85 lines
2.9 KiB
Diff
85 lines
2.9 KiB
Diff
From c20ac23a9a3673cca863974ec53f9129392fd447 Mon Sep 17 00:00:00 2001
|
|
From: "Richard W.M. Jones" <rjones@redhat.com>
|
|
Date: Mon, 24 Jun 2024 11:39:01 +0100
|
|
Subject: [PATCH] interop: Test interop with a bad system CA
|
|
MIME-Version: 1.0
|
|
Content-Type: text/plain; charset=UTF-8
|
|
Content-Transfer-Encoding: 8bit
|
|
|
|
This is expected to fail now.
|
|
|
|
Reviewed-by: Daniel P. Berrangé <berrange@redhat.com>
|
|
(cherry picked from commit 1c7db8f3337632f0395dac9b13cf03b100cf1a4a)
|
|
(cherry picked from commit cb3519eeefa788b8fef466bf9394eefa9d6a6c18)
|
|
---
|
|
.gitignore | 1 +
|
|
interop/Makefile.am | 26 ++++++++++++++++++++++++++
|
|
2 files changed, 27 insertions(+)
|
|
|
|
diff --git a/.gitignore b/.gitignore
|
|
index 0b1cf764..597043e1 100644
|
|
--- a/.gitignore
|
|
+++ b/.gitignore
|
|
@@ -113,6 +113,7 @@ Makefile.in
|
|
/interop/interop-nbdkit-tls-certs
|
|
/interop/interop-nbdkit-tls-certs-allow-enabled
|
|
/interop/interop-nbdkit-tls-certs-allow-fallback
|
|
+/interop/interop-nbdkit-tls-certs-bad-CA
|
|
/interop/interop-nbdkit-tls-psk
|
|
/interop/interop-nbdkit-tls-psk-allow-enabled
|
|
/interop/interop-nbdkit-tls-psk-allow-fallback
|
|
diff --git a/interop/Makefile.am b/interop/Makefile.am
|
|
index 4cdc55e9..bc974b99 100644
|
|
--- a/interop/Makefile.am
|
|
+++ b/interop/Makefile.am
|
|
@@ -281,6 +281,7 @@ check_PROGRAMS += \
|
|
interop-nbdkit-tls-certs \
|
|
interop-nbdkit-tls-certs-allow-enabled \
|
|
interop-nbdkit-tls-certs-allow-fallback \
|
|
+ interop-nbdkit-tls-certs-bad-CA \
|
|
interop-nbdkit-tls-psk \
|
|
interop-nbdkit-tls-psk-allow-enabled \
|
|
interop-nbdkit-tls-psk-allow-fallback \
|
|
@@ -292,6 +293,7 @@ TESTS += \
|
|
interop-nbdkit-tls-certs \
|
|
interop-nbdkit-tls-certs-allow-enabled \
|
|
interop-nbdkit-tls-certs-allow-fallback \
|
|
+ interop-nbdkit-tls-certs-bad-CA \
|
|
interop-nbdkit-tls-psk \
|
|
interop-nbdkit-tls-psk-allow-enabled \
|
|
interop-nbdkit-tls-psk-allow-fallback \
|
|
@@ -370,6 +372,30 @@ interop_nbdkit_tls_certs_allow_fallback_LDADD = \
|
|
$(GNUTLS_LIBS) \
|
|
$(NULL)
|
|
|
|
+# In this test, nbdkit offers a server certificate signed by our CA in
|
|
+# the tests/pki directory, but we deliberately tell libnbd to test
|
|
+# against the system CA (-DCERTS=NULL). This is expected to fail the
|
|
+# connection with the error:
|
|
+# libnbd: debug: nbd1: nbd_connect_command: handle dead: nbd_connect_command: gnutls_handshake: Error in the certificate verification. (15/1)
|
|
+interop_nbdkit_tls_certs_bad_CA_SOURCES = \
|
|
+ interop.c \
|
|
+ requires.c \
|
|
+ ../tests/requires.h \
|
|
+ $(NULL)
|
|
+interop_nbdkit_tls_certs_bad_CA_CPPFLAGS = \
|
|
+ $(AM_CPPFLAGS) \
|
|
+ -DREQUIRES=' requires ("test -d ../tests/pki"); ' \
|
|
+ -DSERVER=\"$(NBDKIT)\" \
|
|
+ -DSERVER_PARAMS='"--tls=require", "--tls-certificates=../tests/pki", "-s", "--exit-with-parent", "null"' \
|
|
+ -DCERTS=NULL \
|
|
+ -DTLS_MODE=LIBNBD_TLS_REQUIRE \
|
|
+ -DEXPECT_FAIL=1 \
|
|
+ $(NULL)
|
|
+interop_nbdkit_tls_certs_bad_CA_LDADD = \
|
|
+ $(top_builddir)/lib/libnbd.la \
|
|
+ $(GNUTLS_LIBS) \
|
|
+ $(NULL)
|
|
+
|
|
interop_nbdkit_tls_psk_SOURCES = \
|
|
interop.c \
|
|
requires.c \
|
|
--
|
|
2.43.0
|
|
|