mirror of https://github.com/omar-polo/gmid.git
regress: change naming scheme for certs, add GENCERT_FLAGS knob
Call the certificates .pem and the keys .key; use contrib/gencert to generate the certificates and provide a GENCERT_FLAGS knob so that regress can be run with EC keys (GENCERT_FLAGS=-e). Still no automatic way of testing with both RSA and EC keys.
This commit is contained in:
parent
eaca1ed4db
commit
80745f0411
|
@ -2,6 +2,8 @@
|
||||||
# all.
|
# all.
|
||||||
TESTS=
|
TESTS=
|
||||||
|
|
||||||
|
GENCERT_FLAGS=
|
||||||
|
|
||||||
# host to bind to during regress
|
# host to bind to during regress
|
||||||
REGRESS_HOST = localhost
|
REGRESS_HOST = localhost
|
||||||
|
|
||||||
|
@ -39,7 +41,7 @@ IRI_OBJS = ${IRI_SRCS:.c=.o} ${REG_COMPATS}
|
||||||
all: data puny-test iri_test fcgi-test
|
all: data puny-test iri_test fcgi-test
|
||||||
env REGRESS_HOST="${REGRESS_HOST}" ./regress ${TESTS}
|
env REGRESS_HOST="${REGRESS_HOST}" ./regress ${TESTS}
|
||||||
|
|
||||||
data: testdata cert.pem testca.pem valid.crt invalid.cert.pem
|
data: testdata localhost.pem testca.pem valid.crt invalid.pem
|
||||||
|
|
||||||
puny-test: ${PUNY_OBJS}
|
puny-test: ${PUNY_OBJS}
|
||||||
${CC} ${PUNY_OBJS} -o puny-test ${LIBS} ${LDFLAGS}
|
${CC} ${PUNY_OBJS} -o puny-test ${LIBS} ${LDFLAGS}
|
||||||
|
@ -53,19 +55,10 @@ fill-file: fill-file.o
|
||||||
fcgi-test: fcgi-test.o
|
fcgi-test: fcgi-test.o
|
||||||
${CC} fcgi-test.o ../log.o ${REG_COMPATS} -o fcgi-test ${LIBS} ${LDFLAGS}
|
${CC} fcgi-test.o ../log.o ${REG_COMPATS} -o fcgi-test ${LIBS} ${LDFLAGS}
|
||||||
|
|
||||||
key.pem: cert.pem
|
localhost.key: localhost.pem
|
||||||
|
|
||||||
# XXX: key size is NOT GOOD. This is only for testing. Smaller keys
|
localhost.pem:
|
||||||
# are quicker to generate. DON'T DO THIS AT HOME.
|
./../contrib/gencert ${GENCERT_FLAGS} localhost >/dev/null
|
||||||
cert.pem:
|
|
||||||
openssl req -x509 -newkey rsa:2048 \
|
|
||||||
-keyout key.pem \
|
|
||||||
-out cert.pem \
|
|
||||||
-days 365 -nodes \
|
|
||||||
-subj "/CN=localhost"
|
|
||||||
ln -s cert.pem localhost.cert.pem
|
|
||||||
ln -s key.pem localhost.key.pem
|
|
||||||
@echo
|
|
||||||
|
|
||||||
testca.pem:
|
testca.pem:
|
||||||
openssl genrsa -out testca.key 2048
|
openssl genrsa -out testca.key 2048
|
||||||
|
@ -90,14 +83,14 @@ valid.crt: testca.pem
|
||||||
-days 365 \
|
-days 365 \
|
||||||
-sha256 -extfile valid.ext
|
-sha256 -extfile valid.ext
|
||||||
|
|
||||||
invalid.cert.pem: cert.pem
|
invalid.pem: localhost.pem
|
||||||
cp cert.pem invalid.cert.pem
|
cp localhost.pem invalid.pem
|
||||||
cp key.pem invalid.key.pem
|
cp localhost.key invalid.key
|
||||||
|
|
||||||
clean:
|
clean:
|
||||||
rm -f *.o iri_test cert.pem key.pem
