From 280178571045c23147ecc2e0834b185b5fd2281b Mon Sep 17 00:00:00 2001 From: Dhia Ayachi Date: Mon, 1 Nov 2021 11:40:16 -0400 Subject: [PATCH] regenerate expired certs (#11462) * regenerate expired certs * add documentation to generate tests certificates --- agent/agent_test.go | 2 ++ agent/consul/rpc_test.go | 4 +++ agent/consul/server_test.go | 2 ++ agent/grpc/client_test.go | 4 +++ agent/streaming_test.go | 2 ++ api/api_test.go | 4 +++ test/CA-GENERATION.md | 26 +++++++++++++++ test/client_certs/client.crt | 28 ++++++++-------- test/client_certs/client.key | 6 ++-- test/client_certs/consul-agent-ca-key.pem | 6 ++-- test/client_certs/consul-agent-ca.pem | 32 +++++++++---------- test/client_certs/dc1-client-consul-0-key.pem | 6 ++-- test/client_certs/dc1-client-consul-0.pem | 28 ++++++++-------- test/client_certs/dc1-server-consul-0-key.pem | 6 ++-- test/client_certs/dc1-server-consul-0.pem | 30 ++++++++--------- test/client_certs/path/rootca.crt | 32 +++++++++---------- test/client_certs/rootca.crt | 32 +++++++++---------- test/client_certs/rootca.key | 6 ++-- test/client_certs/server.crt | 30 ++++++++--------- test/client_certs/server.key | 6 ++-- tlsutil/config_test.go | 14 ++++++++ 21 files changed, 182 insertions(+), 124 deletions(-) create mode 100644 test/CA-GENERATION.md diff --git a/agent/agent_test.go b/agent/agent_test.go index 79d441e2fd..94903698a1 100644 --- a/agent/agent_test.go +++ b/agent/agent_test.go @@ -4531,6 +4531,8 @@ LOOP: // TODO(rb): implement something similar to this as a full containerized test suite with proper // isolation so requests can't "cheat" and bypass the mesh gateways func TestAgent_JoinWAN_viaMeshGateway(t *testing.T) { + // if this test is failing because of expired certificates + // use the procedure in test/CA-GENERATION.md if testing.Short() { t.Skip("too slow for testing.Short") } diff --git a/agent/consul/rpc_test.go b/agent/consul/rpc_test.go index 89bfe38ebd..f3b013bcd3 100644 --- a/agent/consul/rpc_test.go +++ b/agent/consul/rpc_test.go @@ -448,6 +448,8 @@ func TestRPC_MagicByteTimeout(t *testing.T) { } func TestRPC_TLSHandshakeTimeout(t *testing.T) { + // if this test is failing because of expired certificates + // use the procedure in test/CA-GENERATION.md if testing.Short() { t.Skip("too slow for testing.Short") } @@ -684,6 +686,8 @@ func connectClient(t *testing.T, s1 *Server, mb pool.RPCType, useTLS, wantOpen