Changeset 6dab61d in mod_gnutls

Timestamp:

Jul 15, 2019, 1:02:42 PM (16 months ago)

Author:

Fiona Klute <fiona.klute@…>

Branches:

master, proxy-ticket

Children:

fbef621

Parents:

b712429

Message:

Test suite: Move rogueclient ID into rogueca dir, share recipe with good certs

Location:

test

Files:

• Makefile.am (modified) (2 diffs)
• rogueca/rogueclient/template.in (moved) (moved from test/rogueclient/template.in)
• test_ca.mk (modified) (1 diff)
• tests/18_client_verification_wrong_cert/gnutls-cli.args (modified) (1 diff)

test/Makefile.am

@@ -58 +58 @@
 shared_identities = authority authority/client
 pgp_identities = $(shared_identities)
-x509_only_identities = authority/server authority/imposter rogueca rogueclient
+x509_only_identities = authority/server authority/imposter rogueca \
+        rogueca/rogueclient
 if ENABLE_OCSP_TEST
 x509_only_identities += authority/ocsp-responder
@@ -99 +100 @@
 cert_templates = authority/template.in authority/client/template.in \
         authority/imposter/template.in authority/ocsp-responder/template \
-        rogueca/template rogueclient/template.in authority/server/template.in
+        authority/server/template.in \
+        rogueca/template rogueca/rogueclient/template.in
 generated_templates = authority/template authority/client/template \
-        authority/imposter/template rogueclient/template \
+        authority/imposter/template rogueca/rogueclient/template \
         authority/server/template
 

test/test_ca.mk

@@ -56 +56 @@
         GNUPGHOME=authority/ $(GPG_FLOCK) gpg --output $@ --armor --export "$$(GNUPGHOME=$(dir $@) gpg --with-colons --list-secret-keys --fingerprint | grep ^fpr: | cut -f 10 -d :)"
 
-# special cases for the authorities' root certs:
+# special rule for root CAs
 root_cert_rule = certtool --outfile $@ --generate-self-signed --load-privkey $(dir $@)secret.key --template $<
 authority/x509.pem rogueca/x509.pem: %/x509.pem: %/template %/secret.key
         $(root_cert_rule)
 
-# normal case: certificates signed by test CA
+# generic rule for building non-root certificates, with the CA in the
+# parent directory
 cert_rule = certtool --outfile $@ --generate-certificate --load-ca-certificate $(dir $@)../x509.pem --load-ca-privkey $(dir $@)../secret.key --load-privkey $(dir $@)secret.key --template $<
 
+# certificates signed by the test root CA
 %/x509.pem: %/template %/secret.key authority/secret.key authority/x509.pem
         $(cert_rule)
 
-# error case: certificates signed by rogue CA
-rogue%/x509.pem: rogue%/template rogue%/secret.key rogueca/x509.pem
-        certtool --outfile $@ --generate-certificate --load-ca-certificate rogueca/x509.pem --load-ca-privkey rogueca/secret.key --load-privkey $(dir $@)secret.key --template $<
+# certificates signed by rogue CA (for error cases)
+rogueca/%/x509.pem: rogueca/%/template rogueca/%/secret.key rogueca/x509.pem
+        $(cert_rule)
 
 %/softhsm.conf: %/secret.key

test/tests/18_client_verification_wrong_cert/gnutls-cli.args

@@ -1 @@
---x509certfile=rogueclient/x509.pem
---x509keyfile=rogueclient/secret.key
+--x509certfile=rogueca/rogueclient/x509.pem
+--x509keyfile=rogueca/rogueclient/secret.key
 --x509cafile=authority/x509.pem
 --priority=NORMAL