Changeset f828974 in mod_gnutls


Ignore:
Timestamp:
Jul 15, 2019, 3:26:28 PM (2 years ago)
Author:
Fiona Klute <fiona.klute@…>
Branches:
asyncio, master, proxy-ticket
Children:
7cfc02b
Parents:
c3aebe5
git-author:
Fiona Klute <fiona.klute@…> (07/15/19 15:21:17)
git-committer:
Fiona Klute <fiona.klute@…> (07/15/19 15:26:28)
Message:

Test suite: Build & use certificate chain for the authority/subca/server ID

Location:
test
Files:
3 edited

Legend:

Unmodified
Added
Removed

  • test/Makefile.am

    rc3aebe5 rf828974  
    171171        echo "unique_subject = no" > $@
    172172
    173 # build certificate chain file for server
    174 check_DATA += authority/server/x509-chain.pem
    175 MOSTLYCLEANFILES += authority/server/x509-chain.pem
    176 %/x509-chain.pem: %/x509.pem authority/x509.pem
    177         cat $< authority/x509.pem > $@
     173# Build certificate chain files. Note that intermediate tokens must be
     174# listed explicitly, or the dependency chain will be broken because
     175# the higher level pattern matches, too.
     176chain_tokens = authority/server/x509-chain.pem \
     177        authority/subca/x509-chain.pem \
     178        authority/subca/server/x509-chain.pem
     179check_DATA += $(chain_tokens)
     180MOSTLYCLEANFILES += $(chain_tokens)
    178181endif
    179182

  • test/test_ca.mk

    rc3aebe5 rf828974  
    5858# special rule for root CAs
    5959root_cert_rule = certtool --outfile $@ --generate-self-signed --load-privkey $(dir $@)secret.key --template $<
     60root_chain_rule = cp $< $@
    6061authority/x509.pem rogueca/x509.pem: %/x509.pem: %/template %/secret.key
    6162        $(root_cert_rule)
     63authority/x509-chain.pem rogueca/x509-chain.pem: %/x509-chain.pem: %/x509.pem
     64        $(root_chain_rule)
    6265
    6366# generic rule for building non-root certificates, with the CA in the
    6467# parent directory
    6568cert_rule = certtool --outfile $@ --generate-certificate --load-ca-certificate $(dir $@)../x509.pem --load-ca-privkey $(dir $@)../secret.key --load-privkey $(dir $@)secret.key --template $<
     69chain_rule = cat $< $(dir $@)../x509-chain.pem > $@
    6670
    6771# certificates signed by the test root CA
    6872%/x509.pem: %/template %/secret.key authority/secret.key authority/x509.pem
    6973        $(cert_rule)
     74%/x509-chain.pem: %/x509.pem authority/x509-chain.pem
     75        $(chain_rule)
    7076
    7177# certificates signed by the test sub CA
    7278authority/subca/%/x509.pem: authority/subca/%/template authority/subca/%/secret.key authority/subca/x509.pem
    7379        $(cert_rule)
     80authority/subca/%/x509-chain.pem: authority/subca/%/x509.pem authority/subca/x509-chain.pem
     81        $(chain_rule)
    7482
    7583# certificates signed by rogue CA (for error cases)

  • test/tests/00_basic/apache.conf

    rc3aebe5 rf828974  
    66 ServerName ${TEST_HOST}
    77 GnuTLSEnable On
    8  GnuTLSCertificateFile  authority/server/x509.pem
    9  GnuTLSKeyFile          authority/server/secret.key
     8 GnuTLSCertificateFile  authority/subca/server/x509-chain.pem
     9 GnuTLSKeyFile          authority/subca/server/secret.key
    1010</VirtualHost>
Note: See TracChangeset for help on using the changeset viewer.