Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Generate more certs/identities, and use them for better multi-cert test coverage #10747

Closed
wants to merge 4 commits into from
Closed

Generate more certs/identities, and use them for better multi-cert test coverage #10747

wants to merge 4 commits into from

Commits on Sep 11, 2017

  1. test: rename agent1-pfx.pem to agent1.pfx 

    PFX is not PEM, its binary DER. Use the same .pfx extension as
test/fixtures/test_cert.pfx does.
    @sam-github
    sam-github committed Sep 11, 2017
    Configuration menu
    Copy the full SHA
    89d57b4 View commit details
    Browse the repository at this point in the history

  2. test: add independent multi-alg crypto identities 

    agent6 was the only cert that had a chain (an intermediate certificate),
and there were no non-RSA certs other than a single self-signed one.
This makes it impossible to test cert-chain scenarios with multiple
identities which require chains to prove chain completion, and
multi-algorithm because OpenSSL doesn't support multiple identities
unless they are multi-algorithm.

PFX files were also missing for most identities, making it difficult to
test multi-PFX and PFX interactions with cert-chain+key and CA options.

New server cert chains:

- ECC: ca5 signs ca6 signs ec10, CN=agent10.example.com
- RSA: ca2 signs ca4 signs agent10, CN=agent10.example.com

PFX added for:

- agent6
- agent10
- ec10
    @sam-github
    sam-github committed Sep 11, 2017
    Configuration menu
    Copy the full SHA
    0bc3166 View commit details
    Browse the repository at this point in the history

  3. test: cover tls multi-identity option mixtures 

    Prove that cert and key options do not have to be ordered, and that the
pfx option can be used at the same time as the cert/key option
(which was claimed to be impossible by some pre-existing documentation).
    @sam-github
    sam-github committed Sep 11, 2017
    Configuration menu
    Copy the full SHA
    c4d269f View commit details
    Browse the repository at this point in the history

  4. test: confirm tls server suite default is its own 

    When honorCipherOrder is not explicitly set, it defaults to true, cover
this condition in the test. Also, run all tests in parallel, instead of
sequentially.
    @sam-github
    sam-github committed Sep 11, 2017
    Configuration menu
    Copy the full SHA
    64d61e9 View commit details
    Browse the repository at this point in the history