From 054343149083cfcd117312e65cd6e2d4763c60ce Mon Sep 17 00:00:00 2001 From: Fabrice Reix Date: Sun, 11 Dec 2022 11:57:19 +0100 Subject: [PATCH] Refacto Test integ SSL --- .circleci/config.yml | 12 ++-- .github/workflows/test.yml | 4 +- bin/check/ad_hoc.sh | 4 +- bin/environment.sh | 1 + bin/test/test_prerequisites.ps1 | 9 ++- bin/test/test_prerequisites.sh | 12 ++-- integration/ssl/ca/cert.pem | 21 +++++++ integration/ssl/ca/cert.srl | 1 + integration/ssl/ca/key.pem | 27 +++++++++ integration/ssl/cacert.curl | 3 +- integration/ssl/cacert.hurl | 4 +- integration/ssl/cacert.options | 2 +- integration/ssl/cacert.windows.allowfailure | 0 integration/ssl/cacert_selfsigned.curl | 1 + integration/ssl/cacert_selfsigned.exit | 1 + integration/ssl/cacert_selfsigned.hurl | 5 ++ integration/ssl/cacert_selfsigned.options | 2 + integration/ssl/cert.pem | 30 ---------- integration/ssl/client/cert.pem | 19 ++++++ integration/ssl/client/csr.pem | 16 +++++ integration/ssl/client/key.pem | 27 +++++++++ integration/ssl/generate_keys.sh | 22 +++++++ integration/ssl/key.pem | 52 ---------------- integration/ssl/options.curl | 2 +- integration/ssl/options.hurl | 2 +- integration/ssl/server.py | 60 ++++++++++++++++--- integration/ssl/server/cert.pem | 20 +++++++ integration/ssl/server/cert.selfsigned.pem | 22 +++++++ integration/ssl/server/csr.pem | 16 +++++ integration/ssl/server/key.pem | 27 +++++++++ integration/test_hurl.py | 12 +++- packages/hurl/tests/cert.pem | 30 ---------- packages/hurl/tests/libcurl.rs | 6 +- .../hurl/tests/server_cert_selfsigned.pem | 22 +++++++ 34 files changed, 345 insertions(+), 149 deletions(-) create mode 100644 integration/ssl/ca/cert.pem create mode 100644 integration/ssl/ca/cert.srl create mode 100644 integration/ssl/ca/key.pem create mode 100644 integration/ssl/cacert.windows.allowfailure create mode 100644 integration/ssl/cacert_selfsigned.curl create mode 100644 integration/ssl/cacert_selfsigned.exit create mode 100644 integration/ssl/cacert_selfsigned.hurl create mode 100644 integration/ssl/cacert_selfsigned.options delete mode 100644 integration/ssl/cert.pem create mode 100644 integration/ssl/client/cert.pem create mode 100644 integration/ssl/client/csr.pem create mode 100644 integration/ssl/client/key.pem create mode 100755 integration/ssl/generate_keys.sh delete mode 100644 integration/ssl/key.pem create mode 100644 integration/ssl/server/cert.pem create mode 100644 integration/ssl/server/cert.selfsigned.pem create mode 100644 integration/ssl/server/csr.pem create mode 100644 integration/ssl/server/key.pem delete mode 100644 packages/hurl/tests/cert.pem create mode 100644 packages/hurl/tests/server_cert_selfsigned.pem diff --git a/.circleci/config.yml b/.circleci/config.yml index 5494f7481..f878d0201 100644 --- a/.circleci/config.yml +++ b/.circleci/config.yml @@ -26,18 +26,14 @@ jobs: name: Tests units and integration tests command: | python3 -m pip install --upgrade pip --quiet - pip3 install --requirement bin/requirements-frozen.txt - mitmdump --version - export PATH="$PWD/target/debug:$PATH" - cd integration - python3 server.py >server.log 2>&1 & - python3 ssl/server.py >server-ssl.log 2>&1 & - mitmdump -p 8888 --modify-header "/From-Proxy/Hello" >mitmdump.log 2>&1 & + bin/test/test_prerequisites.sh echo "================= Tests units =================" cargo test --features strict --verbose --color always mitmdump --version pip3 install lxml bs4 - echo "================= Integration tests =================" + echo "================= Integration tests =================" + export PATH="$PWD/target/debug:$PATH" + cd integration python3 ./integration.py ./test_curl_commands.sh $(find ./tests_ok -maxdepth 1 -type f -name '*.curl' ! -name '*windows*') python3 ./test_html_output.py tests_ok/*.html diff --git a/.github/workflows/test.yml b/.github/workflows/test.yml index ec2283e10..1fc1c7990 100644 --- a/.github/workflows/test.yml +++ b/.github/workflows/test.yml @@ -307,7 +307,5 @@ jobs: with: name: tests-win64-${{ matrix.rust }}-artifacts path: | - integration/mitmdump.log - integration/server.log - integration/server-ssl.log + integration/*.log diff --git a/bin/check/ad_hoc.sh b/bin/check/ad_hoc.sh index a8014f126..42ad19b30 100755 --- a/bin/check/ad_hoc.sh +++ b/bin/check/ad_hoc.sh @@ -28,10 +28,10 @@ while read -r script ; do fi done < <(find . -type f -name "*.sh") -# Check *sh error handling at line 2 +# Check *sh error handling at first uncommented line echo "------------------------------------------------------------------------------------------" while read -r script ; do - if [ "$(head -2 "$script" | tail -1 | grep -c "set -Eeuo pipefail" || true)" -eq 0 ] ; then + if [ "$(grep -Ev "^$|^#" "$script" | head -1 | grep -c "set -Eeuo pipefail" || true)" -eq 0 ] ; then echo "Missing [set -Eeuo pipefail] in ${color_red}${script}${color_reset}" ((errors_count++)) else diff --git a/bin/environment.sh b/bin/environment.sh index e23694c2e..fff407c39 