regress: change naming scheme for certs, add GENCERT_FLAGS knob

Call the certificates .pem and the keys .key; use contrib/gencert to generate the certificates and provide a GENCERT_FLAGS knob so that regress can be run with EC keys (GENCERT_FLAGS=-e). Still no automatic way of testing with both RSA and EC keys.
2023-08-29 09:30:28 +00:00 · 2023-08-29 09:30:28 +00:00 · 80745f0411
parent eaca1ed4db
commit 80745f0411
3 changed files with 21 additions and 28 deletions
--- a/regress/Makefile
+++ b/regress/Makefile
@ -2,6 +2,8 @@
 # all.
 TESTS=

+GENCERT_FLAGS=
+
 # host to bind to during regress
 REGRESS_HOST =	localhost

@ -39,7 +41,7 @@ IRI_OBJS =	${IRI_SRCS:.c=.o} ${REG_COMPATS}
 all: data puny-test iri_test fcgi-test
 	env REGRESS_HOST="${REGRESS_HOST}" ./regress ${TESTS}

-data: testdata cert.pem testca.pem valid.crt invalid.cert.pem
+data: testdata localhost.pem testca.pem valid.crt invalid.pem

 puny-test: ${PUNY_OBJS}
 	${CC} ${PUNY_OBJS} -o puny-test ${LIBS} ${LDFLAGS}
@ -53,19 +55,10 @@ fill-file: fill-file.o
 fcgi-test: fcgi-test.o
 	${CC} fcgi-test.o ../log.o ${REG_COMPATS} -o fcgi-test ${LIBS} ${LDFLAGS}

-key.pem: cert.pem
+localhost.key: localhost.pem

-# XXX: key size is NOT GOOD.  This is only for testing.  Smaller keys
-# are quicker to generate.  DON'T DO THIS AT HOME.
-cert.pem:
-	openssl req -x509 -newkey rsa:2048	\
-		-keyout key.pem			\
-		-out cert.pem			\
-		-days 365 -nodes		\
-		-subj "/CN=localhost"
-	ln -s cert.pem localhost.cert.pem
-	ln -s key.pem localhost.key.pem
-	@echo
+localhost.pem:
+	./../contrib/gencert ${GENCERT_FLAGS} localhost >/dev/null

 testca.pem:
 	openssl genrsa -out testca.key 2048
@ -90,14 +83,14 @@ valid.crt: testca.pem
 		-days 365			\
 		-sha256 -extfile valid.ext

-invalid.cert.pem: cert.pem
-	cp cert.pem invalid.cert.pem
-	cp key.pem invalid.key.pem
+invalid.pem: localhost.pem
+	cp localhost.pem invalid.pem
+	cp localhost.key invalid.key

 clean:
-	rm -f *.o iri_test cert.pem key.pem
-	rm -f localhost.cert.pem localhost.key.pem
-	rm -f testca.* valid.csr valid.key valid.crt invalid.*pem
+	rm -f *.o iri_test localhost.pem localhost.key
+	rm -f localhost.pem localhost.key
+	rm -f testca.* valid.csr valid.key valid.crt invalid.pem invalid.key
 	rm -rf testdata fill-file puny-test fcgi-test
 	rm -f gmid.pid fcgi.sock

--- a/regress/lib.sh
+++ b/regress/lib.sh
@ -59,8 +59,8 @@ gen_config() {
 $config_common
 $1
 server "localhost" {
-	cert "$PWD/cert.pem"
-	key  "$PWD/key.pem"
+	cert "$PWD/localhost.pem"
+	key  "$PWD/localhost.key"
 	root "$PWD/testdata"
 	listen on $REGRESS_HOST port $port
 	$2
@ -75,8 +75,8 @@ EOF
 set_proxy() {
 	cat <<EOF >>reg.conf
 server "localhost.local" {
-	cert "$PWD/cert.pem"
-	key "$PWD/key.pem"
+	cert "$PWD/localhost.pem"
+	key "$PWD/localhost.key"
 	listen on $REGRESS_HOST port $port
 	proxy {
 		relay-to localhost port $port
--- a/regress/tests.sh
+++ b/regress/tests.sh
@ -187,7 +187,7 @@ test_require_client_ca() {
 	fetch_hdr /
 	check_reply "20 text/gemini" || return 1

-	ggflags="-C invalid.cert.pem -K invalid.key.pem"
+	ggflags="-C invalid.pem -K invalid.key"
 	fetch_hdr /
 	check_reply "61 certificate not authorised" || return 1
 }
@ -290,8 +290,8 @@ pwd = "$PWD"

 server "localhost" {
 	# the quoting of \$ is for sh
-	cert \$pwd "/cert.pem"
-	key  \$pwd "/key.pem"
+	cert \$pwd "/localhost.pem"
+	key  \$pwd "/localhost.key"
 	root \$pwd "/testdata"
 	listen on $REGRESS_HOST port $port
 }
@ -339,8 +339,8 @@ test_proxy_with_certs() {

 	gen_config '' 'require client ca "'$PWD'/testca.pem"'
 	set_proxy "
-		cert \"$PWD/invalid.cert.pem\"
-		key \"$PWD/invalid.key.pem\"
+		cert \"$PWD/invalid.pem\"
+		key \"$PWD/invalid.key\"
 	"
 	run