Reorg ssl tests certs

This commit is contained in:
fpinto 2024-10-03 15:25:25 +02:00
parent 3a0033cf51
commit edcb67734b
No known key found for this signature in database
GPG Key ID: F4F06B068FB00692
36 changed files with 49 additions and 49 deletions

View File

@ -19,17 +19,17 @@ if ($LASTEXITCODE) { Throw }
sleep 5 sleep 5
if (netstat -ano | Select-String LISTENING | Select-string 127.0.0.1:8000) {write-host -foregroundcolor Green "server is up"} else {write-host -foregroundcolor Red "server is down" ; cat build\server.log ; exit 1} if (netstat -ano | Select-String LISTENING | Select-string 127.0.0.1:8000) {write-host -foregroundcolor Green "server is up"} else {write-host -foregroundcolor Red "server is down" ; cat build\server.log ; exit 1}
python tests_ssl/ssl_server.py 8001 tests_ssl/server/cert.selfsigned.pem false 2>&1 > build\server-ssl-selfsigned.log & python tests_ssl/ssl_server.py 8001 tests_ssl/certs/server/cert.selfsigned.pem false 2>&1 > build\server-ssl-selfsigned.log &
if ($LASTEXITCODE) { Throw } if ($LASTEXITCODE) { Throw }
sleep 5 sleep 5
if (netstat -ano | Select-String LISTENING | Select-string 127.0.0.1:8001) {write-host -foregroundcolor Green "server-ssl-selfsigned up"} else {write-host -foregroundcolor Red "server-ssl-selfsigned is down" ; cat build\server-ssl-selfsigned.log ; exit 1} if (netstat -ano | Select-String LISTENING | Select-string 127.0.0.1:8001) {write-host -foregroundcolor Green "server-ssl-selfsigned up"} else {write-host -foregroundcolor Red "server-ssl-selfsigned is down" ; cat build\server-ssl-selfsigned.log ; exit 1}
python tests_ssl/ssl_server.py 8002 tests_ssl/server/cert.pem false 2>&1 > build\server-ssl-signedbyca.log & python tests_ssl/ssl_server.py 8002 tests_ssl/certs/server/cert.pem false 2>&1 > build\server-ssl-signedbyca.log &
if ($LASTEXITCODE) { Throw } if ($LASTEXITCODE) { Throw }
sleep 5 sleep 5
if (netstat -ano | Select-String LISTENING | Select-string 127.0.0.1:8002) {write-host -foregroundcolor Green "server-ssl-signedbyca up"} else {write-host -foregroundcolor Red "server-ssl-signedbyca is down" ; cat build\server-ssl-signedbyca.log ; exit 1} if (netstat -ano | Select-String LISTENING | Select-string 127.0.0.1:8002) {write-host -foregroundcolor Green "server-ssl-signedbyca up"} else {write-host -foregroundcolor Red "server-ssl-signedbyca is down" ; cat build\server-ssl-signedbyca.log ; exit 1}
python tests_ssl/ssl_server.py 8003 tests_ssl/server/cert.pem true 2>&1 > build\server-ssl-client-authent.log & python tests_ssl/ssl_server.py 8003 tests_ssl/certs/server/cert.pem true 2>&1 > build\server-ssl-client-authent.log &
if ($LASTEXITCODE) { Throw } if ($LASTEXITCODE) { Throw }
sleep 5 sleep 5
if (netstat -ano | Select-String LISTENING | Select-string 127.0.0.1:8003) {write-host -foregroundcolor Green "server-ssl-client-authent up"} else {write-host -foregroundcolor Red "server-ssl-client-authent is down" ; cat build\server-ssl-client-authent.log ; exit 1} if (netstat -ano | Select-String LISTENING | Select-string 127.0.0.1:8003) {write-host -foregroundcolor Green "server-ssl-client-authent up"} else {write-host -foregroundcolor Red "server-ssl-client-authent is down" ; cat build\server-ssl-client-authent.log ; exit 1}

View File

@ -78,15 +78,15 @@ python3 server.py > build/server.log 2>&1 &
check_listen_port "server.py" 8000 || cat_and_exit_err build/server.log check_listen_port "server.py" 8000 || cat_and_exit_err build/server.log
echo -e "\n------------------ Starting tests_ssl/ssl_server.py (Self-signed certificate)" echo -e "\n------------------ Starting tests_ssl/ssl_server.py (Self-signed certificate)"
python3 tests_ssl/ssl_server.py 8001 tests_ssl/server/cert.selfsigned.pem false > build/server-ssl-selfsigned.log 2>&1 & python3 tests_ssl/ssl_server.py 8001 tests_ssl/certs/server/cert.selfsigned.pem false > build/server-ssl-selfsigned.log 2>&1 &
check_listen_port "tests_ssl/ssl_server.py" 8001 || cat_and_exit_err build/server-ssl-selfsigned.log check_listen_port "tests_ssl/ssl_server.py" 8001 || cat_and_exit_err build/server-ssl-selfsigned.log
echo -e "\n------------------ Starting tests_ssl/ssl_server.py (Signed by CA)" echo -e "\n------------------ Starting tests_ssl/ssl_server.py (Signed by CA)"
python3 tests_ssl/ssl_server.py 8002 tests_ssl/server/cert.pem false > build/server-ssl-signedbyca.log 2>&1 & python3 tests_ssl/ssl_server.py 8002 tests_ssl/certs/server/cert.pem false > build/server-ssl-signedbyca.log 2>&1 &
check_listen_port "tests_ssl/ssl_server.py" 8002 || cat_and_exit_err build/server-ssl-signedbyca.log check_listen_port "tests_ssl/ssl_server.py" 8002 || cat_and_exit_err build/server-ssl-signedbyca.log
echo -e "\n------------------ Starting ssl/ssl_server.py (Self-signed certificate + Client certificate authentication)" echo -e "\n------------------ Starting ssl/ssl_server.py (Self-signed certificate + Client certificate authentication)"
python3 tests_ssl/ssl_server.py 8003 tests_ssl/server/cert.selfsigned.pem true > build/server-ssl-client-authent.log 2>&1 & python3 tests_ssl/ssl_server.py 8003 tests_ssl/certs/server/cert.selfsigned.pem true > build/server-ssl-client-authent.log 2>&1 &
check_listen_port "tests_ssl/ssl_server.py" 8003 || cat_and_exit_err build/server-ssl-client-authent.log check_listen_port "tests_ssl/ssl_server.py" 8003 || cat_and_exit_err build/server-ssl-client-authent.log
echo -e "\n------------------ Starting tests_unix_socket/unix_socket_server.py" echo -e "\n------------------ Starting tests_unix_socket/unix_socket_server.py"

View File

@ -1 +1 @@
curl --cacert tests_ssl/ca/cert.pem 'https://localhost:8002/hello' curl --cacert tests_ssl/certs/ca/cert.pem 'https://localhost:8002/hello'

View File

@ -1,5 +1,5 @@
Set-StrictMode -Version latest Set-StrictMode -Version latest
$ErrorActionPreference = 'Stop' $ErrorActionPreference = 'Stop'
# Does not work without --ssl-no-revoke # Does not work without --ssl-no-revoke
#hurl --cacert tests_ssl/ca/cert.pem tests_ssl/cacert.hurl #hurl --cacert tests_ssl/certs/ca/cert.pem tests_ssl/cacert.hurl
exit 255 exit 255

View File

@ -1,3 +1,3 @@
#!/bin/bash #!/bin/bash
set -Eeuo pipefail set -Eeuo pipefail
hurl --cacert tests_ssl/ca/cert.pem tests_ssl/cacert.hurl hurl --cacert tests_ssl/certs/ca/cert.pem tests_ssl/cacert.hurl

View File

@ -1 +1 @@
curl --cacert tests_ssl/ca/cert.pem 'https://localhost:8002/hello' curl --cacert tests_ssl/certs/ca/cert.pem 'https://localhost:8002/hello'

View File

@ -1,3 +1,3 @@
Set-StrictMode -Version latest Set-StrictMode -Version latest
$ErrorActionPreference = 'Stop' $ErrorActionPreference = 'Stop'
hurl --cacert tests_ssl/ca/cert.pem --ssl-no-revoke tests_ssl/cacert.hurl hurl --cacert tests_ssl/certs/ca/cert.pem --ssl-no-revoke tests_ssl/cacert.hurl

