summaryrefslogtreecommitdiffstats
path: root/test/modules/md
diff options
context:
space:
mode:
authorDaniel Baumann <daniel.baumann@progress-linux.org>2024-08-05 10:00:10 +0000
committerDaniel Baumann <daniel.baumann@progress-linux.org>2024-08-05 10:00:10 +0000
commit3204e211a1e248154ff95b90b6a7e29cfa92069c (patch)
tree79f901498145b63bf34e9981a013f3d9b52eafc2 /test/modules/md
parentAdding upstream version 2.4.61. (diff)
downloadapache2-3204e211a1e248154ff95b90b6a7e29cfa92069c.tar.xz
apache2-3204e211a1e248154ff95b90b6a7e29cfa92069c.zip
Adding upstream version 2.4.62.upstream/2.4.62upstream
Signed-off-by: Daniel Baumann <daniel.baumann@progress-linux.org>
Diffstat (limited to 'test/modules/md')
-rwxr-xr-xtest/modules/md/conftest.py45
-rw-r--r--test/modules/md/test_300_conf_validate.py165
-rw-r--r--test/modules/md/test_702_auto.py54
-rw-r--r--test/modules/md/test_720_wildcard.py28
-rw-r--r--test/modules/md/test_730_static.py7
-rw-r--r--test/modules/md/test_740_acme_errors.py18
-rw-r--r--test/modules/md/test_741_setup_errors.py10
-rw-r--r--test/modules/md/test_750_eab.py105
-rw-r--r--test/modules/md/test_780_tailscale.py12
-rw-r--r--test/modules/md/test_790_failover.py18
-rw-r--r--test/modules/md/test_900_notify.py14
-rw-r--r--test/modules/md/test_901_message.py32
-rw-r--r--test/modules/md/test_920_status.py6
13 files changed, 467 insertions, 47 deletions
diff --git a/test/modules/md/conftest.py b/test/modules/md/conftest.py
index 04165a2..0f9e4a9 100755
--- a/test/modules/md/conftest.py
+++ b/test/modules/md/conftest.py
@@ -1,6 +1,5 @@
import logging
import os
-import re
import sys
import pytest
@@ -33,48 +32,18 @@ def env(pytestconfig) -> MDTestEnv:
env.setup_httpd()
env.apache_access_log_clear()
env.httpd_error_log.clear_log()
- return env
+ yield env
+ env.apache_stop()
@pytest.fixture(autouse=True, scope="package")
-def _session_scope(env):
- # we'd like to check the httpd error logs after the test suite has
- # run to catch anything unusual. For this, we setup the ignore list
- # of errors and warnings that we do expect.
- env.httpd_error_log.set_ignored_lognos([
- 'AH10040', # mod_md, setup complain
- 'AH10045', # mod_md complains that there is no vhost for an MDomain
- 'AH10056', # mod_md, invalid params
- 'AH10105', # mod_md does not find a vhost with SSL enabled for an MDomain
- 'AH10085', # mod_ssl complains about fallback certificates
- 'AH01909', # mod_ssl, cert alt name complains
- 'AH10170', # mod_md, wrong config, tested
- 'AH10171', # mod_md, wrong config, tested
- 'AH10373', # SSL errors on uncompleted handshakes
- 'AH10398', # test on global store lock
+def _md_package_scope(env):
+ env.httpd_error_log.add_ignored_lognos([
+ "AH10085", # There are no SSL certificates configured and no other module contributed any
+ "AH10045", # No VirtualHost matches Managed Domain
+ "AH10105", # MDomain does not match any VirtualHost with 'SSLEngine on'
])
- env.httpd_error_log.add_ignored_patterns([
- re.compile(r'.*urn:ietf:params:acme:error:.*'),
- re.compile(r'.*None of the ACME challenge methods configured for this domain are suitable.*'),
- re.compile(r'.*problem\[(challenge-mismatch|challenge-setup-failure|apache:eab-hmac-invalid)].*'),
- re.compile(r'.*CA considers answer to challenge invalid.].*'),
- re.compile(r'.*problem\[urn:org:apache:httpd:log:AH\d+:].*'),
- re.compile(r'.*Unsuccessful in contacting ACME server at :*'),
- re.compile(r'.*test-md-720-002-\S+.org: dns-01 setup command failed .*'),
- re.compile(r'.*AH\d*: unable to obtain global registry lock, .*'),
- ])
- if env.lacks_ocsp():
- env.httpd_error_log.add_ignored_patterns([