100755 --- a/bin/environment.sh +++ b/bin/environment.sh @@ -4,3 +4,4 @@ set -Eeuo pipefail uname -a python3 -V +date diff --git a/bin/test/test_prerequisites.ps1 b/bin/test/test_prerequisites.ps1 index 1bcfa521c..174337664 100644 --- a/bin/test/test_prerequisites.ps1 +++ b/bin/test/test_prerequisites.ps1 @@ -23,10 +23,15 @@ if ($LASTEXITCODE) { Throw } sleep 5 if (netstat -ano | Select-String LISTENING | Select-string 127.0.0.1:8000) {powershell write-host -foregroundcolor Green "server is up"} else {powershell write-host -foregroundcolor Red "server is down" ; exit 1} -Start-Process powershell -WindowStyle Hidden { python ssl/server.py 2>&1 > server-ssl.log } +Start-Process powershell -WindowStyle Hidden { python ssl/server.py 8001 ssl/server/cert.selfsigned.pem false 2>&1 > server-ssl-selfsigned.log } if ($LASTEXITCODE) { Throw } sleep 5 -if (netstat -ano | Select-String LISTENING | Select-string 127.0.0.1:8001) {powershell write-host -foregroundcolor Green "server-ssl up"} else {powershell write-host -foregroundcolor Red "server-ssl is down" ; exit 1} +if (netstat -ano | Select-String LISTENING | Select-string 127.0.0.1:8001) {powershell write-host -foregroundcolor Green "server-ssl-selfsigned up"} else {powershell write-host -foregroundcolor Red "server-ssl-selfsigned is down" ; exit 1} + +Start-Process powershell -WindowStyle Hidden { python ssl/server.py 8002 ssl/server/cert.pem false 2>&1 > server-ssl-signedbyca.log } +if ($LASTEXITCODE) { Throw } +sleep 5 +if (netstat -ano | Select-String LISTENING | Select-string 127.0.0.1:8002) {powershell write-host -foregroundcolor Green "server-ssl-signedbyca up"} else {powershell write-host -foregroundcolor Red "server-ssl-signedbyca is down" ; exit 1} cd $actual_dir diff --git a/bin/test/test_prerequisites.sh b/bin/test/test_prerequisites.sh index a0a0682bf..0aaa3a828 100755 --- a/bin/test/test_prerequisites.sh +++ b/bin/test/test_prerequisites.sh @@ -34,14 +34,18 @@ echo "----- start servers -----" cd integration echo -e "\n------------------ Starting server.py" -(python3 server.py 2>&1 || true) & +(python3 server.py >server.log 2>&1 || true) & check_listen_port "server.py" 8000 -echo -e "\n------------------ Starting ssl/server.py" -(python3 ssl/server.py 2>&1 || true) & +echo -e "\n------------------ Starting ssl/server.py (Self-signed certificate)" +(python3 ssl/server.py 8001 ssl/server/cert.selfsigned.pem false > server-ssl-selfsigned.log 2>&1 || true) & check_listen_port "ssl/server.py" 8001 +echo -e "\n------------------ Starting ssl/server.py (Signed by CA)" +(python3 ssl/server.py 8002 ssl/server/cert.pem false > server-ssl-signedbyca.log 2>&1 || true) & +check_listen_port "ssl/server.py" 8002 + echo -e "\n------------------ Starting mitmdump" -(mitmdump --listen-host 127.0.0.1 --listen-port 8888 --modify-header "/From-Proxy/Hello" 2>&1 ||true) & +(mitmdump --listen-host 127.0.0.1 --listen-port 8888 --modify-header "/From-Proxy/Hello" >mitmproxy.log 2>&1 ||true) & check_listen_port "mitmdump" 8888 diff --git a/integration/ssl/ca/cert.pem b/integration/ssl/ca/cert.pem new file mode 100644 index 000000000..1d09342dc --- /dev/null +++ b/integration/ssl/ca/cert.pem @@ -0,0 +1,21 @@ +-----BEGIN CERTIFICATE----- +MIIDgzCCAmugAwIBAgIULgaCRCFbIk6fn9KoYciWtRi7kWcwDQYJKoZIhvcNAQEL +BQAwUTELMAkGA1UEBhMCVVMxDzANBgNVBAgMBkRlbmlhbDEUMBIGA1UEBwwLU3By +aW5nZmllbGQxDDAKBgNVBAoMA0RpczENMAsGA1UEAwwEbXlDQTAeFw0yMjEyMTEx +MDQ3NTlaFw0yNTA5MzAxMDQ3NTlaMFExCzAJBgNVBAYTAlVTMQ8wDQYDVQQIDAZE +ZW5pYWwxFDASBgNVBAcMC1NwcmluZ2ZpZWxkMQwwCgYDVQQKDANEaXMxDTALBgNV +BAMMBG15Q0EwggEiMA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQC+3yem0jTe +gvtqH8+pJmwL6C0lqn1ejLhQOKb3fWX+9BYQgC6rlL+A51gOhILN/GVQBWlbgn6f +PetBkyzwjwzNYp0rAOC1QtGKRUdNbhNa8k7YMLC/11TwNzMz9Ox1swhmpyCmv19P +T7Jkyol0Va6Dg8uoEY4PzyJuaQMK4qbUtndRTQjMKtM9NsOlSBr5qf26lhL/6vgK +zNu56jpxi2dzfGTXay2joYNTFxOzFZVDBkshIMLIZRdp9chLwVkCLGoPPz7daDga +ZJbmbeHMuOHSfBOhYSN6TLG0NppJQczRWR7c9Huzdl12cccUjM6PVKVa9gIP/fE9 +zsfyhfSDKP/xAgMBAAGjUzBRMB0GA1UdDgQWBBTy4JnGE1lLEBZYQceQzravHH/v +9TAfBgNVHSMEGDAWgBTy4JnGE1lLEBZYQceQzravHH/v9TAPBgNVHRMBAf8EBTAD +AQH/MA0GCSqGSIb3DQEBCwUAA4IBAQB00VyEFJJwOd8SyWZ8Nb7UuO0RpoTvGq+B +pQVPhHa4Q3thTdP0A52TvO1TREonWQyQ1P9WUg8/E6Jo4FE0UOURN7fLHmjjAPSf +fa5N+kB6LXS/FRUwBNPNDevcQFI5G7zI3x29H/WlBNpZAgZhg+/mPmTyUdfOxqc9 +5Q/0uOWWX5V6TH0Bfw2iYr88TvjUBQJcgy3I5wyJNDdrcgI8Dij0HWnnGBpYhwIK +2hb6CExOURq+7cYu9vPxhnqY5s2XZdaPnHZIO3S5jUO5NsRS6NEYT4OI4hZ5o/e1 +uk39qQbEP8K4tv/FGKfN+wajkNBED+vDBrKHR9Jz4veXTS/v+08V +-----END CERTIFICATE----- diff --git a/integration/ssl/ca/cert.srl b/integration/ssl/ca/cert.srl new file mode 100644 index 000000000..23c8835cb --- /dev/null +++ b/integration/ssl/ca/cert.srl @@ -0,0 +1 @@ +3E23BB8721F8108536C272C96434D615D18C6915 diff --git a/integration/ssl/ca/key.pem b/integration/ssl/ca/key.pem new file mode 100644 index 000000000..2b6414ee8 --- /dev/null +++ b/integration/ssl/ca/key.pem @@ -0,0 +1,27 @@ +-----BEGIN RSA PRIVATE