commit 80745f04113ce73ae4f5aaba5c6a458af92590d0 from: Omar Polo date: Tue Aug 29 09:30:28 2023 UTC regress: change naming scheme for certs, add GENCERT_FLAGS knob Call the certificates .pem and the keys .key; use contrib/gencert to generate the certificates and provide a GENCERT_FLAGS knob so that regress can be run with EC keys (GENCERT_FLAGS=-e). Still no automatic way of testing with both RSA and EC keys. commit - eaca1ed4dbf841dfe709ae0d5050b0b64dc42a1f commit + 80745f04113ce73ae4f5aaba5c6a458af92590d0 blob - 89b87ef4c5fcc8ff545d5bad9c9efae7230a08e0 blob + 1aa47410a14e2163f48bb0baf90dac6cf9535408 --- regress/Makefile +++ regress/Makefile @@ -2,6 +2,8 @@ # all. TESTS= +GENCERT_FLAGS= + # host to bind to during regress REGRESS_HOST = localhost @@ -39,7 +41,7 @@ IRI_OBJS = ${IRI_SRCS:.c=.o} ${REG_COMPATS} all: data puny-test iri_test fcgi-test env REGRESS_HOST="${REGRESS_HOST}" ./regress ${TESTS} -data: testdata cert.pem testca.pem valid.crt invalid.cert.pem +data: testdata localhost.pem testca.pem valid.crt invalid.pem puny-test: ${PUNY_OBJS} ${CC} ${PUNY_OBJS} -o puny-test ${LIBS} ${LDFLAGS} @@ -53,19 +55,10 @@ fill-file: fill-file.o fcgi-test: fcgi-test.o ${CC} fcgi-test.o ../log.o ${REG_COMPATS} -o fcgi-test ${LIBS} ${LDFLAGS} -key.pem: cert.pem +localhost.key: localhost.pem -# XXX: key size is NOT GOOD. This is only for testing. Smaller keys -# are quicker to generate. DON'T DO THIS AT HOME. -cert.pem: - openssl req -x509 -newkey rsa:2048 \ - -keyout key.pem \ - -out cert.pem \ - -days 365 -nodes \ - -subj "/CN=localhost" - ln -s cert.pem localhost.cert.pem - ln -s key.pem localhost.key.pem - @echo +localhost.pem: + ./../contrib/gencert ${GENCERT_FLAGS} localhost >/dev/null testca.pem: openssl genrsa -out testca.key 2048 @@ -90,14 +83,14 @@ valid.crt: testca.pem -days 365 \ -sha256 -extfile valid.ext -invalid.cert.pem: cert.pem - cp cert.pem invalid.cert.pem - cp key.pem invalid.key.pem +invalid.pem: localhost.pem + cp localhost.pem invalid.pem + cp localhost.key invalid.key clean: - rm -f *.o iri_test cert.pem key.pem - rm -f localhost.cert.pem localhost.key.pem - rm -f testca.* valid.csr valid.key valid.crt invalid.*pem + rm -f *.o iri_test localhost.pem localhost.key + rm -f localhost.pem localhost.key + rm -f testca.* valid.csr valid.key valid.crt invalid.pem invalid.key rm -rf testdata fill-file puny-test fcgi-test rm -f gmid.pid fcgi.sock blob - c5f662af085353a3b31c406aa5609b7289c0d321 blob + 47e045165b5668c43e5d86f2b8ddcd35b5360931 --- regress/lib.sh +++ regress/lib.sh @@ -59,8 +59,8 @@ gen_config() { $config_common $1 server "localhost" { - cert "$PWD/cert.pem" - key "$PWD/key.pem" + cert "$PWD/localhost.pem" + key "$PWD/localhost.key" root "$PWD/testdata" listen on $REGRESS_HOST port $port $2 @@ -75,8 +75,8 @@ EOF set_proxy() { cat <>reg.conf server "localhost.local" { - cert "$PWD/cert.pem" - key "$PWD/key.pem" + cert "$PWD/localhost.pem" + key "$PWD/localhost.key" listen on $REGRESS_HOST port $port proxy { relay-to localhost port $port blob - 640a81422e85f43730f795f17b251489fbe46839 blob + 4614f0ba488f7120e63fb3cfc2191e3c645e3bca --- regress/tests.sh +++ regress/tests.sh @@ -187,7 +187,7 @@ test_require_client_ca() { fetch_hdr / check_reply "20 text/gemini" || return 1 - ggflags="-C invalid.cert.pem -K invalid.key.pem" + ggflags="-C invalid.pem -K invalid.key" fetch_hdr / check_reply "61 certificate not authorised" || return 1 } @@ -290,8 +290,8 @@ pwd = "$PWD" server "localhost" { # the quoting of \$ is for sh - cert \$pwd "/cert.pem" - key \$pwd "/key.pem" + cert \$pwd "/localhost.pem" + key \$pwd "/localhost.key" root \$pwd "/testdata" listen on $REGRESS_HOST port $port } @@ -339,8 +339,8 @@ test_proxy_with_certs() { gen_config '' 'require client ca "'$PWD'/testca.pem"' set_proxy " - cert \"$PWD/invalid.cert.pem\" - key \"$PWD/invalid.key.pem\" + cert \"$PWD/invalid.pem\" + key \"$PWD/invalid.key\" " run