- re.compile(r'.*certificate with serial \S+ has no OCSP responder URL.*'),
- ])
- yield
- assert env.apache_stop() == 0
- errors, warnings = env.httpd_error_log.get_missed()
- assert (len(errors), len(warnings)) == (0, 0),\
- f"apache logged {len(errors)} errors and {len(warnings)} warnings: \n"\
- "{0}\n{1}\n".format("\n".join(errors), "\n".join(warnings))
-
@pytest.fixture(scope="package")
def acme(env):
diff --git a/test/modules/md/test_300_conf_validate.py b/test/modules/md/test_300_conf_validate.py
index 85371ba..88df168 100644
--- a/test/modules/md/test_300_conf_validate.py
+++ b/test/modules/md/test_300_conf_validate.py
@@ -15,7 +15,8 @@ from .md_env import MDTestEnv
class TestConf:
@pytest.fixture(autouse=True, scope='class')
- def _class_scope(self, env):
+ def _class_scope(self, env, acme):
+ acme.start(config='default')
env.clear_store()
# test case: just one MDomain definition
@@ -24,6 +25,12 @@ class TestConf:
MDomain not-forbidden.org www.not-forbidden.org mail.not-forbidden.org
""").install()
assert env.apache_restart() == 0
+ #
+ env.httpd_error_log.ignore_recent(
+ lognos = [
+ "AH10045" # No VirtualHost matches Managed Domain
+ ]
+ )
# test case: two MDomain definitions, non-overlapping
def test_md_300_002(self, env):
@@ -32,6 +39,12 @@ class TestConf:
MDomain example2.org www.example2.org mail.example2.org
""").install()
assert env.apache_restart() == 0
+ #
+ env.httpd_error_log.ignore_recent(
+ lognos = [
+ "AH10045" # No VirtualHost matches Managed Domain
+ ]
+ )
# test case: two MDomain definitions, exactly the same
def test_md_300_003(self, env):
@@ -41,6 +54,12 @@ class TestConf:
MDomain not-forbidden.org www.not-forbidden.org mail.not-forbidden.org test3.not-forbidden.org
""").install()
assert env.apache_fail() == 0
+ #
+ env.httpd_error_log.ignore_recent(
+ lognos = [
+ "AH10038" # two Managed Domains have an overlap in domain
+ ]
+ )
# test case: two MDomain definitions, overlapping
def test_md_300_004(self, env):
@@ -50,6 +69,12 @@ class TestConf:
MDomain example2.org test3.not-forbidden.org www.example2.org mail.example2.org
""").install()
assert env.apache_fail() == 0
+ #
+ env.httpd_error_log.ignore_recent(
+ lognos = [
+ "AH10038" # two Managed Domains have an overlap in domain
+ ]
+ )
# test case: two MDomains, one inside a virtual host
def test_md_300_005(self, env):
@@ -60,6 +85,12 @@ class TestConf:
</VirtualHost>
""").install()
assert env.apache_restart() == 0
+ #
+ env.httpd_error_log.ignore_recent(
+ lognos = [
+ "AH10045" # No VirtualHost matches Managed Domain
+ ]
+ )
# test case: two MDomains, one correct vhost name
def test_md_300_006(self, env):
@@ -71,6 +102,12 @@ class TestConf:
</VirtualHost>
""").install()
assert env.apache_restart() == 0
+ #
+ env.httpd_error_log.ignore_recent(
+ lognos = [
+ "AH10045" # No VirtualHost matches Managed Domain
+ ]
+ )
# test case: two MDomains, two correct vhost names
def test_md_300_007(self, env):
@@ -85,6 +122,12 @@ class TestConf:
</VirtualHost>
""").install()
assert env.apache_restart() == 0
+ #
+ env.httpd_error_log.ignore_recent(
+ lognos = [
+ "AH10045" # No VirtualHost matches Managed Domain
+ ]
+ )
# test case: two MDomains, overlapping vhosts
def test_md_300_008(self, env):
@@ -102,6 +145,12 @@ class TestConf:
</VirtualHost>
""").install()
assert env.apache_restart() == 0
+ #
+ env.httpd_error_log.ignore_recent(
+ lognos = [
+ "AH10045" # No VirtualHost matches Managed Domain
+ ]
+ )
# test case: vhosts with overlapping MDs
def test_md_300_009(self, env):
@@ -118,7 +167,12 @@ class TestConf:
conf.install()
assert env.apache_fail() == 0
env.apache_stop()
- env.httpd_error_log.ignore_recent()
+ #
+ env.httpd_error_log.ignore_recent(
+ lognos = [
+ "AH10238" # 2 MDs match Virtualhost
+ ]
+ )
# test case: MDomain, vhost with matching ServerAlias
def test_md_300_010(self, env):
@@ -146,6 +200,9 @@ class TestConf:
conf.install()
assert env.apache_fail() == 0
env.apache_stop()
+ env.httpd_error_log.ignore_recent([
+ "AH10040" # A requested MD certificate will not match ServerName
+ ])
# test case: MDomain, misses one ServerAlias, but auto add enabled
def test_md_300_011b(self, env):
@@ -171,6 +228,12 @@ class TestConf:
</VirtualHost>
""").install()
assert env.apache_restart() == 0
+ #
+ env.httpd_error_log.ignore_recent(
+ lognos = [
+ "AH10045" # No VirtualHost matches Managed Domain
+ ]
+ )
# test case: one md covers two vhosts
def test_md_300_013(self, env):
@@ -261,7 +324,6 @@ class TestConf:
MDConf(env, text=line).install()
assert env.apache_fail() == 0, "Server accepted test config {}".format(line)
assert exp_err_msg in env.apachectl_stderr
- env.httpd_error_log.ignore_recent()
# test case: alt-names incomplete detection, github isse #68
def test_md_300_021(self, env):
@@ -294,6 +356,12 @@ class TestConf:
</VirtualHost>
""").install()
assert env.apache_restart() == 0
+ #
+ env.httpd_error_log.ignore_recent(
+ lognos = [
+ "AH10105" # MD secret.com does not match any VirtualHost with 'SSLEngine on'
+ ]
+ )
# test case: use MDRequireHttps not in <Directory
def test_md_300_023(self, env):
@@ -346,7 +414,7 @@ class TestConf:
def test_md_300_026(self, env):
assert env.apache_stop() == 0
conf = MDConf(env)
- domain = f"t300_026.{env.http_tld}"
+ domain = f"t300-026.{env.http_tld}"
conf.add(f"""
MDomain {domain}
""")
@@ -388,3 +456,92 @@ class TestConf:
assert len(md['ca']['urls']) == len(cas)
else:
assert rv != 0, "Server should not have accepted CAs '{}'".format(cas)
+
+ # messy ServerAliases, see #301
+ def test_md_300_028(self, env):
+ assert env.apache_stop() == 0
+ conf = MDConf(env)
+ domaina = f"t300-028a.{env.http_tld}"
+ domainb = f"t300-028b.{env.http_tld}"
+ dalias = f"t300-028alias.{env.http_tld}"
+ conf.add_vhost(port=env.http_port, domains=[domaina, domainb, dalias], with_ssl=False)
+ conf.add(f"""
+ MDMembers manual
+ MDomain {domaina}
+ MDomain {domainb} {dalias}
+ """)
+ conf.add(f"""
+ <VirtualHost 10.0.0.1:{env.https_port}>
+ ServerName {domaina}
+ ServerAlias {dalias}
+ SSLEngine on
+ </VirtualHost>
+ <VirtualHost 10.0.0.1:{env.https_port}>
+ ServerName {domainb}
+ ServerAlias {dalias}
+ SSLEngine on
+ </VirtualHost>
+ """)
+ conf.install()
+ # This does not work as we have both MDs match domain's vhost
+ assert env.apache_fail() == 0
+ env.httpd_error_log.ignore_recent(
+ lognos=[
+ "AH10238", # 2 MDs match the same vhost
+ ]
+ )
+ # It works, if we only match on ServerNames
+ conf.add("MDMatchNames servernames")
+ conf.install()
+ assert env.apache_restart() == 0
+ env.httpd_error_log.ignore_recent(
+ lognos=[
+ "AH10040", # ServerAlias not covered
+ ]
+ )
+
+ # wildcard and specfic MD overlaps
+ def test_md_300_029(self, env):
+ assert env.apache_stop() == 0
+ conf = MDConf(env)
+ domain = f"t300-029.{env.http_tld}"
+ subdomain = f"sub.{domain}"
+ conf.add_vhost(port=env.http_port, domains=[domain, subdomain], with_ssl=False)
+ conf.add(f"""
+ MDMembers manual
+ MDomain {domain} *.{domain}
+ MDomain {subdomain}
+ """)
+ conf.add(f"""
+ <VirtualHost 10.0.0.1:{env.https_port}>
+ ServerName {domain}
+ SSLEngine on
+ </VirtualHost>
+ <VirtualHost 10.0.0.1:{env.https_port}>
+ ServerName another.{domain}
+ SSLEngine on
+ </VirtualHost>
+ <VirtualHost 10.0.0.1:{env.https_port}>
+ ServerName {subdomain}
+ SSLEngine on
+ </VirtualHost>
+ """)
+ conf.install()
+ # This does not work as we have overlapping names in MDs
+ assert env.apache_fail() == 0
+ env.httpd_error_log.ignore_recent(
+ lognos = [
+ "AH10038" # 2 MDs overlap
+ ]
+ )
+ # It works, if we only match on ServerNames
+ conf.add("MDMatchNames servernames")
+ conf.install()
+ assert env.apache_restart() == 0
+ time.sleep(2)
+ assert env.apache_stop() == 0
+ # we need dns-01 challenge for the wildcard, which is not configured
+ env.httpd_error_log.ignore_recent(matches=[
+ r'.*None of offered challenge types.*are supported.*'
+ ])
+
diff --git a/test/modules/md/test_702_auto.py b/test/modules/md/test_702_auto.py
index 8e8f5f1..04a9c75 100644
--- a/test/modules/md/test_702_auto.py
+++ b/test/modules/md/test_702_auto.py
@@ -64,6 +64,12 @@ class TestAutov2:
# file system needs to have correct permissions
env.check_dir_empty(env.store_challenges())
env.check_file_permissions(domain)
+ #
+ env.httpd_error_log.ignore_recent(
+ lognos = [
+ "AH10045" # No VirtualHost matches Managed Domain test-md-702-001-1688648129.org
+ ]
+ )
# test case: same as test_702_001, but with two parallel managed domains
def test_md_702_002(self, env):
@@ -234,6 +240,15 @@ class TestAutov2:
cert = env.get_cert(name_a)
assert name_a in cert.get_san_list()
assert env.get_http_status(name_a, "/name.txt") == 503
+ #
+ env.httpd_error_log.ignore_recent(
+ lognos = [
+ "AH10056" # None of offered challenge types
+ ],
+ matches = [
+ r'.*problem\[challenge-mismatch\].*'
+ ]
+ )
# Specify a non-working http proxy
def test_md_702_008(self, env):
@@ -254,6 +269,15 @@ class TestAutov2:
assert md['renewal']['errors'] > 0
assert md['renewal']['last']['status-description'] == 'Connection refused'
assert 'account' not in md['ca']
+ #
+ env.httpd_error_log.ignore_recent(
+ lognos = [
+ "AH10056" # Unsuccessful in contacting ACME server
+ ],
+ matches = [
+ r'.*Unsuccessful in contacting ACME server at .*'
+ ]
+ )
# Specify a valid http proxy
def test_md_702_008a(self, env):
@@ -335,6 +359,16 @@ class TestAutov2:
assert env.apache_restart() == 0
env.check_md(domains)
assert env.await_completion([domain])
+ #
+ env.httpd_error_log.ignore_recent(
+ lognos = [
+ "AH10173", # None of the ACME challenge methods configured for this domain are suitable
+ "AH10056" # None of the ACME challenge methods configured for this domain are suitable
+ ],
+ matches = [
+ r'.*None of the ACME challenge methods configured for this domain are suitable.*'
+ ]
+ )
def test_md_702_011(self, env):
domain = self.test_domain
@@ -364,6 +398,16 @@ class TestAutov2:
assert env.apache_restart() == 0
env.check_md(domains)
assert env.await_completion([domain])
+ #
+ env.httpd_error_log.ignore_recent(
+ lognos = [
+ "AH10173", # None of the ACME challenge methods configured for this domain are suitable
+ "AH10056" # None of the ACME challenge methods configured for this domain are suitable
+ ],
+ matches = [
+ r'.*None of the ACME challenge methods configured for this domain are suitable.*'
+ ]
+ )
# test case: one MD with several dns names. sign up. remove the *first* name
# in the MD. restart. should find and keep the existing MD.
@@ -648,6 +692,16 @@ class TestAutov2:
conf.install()
assert env.apache_restart() == 0
assert env.await_error(domain)
+ #
+ env.httpd_error_log.ignore_recent(
+ lognos = [
+ "AH10173", # None of the ACME challenge methods configured for this domain are suitable
+ "AH10056" # None of the ACME challenge methods configured for this domain are suitable
+ ],
+ matches = [
+ r'.*None of the ACME challenge methods configured for this domain are suitable.*'
+ ]
+ )
# Make a setup using the base server without http:, but with acme-tls/1, should work.
def test_md_702_052(self, env):
diff --git a/test/modules/md/test_720_wildcard.py b/test/modules/md/test_720_wildcard.py
index 23b311c..916c47a 100644
--- a/test/modules/md/test_720_wildcard.py
+++ b/test/modules/md/test_720_wildcard.py
@@ -44,6 +44,15 @@ class TestWildcard:
assert md
assert md['renewal']['errors'] > 0
assert md['renewal']['last']['problem'] == 'challenge-mismatch'
+ #
+ env.httpd_error_log.ignore_recent(
+ lognos = [
+ "AH10056" # None of offered challenge types
+ ],
+ matches = [
+ r'.*problem\[challenge-mismatch\].*'
+ ]
+ )
# test case: a wildcard certificate with ACMEv2, only dns-01 configured, invalid command path
def test_md_720_002(self, env):
@@ -67,6 +76,16 @@ class TestWildcard:
assert md
assert md['renewal']['errors'] > 0
assert md['renewal']['last']['problem'] == 'challenge-setup-failure'
+ #
+ env.httpd_error_log.ignore_recent(
+ lognos = [
+ "AH10056" # None of offered challenge types
+ ],
+ matches = [
+ r'.*problem\[challenge-setup-failure\].*',
+ r'.*setup command failed to execute.*'
+ ]
+ )
# variation, invalid cmd path, other challenges still get certificate for non-wildcard
def test_md_720_002b(self, env):
@@ -113,6 +132,15 @@ class TestWildcard:
assert md
assert md['renewal']['errors'] > 0
assert md['renewal']['last']['problem'] == 'challenge-setup-failure'
+ #
+ env.httpd_error_log.ignore_recent(
+ lognos = [
+ "AH10056" # None of offered challenge types
+ ],
+ matches = [
+ r'.*problem\[challenge-setup-failure\].*'
+ ]
+ )
# test case: a wildcard name certificate with ACMEv2, only dns-01 configured
def test_md_720_004(self, env):
diff --git a/test/modules/md/test_730_static.py b/test/modules/md/test_730_static.py
index f7f7b4b..891ae62 100644
--- a/test/modules/md/test_730_static.py
+++ b/test/modules/md/test_730_static.py
@@ -115,3 +115,10 @@ class TestStatic:
conf.add_vhost(domain)
conf.install()
assert env.apache_fail() == 0
+ #
+ env.httpd_error_log.ignore_recent(
+ lognos = [
+ "AH10170", # Managed Domain needs one MDCertificateKeyFile for each MDCertificateFile
+ "AH10171" # Managed Domain has MDCertificateKeyFile(s) but no MDCertificateFile
+ ]
+ )
diff --git a/test/modules/md/test_740_acme_errors.py b/test/modules/md/test_740_acme_errors.py
index 670c9ab..364aaca 100644
--- a/test/modules/md/test_740_acme_errors.py
+++ b/test/modules/md/test_740_acme_errors.py
@@ -46,6 +46,15 @@ class TestAcmeErrors:
assert md['renewal']['last']['detail'] == (
"Error creating new order :: Cannot issue for "
"\"%s\": Domain name contains an invalid character" % domains[1])
+ #
+ env.httpd_error_log.ignore_recent(
+ lognos = [
+ "AH10056" # Order included DNS identifier with a value containing an illegal character
+ ],
+ matches = [
+ r'.*urn:ietf:params:acme:error:malformed.*'
+ ]
+ )
# test case: MD with 3 names, 2 invalid
#
@@ -70,3 +79,12 @@ class TestAcmeErrors:
"Error creating new order :: Cannot issue for")
assert md['renewal']['last']['subproblems']
assert len(md['renewal']['last']['subproblems']) == 2
+ #
+ env.httpd_error_log.ignore_recent(
+ lognos = [
+ "AH10056" # Order included DNS identifier with a value containing an illegal character
+ ],
+ matches = [
+ r'.*urn:ietf:params:acme:error:malformed.*'
+ ]
+ )
diff --git a/test/modules/md/test_741_setup_errors.py b/test/modules/md/test_741_setup_errors.py
index 49b4e78..9ad79f0 100644
--- a/test/modules/md/test_741_setup_errors.py
+++ b/test/modules/md/test_741_setup_errors.py
@@ -46,3 +46,13 @@ class TestSetupErrors:
md = env.await_error(domain, errors=2, timeout=10)
assert md
assert md['renewal']['errors'] > 0
+ #
+ env.httpd_error_log.ignore_recent(
+ lognos = [
+ "AH10056" # CA considers answer to challenge invalid
+ ],
+ matches = [