b } func TestRPC_RPCMaxConnsPerClient(t *testing.T) { + // if this test is failing because of expired certificates + // use the procedure in test/CA-GENERATION.md if testing.Short() { t.Skip("too slow for testing.Short") } diff --git a/agent/consul/server_test.go b/agent/consul/server_test.go index 890489668d..84cb868b38 100644 --- a/agent/consul/server_test.go +++ b/agent/consul/server_test.go @@ -641,6 +641,8 @@ func TestServer_JoinWAN_Flood(t *testing.T) { // This is a mirror of a similar test in agent/agent_test.go func TestServer_JoinWAN_viaMeshGateway(t *testing.T) { + // if this test is failing because of expired certificates + // use the procedure in test/CA-GENERATION.md if testing.Short() { t.Skip("too slow for testing.Short") } diff --git a/agent/grpc/client_test.go b/agent/grpc/client_test.go index f4d0138f39..1c11ee4ebe 100644 --- a/agent/grpc/client_test.go +++ b/agent/grpc/client_test.go @@ -148,6 +148,8 @@ func TestNewDialer_WithALPNWrapper(t *testing.T) { } func TestNewDialer_IntegrationWithTLSEnabledHandler(t *testing.T) { + // if this test is failing because of expired certificates + // use the procedure in test/CA-GENERATION.md res := resolver.NewServerResolverBuilder(newConfig(t)) registerWithGRPC(t, res) @@ -189,6 +191,8 @@ func TestNewDialer_IntegrationWithTLSEnabledHandler(t *testing.T) { } func TestNewDialer_IntegrationWithTLSEnabledHandler_viaMeshGateway(t *testing.T) { + // if this test is failing because of expired certificates + // use the procedure in test/CA-GENERATION.md ports := freeport.MustTake(1) defer freeport.Return(ports) diff --git a/agent/streaming_test.go b/agent/streaming_test.go index 5fa4dd4c0d..8af5edc7db 100644 --- a/agent/streaming_test.go +++ b/agent/streaming_test.go @@ -34,6 +34,8 @@ func testGRPCStreamingWorking(t *testing.T, config string) { } func TestGRPCWithTLSConfigs(t *testing.T) { + // if this test is failing because of expired certificates + // use the procedure in test/CA-GENERATION.md t.Parallel() testCases := []struct { name string diff --git a/api/api_test.go b/api/api_test.go index 134b8d9252..89852d373c 100644 --- a/api/api_test.go +++ b/api/api_test.go @@ -405,6 +405,8 @@ func TestAPI_DefaultConfig_env(t *testing.T) { // (environment) which has non-deterministic effects on the other tests // which derive their default configuration from the environment + // if this test is failing