|
rm -f *.o iri_test localhost.pem localhost.key
|
||||||
rm -f localhost.cert.pem localhost.key.pem
|
rm -f localhost.pem localhost.key
|
||||||
rm -f testca.* valid.csr valid.key valid.crt invalid.*pem
|
rm -f testca.* valid.csr valid.key valid.crt invalid.pem invalid.key
|
||||||
rm -rf testdata fill-file puny-test fcgi-test
|
rm -rf testdata fill-file puny-test fcgi-test
|
||||||
rm -f gmid.pid fcgi.sock
|
rm -f gmid.pid fcgi.sock
|
||||||
|
|
||||||
|
|
|
@ -59,8 +59,8 @@ gen_config() {
|
||||||
$config_common
|
$config_common
|
||||||
$1
|
$1
|
||||||
server "localhost" {
|
server "localhost" {
|
||||||
cert "$PWD/cert.pem"
|
cert "$PWD/localhost.pem"
|
||||||
key "$PWD/key.pem"
|
key "$PWD/localhost.key"
|
||||||
root "$PWD/testdata"
|
root "$PWD/testdata"
|
||||||
listen on $REGRESS_HOST port $port
|
listen on $REGRESS_HOST port $port
|
||||||
$2
|
$2
|
||||||
|
@ -75,8 +75,8 @@ EOF
|
||||||
set_proxy() {
|
set_proxy() {
|
||||||
cat <<EOF >>reg.conf
|
cat <<EOF >>reg.conf
|
||||||
server "localhost.local" {
|
server "localhost.local" {
|
||||||
cert "$PWD/cert.pem"
|
cert "$PWD/localhost.pem"
|
||||||
key "$PWD/key.pem"
|
key "$PWD/localhost.key"
|
||||||
listen on $REGRESS_HOST port $port
|
listen on $REGRESS_HOST port $port
|
||||||
proxy {
|
proxy {
|
||||||
relay-to localhost port $port
|
relay-to localhost port $port
|
||||||
|
|
|
@ -187,7 +187,7 @@ test_require_client_ca() {
|
||||||
fetch_hdr /
|
fetch_hdr /
|
||||||
check_reply "20 text/gemini" || return 1
|
check_reply "20 text/gemini" || return 1
|
||||||
|
|
||||||
ggflags="-C invalid.cert.pem -K invalid.key.pem"
|
ggflags="-C invalid.pem -K invalid.key"
|
||||||
fetch_hdr /
|
fetch_hdr /
|
||||||
check_reply "61 certificate not authorised" || return 1
|
check_reply "61 certificate not authorised" || return 1
|
||||||
}
|
}
|
||||||
|
@ -290,8 +290,8 @@ pwd = "$PWD"
|
||||||
|
|
||||||
server "localhost" {
|
server "localhost" {
|
||||||
# the quoting of \$ is for sh
|
# the quoting of \$ is for sh
|
||||||
cert \$pwd "/cert.pem"
|
cert \$pwd "/localhost.pem"
|
||||||
key \$pwd "/key.pem"
|
key \$pwd "/localhost.key"
|
||||||
root \$pwd "/testdata"
|
root \$pwd "/testdata"
|
||||||
listen on $REGRESS_HOST port $port
|
listen on $REGRESS_HOST port $port
|
||||||
}
|
}
|
||||||
|
@ -339,8 +339,8 @@ test_proxy_with_certs() {
|
||||||
|
|
||||||
gen_config '' 'require client ca "'$PWD'/testca.pem"'
|
gen_config '' 'require client ca "'$PWD'/testca.pem"'
|
||||||
set_proxy "
|
set_proxy "
|
||||||
cert \"$PWD/invalid.cert.pem\"
|
cert \"$PWD/invalid.pem\"
|
||||||
key \"$PWD/invalid.key.pem\"
|
key \"$PWD/invalid.key\"
|
||||||
"
|
"
|
||||||
run
|
run
|
||||||
|
|
||||||
|
|
Loading…
Reference in New Issue