+ r'.*The key authorization file from the server did not match this challenge.*',
+ r'.*CA considers answer to challenge invalid.*'
+ ]
+ )
diff --git a/test/modules/md/test_750_eab.py b/test/modules/md/test_750_eab.py
index af1be95..aec7e89 100644
--- a/test/modules/md/test_750_eab.py
+++ b/test/modules/md/test_750_eab.py
@@ -37,6 +37,15 @@ class TestEab:
md = env.await_error(domain)
assert md['renewal']['errors'] > 0
assert md['renewal']['last']['problem'] == 'urn:ietf:params:acme:error:externalAccountRequired'
+ #
+ env.httpd_error_log.ignore_recent(
+ lognos = [
+ "AH10056" # ACME server policy requires newAccount requests must include a value for the 'externalAccountBinding' field
+ ],
+ matches = [
+ r'.*urn:ietf:params:acme:error:externalAccountRequired.*'
+ ]
+ )
def test_md_750_002(self, env):
# md with known EAB KID and non base64 hmac key configured
@@ -51,6 +60,15 @@ class TestEab:
md = env.await_error(domain)
assert md['renewal']['errors'] > 0
assert md['renewal']['last']['problem'] == 'apache:eab-hmac-invalid'
+ #
+ env.httpd_error_log.ignore_recent(
+ lognos = [
+ "AH10056" # external account binding HMAC value is not valid base64
+ ],
+ matches = [
+ r'.*problem\[apache:eab-hmac-invalid\].*'
+ ]
+ )
def test_md_750_003(self, env):
# md with empty EAB KID configured
@@ -64,7 +82,19 @@ class TestEab:
assert env.apache_restart() == 0
md = env.await_error(domain)
assert md['renewal']['errors'] > 0
- assert md['renewal']['last']['problem'] == 'urn:ietf:params:acme:error:unauthorized'
+ assert md['renewal']['last']['problem'] in [
+ 'urn:ietf:params:acme:error:unauthorized',
+ 'urn:ietf:params:acme:error:malformed',
+ ]
+ #
+ env.httpd_error_log.ignore_recent(
+ lognos = [
+ "AH10056" # the field 'kid' references a key that is not known to the ACME server
+ ],
+ matches = [
+ r'.*urn:ietf:params:acme:error:(unauthorized|malformed).*'
+ ]
+ )
def test_md_750_004(self, env):
# md with unknown EAB KID configured
@@ -78,7 +108,19 @@ class TestEab:
assert env.apache_restart() == 0
md = env.await_error(domain)
assert md['renewal']['errors'] > 0
- assert md['renewal']['last']['problem'] == 'urn:ietf:params:acme:error:unauthorized'
+ assert md['renewal']['last']['problem'] in [
+ 'urn:ietf:params:acme:error:unauthorized',
+ 'urn:ietf:params:acme:error:malformed',
+ ]
+ #
+ env.httpd_error_log.ignore_recent(
+ lognos = [
+ "AH10056" # the field 'kid' references a key that is not known to the ACME server
+ ],
+ matches = [
+ r'.*urn:ietf:params:acme:error:(unauthorized|malformed).*'
+ ]
+ )
def test_md_750_005(self, env):
# md with known EAB KID but wrong HMAC configured
@@ -92,7 +134,19 @@ class TestEab:
assert env.apache_restart() == 0
md = env.await_error(domain)
assert md['renewal']['errors'] > 0
- assert md['renewal']['last']['problem'] == 'urn:ietf:params:acme:error:unauthorized'
+ assert md['renewal']['last']['problem'] in [
+ 'urn:ietf:params:acme:error:unauthorized',
+ 'urn:ietf:params:acme:error:malformed',
+ ]
+ #
+ env.httpd_error_log.ignore_recent(
+ lognos = [
+ "AH10056" # external account binding JWS verification error: square/go-jose: error in cryptographic primitive
+ ],
+ matches = [
+ r'.*urn:ietf:params:acme:error:(unauthorized|malformed).*'
+ ]
+ )
def test_md_750_010(self, env):
# md with correct EAB configured
@@ -125,6 +179,15 @@ class TestEab:
md = env.await_error(domain_b)
assert md['renewal']['errors'] > 0
assert md['renewal']['last']['problem'] == 'urn:ietf:params:acme:error:externalAccountRequired'
+ #
+ env.httpd_error_log.ignore_recent(
+ lognos = [
+ "AH10056" # ACME server policy requires newAccount requests must include a value for the 'externalAccountBinding' field
+ ],
+ matches = [
+ r'.*urn:ietf:params:acme:error:externalAccountRequired.*'
+ ]
+ )
def test_md_750_012(self, env):
