Changeset be2ad50 in mod_gnutls


Ignore:
Timestamp:
Sep 25, 2020, 4:19:27 PM (10 months ago)
Author:
Fiona Klute <fiona.klute@…>
Branches:
asyncio
Children:
f363569
Parents:
cbc3477
Message:

Create untrusted, but otherwise good certificate for validation test

The previous "imposter" certificate would've already failed the
hostname check. It's still used in SNI tests, to be replaced with a
better fitting certificate later.

Location:
test
Files:
1 added
3 edited

Legend:

Unmodified
Added
Removed

  • test/Makefile.am

    rcbc3477 rbe2ad50  
    8383x509_only_identities = authority/server authority/imposter \
    8484        authority/subca authority/subca/server \
    85         rogueca rogueca/rogueclient
     85        rogueca rogueca/imposter rogueca/rogueclient
    8686if ENABLE_OCSP_TEST
    8787x509_only_identities += authority/ocsp-responder authority/subca/ocsp-responder
     
    127127        authority/subca/template.in authority/subca/server/template.in \
    128128        authority/subca/ocsp-responder/template \
    129         rogueca/template rogueca/rogueclient/template.in
     129        rogueca/template rogueca/imposter/template.in \
     130        rogueca/rogueclient/template.in
    130131generated_templates = authority/template authority/client/template \
    131         authority/imposter/template rogueca/rogueclient/template \
    132         authority/server/template
     132        authority/imposter/template authority/server/template \
     133        rogueca/imposter/template rogueca/rogueclient/template
    133134
    134135# Delete X.509 private keys on full clean. Note that unless you need

  • test/tests/21_TLS_reverse_proxy_wrong_cert/backend.conf

    rcbc3477 rbe2ad50  
    66 ServerName ${BACKEND_HOST}
    77 GnuTLSEnable On
    8  GnuTLSCertificateFile  authority/imposter/x509.pem
    9  GnuTLSKeyFile          authority/imposter/secret.key
     8 GnuTLSCertificateFile  rogueca/imposter/x509.pem
     9 GnuTLSKeyFile          rogueca/imposter/secret.key
    1010</VirtualHost>

  • test/tests/21_TLS_reverse_proxy_wrong_cert/test.yaml

    rcbc3477 rbe2ad50  
    1818  description: >-
    1919    Check if the proxy itself works correctly and presents the
    20     expected bad certificate
     20    expected untrusted certificate
    2121  host: '${BACKEND_HOST}'
    2222  port: '${BACKEND_PORT}'
    2323  gnutls_params:
    24     - x509cafile=authority/x509.pem
    25     - verify-hostname=imposter.example
     24    - x509cafile=rogueca/x509.pem
    2625  actions:
    2726    - !request
Note: See TracChangeset for help on using the changeset viewer.