From 80745f04113ce73ae4f5aaba5c6a458af92590d0 Mon Sep 17 00:00:00 2001 From: Omar Polo Date: Tue, 29 Aug 2023 09:30:28 +0000 Subject: [PATCH] regress: change naming scheme for certs, add GENCERT_FLAGS knob Call the certificates .pem and the keys .key; use contrib/gencert to generate the certificates and provide a GENCERT_FLAGS knob so that regress can be run with EC keys (GENCERT_FLAGS=-e). Still no automatic way of testing with both RSA and EC keys. --- regress/Makefile | 31 ++++++++++++------------------- regress/lib.sh | 8 ++++---- regress/tests.sh | 10 +++++----- 3 files changed, 21 insertions(+), 28 deletions(-) diff --git a/regress/Makefile b/regress/Makefile index 89b87ef..1aa4741 100644 --- a/regress/Makefile +++ b/regress/Makefile @@ -2,6 +2,8 @@ # all. TESTS= +GENCERT_FLAGS= + # host to bind to during regress REGRESS_HOST = localhost @@ -39,7 +41,7 @@ IRI_OBJS = ${IRI_SRCS:.c=.o} ${REG_COMPATS} all: data puny-test iri_test fcgi-test env REGRESS_HOST="${REGRESS_HOST}" ./regress ${TESTS} -data: testdata cert.pem testca.pem valid.crt invalid.cert.pem +data: testdata localhost.pem testca.pem valid.crt invalid.pem puny-test: ${PUNY_OBJS} ${CC} ${PUNY_OBJS} -o puny-test ${LIBS} ${LDFLAGS} @@ -53,19 +55,10 @@ fill-file: fill-file.o fcgi-test: fcgi-test.o ${CC} fcgi-test.o ../log.o ${REG_COMPATS} -o fcgi-test ${LIBS} ${LDFLAGS} -key.pem: cert.pem +localhost.key: localhost.pem -# XXX: key size is NOT GOOD. This is only for testing. Smaller keys -# are quicker to generate. DON'T DO THIS AT HOME. -cert.pem: - openssl req -x509 -newkey rsa:2048 \ - -keyout key.pem \ - -out cert.pem \ - -days 365 -nodes \ - -subj "/CN=localhost" - ln -s cert.pem localhost.cert.pem - ln -s key.pem localhost.key.pem - @echo +localhost.pem: + ./../contrib/gencert ${GENCERT_FLAGS} localhost >/dev/null testca.pem: openssl genrsa -out testca.key 2048 @@ -90,14 +83,14 @@ valid.crt: testca.pem -days 365 \ -sha256 -extfile valid.ext -invalid.cert.pem: cert.pem - cp cert.pem invalid.cert.pem - cp key.pem invalid.key.pem +invalid.pem: localhost.pem + cp localhost.pem invalid.pem + cp localhost.key invalid.key clean: - rm -f *.o iri_test cert.pem key.pem - rm -f localhost.cert.pem localhost.key.pem - rm -f testca.* valid.csr valid.key valid.crt invalid.*pem + rm -f *.o iri_test localhost.pem localhost.key + rm -f localhost.pem localhost.key + rm -f testca.* valid.csr valid.key valid.crt invalid.pem invalid.key rm -rf testdata fill-file puny-test fcgi-test rm -f gmid.pid fcgi.sock diff --git a/regress/lib.sh b/regress/lib.sh index c5f662a..47e0451 100644 --- a/regress/lib.sh +++ b/regress/lib.sh @@ -59,8 +59,8 @@ gen_config() { $config_common $1 server "localhost" { - cert "$PWD/cert.pem" - key "$PWD/key.pem" + cert "$PWD/localhost.pem" + key "$PWD/localhost.key" root "$PWD/testdata" listen on $REGRESS_HOST port $port $2 @@ -75,8 +75,8 @@ EOF set_proxy() { cat <>reg.conf server "localhost.local" { - cert "$PWD/cert.pem" - key "$PWD/key.pem" + cert "$PWD/localhost.pem" + key "$PWD/localhost.key" listen on $REGRESS_HOST port $port proxy { relay-to localhost port $port diff --git a/regress/tests.sh b/regress/tests.sh index 640a814..4614f0b 100644 --- a/regress/tests.sh +++ b/regress/tests.sh @@ -187,7 +187,7 @@ test_require_client_ca() { fetch_hdr / check_reply "20 text/gemini" || return 1 - ggflags="-C invalid.cert.pem -K invalid.key.pem" + ggflags="-C invalid.pem -K invalid.key" fetch_hdr / check_reply "61 certificate not authorised" || return 1 } @@ -290,8 +290,8 @@ pwd = "$PWD" server "localhost" { # the quoting of \$ is for sh - cert \$pwd "/cert.pem" - key \$pwd "/key.pem" + cert \$pwd "/localhost.pem" + key \$pwd "/localhost.key" root \$pwd "/testdata" listen on $REGRESS_HOST port $port } @@ -339,8 +339,8 @@ test_proxy_with_certs() { gen_config '' 'require client ca "'$PWD'/testca.pem"' set_proxy " - cert \"$PWD/invalid.cert.pem\" - key \"$PWD/invalid.key.pem\" + cert \"$PWD/invalid.pem\" + key \"$PWD/invalid.key\" " run