Commit c720c623 authored by Łukasz Nowak's avatar Łukasz Nowak Committed by Łukasz Nowak

caddy-frontend: Fix test and change assertion

Since caddy 1.0.0 it is less fragile for PEMs with some garbage, and can
serve sites in such cases.

It revealed, that test was wrongly written, as now the certificate can be a
bit messy, and will be lodaded, but then won't be used, as it does not
match the site.
parent 36670298
...@@ -1708,8 +1708,11 @@ http://apachecustomhttpsaccepted.example.com:%%(http_port)s { ...@@ -1708,8 +1708,11 @@ http://apachecustomhttpsaccepted.example.com:%%(http_port)s {
verify=self.ca_certificate_file) verify=self.ca_certificate_file)
self.assertEqual(httplib.CREATED, auth.status_code) self.assertEqual(httplib.CREATED, auth.status_code)
data = self.customdomain_ca_certificate_pem + \ _, ca_key_pem, csr, _ = createCSR(
self.customdomain_ca_key_pem + 'some garbage' parameter_dict['domain'])
_, ca_certificate_pem = self.ca.signCSR(csr)
data = ca_certificate_pem + ca_key_pem + 'some garbage'
upload = requests.put( upload = requests.put(
upload_url + auth.text, upload_url + auth.text,
data=data, data=data,
...@@ -1718,10 +1721,16 @@ http://apachecustomhttpsaccepted.example.com:%%(http_port)s { ...@@ -1718,10 +1721,16 @@ http://apachecustomhttpsaccepted.example.com:%%(http_port)s {
self.assertEqual(httplib.CREATED, upload.status_code) self.assertEqual(httplib.CREATED, upload.status_code)
self.runKedifaUpdater() self.runKedifaUpdater()
with self.assertRaises(requests.exceptions.SSLError): result = self.fakeHTTPSResult(
self.fakeHTTPSResult(
parameter_dict['domain'], parameter_dict['public-ipv4'], 'test-path') parameter_dict['domain'], parameter_dict['public-ipv4'], 'test-path')
self.assertEqual(
ca_certificate_pem,
der2pem(result.peercert)
)
self.assertEqualResultJson(result, 'Path', '/test-path')
certificate_file_list = glob.glob(os.path.join( certificate_file_list = glob.glob(os.path.join(
self.instance_path, '*', 'srv', 'autocert', self.instance_path, '*', 'srv', 'autocert',
'_ssl_ca_crt_garbage.pem')) '_ssl_ca_crt_garbage.pem'))
...@@ -4666,6 +4675,10 @@ class TestSlaveSlapOSMasterCertificateCompatibility( ...@@ -4666,6 +4675,10 @@ class TestSlaveSlapOSMasterCertificateCompatibility(
'customdomainsslcrtsslkeysslcacrt.example.com') 'customdomainsslcrtsslkeysslcacrt.example.com')
_, cls.customdomain_ca_certificate_pem = cls.ca.signCSR(csr) _, cls.customdomain_ca_certificate_pem = cls.ca.signCSR(csr)
_, cls.sslcacrtgarbage_ca_key_pem, csr, _ = createCSR(
'sslcacrtgarbage.example.com')
_, cls.sslcacrtgarbage_ca_certificate_pem = cls.ca.signCSR(csr)
_, cls.ssl_from_slave_ca_key_pem, csr, _ = createCSR( _, cls.ssl_from_slave_ca_key_pem, csr, _ = createCSR(
'sslfromslave.example.com') 'sslfromslave.example.com')
_, cls.ssl_from_slave_ca_certificate_pem = cls.ca.signCSR(csr) _, cls.ssl_from_slave_ca_certificate_pem = cls.ca.signCSR(csr)
...@@ -4729,8 +4742,8 @@ class TestSlaveSlapOSMasterCertificateCompatibility( ...@@ -4729,8 +4742,8 @@ class TestSlaveSlapOSMasterCertificateCompatibility(
}, },
'ssl_ca_crt_garbage': { 'ssl_ca_crt_garbage': {
'url': cls.backend_url, 'url': cls.backend_url,
'ssl_crt': cls.customdomain_ca_certificate_pem, 'ssl_crt': cls.sslcacrtgarbage_ca_certificate_pem,
'ssl_key': cls.customdomain_ca_key_pem, 'ssl_key': cls.sslcacrtgarbage_ca_key_pem,
'ssl_ca_crt': 'some garbage', 'ssl_ca_crt': 'some garbage',
}, },
'ssl_ca_crt_does_not_match': { 'ssl_ca_crt_does_not_match': {
...@@ -5345,10 +5358,16 @@ class TestSlaveSlapOSMasterCertificateCompatibility( ...@@ -5345,10 +5358,16 @@ class TestSlaveSlapOSMasterCertificateCompatibility(
parameter_dict parameter_dict
) )
with self.assertRaises(requests.exceptions.SSLError): result = self.fakeHTTPSResult(
self.fakeHTTPSResult(
parameter_dict['domain'], parameter_dict['public-ipv4'], 'test-path') parameter_dict['domain'], parameter_dict['public-ipv4'], 'test-path')
self.assertEqual(
self.sslcacrtgarbage_ca_certificate_pem,
der2pem(result.peercert)
)
self.assertEqualResultJson(result, 'Path', '/test-path')
def test_ssl_ca_crt_does_not_match(self): def test_ssl_ca_crt_does_not_match(self):
parameter_dict = self.parseSlaveParameterDict('ssl_ca_crt_does_not_match') parameter_dict = self.parseSlaveParameterDict('ssl_ca_crt_does_not_match')
self.assertLogAccessUrlWithPop(parameter_dict) self.assertLogAccessUrlWithPop(parameter_dict)
......
Markdown is supported
0%
or
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment