diff options
author | Daniel Baumann <daniel.baumann@progress-linux.org> | 2024-05-07 02:04:07 +0000 |
---|---|---|
committer | Daniel Baumann <daniel.baumann@progress-linux.org> | 2024-05-07 02:04:07 +0000 |
commit | 1221c736f9a90756d47ea6d28320b6b83602dd2a (patch) | |
tree | b453ba7b1393205258c9b098a773b4330984672f /debian/tests/ssl-passphrase | |
parent | Adding upstream version 2.4.38. (diff) | |
download | apache2-1221c736f9a90756d47ea6d28320b6b83602dd2a.tar.xz apache2-1221c736f9a90756d47ea6d28320b6b83602dd2a.zip |
Adding debian version 2.4.38-3+deb10u8.debian/2.4.38-3+deb10u8
Signed-off-by: Daniel Baumann <daniel.baumann@progress-linux.org>
Diffstat (limited to 'debian/tests/ssl-passphrase')
-rw-r--r-- | debian/tests/ssl-passphrase | 54 |
1 files changed, 54 insertions, 0 deletions
diff --git a/debian/tests/ssl-passphrase b/debian/tests/ssl-passphrase new file mode 100644 index 0000000..a0a4fb6 --- /dev/null +++ b/debian/tests/ssl-passphrase @@ -0,0 +1,54 @@ +#!/bin/sh +set -ex + +# Check that the init script correctly prompts for the passphrase on startup, +# then starts and responds correctly to https queries. +# +# Author: Robie Basak <robie.basak@ubuntu.com> + +cd /etc/ssl/private +[ -f ssl-cert-snakeoil.key.nopassphrase ] || mv ssl-cert-snakeoil.key ssl-cert-snakeoil.key.nopassphrase +openssl rsa -des3 -in ssl-cert-snakeoil.key.nopassphrase -out ssl-cert-snakeoil.key -passout pass:test +a2enmod ssl +a2ensite default-ssl + +# respond to systemd-ask-passphrase +password_responder() { + while [ ! -e /run/systemd/ask-password/sck.* ]; do sleep 1; done + echo "ssl-passphrase test password responder: found prompt, sending password" + echo test | /lib/systemd/systemd-reply-password 1 /run/systemd/ask-password/sck.* +} +password_responder & + +# run expect for running under sysvinit/upstart +expect <<EOT +spawn service apache2 restart +set timeout 600 +expect { + "assphrase:" {send "test\r"} + + # Failure cases + "failed" {exit 1} + eof {exit 0} +} + +# wait for eof and return exit code from spawned process back to the caller +expect eof +catch wait result +exit [lindex \$result 3] +EOT + +echo "Hello, world!" > /var/www/html/hello.txt + +# Use curl here. wget doesn't work on Debian, even with --no-check-certificate +# wget on Debian gives me: +# GnuTLS: A TLS warning alert has been received. +# Unable to establish SSL connection. +# Presumably this is due to the self-signed certificate, but I'm not sure how +# to skip the warning with wget. curl will do for now. +result=`curl -k https://localhost/hello.txt` + +if [ "$result" != "Hello, world!" ]; then + echo "Unexpected result from wget" >&2 + exit 1 +fi |