View File

@ -1,5 +1,5 @@
#!/bin/bash #!/bin/bash
set -Eeuo pipefail set -Eeuo pipefail
# --ssl-no-revoke is only available in windows # --ssl-no-revoke is only available in windows
#hurl --cacert tests_ssl/ca/cert.pem --ssl-no-revoke tests_ssl/cacert.hurl #hurl --cacert tests_ssl/certs/ca/cert.pem --ssl-no-revoke tests_ssl/cacert.hurl
exit 255 exit 255

View File

@ -1,3 +1,3 @@
Set-StrictMode -Version latest Set-StrictMode -Version latest
$ErrorActionPreference = 'Stop' $ErrorActionPreference = 'Stop'
hurl --cacert tests_ssl/ca/cert.pem --ssl-no-revoke --json tests_ssl/cacert.hurl hurl --cacert tests_ssl/certs/ca/cert.pem --ssl-no-revoke --json tests_ssl/cacert.hurl

View File

@ -1,5 +1,5 @@
#!/bin/bash #!/bin/bash
set -Eeuo pipefail set -Eeuo pipefail
# --ssl-no-revoke is only available in windows # --ssl-no-revoke is only available in windows
#hurl --cacert tests_ssl/ca/cert.pem --ssl-no-revoke --json tests_ssl/cacert.hurl #hurl --cacert tests_ssl/certs/ca/cert.pem --ssl-no-revoke --json tests_ssl/cacert.hurl
exit 255 exit 255

View File

@ -1 +1 @@
curl --cacert tests_ssl/server/cert.selfsigned.pem 'https://localhost:8001/hello' curl --cacert tests_ssl/certs/server/cert.selfsigned.pem 'https://localhost:8001/hello'

View File

@ -1,3 +1,3 @@
Set-StrictMode -Version latest Set-StrictMode -Version latest
$ErrorActionPreference = 'Stop' $ErrorActionPreference = 'Stop'
hurl tests_ssl/cacert_selfsigned.hurl --cacert tests_ssl/server/cert.selfsigned.pem --verbose hurl tests_ssl/cacert_selfsigned.hurl --cacert tests_ssl/certs/server/cert.selfsigned.pem --verbose

View File

@ -1,3 +1,3 @@
#!/bin/bash #!/bin/bash
set -Eeuo pipefail set -Eeuo pipefail
hurl tests_ssl/cacert_selfsigned.hurl --cacert tests_ssl/server/cert.selfsigned.pem --verbose hurl tests_ssl/cacert_selfsigned.hurl --cacert tests_ssl/certs/server/cert.selfsigned.pem --verbose

View File

@ -1,5 +1,5 @@
Set-StrictMode -Version latest Set-StrictMode -Version latest
$ErrorActionPreference = 'Stop' $ErrorActionPreference = 'Stop'
# Does not work without --ssl-no-revoke # Does not work without --ssl-no-revoke
#hurl --cacert tests_ssl/ca/cert.pem --json tests_ssl/cacert.hurl #hurl --cacert tests_ssl/certs/ca/cert.pem --json tests_ssl/cacert.hurl
exit 255 exit 255

View File

@ -1,3 +1,3 @@
#!/bin/bash #!/bin/bash
set -Eeuo pipefail set -Eeuo pipefail
hurl --cacert tests_ssl/ca/cert.pem --json tests_ssl/cacert.hurl hurl --cacert tests_ssl/certs/ca/cert.pem --json tests_ssl/cacert.hurl

View File

@ -1,2 +1,2 @@
curl --cacert tests_ssl/server/cert.selfsigned.pem --cert tests_ssl/client/cert.pem --key tests_ssl/client/key.pem 'https://localhost:8003/hello' curl --cacert tests_ssl/certs/server/cert.selfsigned.pem --cert tests_ssl/certs/client/cert.pem --key tests_ssl/certs/client/key.pem 'https://localhost:8003/hello'

View File

@ -1,7 +1,7 @@
Set-StrictMode -Version latest Set-StrictMode -Version latest
$ErrorActionPreference = 'Stop' $ErrorActionPreference = 'Stop'
try { try {
hurl tests_ssl/client_authentication.hurl --cacert tests_ssl/server/cert.selfsigned.pem --cert tests_ssl/client/cert.pem --key tests_ssl/client/key.pem --verbose hurl tests_ssl/client_authentication.hurl --cacert tests_ssl/certs/server/cert.selfsigned.pem --cert tests_ssl/certs/client/cert.pem --key tests_ssl/certs/client/key.pem --verbose
} finally { } finally {
$global:LASTEXITCODE = 0 $global:LASTEXITCODE = 0
$ErrorActionPreference = 'Continue' $ErrorActionPreference = 'Continue'

