-
Notifications
You must be signed in to change notification settings - Fork 68
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
tests: rework vendored certificates/keys #80
Commits on Jul 12, 2024
-
rm unused cert generation script
This was originally landed in the `tokio-tls` repo to support the `tokio-native-tls` crate's smoke tests. It was never used by the Rustls code in that repo, but was carried over anyway when we extracted that code into this repo. Let's remove it. We can come up with a better solution for the vendored test certificates we are using.
Configuration menu - View commit details
-
Copy full SHA for a7d664c - Browse repository at this point
Copy the full SHA a7d664cView commit details -
tests: move vendored certs to subdir
This keeps the tests dir tidy and will make it easier to add an update script that isn't itself an integration test.
Configuration menu - View commit details
-
Copy full SHA for ce04f10 - Browse repository at this point
Copy the full SHA ce04f10View commit details -
tests: return bare configs from make_configs()
Let the callers put the configs into an `Arc`. This will allow re-using the setup logic from `utils::make_configs()` in contexts where customization of the client or server config is required.
Configuration menu - View commit details
-
Copy full SHA for bb07fb3 - Browse repository at this point
Copy the full SHA bb07fb3View commit details -
tests: convert more tests to utils::make_configs()
There's still some improvements left to be made, but this reduces a great deal of duplication in the test code.
Configuration menu - View commit details
-
Copy full SHA for 91fb30e - Browse repository at this point
Copy the full SHA 91fb30eView commit details -
tests: tidy up test server usage
* Remove the `CHAIN` const and tuple from `TEST_SERVER` - this is now encapsulated in the `ClientConfig` that's returned from `make_configs()` and no tests are constructing a config from scratch. Similarly the domain name is always `"foobar.com"` (this is baked into the vendored end-entity certificate). Let's just use a const for that. * Remove `start_server()` - it's too small to be of much utility. Let's just ref the `lazy_static!` directly.
Configuration menu - View commit details
-
Copy full SHA for d1f37bd - Browse repository at this point
Copy the full SHA d1f37bdView commit details -
tests: don't overfit on RSA private keys
Prefer `rustls_pemfile::private_key()` to `rsa_private_keys()`. The former is more general, and also doesn't require the `next()` dance that `rsa_private_keys()` does if you're only interested in one private key.
Configuration menu - View commit details
-
Copy full SHA for d81328b - Browse repository at this point
Copy the full SHA d81328bView commit details -
tests: rework vendored certificates/keys
The existing unit tests used vendored cert/key data in a strange way. The `end.cert` and `end.chain` files were the same, and neither was a chain. In both cases the certificate was self-signed, and that same certificate was also configured as a trust anchor in the client configurations. No code/script was included to regenerate the cert (and it was set to expire in Aug). This commit replaces the test files to better simulate a real-world deployment with a trust anchor configured OOB and an intermediate and end-entity chain served by the TLS server. The test certificates are switched to use ECDSA (the rcgen default) for private keys instead of RSA. RSA is for the 90s and ECDSA will be faster :) No tests presently require the root or intermediate private keys, or a serialization of just the end entity cert without the intermediate, so we don't persist this data. This could be added in the future as req'd. All of the key/cert generation is bundled into an ignored integration test `tests/certs/main.rs` using a new dev-only dep on `rcgen`. This felt like the best option on balance, but we could also create a second crate, or look at the unstable nightly Cargo script feature.
Configuration menu - View commit details
-
Copy full SHA for b7e45fa - Browse repository at this point
Copy the full SHA b7e45faView commit details