# first one md without EAB, then one with
@@ -144,6 +207,15 @@ class TestEab:
md = env.await_error(domain_a)
assert md['renewal']['errors'] > 0
assert md['renewal']['last']['problem'] == 'urn:ietf:params:acme:error:externalAccountRequired'
+ #
+ env.httpd_error_log.ignore_recent(
+ lognos = [
+ "AH10056" # ACME server policy requires newAccount requests must include a value for the 'externalAccountBinding' field
+ ],
+ matches = [
+ r'.*urn:ietf:params:acme:error:externalAccountRequired.*'
+ ]
+ )
def test_md_750_013(self, env):
# 2 mds with the same EAB, should one create a single account
@@ -215,6 +287,15 @@ class TestEab:
md = env.await_error(domain)
assert md['renewal']['errors'] > 0
assert md['renewal']['last']['problem'] == 'urn:ietf:params:acme:error:externalAccountRequired'
+ #
+ env.httpd_error_log.ignore_recent(
+ lognos = [
+ "AH10056" # ACME server policy requires newAccount requests must include a value for the 'externalAccountBinding' field
+ ],
+ matches = [
+ r'.*urn:ietf:params:acme:error:externalAccountRequired.*'
+ ]
+ )
def test_md_750_016(self, env):
# md with correct EAB, get cert, change to invalid EAB
@@ -241,6 +322,15 @@ class TestEab:
md = env.await_error(domain)
assert md['renewal']['errors'] > 0
assert md['renewal']['last']['problem'] == 'urn:ietf:params:acme:error:unauthorized'
+ #
+ env.httpd_error_log.ignore_recent(
+ lognos = [
+ "AH10056" # the field 'kid' references a key that is not known to the ACME server
+ ],
+ matches = [
+ r'.*urn:ietf:params:acme:error:unauthorized.*'
+ ]
+ )
def test_md_750_017(self, env):
# md without EAB explicitly set to none
@@ -257,6 +347,15 @@ class TestEab:
md = env.await_error(domain)
assert md['renewal']['errors'] > 0
assert md['renewal']['last']['problem'] == 'urn:ietf:params:acme:error:externalAccountRequired'
+ #
+ env.httpd_error_log.ignore_recent(
+ lognos = [
+ "AH10056" # ACME server policy requires newAccount requests must include a value for the 'externalAccountBinding' field
+ ],
+ matches = [
+ r'.*urn:ietf:params:acme:error:externalAccountRequired.*'
+ ]
+ )
def test_md_750_018(self, env):
# md with EAB file that does not exist
diff --git a/test/modules/md/test_780_tailscale.py b/test/modules/md/test_780_tailscale.py
index 84a266b..27a2df4 100644
--- a/test/modules/md/test_780_tailscale.py
+++ b/test/modules/md/test_780_tailscale.py
@@ -140,6 +140,12 @@ class TestTailscale:
assert md['renewal']['last']['status-description'] == 'No such file or directory'
assert md['renewal']['last']['detail'] == \
f"tailscale socket not available, may not be up: {socket_path}"
+ #
+ env.httpd_error_log.ignore_recent(
+ lognos = [
+ "AH10056" # retrieving certificate from tailscale
+ ]
+ )
# create a MD using `tailscale` as protocol, path to faker, should succeed
def test_md_780_002(self, env):
@@ -184,3 +190,9 @@ class TestTailscale:
assert md['renewal']['errors'] > 0
assert md['renewal']['last']['status-description'] == 'No such file or directory'
assert md['renewal']['last']['detail'] == "retrieving certificate from tailscale"
+ #
+ env.httpd_error_log.ignore_recent(
+ lognos = [
+ "AH10056" # retrieving certificate from tailscale
+ ]
+ )
diff --git a/test/modules/md/test_790_failover.py b/test/modules/md/test_790_failover.py
index a939912..696161f 100644
--- a/test/modules/md/test_790_failover.py
+++ b/test/modules/md/test_790_failover.py
@@ -63,6 +63,15 @@ class TestFailover:
assert env.apache_restart() == 0
assert env.await_completion([domain])
env.check_md_complete(domain)
+ #
+ env.httpd_error_log.ignore_recent(
+ lognos = [
+ "AH10056" # Unsuccessful in contacting ACME server
+ ],
+ matches = [
+ r'.*Unsuccessful in contacting ACME server at .*'
+ ]
+ )
# set 3 ACME certificata authority, invalid + invalid + valid
def test_md_790_003(self, env):