View File

@ -1,3 +1,3 @@
#!/bin/bash #!/bin/bash
set -Eeuo pipefail set -Eeuo pipefail
hurl tests_ssl/client_authentication.hurl --cacert tests_ssl/server/cert.selfsigned.pem --cert tests_ssl/client/cert.pem --key tests_ssl/client/key.pem --verbose hurl tests_ssl/client_authentication.hurl --cacert tests_ssl/certs/server/cert.selfsigned.pem --cert tests_ssl/certs/client/cert.pem --key tests_ssl/certs/client/key.pem --verbose

View File

@ -1 +1 @@
curl --cacert tests_ssl/server/cert.selfsigned.pem --cert tests_ssl/client/cert.pem:foobar --key tests_ssl/client/encrypted.key.pem 'https://localhost:8003/hello' curl --cacert tests_ssl/certs/server/cert.selfsigned.pem --cert tests_ssl/certs/client/cert.pem:foobar --key tests_ssl/certs/client/encrypted.key.pem 'https://localhost:8003/hello'

View File

@ -1,27 +1,27 @@
GET https://localhost:8003/hello GET https://localhost:8003/hello
[Options] [Options]
cacert: tests_ssl/server/cert.selfsigned.pem cacert: tests_ssl/certs/server/cert.selfsigned.pem
cert: tests_ssl/client/cert.pem:foobar cert: tests_ssl/certs/client/cert.pem:foobar
key: tests_ssl/client/encrypted.key.pem key: tests_ssl/certs/client/encrypted.key.pem
HTTP 200 HTTP 200
# Using variables in filename and password # Using variables in filename and password
GET https://localhost:8003/hello GET https://localhost:8003/hello
[Options] [Options]
variable: filename=tests_ssl/client/cert.pem variable: filename=tests_ssl/certs/client/cert.pem
variable: password=foobar variable: password=foobar
cacert: tests_ssl/server/cert.selfsigned.pem cacert: tests_ssl/certs/server/cert.selfsigned.pem
cert: {{filename}}:{{password}} cert: {{filename}}:{{password}}
key: tests_ssl/client/encrypted.key.pem key: tests_ssl/certs/client/encrypted.key.pem
HTTP 200 HTTP 200
# Using variable for combined filename and password # Using variable for combined filename and password
GET https://localhost:8003/hello GET https://localhost:8003/hello
[Options] [Options]
variable: filename_with_password=tests_ssl/client/cert.pem:foobar variable: filename_with_password=tests_ssl/certs/client/cert.pem:foobar
cacert: tests_ssl/server/cert.selfsigned.pem cacert: tests_ssl/certs/server/cert.selfsigned.pem
cert: {{filename_with_password}} cert: {{filename_with_password}}
key: tests_ssl/client/encrypted.key.pem key: tests_ssl/certs/client/encrypted.key.pem
HTTP 200 HTTP 200

View File

@ -1,7 +1,7 @@
GET https://localhost:8003/hello GET https://localhost:8003/hello
[Options] [Options]
cacert: tests_ssl/server/cert.selfsigned.pem cacert: tests_ssl/certs/server/cert.selfsigned.pem
cert: tests_ssl/client/cert.pem:toto1234 cert: tests_ssl/certs/client/cert.pem:toto1234
key: tests_ssl/client/encrypted.key.pem key: tests_ssl/certs/client/encrypted.key.pem
HTTP 200 HTTP 200

View File

@ -1,4 +1,4 @@
curl --insecure 'https://localhost:8001/hello' curl --insecure 'https://localhost:8001/hello'
curl --insecure 'https://localhost:8001/hello' curl --insecure 'https://localhost:8001/hello'
curl --cacert tests_ssl/server/cert.selfsigned.pem 'https://localhost:8001/hello' curl --cacert tests_ssl/certs/server/cert.selfsigned.pem 'https://localhost:8001/hello'

