aboutsummaryrefslogtreecommitdiff
path: root/regress
diff options
context:
space:
mode:
authorOmar Polo <op@omarpolo.com>2023-08-29 09:30:28 +0000
committerOmar Polo <op@omarpolo.com>2023-08-29 09:30:28 +0000
commit80745f04113ce73ae4f5aaba5c6a458af92590d0 (patch)
tree99a84cc31b3652e890a082751eb33ed55b700fba /regress
parenteaca1ed4dbf841dfe709ae0d5050b0b64dc42a1f (diff)
regress: change naming scheme for certs, add GENCERT_FLAGS knob
Call the certificates .pem and the keys .key; use contrib/gencert to generate the certificates and provide a GENCERT_FLAGS knob so that regress can be run with EC keys (GENCERT_FLAGS=-e). Still no automatic way of testing with both RSA and EC keys.
Diffstat (limited to 'regress')
-rw-r--r--regress/Makefile31
-rw-r--r--regress/lib.sh8
-rw-r--r--regress/tests.sh10
3 files changed, 21 insertions, 28 deletions
diff --git a/regress/Makefile b/regress/Makefile
index 89b87ef..1aa4741 100644
--- a/regress/Makefile
+++ b/regress/Makefile
@@ -2,6 +2,8 @@
# all.
TESTS=
+GENCERT_FLAGS=
+
# host to bind to during regress
REGRESS_HOST = localhost
@@ -39,7 +41,7 @@ IRI_OBJS = ${IRI_SRCS:.c=.o} ${REG_COMPATS}
all: data puny-test iri_test fcgi-test
env REGRESS_HOST="${REGRESS_HOST}" ./regress ${TESTS}
-data: testdata cert.pem testca.pem valid.crt invalid.cert.pem
+data: testdata localhost.pem testca.pem valid.crt invalid.pem
puny-test: ${PUNY_OBJS}
${CC} ${PUNY_OBJS} -o puny-test ${LIBS} ${LDFLAGS}
@@ -53,19 +55,10 @@ fill-file: fill-file.o
fcgi-test: fcgi-test.o
${CC} fcgi-test.o ../log.o ${REG_COMPATS} -o fcgi-test ${LIBS} ${LDFLAGS}
-key.pem: cert.pem
+localhost.key: localhost.pem
-# XXX: key size is NOT GOOD. This is only for testing. Smaller keys
-# are quicker to generate. DON'T DO THIS AT HOME.
-cert.pem:
- openssl req -x509 -newkey rsa:2048 \
- -keyout key.pem \
- -out cert.pem \
- -days 365 -nodes \
- -subj "/CN=localhost"
- ln -s cert.pem localhost.cert.pem
- ln -s key.pem localhost.key.pem
- @echo
+localhost.pem:
+ ./../contrib/gencert ${GENCERT_FLAGS} localhost >/dev/null
testca.pem:
openssl genrsa -out testca.key 2048
@@ -90,14 +83,14 @@ valid.crt: testca.pem
-days 365 \
-sha256 -extfile valid.ext
-invalid.cert.pem: cert.pem
- cp cert.pem invalid.cert.pem
- cp key.pem invalid.key.pem
+invalid.pem: localhost.pem
+ cp localhost.pem invalid.pem
+ cp localhost.key invalid.key
clean:
- rm -f *.o iri_test cert.pem key.pem
- rm -f localhost.cert.pem localhost.key.pem
- rm -f testca.* valid.csr valid.key valid.crt invalid.*pem
+ rm -f *.o iri_test localhost.pem localhost.key
+ rm -f localhost.pem localhost.key
+ rm -f testca.* valid.csr valid.key valid.crt invalid.pem invalid.key
rm -rf testdata fill-file puny-test fcgi-test
rm -f gmid.pid fcgi.sock
diff --git a/regress/lib.sh b/regress/lib.sh
index c5f662a..47e0451 100644
--- a/regress/lib.sh
+++ b/regress/lib.sh
@@ -59,8 +59,8 @@ gen_config() {
$config_common
$1
server "localhost" {
- cert "$PWD/cert.pem"
- key "$PWD/key.pem"
+ cert "$PWD/localhost.pem"
+ key "$PWD/localhost.key"
root "$PWD/testdata"
listen on $REGRESS_HOST port $port
$2
@@ -75,8 +75,8 @@ EOF
set_proxy() {
cat <<EOF >>reg.conf
server "localhost.local" {
- cert "$PWD/cert.pem"
- key "$PWD/key.pem"
+ cert "$PWD/localhost.pem"
+ key "$PWD/localhost.key"
listen on $REGRESS_HOST port $port
proxy {
relay-to localhost port $port
diff --git a/regress/tests.sh b/regress/tests.sh
index 640a814..4614f0b 100644
--- a/regress/tests.sh
+++ b/regress/tests.sh
@@ -187,7 +187,7 @@ test_require_client_ca() {
fetch_hdr /
check_reply "20 text/gemini" || return 1
- ggflags="-C invalid.cert.pem -K invalid.key.pem"
+ ggflags="-C invalid.pem -K invalid.key"
fetch_hdr /
check_reply "61 certificate not authorised" || return 1
}
@@ -290,8 +290,8 @@ pwd = "$PWD"
server "localhost" {
# the quoting of \$ is for sh
- cert \$pwd "/cert.pem"
- key \$pwd "/key.pem"
+ cert \$pwd "/localhost.pem"
+ key \$pwd "/localhost.key"
root \$pwd "/testdata"
listen on $REGRESS_HOST port $port
}
@@ -339,8 +339,8 @@ test_proxy_with_certs() {
gen_config '' 'require client ca "'$PWD'/testca.pem"'
set_proxy "
- cert \"$PWD/invalid.cert.pem\"
- key \"$PWD/invalid.key.pem\"
+ cert \"$PWD/invalid.pem\"
+ key \"$PWD/invalid.key\"
"
run