external
/
citus
mirror of https://github.com/citusdata/citus.git
1
0
Fork 0
Code Issues Packages Projects Releases Wiki Activity
citus/src/test/regress/expected/ssl_by_default.out

68 lines
2.7 KiB
Plaintext
Raw Blame History

-- Citus uses ssl by default now. It does so by turning on ssl and if needed will generate
-- self-signed certificates.
-- To test this we will verify that SSL is set to ON for all machines, and we will make
-- sure connections to workers use SSL by having it required in citus.conn_nodeinfo and
-- lastly we will inspect the ssl state for connections to the workers
-- ssl can only be enabled by default on installations that are OpenSSL-enabled.
SHOW ssl_ciphers \gset
SELECT :'ssl_ciphers' != 'none' AS hasssl;
hasssl
---------------------------------------------------------------------
t
(1 row)
SHOW ssl;
ssl
---------------------------------------------------------------------
on
(1 row)
SELECT run_command_on_workers($$
SHOW ssl;
$$);
run_command_on_workers
---------------------------------------------------------------------
(localhost,57637,t,on)
(localhost,57638,t,on)
(2 rows)
SHOW citus.node_conninfo;
citus.node_conninfo
---------------------------------------------------------------------
sslmode=require
(1 row)
SELECT run_command_on_workers($$
SHOW citus.node_conninfo;
$$);
run_command_on_workers
---------------------------------------------------------------------
(localhost,57637,t,sslmode=require)
(localhost,57638,t,sslmode=require)
(2 rows)
SELECT run_command_on_workers($$
SELECT ssl FROM pg_stat_ssl WHERE pid = pg_backend_pid();
$$);
run_command_on_workers
---------------------------------------------------------------------
(localhost,57637,t,t)
(localhost,57638,t,t)
(2 rows)
SHOW ssl_ciphers;
ssl_ciphers
---------------------------------------------------------------------
ECDHE-ECDSA-AES128-GCM-SHA256:ECDHE-ECDSA-AES256-GCM-SHA384:ECDHE-RSA-AES128-GCM-SHA256:ECDHE-RSA-AES256-GCM-SHA384:ECDHE-ECDSA-AES128-SHA256:ECDHE-ECDSA-AES256-SHA384:ECDHE-RSA-AES128-SHA256:ECDHE-RSA-AES256-SHA384
(1 row)
SELECT run_command_on_workers($$
SHOW ssl_ciphers;
$$);
run_command_on_workers
---------------------------------------------------------------------
(localhost,57637,t,ECDHE-ECDSA-AES128-GCM-SHA256:ECDHE-ECDSA-AES256-GCM-SHA384:ECDHE-RSA-AES128-GCM-SHA256:ECDHE-RSA-AES256-GCM-SHA384:ECDHE-ECDSA-AES128-SHA256:ECDHE-ECDSA-AES256-SHA384:ECDHE-RSA-AES128-SHA256:ECDHE-RSA-AES256-SHA384)
(localhost,57638,t,ECDHE-ECDSA-AES128-GCM-SHA256:ECDHE-ECDSA-AES256-GCM-SHA384:ECDHE-RSA-AES128-GCM-SHA256:ECDHE-RSA-AES256-GCM-SHA384:ECDHE-ECDSA-AES128-SHA256:ECDHE-ECDSA-AES256-SHA384:ECDHE-RSA-AES128-SHA256:ECDHE-RSA-AES256-SHA384)
(2 rows)
Reference in New Issue View Git Blame Copy Permalink