@@ -85,3 +94,12 @@ class TestFailover:
assert env.apache_restart() == 0
assert env.await_completion([domain])
env.check_md_complete(domain)
+ #
+ env.httpd_error_log.ignore_recent(
+ lognos = [
+ "AH10056" # Unsuccessful in contacting ACME server
+ ],
+ matches = [
+ r'.*Unsuccessful in contacting ACME server at .*'
+ ]
+ )
diff --git a/test/modules/md/test_900_notify.py b/test/modules/md/test_900_notify.py
index 30e0742..9d18da5 100644
--- a/test/modules/md/test_900_notify.py
+++ b/test/modules/md/test_900_notify.py
@@ -49,6 +49,12 @@ class TestNotify:
assert env.await_error(self.domain)
stat = env.get_md_status(self.domain)
assert stat["renewal"]["last"]["problem"] == "urn:org:apache:httpd:log:AH10108:"
+ #
+ env.httpd_error_log.ignore_recent(
+ matches = [
+ r'.*urn:org:apache:httpd:log:AH10108:.*'
+ ]
+ )
# test: valid notify cmd that fails, check error
def test_md_900_002(self, env):
@@ -61,6 +67,14 @@ class TestNotify:
assert env.await_error(self.domain)
stat = env.get_md_status(self.domain)
assert stat["renewal"]["last"]["problem"] == "urn:org:apache:httpd:log:AH10108:"
+ #
+ env.httpd_error_log.ignore_recent(
+ matches = [
+ r'.*urn:org:apache:httpd:log:AH10108:.*',
+ r'.*urn:org:apache:httpd:log:AH10109:.*'
+ r'.*problem\[challenge-setup-failure\].*',
+ ]
+ )
# test: valid notify that logs to file
def test_md_900_010(self, env):
diff --git a/test/modules/md/test_901_message.py b/test/modules/md/test_901_message.py
index 8d03bfd..b18cfd3 100644
--- a/test/modules/md/test_901_message.py
+++ b/test/modules/md/test_901_message.py
@@ -46,6 +46,16 @@ class TestMessage:
stat = env.get_md_status(domain)
# this command should have failed and logged an error
assert stat["renewal"]["last"]["problem"] == "urn:org:apache:httpd:log:AH10109:"
+ #
+ env.httpd_error_log.ignore_recent(
+ lognos = [
+ "AH10056" # None of the offered challenge types
+ ],
+ matches = [
+ r'.*urn:org:apache:httpd:log:AH10109:.*',
+ r'.*problem\[challenge-setup-failure\].*'
+ ]
+ )
# test: signup with configured message cmd that is valid but returns != 0
def test_md_901_002(self, env):
@@ -63,6 +73,16 @@ class TestMessage:
stat = env.get_md_status(domain)
# this command should have failed and logged an error
assert stat["renewal"]["last"]["problem"] == "urn:org:apache:httpd:log:AH10109:"
+ #
+ env.httpd_error_log.ignore_recent(
+ lognos = [
+ "AH10056" # None of the offered challenge types
+ ],
+ matches = [
+ r'.*urn:org:apache:httpd:log:AH10109:.*',
+ r'.*problem\[challenge-setup-failure\].*'
+ ]
+ )
# test: signup with working message cmd and see that it logs the right things
def test_md_901_003(self, env):
@@ -247,7 +267,6 @@ class TestMessage:
assert job["last"]["problem"] == "urn:org:apache:httpd:log:AH10109:"
break
time.sleep(0.1)
- env.httpd_error_log.ignore_recent()
# reconfigure to a working notification command and restart
conf = MDConf(env)
@@ -294,4 +313,13 @@ class TestMessage:
stat = env.get_md_status(domain)
# this command should have failed and logged an error
assert stat["renewal"]["last"]["problem"] == "challenge-setup-failure"
-
+ #
+ env.httpd_error_log.ignore_recent(
+ lognos = [
+ "AH10056" # None of the offered challenge types
+ ],
+ matches = [
+ r'.*urn:org:apache:httpd:log:AH10109:.*',
+ r'.*problem\[challenge-setup-failure\].*'
+ ]
+ )
diff --git a/test/modules/md/test_920_status.py b/test/modules/md/test_920_status.py
index c89ce6d..6ad7087 100644
--- a/test/modules/md/test_920_status.py
+++ b/test/modules/md/test_920_status.py
@@ -243,3 +243,9 @@ Protocols h2 http/1.1 acme-tls/1
assert ktype in stat['cert']
if env.acme_server == 'boulder':
assert 'ocsp' in stat['cert'][ktype]
+ #
+ env.httpd_error_log.ignore_recent(
+ matches = [
+ r'.*certificate with serial \w+ has no OCSP responder URL.*'
+ ]
+ )