diff --git a/tests/Makefile.am b/tests/Makefile.am index b89c70ca..9159be91 100644 --- a/tests/Makefile.am +++ b/tests/Makefile.am @@ -14,7 +14,7 @@ EXTRA_DIST = ca-key.pem ca.pem common.sh server-cert.pem server-key.pem test1.co server-key-ossl.pem server-key-p8.pem proxyproto-unix-test user-cn.pem \ user-cert-testuser.pem test-stress test-user-config.config user-config/testuser \ test-sighup-key-change.config test-sighup-key-change.config user-config/testipnet \ - user-cert-testipnet.pem user-cert-invalid.pem + user-cert-testipnet.pem user-cert-invalid.pem server-cert-ca.pem SUBDIRS = docker-ocserv docker-kerberos diff --git a/tests/server-cert-ca.pem b/tests/server-cert-ca.pem new file mode 100644 index 00000000..818101a4 --- /dev/null +++ b/tests/server-cert-ca.pem @@ -0,0 +1,42 @@ +-----BEGIN CERTIFICATE----- +MIIDkTCCAkmgAwIBAgIEUdgu8DANBgkqhkiG9w0BAQsFADANMQswCQYDVQQDEwJD +QTAiGA8yMDEzMDcwNjE0NTEyOVoYDzIwMjMwNTE1MTQ1MTI5WjAUMRIwEAYDVQQD +Ewlsb2NhbGhvc3QwggFSMA0GCSqGSIb3DQEBAQUAA4IBPwAwggE6AoIBMQCnOivs +PxSwLBn28W6QHb+OqfbpcIQJh/NQ81/DlFD6LGTWV4BY4Zb87tC9BBV+X3+lM/j8 +u5HvN3nDWtv4Ge0DryLW6Tcs6FPCt4srEfCkh5l54LrMmWbhFgkVlN5fTqoY0lnd +YJx2X8WWldRjeL+8E7nFUcFStWrgi9AzgMFrjsL4pql97YAZRXcMoQXVjbRmzVLZ +IVumQy7c+tl7Eqz8lx/xS/5Fx9tIRunqNS5jEUs8Nn5E6FvraAcy+eI0gXTGk759 +KNPYisSqAuFAmmt/XDTTvvOo6dpAseXqtR2/LjZJWOlXdiZ/yjHg5+RKQ5dt3dk5 +7lAIWER9egIOo/+GAkyek0ZJ5GWU6VxTsFcIl6oy3S7EtB0NCIM7hvhy32QrJ5ZU +yNncTSf6qMVoedgdAgMBAAGjgY0wgYowDAYDVR0TAQH/BAIwADAUBgNVHREEDTAL +gglsb2NhbGhvc3QwEwYDVR0lBAwwCgYIKwYBBQUHAwEwDwYDVR0PAQH/BAUDAweg +ADAdBgNVHQ4EFgQUqCVH9o9E1jUb72ys0de5boT536MwHwYDVR0jBBgwFoAUSCM0 +UwqJMThKWurKttKm3s4dKxgwDQYJKoZIhvcNAQELBQADggExAK7dBCSwM/OJw+6s +9MJAb7Ygi9xhHSq30Hg3M7DaPC7J9rZB6+IAVb3poOZAtDDtyTqvXH7qY5UMjJC9 +GsFmHPI/OSk2xuJJpG+ZJaP54b7kzTtUD6UCHETsgBk2aNuqNhjXR2fYnR9QME0C +zZWIDV+5DFEBI97ln30N6PcXvIxp7Rsac3qwzvwt3zL+23kTwgM+DoRPoPO0PHr/ +eQ9hvRU5wA2Vc47zhUXIFy1Jmx7Sf//pw0/wq46VUAjDZ5B09EoCpzBNvOD7P+cF +FQQ7SId8h8OQ2uOWxT2baeJX0pVbVv+qwOOB1F0q3sjx0dZa/2rxOUZ3wnHG9j8j +LZSUkZxGpPQffCSpSPma5RhYff8/BncdA8soT0dyEfXIX5V91IXnrlI8XZrADvJM +zzJKdNg= +-----END CERTIFICATE----- +-----BEGIN CERTIFICATE----- +MIIDPzCCAfegAwIBAgIEUdguzDANBgkqhkiG9w0BAQsFADANMQswCQYDVQQDEwJD +QTAiGA8yMDEzMDcwNjE0NTA1MloYDzIwMjMwNTE1MTQ1MDUyWjANMQswCQYDVQQD +EwJDQTCCAVIwDQYJKoZIhvcNAQEBBQADggE/ADCCAToCggExALRrJ5glr8H/Hsqw +fvTYvO1DhmdUXdq0HsKQX4M8AhH8E3KFsoikZUELdl8jvoqf/nlLczsux0s8vxbJ +l1U1F/OhckswwuAnlBLzVgDmzoJLEV2kHpv6+rkbKk0Ytbql5gzHqKihbaqIhNyW +DrJsHDWq58eUPfnVx8KiDUuzbnr3CF/FCc0Vkxr3mN8qTGaJJO0f0BZjgWWlWDuh +zSVim5mBVAgXGOx8LwiiOyhXMp0XRwqG+2KxQZnm+96o6iB+8xvuuuqaIWQpkvKt +c+UZBZ03U+IRnxhfIrriiw0AjJ4vp4c9QL5KoqWSCAwuYcBYfJqZ4dasgzklzz4b +7eujbZ3LxTjewcdumzQUvjA+gpAeuUqaduTvMwxGojFy9sNhC/iqZ4n0peV2N6Ep +n4B5qnUCAwEAAaNDMEEwDwYDVR0TAQH/BAUwAwEB/zAPBgNVHQ8BAf8EBQMDBwQA +MB0GA1UdDgQWBBRIIzRTCokxOEpa6sq20qbezh0rGDANBgkqhkiG9w0BAQsFAAOC +ATEAa1kdd8E1PkM06Isw0S/thEll0rAYsNHwSX17IDUWocTTQlmVXBXcvLqM04QT +z7WNG4eushLhRpSn8LJQkf4RgvAxOMIjHM9troDbPVoec6k8fZrJ8jfXurOgoOVP +g+hScT3VDvxgiOVwgXSe2XBryGDaviRuSOHlfy5GPVirLJLZwpcX6RpsHMX9rrZX +ghvf8dwm4To9H5wT0Le2FnZRoLOTMmpr49bfKJqy/U7AUHaf4saSdkdEIaGOxkPk +x+SFlr9TjavnJvL0TApkvfNZ1aOVHRHINgaFYHQJ4U0jQ/g7lPmD+UtZWnvSMNXH +yct5cKOyP4j7Kla1sKPs+oamOQ7pR1Z/GwBxe48FvO7VDi7EkugLwlzoXC2G+4Jg +fJbi9Ui2FmXEeKkX34f1ONNj9Q== +-----END CERTIFICATE----- diff --git a/tests/test-get-cert b/tests/test-get-cert index e6e5a8f0..ee669d3a 100755 --- a/tests/test-get-cert +++ b/tests/test-get-cert @@ -60,6 +60,29 @@ fi echo "ok" +echo -n "Connecting to GET CA PEM certificate... " +( LD_PRELOAD=libsocket_wrapper.so curl https://$ADDRESS:$PORT/ca.pem --insecure > $TMPFILE 2>/dev/null ) || + fail $PID "Could not get certificate!" + +cmp $TMPFILE "${srcdir}/ca.pem" +if test $? != 0;then + fail $PID "failed, certs not match" +fi + +echo "ok" + +echo -n "Connecting to GET CA DER certificate... " +( LD_PRELOAD=libsocket_wrapper.so curl https://$ADDRESS:$PORT/ca.cer --insecure > $TMPFILE 2>/dev/null ) || + fail $PID "Could not get DER certificate!" + +certtool --inder -i <"$TMPFILE" >$TMPFILE2 +certtool -i <"${srcdir}/ca.pem" >$TMPFILE +cmp "$TMPFILE" "$TMPFILE2" +if test $? != 0;then + fail $PID "failed, certs not match" +fi + +echo "ok" cleanup diff --git a/tests/test-user-cert.config b/tests/test-user-cert.config index 35758e40..16ede267 100644 --- a/tests/test-user-cert.config +++ b/tests/test-user-cert.config @@ -45,7 +45,7 @@ try-mtu-discovery = false # # There may be multiple certificate and key pairs and each key # should correspond to the preceding certificate. -server-cert = @SRCDIR@/server-cert.pem +server-cert = @SRCDIR@/server-cert-ca.pem server-key = @SRCDIR@/server-key.pem # Diffie-Hellman parameters. Only needed if you require support