/ssl/{ => conf}/root_ca.config | 1 + .../ssl/{ => conf}/server-cn-and-alt-names.config | 0 src/test/ssl/{ => conf}/server-cn-only.config | 3 +- .../{ => conf}/server-multiple-alt-names.config | 0 src/test/ssl/{ => conf}/server-no-names.config | 5 +- src/test/ssl/{ => conf}/server-revoked.config | 3 +- .../ssl/{ => conf}/server-single-alt-name.config | 0 src/test/ssl/{ => conf}/server_ca.config | 5 + src/test/ssl/ssl/both-cas-1.crt | 86 ++++---- src/test/ssl/ssl/both-cas-2.crt | 86 ++++---- src/test/ssl/ssl/client+client_ca.crt | 65 +++--- src/test/ssl/ssl/client-crldir/9bb9e3c3.r0 | 18 +- src/test/ssl/ssl/client-dn.crt | 34 +-- src/test/ssl/ssl/client-revoked.crt | 31 +-- src/test/ssl/ssl/client.crl | 18 +- src/test/ssl/ssl/client.crt | 31 +-- src/test/ssl/ssl/client_ca.crt | 34 +-- src/test/ssl/ssl/root+client-crldir/9bb9e3c3.r0 | 18 +- src/test/ssl/ssl/root+client-crldir/a3d11bff.r0 | 16 +- src/test/ssl/ssl/root+client.crl | 34 +-- src/test/ssl/ssl/root+client_ca.crt | 52 ++--- src/test/ssl/ssl/root+server-crldir/a3d11bff.r0 | 16 +- src/test/ssl/ssl/root+server-crldir/a836cc2d.r0 | 18 +- src/test/ssl/ssl/root+server.crl | 34 +-- src/test/ssl/ssl/root+server_ca.crt | 52 ++--- src/test/ssl/ssl/root.crl | 16 +- src/test/ssl/ssl/root_ca.crt | 18 +- src/test/ssl/ssl/server-cn-and-alt-names.crt | 36 +-- src/test/ssl/ssl/server-cn-only.crt | 33 +-- src/test/ssl/ssl/server-crldir/a836cc2d.r0 | 18 +- src/test/ssl/ssl/server-multiple-alt-names.crt | 36 +-- src/test/ssl/ssl/server-no-names.crt | 32 +-- src/test/ssl/ssl/server-revoked.crt | 33 +-- src/test/ssl/ssl/server-single-alt-name.crt | 34 +-- src/test/ssl/ssl/server.crl | 18 +- src/test/ssl/ssl/server_ca.crt | 34 +-- src/test/ssl/sslfiles.mk | 244 +++++++++++++++++++++ src/test/ssl/t/001_ssltests.pl | 17 +- 45 files changed, 778 insertions(+), 652 deletions(-)
pgsql-committers by date: