Changeset e376ed8 in mod_gnutls for test


Ignore:
Timestamp:
Nov 29, 2019, 4:30:08 PM (2 years ago)
Author:
Fiona Klute <fiona.klute@…>
Branches:
asyncio, master, proxy-ticket
Children:
618ee14
Parents:
d4c9331 (diff), 556783e (diff)
Note: this is a merge changeset, the changes displayed below correspond to the merge itself.
Use the (diff) links above to see all the changes relative to each parent.
Message:

Merge branch 'subca'

Location:
test
Files:
3 added
5 edited

Legend:

Unmodified
Added
Removed
  • test/Makefile.am

    rd4c9331 re376ed8  
    5858shared_identities = authority authority/client
    5959pgp_identities = $(shared_identities)
    60 x509_only_identities = authority/server authority/imposter rogueca \
    61         rogueca/rogueclient
    62 if ENABLE_OCSP_TEST
    63 x509_only_identities += authority/ocsp-responder
     60x509_only_identities = authority/server authority/imposter \
     61        authority/subca authority/subca/server \
     62        rogueca rogueca/rogueclient
     63if ENABLE_OCSP_TEST
     64x509_only_identities += authority/ocsp-responder authority/subca/ocsp-responder
    6465endif
    6566x509_identities = $(shared_identities) $(x509_only_identities)
     
    101102        authority/imposter/template.in authority/ocsp-responder/template \
    102103        authority/server/template.in \
     104        authority/subca/template.in authority/subca/server/template.in \
     105        authority/subca/ocsp-responder/template \
    103106        rogueca/template rogueca/rogueclient/template.in
    104107generated_templates = authority/template authority/client/template \
     
    161164if ENABLE_OCSP_TEST
    162165# rules to build OCSP database
    163 check_DATA += authority/ocsp_index.txt
    164 MOSTLYCLEANFILES += authority/ocsp_index.txt authority/ocsp_index.txt.attr
    165 authority/ocsp_index.txt: $(x509_tokens) gen_ocsp_index authority/ocsp_index.txt.attr
    166         ./gen_ocsp_index authority/server/x509.pem authority/client/x509.pem > $@
    167 
    168 authority/ocsp_index.txt.attr: authority/secret.key
     166ocsp_index_data = authority/ocsp_index.txt authority/ocsp_index.txt.attr \
     167        authority/subca/ocsp_index.txt authority/subca/ocsp_index.txt.attr
     168check_DATA += $(ocsp_index_data)
     169MOSTLYCLEANFILES += $(ocsp_index_data)
     170
     171# The "find" command builds a list of all certificates directly below
     172# the CA that aren't for the ocsp-responder.
     173%/ocsp_index.txt: $(x509_tokens) gen_ocsp_index
     174        ./gen_ocsp_index $$(find $(*) -mindepth 2 -maxdepth 2 ! -path '*/ocsp-responder/*' -name x509.pem) > $@
     175
     176%/ocsp_index.txt.attr:
     177        @mkdir -m 0700 -p $(dir $@)
    169178        echo "unique_subject = no" > $@
    170179
    171 # build certificate chain file for server
    172 check_DATA += authority/server/x509-chain.pem
    173 MOSTLYCLEANFILES += authority/server/x509-chain.pem
    174 %/x509-chain.pem: %/x509.pem authority/x509.pem
    175         cat $< authority/x509.pem > $@
     180# Build certificate chain files. Note that intermediate tokens must be
     181# listed explicitly, or the dependency chain will be broken because
     182# the higher level pattern matches, too.
     183chain_tokens = authority/server/x509-chain.pem \
     184        authority/subca/x509-chain.pem \
     185        authority/subca/server/x509-chain.pem
     186check_DATA += $(chain_tokens)
     187MOSTLYCLEANFILES += $(chain_tokens) authority/x509-chain.pem
    176188endif
    177189
  • test/ocsp_server.conf.in

    rd4c9331 re376ed8  
    2222        RewriteEngine   On
    2323        RewriteRule     ^/ocsp(.*)      /ocsp.cgi$1     [L]
     24        # General rules for all OCSP handling
    2425        <Location /ocsp/>
    2526                # Some clients seem to have trouble with chunked
    2627                # encoding, so force HTTP/1.0 for now.
    2728                SetEnv  downgrade-1.0
     29                <If "-n osenv('OPENSSL')">
     30                        # Pass OPENSSL variable to CGI script if set
     31                        SetEnv  OPENSSL         ${OPENSSL}
     32                </If>
     33        </Location>
     34        <Location /ocsp/authority/>
    2835                # certificates and key for ocsp.cgi
    2936                SetEnv  CA_CERT         ${PWD}/authority/x509.pem
     
