Context Navigation

← Previous Changeset
Next Changeset →

Changeset be2ad50 in mod_gnutls

Timestamp:

Sep 25, 2020, 4:19:27 PM (14 months ago)

Author:

Fiona Klute <fiona.klute@…>

Branches:

asyncio, master

Children:

f363569

Parents:

cbc3477

Message:

Create untrusted, but otherwise good certificate for validation test

The previous "imposter" certificate would've already failed the
hostname check. It's still used in SNI tests, to be replaced with a
better fitting certificate later.

Location:

test

Files:

: 1 added
: 3 edited

Makefile.am (modified) (2 diffs)
rogueca/imposter/template.in (added)
tests/21_TLS_reverse_proxy_wrong_cert/backend.conf (modified) (1 diff)
tests/21_TLS_reverse_proxy_wrong_cert/test.yaml (modified) (1 diff)

Legend:

: Unmodified
: Added
: Removed

test/Makefile.am

-                      rcbc3477
+                      rbe2ad50
 x509_only_identities = authority/server authority/imposter \
         authority/subca authority/subca/server \
         rogueca rogueca/rogueclient
+        rogueca rogueca/imposter rogueca/rogueclient
 if ENABLE_OCSP_TEST
 x509_only_identities += authority/ocsp-responder authority/subca/ocsp-responder
 …
         authority/subca/template.in authority/subca/server/template.in \
         authority/subca/ocsp-responder/template \
+        rogueca/template rogueca/rogueclient/template.in
+        rogueca/template rogueca/imposter/template.in \
+        rogueca/rogueclient/template.in
 generated_templates = authority/template authority/client/template \
         authority/imposter/template rogueca/rogueclient/template \
         authority/server/template
+        authority/imposter/template authority/server/template \
+        rogueca/imposter/template rogueca/rogueclient/template
 # Delete X.509 private keys on full clean. Note that unless you need

test/tests/21_TLS_reverse_proxy_wrong_cert/backend.conf

-                      rcbc3477
+                      rbe2ad50
  ServerName ${BACKEND_HOST}
  GnuTLSEnable On
  GnuTLSCertificateFile  authority/imposter/x509.pem
  GnuTLSKeyFile          authority/imposter/secret.key
+ GnuTLSCertificateFile  rogueca/imposter/x509.pem
+ GnuTLSKeyFile          rogueca/imposter/secret.key
 </VirtualHost>

test/tests/21_TLS_reverse_proxy_wrong_cert/test.yaml

-                      rcbc3477
+                      rbe2ad50
   description: >-
     Check if the proxy itself works correctly and presents the
     expected bad certificate
+    expected untrusted certificate
   host: '${BACKEND_HOST}'
   port: '${BACKEND_PORT}'
   gnutls_params:
+    - x509cafile=authority/x509.pem
+    - verify-hostname=imposter.example
+    - x509cafile=rogueca/x509.pem
   actions:
     - !request

Note: See TracChangeset for help on using the changeset viewer.