KEY----- +MIIEpgIBAAKCAQEAvt8nptI03oL7ah/PqSZsC+gtJap9Xoy4UDim931l/vQWEIAu +q5S/gOdYDoSCzfxlUAVpW4J+nz3rQZMs8I8MzWKdKwDgtULRikVHTW4TWvJO2DCw +v9dU8DczM/TsdbMIZqcgpr9fT0+yZMqJdFWug4PLqBGOD88ibmkDCuKm1LZ3UU0I +zCrTPTbDpUga+an9upYS/+r4Cszbueo6cYtnc3xk12sto6GDUxcTsxWVQwZLISDC +yGUXafXIS8FZAixqDz8+3Wg4GmSW5m3hzLjh0nwToWEjekyxtDaaSUHM0Vke3PR7 +s3ZddnHHFIzOj1SlWvYCD/3xPc7H8oX0gyj/8QIDAQABAoIBAQCGhCiiteRSqMbc +7Nxh3lUpMxCWSgge2VeQGcz6AKMgQg9Gw7+gZq1sAB6b5KF24Bjag2XT+yyXt4CT +71AtnPMt0ADp7K1wsU2Rf++XTytO3hPY4r++A9i1joGEbWk0Ld+O0Nv/CEH4WDdm +NyMWHMhnoTunD/ApjhY678EYK9HdeB6XTIoMtvhHz2Ll7mN4A0cJf0pzgBz/mj4N +00NCHB+liyETiIdaXBrmW6LVuzz47uQdFRvxIHmku2MxteLY04NfH9ls4/YUl7NJ +gdMJwGQV1Q8DVzBX+MSMCih6CTXQGCcTeAbvznPCUDM9yshjKBfvIZhSbIDbqIIp +NBnEAqFRAoGBAOpHsPnoJqb7P6Fc1LuxhQqG67Sma0cDlDYZ+9FZmCFnWHHPobh6 +6TdurlP6WgTrQSgw64UbRfw4B6xcInjRXZU3QnKRDCBpzJmOqELag0HX18v+Lh8d +u9wx1r3y6Iv29WjGhJjpy1NUjrxsawq30Mv31qYolmluocuFdT0TLi0FAoGBANCR +OjBlEnNr4vRh3L9crm+gEUkRHR4diOguUMmEgGzMVZM6GwqDS8IWYQm4T58m5qW0 +//E8W9r3Gv0YkcwmX+YmZKG0RZhOBK1C0H+G6WtgtDRvd+GQT8g9vEg4E4QferC4 +CJFnyxFPuwxO+7PQECDkYtVIeAj5oXMvaZ2oZBr9AoGBAJE8aGZEmNGjqEqsdeT1 +o/hms/CFyrN3cIYpjYa2+CydGKNViHgJGlMW9lNxPCUYgogb66XUxooZYghkBarI +gC9k1niXmuDtNb1sRrtLI1vKJyl7JbR8hl13OB0BXVCHhJOznbf+F+JM5T/CJom6 +cmI//n17Y+NwhjTZQ1jdbx7RAoGBAMGRh4fSxkUJJCHbkZyoz9wZmvFNSNDiaGXU +VnYw22AeZG23x9EB+hWv32+992emGvo/+ipR8o5OOGYdn3LxSp+3kj3hqZWpEv4a +vJcfBxP5NEZWDdTyspkNcukz4ikFbkEFDC6nPfhbHyZVR5WizNU6IeAA2ia6R/U3 +U7ZWylGhAoGBAKEe2zTwMYLyjFuXO14Y6OO5HybEu0HaibTyC/QzYSAq353mn6By +S9MaSwX3G8MvNmD+XlHFlZl6t4X/qP9o7hOfRlYYjK+4j3bOLwWnvCWYqAtpe3er +ttC37xDePwYbit4m8s6j6FSTvF5pK9IPsNWDccPillSmGfWKoYvZ80Mf +-----END RSA PRIVATE KEY----- diff --git a/integration/ssl/cacert.curl b/integration/ssl/cacert.curl index df1692ff1..d4f04257f 100644 --- a/integration/ssl/cacert.curl +++ b/integration/ssl/cacert.curl @@ -1,2 +1 @@ -curl --cacert ssl/cert.pem 'https://localhost:8001/hello' -curl --cacert ssl/cert.pem 'https://localhost:8001/hello' +curl --cacert ssl/ca/cert.pem 'https://localhost:8002/hello' diff --git a/integration/ssl/cacert.hurl b/integration/ssl/cacert.hurl index 220f13b9f..1a3a8b26d 100644 --- a/integration/ssl/cacert.hurl +++ b/integration/ssl/cacert.hurl @@ -1,7 +1,5 @@ -GET https://localhost:8001/hello +GET https://localhost:8002/hello HTTP 200 `Hello World!` -GET https://localhost:8001/hello -HTTP 200 diff --git a/integration/ssl/cacert.options b/integration/ssl/cacert.options index 9d61a4c47..e749c0097 100644 --- a/integration/ssl/cacert.options +++ b/integration/ssl/cacert.options @@ -1,2 +1,2 @@ --cacert -ssl/cert.pem +ssl/ca/cert.pem diff --git a/integration/ssl/cacert.windows.allowfailure b/integration/ssl/cacert.windows.allowfailure new file mode 100644 index 000000000..e69de29bb diff --git a/integration/ssl/cacert_selfsigned.curl b/integration/ssl/cacert_selfsigned.curl new file mode 100644 index 000000000..92c4cd10a --- /dev/null +++ b/integration/ssl/cacert_selfsigned.curl @@ -0,0 +1 @@ +curl --cacert ssl/server/cert.selfsigned.pem 'https://localhost:8001/hello' diff --git a/integration/ssl/cacert_selfsigned.exit b/integration/ssl/cacert_selfsigned.exit new file mode 100644 index 000000000..573541ac9 --- /dev/null +++ b/integration/ssl/cacert_selfsigned.exit @@ -0,0 +1 @@ +0 diff --git a/integration/ssl/cacert_selfsigned.hurl b/integration/ssl/cacert_selfsigned.hurl new file mode 100644 index 000000000..34ed078da --- /dev/null +++ b/integration/ssl/cacert_selfsigned.hurl @@ -0,0 +1,5 @@ +GET https://localhost:8001/hello + +HTTP 200 +`Hello World!` + diff --git a/integration/ssl/cacert_selfsigned.options b/integration/ssl/cacert_selfsigned.options new file mode 100644 index 000000000..ff630cb57 --- /dev/null +++ b/integration/ssl/cacert_selfsigned.options @@ -0,0 +1,2 @@ +--cacert +ssl/server/cert.selfsigned.pem diff --git a/integration/ssl/cert.pem b/integration/ssl/cert.pem deleted file mode 100644 index 285813311..000000000 --- a/integration/ssl/cert.pem +++ /dev/null @@ -1,30 +0,0 @@ ------BEGIN CERTIFICATE----- -MIIFJDCCAwwCCQCd0fJr/BSNeTANBgkqhkiG9w0BAQsFADBUMQswCQYDVQQGEwJV -UzEPMA0GA1UECAwGT3JlZ29uMREwDwYDVQQHDAhQb3J0bGFuZDENMAsGA1UECgwE -SHVybDESMBAGA1UEAwwJbG9jYWxob3N0MB4XDTIyMTAxOTE1MjI0MFoXDTIzMTAx -OTE1MjI0MFowVDELMAkGA1UEBhMCVVMxDzANBgNVBAgMBk9yZWdvbjERMA8GA1UE -BwwIUG9ydGxhbmQxDTALBgNVBAoMBEh1cmwxEjAQBgNVBAMMCWxvY2FsaG9zdDCC -AiIwDQYJKoZIhvcNAQEBBQADggIPADCCAgoCggIBAM/1+4vGNvLtrEeYUP6BR1Oj -Y/2wiCWDWrbOQZor4meAaJpFRff3twUKqGPlavwCkteQ/XmrcMEMRatEzqA3Q0q4 -rXRE3V2dRcryCr4Qy0lypQHipRTCFlnRmyfnvgS/FWcTNyU2KW8k+vMQ5LPwIcie -axXEpVzI50eypmP47yIi8NrUhgUlG+TNUqvPJPnu+RRWQ4NR7bCC+CY/Qr8ftuK/ -F6zJeh16+KIZgHEgIa9h3KQkZZZxclBI9xyw7TjmnHOFVE0WKi+v1HOVeeZM1kPl -fggF6xnt6bWzO0u9zNKpT381hVd9hje/gUIOoiGkCgJJtDDb7O8ewVWPzQ7bN15K -BCCq/w9Lexey9tP5cXb8Y4aJUBJZAPg61rC/yQ/C5E2dgRPKu8RPByi4/NT2PE5S -jNz0Yk+5I+/s6Glw/iBOaxUPxw9bD2Lp3gEc8u+2gPF6JX2UpPxq5UgG/Uc6TQ5G -QsOHnge6pjud/qfRpH7O55zmkN/Xmra+mD11ikGWQ+GjIdcsVCA4nGgH+PJxraOF -5v0DTvL7aVAcMU/rSXWJ3T7xy+6wIOlKNODGvDg/Xvp73SrT2CjCS//5OBwkdJX4 -EGZDOVYX87j+I+QTwa7ckIZo5vqI/XbtfmdwUPoa8bb3G5T1EBtpm3tuW73TgUS/ -0ZGwYlhzyV6T4nbaxjwxAgMBAAEwDQYJKoZIhvcNAQELBQADggIBACi3NM5G274m -BkFBSh2NhKGq+mJk9OJIMCd4Wfc9kZXzo8Hbtx8SxsiW5fvLwCBxYDVJZrtfiG5P -E9mkldZeVdDyf5dNSwAeoBbkxLSjjmuuit9/xYkrWqe3d5FuvkZHy3PZMc05PONm -f5qkd6u/K31Xtg+9R0X11sonu8jIExJ1HTKyJc2QIU7+Ql1ruFQ5zGRbp8lj6O13 -ecYuL1kG7On5wjK8th/XI7W40Z6vImqsWrFXvp+iWf46/aL4igI3q3+2Lihe9/30 -4Y/41jm5vwMnS18IRG5q8GMnV284/AlIlYzcSPwMSSgqQ5wCbNy/3u+hgHSQKykh -m139bcVubpBJThpVrdSgXGyMiOZ7XaUa053+T80LvNu8ztuij4TCVeBViBRdyyT4 -FW3lPT53F0khKACxpyeZYCrIf9KphUfzKulwa6Eb9zRWFJ3PlCgiA4DKzTbjxW5N -mxkogznqaf3+Osk7X20oDbp3AK5kL328qbLJyxqvWhsendWMI4aICc7zgE8gUrTh -gP4SAv6iZ569DfmpN8BZ7S7vZpI7bog245JMZYu0Tm7BAplK90SmJzcfFmWK7D9H -zNPEp9hJi1r/gEux474ClWEBIS/kNout22cfrzzNgfArdHMb0qA0hA7JcofF4nO6 -ZFsWddV8b4a7jjfZ5ZkIDOwDfweoxi/E ------END CERTIFICATE----- diff --git a/integration/ssl/client/cert.pem b/integration/ssl/client/cert.pem new file mode 100644 index 000000000..40f43e42b --- /dev/null +++ b/integration/ssl/client/cert.pem @@ -0,0 +1,19 @@ +-----BEGIN CERTIFICATE----- +MIIDKzCCAhMCFD4ju4ch+BCFNsJyyWQ01hXRjGkUMA0GCSqGSIb3DQEBCwUAMFEx +CzAJBgNVBAYTAlVTMQ8wDQYDVQQIDAZEZW5pYWwxFDASBgNVBAcMC1NwcmluZ2Zp +ZWxkMQwwCgYDVQQKDANEaXMxDTALBgNVBAMMBG15Q0EwHhcNMjIxMjExMTA0ODAw +WhcNMjUwMzE1MTA0ODAwWjBTMQswCQYDVQQGEwJVUzEPMA0GA1UECAwGRGVuaWFs +MRQwEgYDVQQHDAtTcHJpbmdmaWVsZDEMMAoGA1UECgwDRGlzMQ8wDQYDVQQDDAZj +bGllbnQwggEiMA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQDuW794yopiDDwt +sCr5bBhUaIN93k7x7guvZMZjNQXrQ9zXzX+iWg+4xg8qr6hK67G0yd5O+lhVbd8o +zsclAd2ZVg6KEwbkcMM0SlXTLndaaXg98dAHHiYTv1vMUZ+r9C6+SNi9sjhTH9mA +bkY/rRpysYbIQ+dFo6zHu5q80pMOLJ+SuIMp0wucyJeQJeG5FC7BqZ6H9NGZiFVq +d1qvEpiyeSLmZBH1TeNnvzU5ZndWstTeM6jOeLjd1YU6Bv3q/68E++VhS/GkO6Eo +9vIJJoPEXLwynHYsEpkBktQrqaz9PhmwlgT9lhVA8mI/LAu4FuNWbNlrnGaCV5kf +VKrjRWddAgMBAAEwDQYJKoZIhvcNAQELBQADggEBAGiAxpUP24hEttO/n2JYngYE +Z1rnFfMlkq0xoe5SLrXAtmNqqqH7bo3C+vwQ+WloYzDQFwwxLLi3ZX6jw0aQTG0I +eOJIUk02tKB55iqvvBRKuNgK5CaynFX5GKCH7d8oIn6Qa+yUVX1z+LPJyadSw/pc +iJgjOCdV6bSGFV/omKcHmMCyOwfLqvBgElhRCpJzUwQrBMLDFzV0zVfXloW8/xkG +S2KM019Nnz8E3CR0rCygpJWGjqwJN6//PvMPtXW2EYct3SEu3fVVpebQkBT4RKIB +QEjLWVQlYyIzEmLV9K4l2d3pE/GdfJXcpBai1Fw//V9d+Y2WwqW8UXAUd/1RDjA= +-----END CERTIFICATE----- diff --git a/integration/ssl/client/csr.pem b/integration/ssl/client/csr.pem new file mode 100644 index 000000000..d2414e4fa --- /dev/null +++ b/integration/ssl/client/csr.pem @@ -0,0 +1,16 @@ +-----BEGIN CERTIFICATE REQUEST----- +MIICmDCCAYACAQAwUzELMAkGA1UEBhMCVVMxDzANBgNVBAgMBkRlbmlhbDEUMBIG +A1UEBwwLU3ByaW5nZmllbGQxDDAKBgNVBAoMA0RpczEPMA0GA1UEAwwGY2xpZW50 +MIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA7lu/eMqKYgw8LbAq+WwY +VGiDfd5O8e4Lr2TGYzUF60Pc181/oloPuMYPKq+oSuuxtMneTvpYVW3fKM7HJQHd +mVYOihMG5HDDNEpV0y53Wml4PfHQBx4mE79bzFGfq/QuvkjYvbI4Ux/ZgG5GP60a +crGGyEPnRaOsx7uavNKTDiyfkriDKdMLnMiXkCXhuRQuwameh/TRmYhVandarxKY +snki5mQR9U3jZ781OWZ3VrLU3jOozni43dWFOgb96v+vBPvlYUvxpDuhKPbyCSaD +xFy8Mpx2LBKZAZLUK6ms/T4ZsJYE/ZYVQPJiPywLuBbjVmzZa5xmgleZH1Sq40Vn +XQIDAQABoAAwDQYJKoZIhvcNAQELBQADggEBAAdA7I9hmRUi9lVYcYyYLS4hzC6Q +HU6SRXLWrJfszGv/uCKVfE9l/QdVhlskwpKBcXnAY6ZjhNnbf27dEYiMnkbf1DND +KaXx7VthuoJFrM4Rm1p3guI07r44r4uqxVjAWYRykgbfc4sacUvqhBBLS8lNvOdl +eb88/nDabHgE2Ve9QWQJG1K2SgCVBlq3K3U6QuziS/9XR2T0Un5nNqYoKGL96x9W +j1Zy0JR9X6N0QrIpX4YSm6/gGS3DkUgDXmsPittYZN7qkvmq4LG92n90qv1R9k9l +lHlcql0FLA0hWj9Gz5hKc/8On4DxeCRfAOOUx3L6aW142uCyakzpR+hq5ao= +-----END CERTIFICATE REQUEST----- diff --git a/integration/ssl/client/key.pem b/integration/ssl/client/key.pem new file mode 100644 index 000000000..fb9d9d89c --- /dev/null +++ b/integration/ssl/client/key.pem @@ -0,0 +1,27 @@ +-----BEGIN RSA PRIVATE KEY----- +MIIEowIBAAKCAQEA7lu/eMqKYgw8LbAq+WwYVGiDfd5O8e4Lr2TGYzUF60Pc181/ +oloPuMYPKq+oSuuxtMneTvpYVW3fKM7HJQHdmVYOihMG5HDDNEpV0y53Wml4PfHQ +Bx4mE79bzFGfq/QuvkjYvbI4Ux/ZgG5GP60acrGGyEPnRaOsx7uavNKTDiyfkriD +KdMLnMiXkCXhuRQuwameh/TRmYhVandarxKYsnki5mQR9U3jZ781OWZ3VrLU3jOo +zni43dWFOgb96v+vBPvlYUvxpDuhKPbyCSaDxFy8Mpx2LBKZAZLUK6ms/T4ZsJYE +/ZYVQPJiPywLuBbjVmzZa5xmgleZH1Sq40VnXQIDAQABAoIBAB+HeVtkB0wS7D7q +57RYjRtVO9eBeZXc9CS+QtPKpr7JGkRdhX2XRi8d29G8rJlEdhxA+6wcx2R9hSBj +wcnuZj6rOH8hJy8+j0OydYnawqTuAJ7JBsh6P3UrQdxUC7f2M9ytzCXDllnAg8fO +TnKL1kzHmNmSydvXW7qL4VsKy7L7CL7RKH+qovOsTssiQHyhLtQTvLbRWc7oVcPm +Uzj2nQsuWiG4AFOp7gsenfYm9BNy2nP1lAZo/PFbSBBGd1oKKdHmEpY3+nQ0jE8E +KUMjUoN0KUb0SOnCd4cuBeE8RXH8PW1MucOj3dMs4dAgNrZpwZHbZeKM/6E3XERt +NkMKowECgYEA/Gb/ZhLN3RtBHIjIxI+XYdHSL00yDbnCxbkIhWeVCoz1xssh/G15 +/i2M0GC9wPisuw0pYN7snmgET+kH8g0TqFDrorscaoUbeLxsWcQOe/S85d6z1yJn +O8V8v2ohnZH6wcSg8yJPfUJviJTeiSNXZDy6fP6TyfNTkn4293971h0CgYEA8cGB +M/sy0Uxs+lnuAHY/PtQQ78JsC4l6tgvaSoHCTVVIJFI9cku5vXLB/5fQAsA3AZtp +bcPAzg37N8BAaIxX71A5WjxFxiJfuM/AAdy3PWLQZLDiN4/Bl5jxhUJ1DVCTp32R +V+Rhzp/YT9ibF20EAf2z53yR89/An3xOjav+EkECgYAij7/9LCoAUtERpTFIqRjj +jiWn0HxAIOWoyXN/QPXJog+tjvcyZ5NC2N3lUrnpCKQuYNj/qMbh0gB1KMWrwVql +u57og5Kai2t9lt+HUy9gjdyn5Vze4pkcOCii1VeRCgI6MkCPymz0C/rVyvzF7o7y +7NXkc7+s8aLJ9np0XYKJiQKBgQC8OS1wHEbff8JlVLkh8O6i6xdYpKXcgahhrm7B +ja+K6Dgn10PyBhVR89QpPLh+O8tX2/lEtaEajPYn3O4IuCQKtgpBQCYO8lpWmKFk +kcS07YdUrgcivTE75587Ypehyzd6syADL1QbPIZ8/CccIQt6xV1ZgLpeBrqBMZYz +ZVKGQQKBgDN/VrGz2U5pITPTxVq9QMP45Kx2Bqn1FgKC8lWk/JsNr92fd86zhgjL +zw1pjk48Txei6v6ztGndtYxtsb/VkpzZOCinTqzqvV4J7B0y3PhFuZqr9CctsKgN +avByESxil/TCwQ0SjUD5ecZGUW9Kw1V5+CqR7wYwO/qs7WQM4kmo +-----END RSA PRIVATE KEY----- diff --git a/integration/ssl/generate_keys.sh b/integration/ssl/generate_keys.sh new file mode 100755 index 000000000..9219d3ca3 --- /dev/null +++ b/integration/ssl/generate_keys.sh @@ -0,0 +1,22 @@ +#!