From faf6645fe728f7bbfa8355bfe0cd7d772e7dc710 Mon Sep 17 00:00:00 2001
From: Steven Fackler <sfackler@gmail.com>
Date: Sun, 25 Dec 2016 22:31:13 -0500
Subject: [PATCH] Add a user that must use ssl for tests

---
 .travis/pg_hba.conf        |  5 +++++
 .travis/setup.sql          |  1 +
 postgres-tokio/src/test.rs | 16 +++++++++++++++-
 3 files changed, 21 insertions(+), 1 deletion(-)

diff --git a/.travis/pg_hba.conf b/.travis/pg_hba.conf
index 7fd94263..621227dc 100644
--- a/.travis/pg_hba.conf
+++ b/.travis/pg_hba.conf
@@ -4,6 +4,11 @@ host    all             md5_user        127.0.0.1/32            md5
 host    all             pass_user       ::1/128                 password
 host    all             md5_user        ::1/128                 md5
 
+hostssl all             ssl_user        127.0.0.1/32            trust
+hostssl all             ssl_user        ::1/128                 trust
+host    all             ssl_user        127.0.0.1/32            reject
+host    all             ssl_user        ::1/128                 reject
+
 # IPv4 local connections:
 host    all             postgres        127.0.0.1/32            trust
 # IPv6 local connections:
diff --git a/.travis/setup.sql b/.travis/setup.sql
index 5a89b302..731f52dd 100644
--- a/.travis/setup.sql
+++ b/.travis/setup.sql
@@ -1,4 +1,5 @@
 CREATE ROLE pass_user PASSWORD 'password' LOGIN;
 CREATE ROLE md5_user PASSWORD 'password' LOGIN;
+CREATE ROLE ssl_user LOGIN;
 CREATE EXTENSION hstore;
 CREATE EXTENSION citext;
diff --git a/postgres-tokio/src/test.rs b/postgres-tokio/src/test.rs
index bc7ca92d..e7220ed8 100644
--- a/postgres-tokio/src/test.rs
+++ b/postgres-tokio/src/test.rs
@@ -199,6 +199,20 @@ fn unix_socket() {
     l.run(done).unwrap();
 }
 
+#[test]
+fn ssl_user_ssl_required() {
+    let mut l = Core::new().unwrap();
+    let handle = l.handle();
+
+    let done = Connection::connect("postgres://ssl_user@localhost/postgres", TlsMode::None, &handle);
+
+    match l.run(done) {
+        Err(ConnectError::Db(e)) => assert!(e.code == SqlState::InvalidAuthorizationSpecification),
+        Err(e) => panic!("unexpected error {}", e),
+        Ok(_) => panic!("unexpected success"),
+    }
+}
+
 #[cfg(feature = "with-openssl")]
 #[test]
 fn openssl_required() {
@@ -210,7 +224,7 @@ fn openssl_required() {
     let negotiator = OpenSsl::from(builder.build());
 
     let mut l = Core::new().unwrap();
-    let done = Connection::connect("postgres://postgres@localhost",
+    let done = Connection::connect("postgres://ssl_user@localhost/postgres",
                                    TlsMode::Require(Box::new(negotiator)),
                                    &l.handle())
         .then(|c| c.unwrap().prepare("SELECT 1"))