    3138                SetEnv  OCSP_CERT       ${PWD}/authority/ocsp-responder/x509.pem
    3239                SetEnv  OCSP_KEY        ${PWD}/authority/ocsp-responder/secret.key
    33                 <If "-n osenv('OPENSSL')">
    34                         # Pass OPENSSL variable to CGI script if set
    35                         SetEnv  OPENSSL         ${OPENSSL}
    36                 </If>
     40        </Location>
     41        <Location /ocsp/authority/subca/>
     42                # certificates and key for ocsp.cgi
     43                SetEnv  CA_CERT         ${PWD}/authority/subca/x509.pem
     44                SetEnv  OCSP_INDEX      ${PWD}/authority/subca/ocsp_index.txt
     45                SetEnv  OCSP_CERT       ${PWD}/authority/subca/ocsp-responder/x509.pem
     46                SetEnv  OCSP_KEY        ${PWD}/authority/subca/ocsp-responder/secret.key
    3747        </Location>
    3848        <Directory ${srcdir}/data>
  • test/test_ca.mk

    rd4c9331 re376ed8  
    1010        @mkdir -m 0700 -p $(@D)
    1111        sed s/__HOSTNAME__/$(TEST_HOST)/ < $< > $@
    12         sed -i -e "s,__OCSP_URI__,$(OCSP_URI_TEMPLATE)," $@
     12        sed -i -e "s,__OCSP_URI__,$(OCSP_URI_TEMPLATE)$(dir $(*))," $@
    1313        for i in $(patsubst [%],%,$(TEST_IP)); do \
    1414                IP_ADDRS="$${IP_ADDRS}\nip_address = $${i}"; \
     
    5858# special rule for root CAs
    5959root_cert_rule = certtool --outfile $@ --generate-self-signed --load-privkey $(dir $@)secret.key --template $<
     60root_chain_rule = cp $< $@
    6061authority/x509.pem rogueca/x509.pem: %/x509.pem: %/template %/secret.key
    6162        $(root_cert_rule)
     63authority/x509-chain.pem rogueca/x509-chain.pem: %/x509-chain.pem: %/x509.pem
     64        $(root_chain_rule)
    6265
    6366# generic rule for building non-root certificates, with the CA in the
    6467# parent directory
    6568cert_rule = certtool --outfile $@ --generate-certificate --load-ca-certificate $(dir $@)../x509.pem --load-ca-privkey $(dir $@)../secret.key --load-privkey $(dir $@)secret.key --template $<
     69chain_rule = cat $< $(dir $@)../x509-chain.pem > $@
    6670
    6771# certificates signed by the test root CA
    6872%/x509.pem: %/template %/secret.key authority/secret.key authority/x509.pem
    6973        $(cert_rule)
     74%/x509-chain.pem: %/x509.pem authority/x509-chain.pem
     75        $(chain_rule)
     76
     77# certificates signed by the test sub CA
     78authority/subca/%/x509.pem: authority/subca/%/template authority/subca/%/secret.key authority/subca/x509.pem
     79        $(cert_rule)
     80authority/subca/%/x509-chain.pem: authority/subca/%/x509.pem authority/subca/x509-chain.pem
     81        $(chain_rule)
    7082
    7183# certificates signed by rogue CA (for error cases)
  • test/tests/00_basic/apache.conf

    rd4c9331 re376ed8  
    66 ServerName ${TEST_HOST}
    77 GnuTLSEnable On
    8  GnuTLSCertificateFile  authority/server/x509.pem
    9  GnuTLSKeyFile          authority/server/secret.key
     8 GnuTLSCertificateFile  authority/subca/server/x509-chain.pem
     9 GnuTLSKeyFile          authority/subca/server/secret.key
    1010</VirtualHost>
  • test/tests/27_OCSP_server/apache.conf

    rd4c9331 re376ed8  
    1212        #GnuTLSOCSPStapling     On
    1313        GnuTLSOCSPCacheTimeout  60
    14         GnuTLSCertificateFile   authority/server/x509-chain.pem
    15         GnuTLSKeyFile           authority/server/secret.key
     14        GnuTLSCertificateFile   authority/subca/server/x509-chain.pem
     15        GnuTLSKeyFile           authority/subca/server/secret.key
    1616        GnuTLSPriorities        NORMAL
    1717</VirtualHost>
Note: See TracChangeset for help on using the changeset viewer.