View File

@ -16,6 +16,6 @@ HTTP 200
GET https://localhost:8001/hello GET https://localhost:8001/hello
[Options] [Options]
cacert: tests_ssl/server/cert.selfsigned.pem # with a custom certificate cacert: tests_ssl/certs/server/cert.selfsigned.pem # with a custom certificate
HTTP 200 HTTP 200
`Hello World!` `Hello World!`

View File

@ -22,8 +22,8 @@ def get_ssl_context(cert_file, use_client_certificate_authentication):
ssl_context = ssl.SSLContext(ssl.PROTOCOL_TLSv1_2) ssl_context = ssl.SSLContext(ssl.PROTOCOL_TLSv1_2)
if use_client_certificate_authentication: if use_client_certificate_authentication:
ssl_context.verify_mode = ssl.CERT_REQUIRED ssl_context.verify_mode = ssl.CERT_REQUIRED
ssl_context.load_verify_locations("tests_ssl/ca/cert.pem") ssl_context.load_verify_locations("tests_ssl/certs/ca/cert.pem")
ssl_context.load_cert_chain(cert_file, "tests_ssl/server/key.pem") ssl_context.load_cert_chain(cert_file, "tests_ssl/certs/server/key.pem")
return ssl_context return ssl_context

View File

@ -6,18 +6,18 @@ rm -rf ca client server
mkdir ca client server mkdir ca client server
# CA # CA
openssl genrsa -out ca/key.pem 2048 openssl genrsa -out certs/ca/key.pem 2048
openssl req -x509 -new -nodes -key ca/key.pem -sha256 -days 1024 -out ca/cert.pem -subj "/C=US/ST=Denial/L=Springfield/O=Dis/CN=myCA" openssl req -x509 -new -nodes -key certs/ca/key.pem -sha256 -days 1024 -out certs/ca/cert.pem -subj "/C=US/ST=Denial/L=Springfield/O=Dis/CN=myCA"
# Client # Client
openssl genrsa -out client/key.pem 2048 openssl genrsa -out certs/client/key.pem 2048
openssl req -new -key client/key.pem -sha256 -out client/csr.pem -subj "/C=US/ST=Denial/L=Springfield/O=Dis/CN=client" openssl req -new -key certs/client/key.pem -sha256 -out certs/client/csr.pem -subj "/C=US/ST=Denial/L=Springfield/O=Dis/CN=client"
openssl x509 -req -in client/csr.pem -CA ca/cert.pem -CAkey ca/key.pem -CAcreateserial -out client/cert.pem -days 825 -sha256 openssl x509 -req -in certs/client/csr.pem -CA certs/ca/cert.pem -CAkey certs/ca/key.pem -CAcreateserial -out certs/client/cert.pem -days 825 -sha256
openssl rsa -aes256 -in tests_ssl/client/key.pem -passout pass:foobar -out tests_ssl/client/encrypted.key.pem openssl rsa -aes256 -in tests_ssl/certs/client/key.pem -passout pass:foobar -out tests_ssl/certs/client/encrypted.key.pem
# Server # Server
openssl genrsa -out server/key.pem 2048 openssl genrsa -out certs/server/key.pem 2048
openssl req -x509 -new -nodes -key server/key.pem -sha256 -days 1024 -out server/cert.selfsigned.pem -subj "/C=US/ST=Denial/L=Springfield/O=Dis/CN=localhost" openssl req -x509 -new -nodes -key certs/server/key.pem -sha256 -days 1024 -out certs/server/cert.selfsigned.pem -subj "/C=US/ST=Denial/L=Springfield/O=Dis/CN=localhost"
openssl req -new -key server/key.pem -sha256 -out server/csr.pem -subj "/C=US/ST=Denial/L=Springfield/O=Dis/CN=localhost" openssl req -new -key certs/server/key.pem -sha256 -out certs/server/csr.pem -subj "/C=US/ST=Denial/L=Springfield/O=Dis/CN=localhost"
openssl x509 -req -in server/csr.pem -CA ca/cert.pem -CAkey ca/key.pem -CAcreateserial -out server/cert.pem -days 825 -sha256 openssl x509 -req -in certs/server/csr.pem -CA certs/ca/cert.pem -CAkey certs/ca/key.pem -CAcreateserial -out certs/server/cert.pem -days 825 -sha256