external
/
citus
mirror of https://github.com/citusdata/citus.git
1
0
Fork 0
Code Issues Packages Projects Releases Wiki Activity
citus/src/test/regress/expected/ssl_by_default.out

92 lines
2.8 KiB
Plaintext
Raw Blame History

This file contains ambiguous Unicode characters!

This file contains ambiguous Unicode characters that may be confused with others in your current locale. If your use case is intentional and legitimate, you can safely ignore this warning. Use the Escape button to highlight these characters.

-- Citus uses ssl by default now. It does so by turning on ssl and if needed will generate
-- self-signed certificates.
--
-- This test verifies:
-- 1) ssl=on on coordinator and workers
-- 2) coordinator->workers connections use SSL (pg_stat_ssl true)
-- 3) ssl_ciphers is non-empty and has a colon-separated rule/list on both coordinator and workers
-- (PG18/OpenSSL may report a rule string like HIGH:MEDIUM:+3DES:!aNULL instead of an expanded list)
-- 0) Is this an OpenSSL-enabled build? (if not, ssl_ciphers is 'none')
-- Keep the “hasssl” signal but dont rely on the literal cipher list value.
SHOW ssl_ciphers \gset
SELECT :'ssl_ciphers' <> 'none' AS hasssl;
hasssl
---------------------------------------------------------------------
t
(1 row)
-- 1) ssl must be on (coordinator + workers)
SHOW ssl;
ssl
---------------------------------------------------------------------
on
(1 row)
SELECT run_command_on_workers($$
SHOW ssl;
$$);
run_command_on_workers
---------------------------------------------------------------------
(localhost,57637,t,on)
(localhost,57638,t,on)
(2 rows)
-- 2) connections to workers carry sslmode=require
SHOW citus.node_conninfo;
citus.node_conninfo
---------------------------------------------------------------------
sslmode=require
(1 row)
SELECT run_command_on_workers($$
SHOW citus.node_conninfo;
$$);
run_command_on_workers
---------------------------------------------------------------------
(localhost,57637,t,sslmode=require)
(localhost,57638,t,sslmode=require)
(2 rows)
-- 3) pg_stat_ssl says SSL is active on each worker connection
SELECT run_command_on_workers($$
SELECT ssl FROM pg_stat_ssl WHERE pid = pg_backend_pid();
$$);
run_command_on_workers
---------------------------------------------------------------------
(localhost,57637,t,t)
(localhost,57638,t,t)
(2 rows)
-- 4) ssl_ciphers checks (coordinator): non-empty and contains at least one ':'
SELECT current_setting('ssl_ciphers') <> '' AS has_ssl_ciphers;
has_ssl_ciphers
---------------------------------------------------------------------
t
(1 row)
SELECT position(':' in current_setting('ssl_ciphers')) > 0 AS has_colon;
has_colon
---------------------------------------------------------------------
t
(1 row)
-- 5) ssl_ciphers checks (workers)
SELECT run_command_on_workers($$
SELECT current_setting('ssl_ciphers') <> '' AS has_ssl_ciphers
$$);
run_command_on_workers
---------------------------------------------------------------------
(localhost,57637,t,t)
(localhost,57638,t,t)
(2 rows)
SELECT run_command_on_workers($$
SELECT position(':' in current_setting('ssl_ciphers')) > 0 AS has_at_least_two_ciphers
$$);
run_command_on_workers
---------------------------------------------------------------------
(localhost,57637,t,t)
(localhost,57638,t,t)
(2 rows)
Reference in New Issue View Git Blame Copy Permalink