summaryrefslogtreecommitdiffstats
path: root/test/modules/md
diff options
context:
space:
mode:
authorDaniel Baumann <daniel.baumann@progress-linux.org>2024-07-01 17:06:34 +0000
committerDaniel Baumann <daniel.baumann@progress-linux.org>2024-07-01 17:06:34 +0000
commitc9ddc2c74812bbc4a0f6103c09b784b711e5efc9 (patch)
treefe079796693183f809915a925bd50ca1af019d9e /test/modules/md
parentAdding upstream version 2.4.59. (diff)
downloadapache2-c9ddc2c74812bbc4a0f6103c09b784b711e5efc9.tar.xz
apache2-c9ddc2c74812bbc4a0f6103c09b784b711e5efc9.zip
Adding upstream version 2.4.60.upstream/2.4.60
Signed-off-by: Daniel Baumann <daniel.baumann@progress-linux.org>
Diffstat (limited to 'test/modules/md')
-rwxr-xr-xtest/modules/md/dns01_v2.py62
-rwxr-xr-xtest/modules/md/md_cert_util.py4
-rwxr-xr-xtest/modules/md/md_env.py15
3 files changed, 74 insertions, 7 deletions
diff --git a/test/modules/md/dns01_v2.py b/test/modules/md/dns01_v2.py
new file mode 100755
index 0000000..908b4f8
--- /dev/null
+++ b/test/modules/md/dns01_v2.py
@@ -0,0 +1,62 @@
+#!/usr/bin/env python3
+
+import subprocess
+import sys
+
+curl = "curl"
+challtestsrv = "localhost:8055"
+
+
+def run(args):
+ sys.stderr.write(f"run: {' '.join(args)}\n")
+ p = subprocess.Popen(args, stdin=None, stdout=subprocess.PIPE, stderr=subprocess.PIPE)
+ output, errput = p.communicate(None)
+ rv = p.wait()
+ if rv != 0:
+ sys.stderr.write(errput.decode())
+ sys.stdout.write(output.decode())
+ return rv
+
+
+def teardown(domain):
+ rv = run([curl, '-s', '-d', f'{{"host":"_acme-challenge.{domain}"}}',
+ f'{challtestsrv}/clear-txt'])
+ if rv == 0:
+ rv = run([curl, '-s', '-d', f'{{"host":"{domain}"}}',
+ f'{challtestsrv}/set-txt'])
+ return rv
+
+
+def setup(domain, challenge):
+ teardown(domain)
+ rv = run([curl, '-s', '-d', f'{{"host":"{domain}", "addresses":["127.0.0.1"]}}',
+ f'{challtestsrv}/set-txt'])
+ if rv == 0:
+ rv = run([curl, '-s', '-d', f'{{"host":"_acme-challenge.{domain}.", "value":"{challenge}"}}',
+ f'{challtestsrv}/set-txt'])
+ return rv
+
+
+def main(argv):
+ if len(argv) > 1:
+ if argv[1] == 'setup':
+ if len(argv) != 4:
+ sys.stderr.write("wrong number of arguments: dns01.py setup <domain> <challenge>\n")
+ sys.exit(2)
+ rv = setup(argv[2], argv[3])
+ elif argv[1] == 'teardown':
+ if len(argv) != 4:
+ sys.stderr.write("wrong number of arguments: dns01.py teardown <domain> <challenge>\n")
+ sys.exit(1)
+ rv = teardown(argv[2])
+ else:
+ sys.stderr.write(f"unknown option {argv[1]}\n")
+ rv = 2
+ else:
+ sys.stderr.write("dns01.py wrong number of arguments\n")
+ rv = 2
+ sys.exit(rv)
+
+
+if __name__ == "__main__":
+ main(sys.argv)
diff --git a/test/modules/md/md_cert_util.py b/test/modules/md/md_cert_util.py
index 8cd99aa..abcd36b 100755
--- a/test/modules/md/md_cert_util.py
+++ b/test/modules/md/md_cert_util.py
@@ -166,10 +166,10 @@ class MDCertUtil(object):
def get_san_list(self):
text = OpenSSL.crypto.dump_certificate(OpenSSL.crypto.FILETYPE_TEXT, self.cert).decode("utf-8")
- m = re.search(r"X509v3 Subject Alternative Name:\s*(.*)", text)
+ m = re.search(r"X509v3 Subject Alternative Name:(\s+critical)?\s*(.*)", text)
sans_list = []
if m:
- sans_list = m.group(1).split(",")
+ sans_list = m.group(2).split(",")
def _strip_prefix(s):
return s.split(":")[1] if s.strip().startswith("DNS:") else s.strip()
diff --git a/test/modules/md/md_env.py b/test/modules/md/md_env.py
index e8e36e5..1936519 100755
--- a/test/modules/md/md_env.py
+++ b/test/modules/md/md_env.py
@@ -73,7 +73,11 @@ class MDTestEnv(HttpdTestEnv):
@classmethod
def has_acme_eab(cls):
- return cls.get_acme_server() == 'pebble'
+ return False
+ # Pebble, since v2.5.0 no longer supports HS256 for EAB, which
+ # is the only thing mod_md supports. Issue opened at pebble:
+ # https://github.com/letsencrypt/pebble/issues/455
+ # return cls.get_acme_server() == 'pebble'
@classmethod
def is_pebble(cls) -> bool:
@@ -356,13 +360,14 @@ class MDTestEnv(HttpdTestEnv):
MDCertUtil.validate_privkey(self.store_domain_file(domain, 'privkey.pem'))
cert = MDCertUtil(self.store_domain_file(domain, 'pubcert.pem'))
cert.validate_cert_matches_priv_key(self.store_domain_file(domain, 'privkey.pem'))
- # check SANs and CN
- assert cert.get_cn() == domain
+ # No longer check CN, it may not be set or is not trusted anyway
+ # assert cert.get_cn() == domain, f'CN: expected "{domain}", got {cert.get_cn()}'
+ # check SANs
# compare lists twice in opposite directions: SAN may not respect ordering
san_list = list(cert.get_san_list())
assert len(san_list) == len(domains)
- assert set(san_list).issubset(domains)
- assert set(domains).issubset(san_list)
+ assert set(san_list).issubset(domains), f'{san_list} not subset of {domains}'
+ assert set(domains).issubset(san_list), f'{domains} not subset of {san_list}'
# check valid dates interval
not_before = cert.get_not_before()
not_after = cert.get_not_after()