/bin/bash +# regenerate Cryptographic pairs: CA, client, server +set -Eeuo pipefail + +rm -rf ca client server +mkdir ca client server + +# CA +openssl genrsa -out ca/key.pem 2048 +openssl req -x509 -new -nodes -key ca/key.pem -sha256 -days 1024 -out ca/cert.pem -subj "/C=US/ST=Denial/L=Springfield/O=Dis/CN=myCA" + +# Client +openssl genrsa -out client/key.pem 2048 +openssl req -new -key client/key.pem -sha256 -out client/csr.pem -subj "/C=US/ST=Denial/L=Springfield/O=Dis/CN=client" +openssl x509 -req -in client/csr.pem -CA ca/cert.pem -CAkey ca/key.pem -CAcreateserial -out client/cert.pem -days 825 -sha256 + +# Server +openssl genrsa -out server/key.pem 2048 +openssl req -x509 -new -nodes -key server/key.pem -sha256 -days 1024 -out server/cert.selfsigned.pem -subj "/C=US/ST=Denial/L=Springfield/O=Dis/CN=localhost" +openssl req -new -key server/key.pem -sha256 -out server/csr.pem -subj "/C=US/ST=Denial/L=Springfield/O=Dis/CN=localhost" +openssl x509 -req -in server/csr.pem -CA ca/cert.pem -CAkey ca/key.pem -CAcreateserial -out server/cert.pem -days 825 -sha256 + diff --git a/integration/ssl/key.pem b/integration/ssl/key.pem deleted file mode 100644 index 1dd657174..000000000 --- a/integration/ssl/key.pem +++ /dev/null @@ -1,52 +0,0 @@ ------BEGIN PRIVATE KEY----- -MIIJQwIBADANBgkqhkiG9w0BAQEFAASCCS0wggkpAgEAAoICAQDP9fuLxjby7axH -mFD+gUdTo2P9sIglg1q2zkGaK+JngGiaRUX397cFCqhj5Wr8ApLXkP15q3DBDEWr -RM6gN0NKuK10RN1dnUXK8gq+EMtJcqUB4qUUwhZZ0Zsn574EvxVnEzclNilvJPrz -EOSz8CHInmsVxKVcyOdHsqZj+O8iIvDa1IYFJRvkzVKrzyT57vkUVkODUe2wgvgm -P0K/H7bivxesyXodeviiGYBxICGvYdykJGWWcXJQSPccsO045pxzhVRNFiovr9Rz -lXnmTNZD5X4IBesZ7em1sztLvczSqU9/NYVXfYY3v4FCDqIhpAoCSbQw2+zvHsFV -j80O2zdeSgQgqv8PS3sXsvbT+XF2/GOGiVASWQD4Otawv8kPwuRNnYETyrvETwco -uPzU9jxOUozc9GJPuSPv7OhpcP4gTmsVD8cPWw9i6d4BHPLvtoDxeiV9lKT8auVI -Bv1HOk0ORkLDh54HuqY7nf6n0aR+zuec5pDf15q2vpg9dYpBlkPhoyHXLFQgOJxo -B/jyca2jheb9A07y+2lQHDFP60l1id0+8cvusCDpSjTgxrw4P176e90q09gowkv/ -+TgcJHSV+BBmQzlWF/O4/iPkE8Gu3JCGaOb6iP127X5ncFD6GvG29xuU9RAbaZt7 -blu904FEv9GRsGJYc8lek+J22sY8MQIDAQABAoICABPSp7qoFz7KxvxAGaBY5Fql -nXdmJ2QkBDaerIQsoLUq+U2TQtsjIq/5VxnGmY8SE7s2l+LMI8BTEiUENwnwmpp5 -xhbqJYux3SA+OCXr5eTHZ9EpMIEtCwJex4JjRaqgKEMeAsiqRALTLJSUzKgWQLIl -36FAkF6qy9j6v3+SEAFaAUlqrqe45NLHe5Ti9uxYCigVHPRcj+KeaVcD+rHLLRyq -CHCw99HtkdupwKOH444bLvP6gDB5+eKLQfrbJpGg8dLVJ7b9YOIQyZiG7Aq20knA -i2XqYoGjOv7V6dYLboW6G9jNWjt/vJZ9y61nRa8dOtMDAYkSvaABd35Xab17yegn -wJyGNS/nNf/rdpgOVJDNtni60Q3cHWgHEWnMpMm18xjd0t9lIRKwkd2s7Yjdnd5/ -me8z45LSQEb3L4Q1xYK4OZfp1H2gPC24WRnIg7O+gZIciwcVGJxE/GulwA0CXYT9 -vT+uzPHRQ7RiwEE1l3sFBX4DRj2GLUlOCKRNGviGgbPVsUyJfHWIAXwU0/Bl5BmW -q5u3mB/PoZYNI5FBX67+kdtaTiyRLJ7b5VFtyJxm7mhGoqtNIWGP4IZAjFlrOORB -knLHGzht2Ff+TDCGGtuRBpN66cVgNTOX23jlcOQhHqKtADjHZbhB2hoiR056bPOQ -FDuZqwV+FfVD19EYnAStAoIBAQD/fHVxT06ELyVeULrTNxQt1ezyc70D/J5HxaL5 -1NNK4fMxRNgCVu9XzKxi4Ivq0LoqWIfgWm1+G70k3FC6Vvbash3LeEP/4hTKXFqm -uS+RE1T7YyR65m7IqvD/1oPigofUEGmVFqPpr70IDKPaWwytx2JoAgTQWs3YF9Z3 -vogD24+GmhheYLGfV2ls6MlRXj1AHuyO9nVQOl3kU7dWlbTRtr0h8iTXLV7Ykckp -D6+8RaJw1vnvIhF6RtxuQkCQa1chlwxQ8OCxa1J73GQMsFURN0a5ViDZhe9MS2zT -y1PXigVn/V1HNdIEWYvZWM+EruJrx+M90vEj7b4rUXZj6HujAoIBAQDQYQ3+ZpmL -benUMo4mPlsCYZHVE6DPShfJ8ikat4fh05patOjhfseJ/q+xPZw6Jd4bJ7f4LH2M -/MGTnU/xOXBwjeP9MQZBU6n6WGDaZqdYT+AwW/8FrUksV5LPbnJEocbbA0oWEtGC -oRtv7lQ14CTctbiOsZLYlOHBvrf6Qqm785i+hHUhwSY1pbP4C4/JiSlDZYiEQJVI -cnPjoIUorqf/iwiL4oW5mB0hRMjjyd35NdD46dXtP4IlTocz0B3mo26u29omKdMo -ySepKVis0J3IzVLNonWyJd2Px7RLOiQ7/1OmB6WPq9R1BR9jxt1acUNDsf+CZNGw -1pzZ9CzT7SYbAoIBAQCCV2GnRDmfcFoVKwSVW0U9OSWgb/GfhhLONQM3iB+f1XR3 -z1KQpv+GgJH2A+7+BizkC7SOfjPcIZS2qHu7BUD9Q9+1fY7bjeDjeIh7BIFC92Tk -t6jV1pfwYl1/eFZiigt34kOrXxiS0SiUYbZ6YPcv9Ue8HkOMdLcNpuOwxZCovywT -FKyYAaa8zyCnAoAqtfRzsRMowI4LNyvNn/QqBUhxsVP+bIXlDW2U+ZNyEmGqoLAF -93cdS/k0s9AjpENCKrESHviWlr1bZpB3RnH4k0Fi/htj1I//ybfS6awExXfpv62Q -Zw9elBOoSnLxmMCORZaYPCsv0F1b4h+iA/ZtdB8XAoIBAHxnVQlqi4SYTB8pR4BB -fegABCZnn3vhyi4AatXOeEs0H1TD6LynCc2yxYVVOO3mKaGgps59ET+YrqDILC/h -kOVBcLl6CTf7EOGq3bfFzWaF2VxFsAzdlW/poHZCg+nBg4zBe/uNpJMOR+kdKh04 -AgnaW6KlFPxEdjtK919raRYSqkAjqCJMw9kHYlhV3rP9NStNdKEwRW+JFPLypEzT -aOzBPor0480XqVxxSlXj8KeVn3rbb6JCZhqLtWATgaZuL+gozSY3lh8laI4vZwdV -TL3TBvpJYWbIAGyUV2kJ/xPqrS/UJN2PQjnSoxjYYtJaCERkAh0Av8eJeP8OLa0g -Sb0CggEBALGf5fIghg96TklgUpy0nbUGLK3Dv2ESiRaaZGRshbXV+IR7rkmLHABp -znBCirS3iHi8cjS59KLBUspIh1kEad562La/Y/kDyNbBe4kzfz5nw4AohD9+2X/1 -QO2CxCwc/7FRfZVX3sBVeZ3rbQIwpURYvhaJ4Lqz5fPT/uTdZ6faCgshp+Lqpqcv -sNnqNtqW44Lao/+3QguCO5uW0ctG3mBK0gzNXtHS4GVNgEaF3W6sIz4ZX88KQPm9 -MR+BiwSkXNr4xcZcGukQTSyU3eYLyGB3heOyNH4vFtJm23VcmiHbZFwm/6Ktrd98 -RwTtQL6NJQXmQPjs6m6BotLyfNkXI34= ------END PRIVATE KEY----- diff --git a/integration/ssl/options.curl b/integration/ssl/options.curl index 0d8fb32a3..5392de09b 100644 --- a/integration/ssl/options.curl +++ b/integration/ssl/options.curl @@ -1,4 +1,4 @@ curl --insecure 'https://localhost:8001/hello' curl --insecure 'https://localhost:8001/hello' -curl --cacert ssl/cert.pem 'https://localhost:8001/hello' +curl --cacert ssl/server/cert.selfsigned.pem 'https://localhost:8001/hello' diff --git a/integration/ssl/options.hurl b/integration/ssl/options.hurl index 8d200246f..76dfa0278 100644 --- a/integration/ssl/options.hurl +++ b/integration/ssl/options.hurl @@ -18,7 +18,7 @@ HTTP 200 GET https://localhost:8001/hello [Options] -cacert: ssl/cert.pem # with a custom certificate +cacert: ssl/server/cert.selfsigned.pem # with a custom certificate HTTP 200 `Hello World!` diff --git a/integration/ssl/server.py b/integration/ssl/server.py index 69760198f..57501e12d 100755 --- a/integration/ssl/server.py +++ b/integration/ssl/server.py @@ -1,15 +1,61 @@ -#!/usr/bin/python -from flask import Flask -import os +#!/usr/bin/env python +# usage: ./server.py +# Start the server with or without client certificate authentication +import flask +import sys +import ssl -app = Flask(__name__) +app1 = flask.Flask("SSL Server") -@app.route("/hello") +@app1.route("/hello") def hello(): return "Hello World!" +def start_server(port, cert_file, use_client_certificate_authentication): + ssl_context = get_ssl_context(cert_file, use_client_certificate_authentication) + app1.run(port=port, ssl_context=ssl_context) + + +def get_ssl_context(cert_file, use_client_certificate_authentication): + ssl_context = ssl.SSLContext(ssl.PROTOCOL_TLSv1_2) + if use_client_certificate_authentication: + ssl_context.verify_mode = ssl.CERT_REQUIRED + ssl_context.load_verify_locations("ssl/ca/cert.pem") + ssl_context.load_cert_chain(cert_file, "ssl/server/key.pem") + return ssl_context + + +def print_usage_and_exit(): + print( + "usage: ./server.py " + ) + sys.exit(1) + + +def main(): + if len(sys.argv) < 4: + print_usage_and_exit() + + port = int(sys.argv[1]) + cert_file = sys.argv[2] + if sys.argv[3] == "true": + use_client_certificate_authentication = True + elif sys.argv[3] == "false": + use_client_certificate_authentication = False + else: + print_usage_and_exit() + + print("Starting SSL Server") + print(" port: " + str(port)) + print(" cert file: " + cert_file) + print( + " using client Certificate Authentication: " + + ("yes" if use_client_certificate_authentication else "no") + ) + start_server(port, cert_file, use_client_certificate_authentication) + + if __name__ == "__main__": - ssl_dir = os.path.dirname(os.path.realpath(__file__)) - app.run(port=8001, ssl_context=(ssl_dir + "/cert.pem", ssl_dir + "/key.pem")) + main() diff --git a/integration/ssl/server/cert.pem b/integration/ssl/server/cert.pem new file mode 100644 index 000000000..cec25dbf1 --- /dev/null +++ b/integration/ssl/server/cert.pem @@ -0,0 +1,20 @@ +-----BEGIN CERTIFICATE----- +MIIDLjCCAhYCFD4ju4ch+BCFNsJyyWQ01hXRjGkVMA0GCSqGSIb3DQEBCwUAMFEx +CzAJBgNVBAYTAlVTMQ8wDQYDVQQIDAZEZW5pYWwxFDASBgNVBAcMC1NwcmluZ2Zp +ZWxkMQwwCgYDVQQKDANEaXMxDTALBgNVBAMMBG15Q0EwHhcNMjIxMjExMTA0ODAw +WhcNMjUwMzE1MTA0ODAwWjBWMQswCQYDVQQGEwJVUzEPMA0GA1UECAwGRGVuaWFs +MRQwEgYDVQQHDAtTcHJpbmdmaWVsZDEMMAoGA1UECgwDRGlzMRIwEAYDVQQDDAls +b2NhbGhvc3QwggEiMA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQDYCR1NeBWB +ToW5CNCNhgsnitWGFkeQL3j5fCgMrblHTu2EI2MTQXDyzzJEDPYDBxAfQYYevl8k +76ioPe1UMkeG3NooJR5sCDBScAUiITruqmKv+QRiH4fhcOGs2+LyChzVdvmB+BRw +PTnogx9QO614BRy+mznrNvczjuxbz9Y8ChEl5/ELvtS1xyAOucgjFPqElIG/nzMr +bVaznRfwRVleeU7E0atINk82e/r5Rp0/yzOuNu5jDux3MiY6MwFccXv7B3u3/afS +Kin6d3SLhK3aV440seZOw1Ejg+FbL5/kwuvv67FkHyAE38pu0TQCHLZFWUs8O9ye +EWQZUWDMkS8xAgMBAAEwDQYJKoZIhvcNAQELBQADggEBAAQieTINj9BBENHmpOR1 +Vjec1vQPpG5+l3+OCBn4SvH6MYJN4fWc3jJT++wvmA+f8/bPWatrjxctp0r3w6He +HREzZj1TsKTNogPJu3hp/VBeDFjN6vkB8W0tVI63lFmUAZ1g4HKTU6vtMkrVxtPg +aPIzmVfLnInohu0d+ifjRhWJRFrjBeSN9mVhf8JZMU54btCKFYOLveQXqNBF178M +QE5Jl8PZXo/oo/2yO21L1CKgIzKPoZnfB2/nfVDFeRi4UExmwC5MnTUl4Zx6H2HK +WyXdVCdhqOMzEoqP6IV1env1oUXNVg9aGr/YZdEUuz4phHgi8AjYjUl+BV0JiE4n +NWM= +-----END CERTIFICATE----- diff --git a/integration/ssl/server/cert.selfsigned.pem b/integration/ssl/server/cert.selfsigned.pem new file mode 100644 index 000000000..287601d08 --- /dev/null +++ b/integration/ssl/server/cert.selfsigned.pem @@ -0,0 +1,22 @@ +-----BEGIN CERTIFICATE----- +MIIDjTCCAnWgAwIBAgIUHuixfxtk2Naz3ocBA9Kk9TNTWrAwDQYJKoZIhvcNAQEL +BQAwVjELMAkGA1UEBhMCVVMxDzANBgNVBAgMBkRlbmlhbDEUMBIGA1UEBwwLU3By +aW5nZmllbGQxDDAKBgNVBAoMA0RpczESMBAGA1UEAwwJbG9jYWxob3N0MB4XDTIz +MDExMDA4Mjk1MloXDTI1MTAzMDA4Mjk1MlowVjELMAkGA1UEBhMCVVMxDzANBgNV +BAgMBkRlbmlhbDEUMBIGA1UEBwwLU3ByaW5nZmllbGQxDDAKBgNVBAoMA0RpczES +MBAGA1UEAwwJbG9jYWxob3N0MIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKC +AQEA2AkdTXgVgU6FuQjQjYYLJ4rVhhZHkC94+XwoDK25R07thCNjE0Fw8s8yRAz2 +AwcQH0GGHr5fJO+oqD3tVDJHhtzaKCUebAgwUnAFIiE67qpir/kEYh+H4XDhrNvi +8goc1Xb5gfgUcD056IMfUDuteAUcvps56zb3M47sW8/WPAoRJefxC77UtccgDrnI +IxT6hJSBv58zK21Ws50X8EVZXnlOxNGrSDZPNnv6+UadP8szrjbuYw7sdzImOjMB +XHF7+wd7t/2n0iop+nd0i4St2leONLHmTsNRI4PhWy+f5MLr7+uxZB8gBN/KbtE0 +Ahy2RVlLPDvcnhFkGVFgzJEvMQIDAQABo1MwUTAdBgNVHQ4EFgQUM24E9nTNu0Gr +9MMcwDDQT2staXAwHwYDVR0jBBgwFoAUM24E9nTNu0Gr9MMcwDDQT2staXAwDwYD +VR0TAQH/BAUwAwEB/zANBgkqhkiG9w0BAQsFAAOCAQEATncyirLM2hRDdogwlY1m +4cj5juYMZb3OoLW3PvMr3xHmD7x4mh1RtYEysw+ue5XNkmxR6lZOOEXfa5WKLtjY +o0SeXHNFryaOgsqzjUheieMJqYdpYGhdho9KqshZEACQeSEuzu9fH6lrzJei1nzB +rF6PfR7nvQBZCtNhuCP4Wbu/8cM9QScZAT/MiQ6p7uGx8j49/givi1rKtB0d4UW6 +iZFDoLuG4aAlWiqoZ+M1rv/1tXVqtZXwfxehkfDzOGoNcjhDpPIoEXK32VX6C7D0 +xeBlgImjzDTo/kOaDOMOTIYvrotu2q8HiRMrMGkFWirLjzRT+5X6GLI1kzsBp8pw +6Q== +-----END CERTIFICATE----- diff --git a/integration/ssl/server/csr.pem b/integration/ssl/server/csr.pem new file mode 100644 index 000000000..482bf2b82 --- /dev/null +++ b/integration/ssl/server/csr.pem @@ -0,0 +1,16 @@ +-----BEGIN CERTIFICATE REQUEST----- +MIICmzCCAYMCAQAwVjELMAkGA1UEBhMCVVMxDzANBgNVBAgMBkRlbmlhbDEUMBIG +A1UEBwwLU3ByaW5nZmllbGQxDDAKBgNVBAoMA0RpczESMBAGA1UEAwwJbG9jYWxo +b3N0MIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA2AkdTXgVgU6FuQjQ +jYYLJ4rVhhZHkC94+XwoDK25R07thCNjE0Fw8s8yRAz2AwcQH0GGHr5fJO+oqD3t +VDJHhtzaKCUebAgwUnAFIiE67qpir/kEYh+H4XDhrNvi8goc1Xb5gfgUcD056IMf +UDuteAUcvps56zb3M47sW8/WPAoRJefxC77UtccgDrnIIxT6hJSBv58zK21Ws50X +8EVZXnlOxNGrSDZPNnv6+UadP8szrjbuYw7sdzImOjMBXHF7+wd7t/2n0iop+nd0 +i4St2leONLHmTsNRI4PhWy+f5MLr7+uxZB8gBN/KbtE0Ahy2RVlLPDvcnhFkGVFg +zJEvMQIDAQABoAAwDQYJKoZIhvcNAQELBQADggEBAE9eYEGSUA9FanlRtLKKAnWe +3fVp7jiiBm+6FX8o+IGw9cVjcJp2kBpAk/6PqUn+UAsojBJDOpQ6qDeGFfQ2zd8p +bUOoxXeecGBARdjoRAC4spEHNlsXI5Di1iEuIOGT+6wueh/sVjrOc7wV5nwGxQzx +3hCCeU0hKiDbIIjaIPY8kj6BEbbkr+3gjaeSuczP4hFe/76SuswZNPDcZ8JB3xys +mMqFkyjwH5OsmA/a4YGv7IvkmdGyrV0mOhq7hfCCID+trEzJ1LMGJlxzSer+Kus5 +DpsBhvD6vGIs3P9LWa+xY2lhPAksxxo6QvVKmZ5FqWZnNnB6thVpPeN1cLog1ik= +-----END CERTIFICATE REQUEST----- diff --git a/integration/ssl/server/key.pem b/integration/ssl/server/key.pem new file mode 100644 index 000000000..ecd5450ea --- /dev/null +++ b/integration/ssl/server/key.pem @@ -0,0 +1,27 @@ +-----BEGIN RSA PRIVATE KEY----- +MIIEowIBAAKCAQEA2AkdTXgVgU6FuQjQjYYLJ4rVhhZHkC94+XwoDK25R07thCNj +E0Fw8s8yRAz2AwcQH0GGHr5fJO+oqD3tVDJHhtzaKCUebAgwUnAFIiE67qpir/kE +Yh+H4XDhrNvi8goc1Xb5gfgUcD056IMfUDuteAUcvps56zb3M47sW8/WPAoRJefx +C77UtccgDrnIIxT6hJSBv58zK21Ws50X8EVZXnlOxNGrSDZPNnv6+UadP8szrjbu +Yw7sdzImOjMBXHF7+wd7t/2n0iop+nd0i4St2leONLHmTsNRI4PhWy+f5MLr7+ux +ZB8gBN/KbtE0Ahy2RVlLPDvcnhFkGVFgzJEvMQIDAQABAoIBAQCNT0jvh4Dpl+c4 +ZV+lcuyQ7OtGTgR5d9P1vRSlVm0/C42pRUxlKAUtjgIfKSsyR8hv6XhFW9j4XBtC +EV/QFyNaP9QjNkRz/dc91TBGZt4ZhzIOUSBg3qcO+7tiSmJkV+EMcEo8jX0w/ZuH +T12IKcEKJK3sr7Ru+wEvpGlOlOBZXDgOM7MreNfoilIl09i52syp5ZD8MvBs80gG +Y4dZ8C7JpcZYndHZi42e/8EdbzVhbAY21JSzoA0YM3+n/VyyGCrgeU6baTBdjbwK +UqDHclW6Y+XeO1D3j9FiVDLfmXGPXl92iwb18yQDMQLR138U+tDJbHAcsO2Z+k2y +pj5HNwlRAoGBAPtI4+DRcyoDyxdFQEv051F6TvqarXjZz58cYuaFpqP/oJuZX469 +a9a29M6WiP4+pS3CI9l2LJv4xj5DrNA8pU5UsXQsXKaerMix2/hFeJGeozqbZmsv +G5cQ71WxG176KfZ04EIPun0aBRYWQ6sOhsyoO2usUin8LoQVva4dlIqvAoGBANwW +5W6ECRi8VplN3q4kdYWorcE6RqrRDnWUh900foEL4fG9d7vyHnCBKwP8Nu2Eqdv1 +hGfidvXvhjT0aoCf1AgMHmCqIlsMeCOhVSqpiwpQPN1eMM27ifUoKjdR0E+sg80/ +vdcK2wKScP3CJQvmE/SHXzg/t5GOFZDYiExXetwfAoGAbra3yFcgIZPYSGF3qb+2 +p1x3Lc02vzdgVd9A6AZc3IcFcWkLBC4LNGgZxmfm5fYd+uI9v1Nk5jeeyNIycvE1 +eCSyptfg3nys7iQHIgUh0S8PBgRwBKuVwWJxwNSulZMtJ+xo3lJlvTbYpNmcaOKW +m9dHjvI2pU76A7I8h1l7F/sCgYBsJUgJnRGHOQxoei4AbePdkHwIpaURzHYJarm0 +BVZf/MHCcnJCRP+WErJbW/R1k6mPbr3n+gywXkkY/jzTBTY/2gyXPSJykNb70wux +UewDXlf6Ao2CmjN45oqP8kCk1cVR9o9G+ouRYPnqhxqDFUQa9OXiEtUVzbZlHTEk +KhwxywKBgDKbKURM8kFJupnlJYro3KLTZg7GgFZCeY2+lK3ZbXPHViaISxuw5M5x +K9Lii0bAlgjYsLmtDbdKSPeZwDGVN9pv7k1B7zqvGwfx+fX/az8TxmUnY/BsLOPi +D0eo7ZsD7RG2a2BVng14LtiLtm+OHxBw0nqZ68FHhXhIM/KOze7v +-----END RSA PRIVATE KEY----- diff --git a/integration/test_hurl.py b/integration/test_hurl.py index 9439195ca..8044c5960 100755 --- a/integration/test_hurl.py +++ b/integration/test_hurl.py @@ -54,6 +54,12 @@ def test(hurl_file: str): else: curl_file = hurl_file.replace(".hurl", ".curl") + os_allow_failure_file = hurl_file.replace(".hurl", "." + get_os() + ".allowfailure") + if os.path.exists(os_allow_failure_file): + allow_failure_file = os_allow_failure_file + else: + allow_failure_file = hurl_file.replace(".hurl", ".allowfailure") + profile_file = hurl_file.replace(".hurl", ".profile") options = [] @@ -91,7 +97,11 @@ def test(hurl_file: str): stderr = decode_string(result.stderr).strip() if stderr != "": print(stderr) - sys.exit(1) + if os.path.exists(allow_failure_file): + print(">>> allow failure") + sys.exit(0) + else: + sys.exit(1) # stdout f = hurl_file.replace(".hurl", ".out") diff --git a/packages/hurl/tests/cert.pem b/packages/hurl/tests/cert.pem deleted file mode 100644 index 285813311..000000000 --- a/packages/hurl/tests/cert.pem +++ /dev/null @@ -1,30 +0,0 @@ ------BEGIN CERTIFICATE----- -MIIFJDCCAwwCCQCd0fJr/BSNeTANBgkqhkiG9w0BAQsFADBUMQswCQYDVQQGEwJV -UzEPMA0GA1UECAwGT3JlZ29uMREwDwYDVQQHDAhQb3J0bGFuZDENMAsGA1UECgwE -SHVybDESMBAGA1UEAwwJbG9jYWxob3N0MB4XDTIyMTAxOTE1MjI0MFoXDTIzMTAx -OTE1MjI0MFowVDELMAkGA1UEBhMCVVMxDzANBgNVBAgMBk9yZWdvbjERMA8GA1UE -BwwIUG9ydGxhbmQxDTALBgNVBAoMBEh1cmwxEjAQBgNVBAMMCWxvY2FsaG9zdDCC -AiIwDQYJKoZIhvcNAQEBBQADggIPADCCAgoCggIBAM/1+4vGNvLtrEeYUP6BR1Oj -Y/2wiCWDWrbOQZor4meAaJpFRff3twUKqGPlavwCkteQ/XmrcMEMRatEzqA3Q0q4 -rXRE3V2dRcryCr4Qy0lypQHipRTCFlnRmyfnvgS/FWcTNyU2KW8k+vMQ5LPwIcie -axXEpVzI50eypmP47yIi8NrUhgUlG+TNUqvPJPnu+RRWQ4NR7bCC+CY/Qr8ftuK/ -F6zJeh16+KIZgHEgIa9h3KQkZZZxclBI9xyw7TjmnHOFVE0WKi+v1HOVeeZM1kPl -fggF6xnt6bWzO0u9zNKpT381hVd9hje/gUIOoiGkCgJJtDDb7O8ewVWPzQ7bN15K -BCCq/w9Lexey9tP5cXb8Y4aJUBJZAPg61rC/yQ/C5E2dgRPKu8RPByi4/NT2PE5S -jNz0Yk+5I+/s6Glw/iBOaxUPxw9bD2Lp3gEc8u+2gPF6JX2UpPxq5UgG/Uc6TQ5G -QsOHnge6pjud/qfRpH7O55zmkN/Xmra+mD11ikGWQ+GjIdcsVCA4nGgH+PJxraOF -5v0DTvL7aVAcMU/rSXWJ3T7xy+6wIOlKNODGvDg/Xvp73SrT2CjCS//5OBwkdJX4 -EGZDOVYX87j+I+QTwa7ckIZo5vqI/XbtfmdwUPoa8bb3G5T1EBtpm3tuW73TgUS/ -0ZGwYlhzyV6T4nbaxjwxAgMBAAEwDQYJKoZIhvcNAQELBQADggIBACi3NM5G274m -BkFBSh2NhKGq+mJk9OJIMCd4Wfc9kZXzo8Hbtx8SxsiW5fvLwCBxYDVJZrtfiG5P -E9mkldZeVdDyf5dNSwAeoBbkxLSjjmuuit9/xYkrWqe3d5FuvkZHy3PZMc05PONm -f5qkd6u/K31Xtg+9R0X11sonu8jIExJ1HTKyJc2QIU7+Ql1ruFQ5zGRbp8lj6O13 -ecYuL1kG7On5wjK8th/XI7W40Z6vImqsWrFXvp+iWf46/aL4igI3q3+2Lihe9/30 -4Y/41jm5vwMnS18IRG5q8GMnV284/AlIlYzcSPwMSSgqQ5wCbNy/3u+hgHSQKykh -m139bcVubpBJThpVrdSgXGyMiOZ7XaUa053+T80LvNu8ztuij4TCVeBViBRdyyT4 -FW3lPT53F0khKACxpyeZYCrIf9KphUfzKulwa6Eb9zRWFJ3PlCgiA4DKzTbjxW5N -mxkogznqaf3+Osk7X20oDbp3AK5kL328qbLJyxqvWhsendWMI4aICc7zgE8gUrTh -gP4SAv6iZ569DfmpN8BZ7S7vZpI7bog245JMZYu0Tm7BAplK90SmJzcfFmWK7D9H -zNPEp9hJi1r/gEux474ClWEBIS/kNout22cfrzzNgfArdHMb0qA0hA7JcofF4nO6 -ZFsWddV8b4a7jjfZ5ZkIDOwDfweoxi/E ------END CERTIFICATE----- diff --git a/packages/hurl/tests/libcurl.rs b/packages/hurl/tests/libcurl.rs index 67f6018c2..b635a3682 100644 --- a/packages/hurl/tests/libcurl.rs +++ b/packages/hurl/tests/libcurl.rs @@ -684,7 +684,7 @@ fn test_basic_authentication() { #[test] fn test_cacert() { let options = ClientOptions { - cacert_file: Some("tests/cert.pem".to_string()), + cacert_file: Some("tests/server_cert_selfsigned.pem".to_string()), ..Default::default() }; let mut client = Client::new(None); @@ -808,14 +808,16 @@ fn test_error_ssl() { // libcurl with openssl3 feature builded by vcpkg on x64-windows exists with 35 assert_eq!(code, 60); let descriptions = [ + // Windows 2000 github runner messages: "schannel: SEC_E_UNTRUSTED_ROOT (0x80090325) - The certificate chain was issued by an authority that is not trusted.".to_string(), // Windows 10 Enterprise 2009 10.0.19041.1806 "schannel: SEC_E_UNTRUSTED_ROOT (0x80090325)".to_string(), // Unix-like, before OpenSSL 3.0.0 - "SSL certificate problem: self signed certificate".to_string(), + "SSL certificate problem: self signed certificate in certificate chain".to_string(), // Unix-like, after OpenSSL 3.0.0 "SSL certificate problem: self-signed certificate".to_string(), + "SSL certificate problem: self signed certificate".to_string(), ]; assert!( descriptions.contains(&description), diff --git a/packages/hurl/tests/server_cert_selfsigned.pem b/packages/hurl/tests/server_cert_selfsigned.pem new file mode 100644 index 000000000..287601d08 --- /dev/null +++ b/packages/hurl/tests/server_cert_selfsigned.pem @@ -0,0 +1,22 @@ +-----BEGIN CERTIFICATE----- +MIIDjTCCAnWgAwIBAgIUHuixfxtk2Naz3ocBA9Kk9TNTWrAwDQYJKoZIhvcNAQEL +BQAwVjELMAkGA1UEBhMCVVMxDzANBgNVBAgMBkRlbmlhbDEUMBIGA1UEBwwLU3By +aW5nZmllbGQxDDAKBgNVBAoMA0RpczESMBAGA1UEAwwJbG9jYWxob3N0MB4XDTIz +MDExMDA4Mjk1MloXDTI1MTAzMDA4Mjk1MlowVjELMAkGA1UEBhMCVVMxDzANBgNV +BAgMBkRlbmlhbDEUMBIGA1UEBwwLU3ByaW5nZmllbGQxDDAKBgNVBAoMA0RpczES +MBAGA1UEAwwJbG9jYWxob3N0MIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKC +AQEA2AkdTXgVgU6FuQjQjYYLJ4rVhhZHkC94+XwoDK25R07thCNjE0Fw8s8yRAz2 +AwcQH0GGHr5fJO+oqD3tVDJHhtzaKCUebAgwUnAFIiE67qpir/kEYh+H4XDhrNvi +8goc1Xb5gfgUcD056IMfUDuteAUcvps56zb3M47sW8/WPAoRJefxC77UtccgDrnI +IxT6hJSBv58zK21Ws50X8EVZXnlOxNGrSDZPNnv6+UadP8szrjbuYw7sdzImOjMB +XHF7+wd7t/2n0iop+nd0i4St2leONLHmTsNRI4PhWy+f5MLr7+uxZB8gBN/KbtE0 +Ahy2RVlLPDvcnhFkGVFgzJEvMQIDAQABo1MwUTAdBgNVHQ4EFgQUM24E9nTNu0Gr +9MMcwDDQT2staXAwHwYDVR0jBBgwFoAUM24E9nTNu0Gr9MMcwDDQT2staXAwDwYD +VR0TAQH/BAUwAwEB/zANBgkqhkiG9w0BAQsFAAOCAQEATncyirLM2hRDdogwlY1m +4cj5juYMZb3OoLW3PvMr3xHmD7x4mh1RtYEysw+ue5XNkmxR6lZOOEXfa5WKLtjY +o0SeXHNFryaOgsqzjUheieMJqYdpYGhdho9KqshZEACQeSEuzu9fH6lrzJei1nzB +rF6PfR7nvQBZCtNhuCP4Wbu/8cM9QScZAT/MiQ6p7uGx8j49/givi1rKtB0d4UW6 +iZFDoLuG4aAlWiqoZ+M1rv/1tXVqtZXwfxehkfDzOGoNcjhDpPIoEXK32VX6C7D0 +xeBlgImjzDTo/kOaDOMOTIYvrotu2q8HiRMrMGkFWirLjzRT+5X6GLI1kzsBp8pw +6Q== +-----END CERTIFICATE-----