because of expired certificates + // use the procedure in test/CA-GENERATION.md addr := "1.2.3.4:5678" token := "abcd1234" auth := "username:password" @@ -486,6 +488,8 @@ func TestAPI_DefaultConfig_env(t *testing.T) { } func TestAPI_SetupTLSConfig(t *testing.T) { + // if this test is failing because of expired certificates + // use the procedure in test/CA-GENERATION.md t.Parallel() // A default config should result in a clean default client config. tlsConfig := &TLSConfig{} diff --git a/test/CA-GENERATION.md b/test/CA-GENERATION.md new file mode 100644 index 0000000000..0c2c8b4dbe --- /dev/null +++ b/test/CA-GENERATION.md @@ -0,0 +1,26 @@ +# CA certificate generation procedure + +## Client certificates +if tests like `TestAPI_ClientTLSOptions` (or any other test using certificates located in `./test/client_certs` ) are failing because of expired certificates, use `./generate.sh` script to regenerate a new set of certificate. + +``` bash +cd test/client_certs/ +rm -rf *.pem *.crt *.key && ./generate.sh +``` + +## CA certificates +if tests like `TestAgent_ReloadConfigTLSConfigFailure` (or any other test using certificates located in `./test/ca` ) are failing because of expired certificates, use `./generate.sh` script to regenerate a new set of certificate. + +``` bash +cd test/ca/ +rm -rf *.pem *.crt *.key && ./generate.sh +``` + +## Hostname certificates + +if tests like `TestNewDialer_WithALPNWrapper` (or any other test using certificates located in `./test/hostname` ) are failing because of expired certificates, use `./generate.sh` script to regenerate a new set of certificate. + +``` bash +cd test/hostname/ +rm -rf *.pem *.crt *.key && ./generate.sh +``` \ No newline at end of file diff --git a/test/client_certs/client.crt b/test/client_certs/client.crt index fbdabcba2e..e464336f57 100644 --- a/test/client_certs/client.crt +++ b/test/client_certs/client.crt @@ -1,16 +1,16 @@ -----BEGIN CERTIFICATE----- -MIICnDCCAkOgAwIBAgIRAOnKNzSoGq53Rq/G5tbm85swCgYIKoZIzj0EAwIwgbkx -CzAJBgNVBAYTAlVTMQswCQYDVQQIEwJDQTEWMBQGA1UEBxMNU2FuIEZyYW5jaXNj -bzEaMBgGA1UECRMRMTAxIFNlY29uZCBTdHJlZXQxDjAMBgNVBBETBTk0MTA1MRcw -FQYDVQQKEw5IYXNoaUNvcnAgSW5jLjFAMD4GA1UEAxM3Q29uc3VsIEFnZW50IENB -IDE4NTU3MTQ5MTMzMTA0NzczNDYwMjQyMDcxODI5NjUzMzQzNTQ0MzAeFw0yMDEw -MjgyMjI3NTZaFw0yMTEwMjgyMjI3NTZaMBwxGjAYBgNVBAMTEWNsaWVudC5kYzEu -Y29uc3VsMFkwEwYHKoZIzj0CAQYIKoZIzj0DAQcDQgAEMtVdDd8tDZBaOaDFFzWD -0hTxO7soxUuz1dWaO8FGhIS07dfSBjYumEOgfNtfOzAILvkBd4gS8DrQZ2Rbks86 -iKOBxzCBxDAOBgNVHQ8BAf8EBAMCBaAwHQYDVR0lBBYwFAYIKwYBBQUHAwIGCCsG -AQUFBwMBMAwGA1UdEwEB/wQCMAAwKQYDVR0OBCIEIEJWUjlDw7H2fbRpGG8fpqCq -GEX80iDpQqXOU0wg6fEPMCsGA1UdIwQkMCKAIAu+td60D/Er7Xjtyg0B6XflfKYm -IdXjPfiFy8SGeKS2MC0GA1UdEQQmMCSCEWNsaWVudC5kYzEuY29uc3Vsgglsb2Nh -bGhvc3SHBH8AAAEwCgYIKoZIzj0EAwIDRwAwRAIgYAZTf8VcZ4nQl4lbm579BfXy -6YpYz/DdfkEODUBxUyYCIDXhfmxtL/gTSkIh1E+fV7H7ZmqPKgTDH1XBV2zYnj/C +MIICmjCCAkGgAwIBAgIQVDAApftts3C9eO+JONBsNTAKBggqhkjOPQQDAjCBuDEL +MAkGA1UEBhMCVVMxCzAJBgNVBAgTAkNBMRYwFAYDVQQHEw1TYW4gRnJhbmNpc2Nv +MRowGAYDVQQJExExMDEgU2Vjb25kIFN0cmVldDEOMAwGA1UEERMFOTQxMDUxFzAV +BgNVBAoTDkhhc2hpQ29ycCBJbmMuMT8wPQYDVQQDEzZDb25zdWwgQWdlbnQgQ0Eg +MTczNzc4NzkyNTY5MTI1NTgwMTIxMzk4OTk2MjY5OTEyNzM0NzQwHhcNMjExMTAx +MTQ0NTAzWhcNMjIxMTAxMTQ0NTAzWjAcMRowGAYDVQQDExFjbGllbnQuZGMxLmNv +bnN1bDBZMBMGByqGSM49AgEGCCqGSM49AwEHA0IABGF9ORXwWyUFj1bTD7GzFIvQ +U6L+eMoEiba2tD1HkKWHaDAx/I7Df3wcHmBzVaqjgMsRChjMmJ3cDDGuLt1/BHGj +gccwgcQwDgYDVR0PAQH/BAQDAgWgMB0GA1UdJQQWMBQGCCsGAQUFBwMCBggrBgEF +BQcDATAMBgNVHRMBAf8EAjAAMCkGA1UdDgQiBCAka8yiBZ22z4cNL8yjkN1DOd/b +oN7QIaohoQ6ViYI9kzArBgNVHSMEJDAigCANnhDl60rkQhnDjjZwPgCC258oC68G +b9bIeY63KVL/7jAtBgNVHREEJjAkghFjbGllbnQuZGMxLmNvbnN1bIIJbG9jYWxo +b3N0hwR/AAABMAoGCCqGSM49BAMCA0cAMEQCIE4Dl1LytCVq1CDQfflE6dpIQR0z +D8EJ0v2d8Bx1YdVWAiB6Fhj7vrjevlmKGNZzk87xNZiMNB1/C3QvmWJYPpMPNQ== -----END CERTIFICATE----- diff --git a/test/client_certs/client.key b/test/client_certs/client.key index e27ca3cf2a..92e1d61055 100644 --- a/test/client_certs/client.key +++ b/test/client_certs/client.key @@ -1,5 +1,5 @@ -----BEGIN EC PRIVATE KEY----- -MHcCAQEEIDxDVYnUL3LCN7kSKF/ShH1c8HacmeUyU/2qJ/fo+5kDoAoGCCqGSM49 -AwEHoUQDQgAEMtVdDd8tDZBaOaDFFzWD0hTxO7soxUuz1dWaO8FGhIS07dfSBjYu -mEOgfNtfOzAILvkBd4gS8DrQZ2Rbks86iA== +MHcCAQEEIFz6x9ap6/v3Q0ZzKD8VfCXxNOlF1ELxyosxLj+yqltsoAoGCCqGSM49 +AwEHoUQDQgAEYX05FfBbJQWPVtMPsbMUi9BTov54ygSJtra0PUeQpYdoMDH8jsN/ +fBweYHNVqqOAyxEKGMyYndwMMa4u3X8EcQ== -----END EC PRIVATE KEY----- diff --git a/test/client_certs/consul-agent-ca-key.pem b/test/client_certs/consul-agent-ca-key.pem index f6791f3902..cfceffc111 100644 --- a/test/client_certs/consul-agent-ca-key.pem +++ b/test/client_certs/consul-agent-ca-key.pem @@ -1,5 +1,5 @@ -----BEGIN EC PRIVATE KEY----- -MHcCAQEEINtFYGWAzcVyRRQKjadE83olH8xAwZYe5sEn4rfPtI8xoAoGCCqGSM49 -AwEHoUQDQgAErHueX3t67iU5Bj7Nh53zhggnF4pLwjuDbmTDSYIe/Tbeixc2M2Nb -7cGr9/Bk9cH8exB/o2KzbQ2nxPZ+ftBTAQ== +MHcCAQEEIEULa3Bb3xemvewpjiqz57wN+WwQSw/K7jUhwiUgAQXToAoGCCqGSM49 +AwEHoUQDQgAE1EENJOb0u3rmKNX7/svm4O0bXGsqZGQ+G+vHxNECsXgk4wDzi94Z +cFGIyrN8nTKJJU0j+p6YtY3P6D1K2lp9Vw== -----END EC PRIVATE KEY----- diff --git a/test/client_certs/consul-agent-ca.pem b/test/client_certs/consul-agent-ca.pem index 1c37931205..71281432aa 100644 --- a/test/client_certs/consul-agent-ca.pem +++ b/test/client_certs/consul-agent-ca.pem @@ -1,18 +1,18 @@ -----BEGIN CERTIFICATE----- -MIIC7zCCApSgAwIBAgIRAIubxOonau4Z6UJRYv5KBDMwCgYIKoZIzj0EAwIwgbkx -CzAJBgNVBAYTAlVTMQswCQYDVQQIEwJDQTEWMBQGA1UEBxMNU2FuIEZyYW5jaXNj -bzEaMBgGA1UECRMRMTAxIFNlY29uZCBTdHJlZXQxDjAMBgNVBBETBTk0MTA1MRcw -FQYDVQQKEw5IYXNoaUNvcnAgSW5jLjFAMD4GA1UEAxM3Q29uc3VsIEFnZW50IENB -IDE4NTU3MTQ5MTMzMTA0NzczNDYwMjQyMDcxODI5NjUzMzQzNTQ0MzAeFw0yMDEw -MjgyMjI3NTZaFw0yNTEwMjcyMjI3NTZaMIG5MQswCQYDVQQGEwJVUzELMAkGA1UE -CBMCQ0ExFjAUBgNVBAcTDVNhbiBGcmFuY2lzY28xGjAYBgNVBAkTETEwMSBTZWNv -bmQgU3RyZWV0MQ4wDAYDVQQREwU5NDEwNTEXMBUGA1UEChMOSGFzaGlDb3JwIElu -Yy4xQDA+BgNVBAMTN0NvbnN1bCBBZ2VudCBDQSAxODU1NzE0OTEzMzEwNDc3MzQ2 -MDI0MjA3MTgyOTY1MzM0MzU0NDMwWTATBgcqhkjOPQIBBggqhkjOPQMBBwNCAASs -e55fe3ruJTkGPs2HnfOGCCcXikvCO4NuZMNJgh79Nt6LFzYzY1vtwav38GT1wfx7 -EH+jYrNtDafE9n5+0FMBo3sweTAOBgNVHQ8BAf8EBAMCAYYwDwYDVR0TAQH/BAUw -AwEB/zApBgNVHQ4EIgQgC7613rQP8SvteO3KDQHpd+V8piYh1eM9+IXLxIZ4pLYw -KwYDVR0jBCQwIoAgC7613rQP8SvteO3KDQHpd+V8piYh1eM9+IXLxIZ4pLYwCgYI -KoZIzj0EAwIDSQAwRgIhALoE4RO8DHR4AkxmO5ostQxAYMIpiSTC9VZsWva3hHj4 -AiEAijGw7bHPearXh9I2ghGE4jGJbGK4R9JHcLOq3+GE2Ng= +MIIC6zCCApGgAwIBAgIQDRLbmPude64vjjBAnHZGAjAKBggqhkjOPQQDAjCBuDEL +MAkGA1UEBhMCVVMxCzAJBgNVBAgTAkNBMRYwFAYDVQQHEw1TYW4gRnJhbmNpc2Nv +MRowGAYDVQQJExExMDEgU2Vjb25kIFN0cmVldDEOMAwGA1UEERMFOTQxMDUxFzAV +BgNVBAoTDkhhc2hpQ29ycCBJbmMuMT8wPQYDVQQDEzZDb25zdWwgQWdlbnQgQ0Eg +MTczNzc4NzkyNTY5MTI1NTgwMTIxMzk4OTk2MjY5OTEyNzM0NzQwHhcNMjExMTAx +MTQ0NTAzWhcNMjYxMDMxMTQ0NTAzWjCBuDELMAkGA1UEBhMCVVMxCzAJBgNVBAgT +AkNBMRYwFAYDVQQHEw1TYW4gRnJhbmNpc2NvMRowGAYDVQQJExExMDEgU2Vjb25k +IFN0cmVldDEOMAwGA1UEERMFOTQxMDUxFzAVBgNVBAoTDkhhc2hpQ29ycCBJbmMu +MT8wPQYDVQQDEzZDb25zdWwgQWdlbnQgQ0EgMTczNzc4NzkyNTY5MTI1NTgwMTIx +Mzk4OTk2MjY5OTEyNzM0NzQwWTATBgcqhkjOPQIBBggqhkjOPQMBBwNCAATUQQ0k +5vS7euYo1fv+y+bg7RtcaypkZD4b68fE0QKxeCTjAPOL3hlwUYjKs3ydMoklTSP6 +npi1jc/oPUraWn1Xo3sweTAOBgNVHQ8BAf8EBAMCAYYwDwYDVR0TAQH/BAUwAwEB +/zApBgNVHQ4EIgQgDZ4Q5etK5EIZw442cD4AgtufKAuvBm/WyHmOtylS/+4wKwYD +VR0jBCQwIoAgDZ4Q5etK5EIZw442cD4AgtufKAuvBm/WyHmOtylS/+4wCgYIKoZI +zj0EAwIDSAAwRQIhAPab5jGWHNZkbDRqhQoZrA+0D9cqfJNcCOJVEB69E3f5AiBv +tbI2DANB3S6Atg8+PsRXJxCT5R1TrbPX63udY5O5GA== -----END CERTIFICATE----- diff --git a/test/client_certs/dc1-client-consul-0-key.pem b/test/client_certs/dc1-client-consul-0-key.pem index e27ca3cf2a..92e1d61055 100644 --- a/test/client_certs/dc1-client-consul-0-key.pem +++ b/test/client_certs/dc1-client-consul-0-key.pem @@ -1,5 +1,5 @@ -----BEGIN EC PRIVATE KEY----- -MHcCAQEEIDxDVYnUL3LCN7kSKF/ShH1c8HacmeUyU/2qJ/fo+5kDoAoGCCqGSM49 -AwEHoUQDQgAEMtVdDd8tDZBaOaDFFzWD0hTxO7soxUuz1dWaO8FGhIS07dfSBjYu -mEOgfNtfOzAILvkBd4gS8DrQZ2Rbks86iA== +MHcCAQEEIFz6x9ap6/v3Q0ZzKD8VfCXxNOlF1ELxyosxLj+yqltsoAoGCCqGSM49 +AwEHoUQDQgAEYX05FfBbJQWPVtMPsbMUi9BTov54ygSJtra0PUeQpYdoMDH8jsN/ +fBweYHNVqqOAyxEKGMyYndwMMa4u3X8EcQ== -----END EC PRIVATE KEY----- diff --git a/test/client_certs/dc1-client-consul-0.pem b/test/client_certs/dc1-client-consul-0.pem index fbdabcba2e..e464336f57 100644 --- a/test/client_certs/dc1-client-consul-0.pem +++ b/test/client_certs/dc1-client-consul-0.pem @@ -1,16 +1,16 @@ -----BEGIN CERTIFICATE----- -MIICnDCCAkOgAwIBAgIRAOnKNzSoGq53Rq/G5tbm85swCgYIKoZIzj0EAwIwgbkx -CzAJBgNVBAYTAlVTMQswCQYDVQQIEwJDQTEWMBQGA1UEBxMNU2FuIEZyYW5jaXNj -bzEaMBgGA1UECRMRMTAxIFNlY29uZCBTdHJlZXQxDjAMBgNVBBETBTk0MTA1MRcw -FQYDVQQKEw5IYXNoaUNvcnAgSW5jLjFAMD4GA1UEAxM3Q29uc3VsIEFnZW50IENB -IDE4NTU3MTQ5MTMzMTA0NzczNDYwMjQyMDcxODI5NjUzMzQzNTQ0MzAeFw0yMDEw -MjgyMjI3NTZaFw0yMTEwMjgyMjI3NTZaMBwxGjAYBgNVBAMTEWNsaWVudC5kYzEu -Y29uc3VsMFkwEwYHKoZIzj0CAQYIKoZIzj0DAQcDQgAEMtVdDd8tDZBaOaDFFzWD -0hTxO7soxUuz1dWaO8FGhIS07dfSBjYumEOgfNtfOzAILvkBd4gS8DrQZ2Rbks86 -iKOBxzCBxDAOBgNVHQ8BAf8EBAMCBaAwHQYDVR0lBBYwFAYIKwYBBQUHAwIGCCsG -AQUFBwMBMAwGA1UdEwEB/wQCMAAwKQYDVR0OBCIEIEJWUjlDw7H2fbRpGG8fpqCq -GEX80iDpQqXOU0wg6fEPMCsGA1UdIwQkMCKAIAu+td60D/Er7Xjtyg0B6XflfKYm -IdXjPfiFy8SGeKS2MC0GA1UdEQQmMCSCEWNsaWVudC5kYzEuY29uc3Vsgglsb2Nh -bGhvc3SHBH8AAAEwCgYIKoZIzj0EAwIDRwAwRAIgYAZTf8VcZ4nQl4lbm579BfXy -6YpYz/DdfkEODUBxUyYCIDXhfmxtL/gTSkIh1E+fV7H7ZmqPKgTDH1XBV2zYnj/C +MIICmjCCAkGgAwIBAgIQVDAApftts3C9eO+JONBsNTAKBggqhkjOPQQDAjCBuDEL +MAkGA1UEBhMCVVMxCzAJBgNVBAgTAkNBMRYwFAYDVQQHEw1TYW4gRnJhbmNpc2Nv +MRowGAYDVQQJExExMDEgU2Vjb25kIFN0cmVldDEOMAwGA1UEERMFOTQxMDUxFzAV +BgNVBAoTDkhhc2hpQ29ycCBJbmMuMT8wPQYDVQQDEzZDb25zdWwgQWdlbnQgQ0Eg +MTczNzc4NzkyNTY5MTI1NTgwMTIxMzk4OTk2MjY5OTEyNzM0NzQwHhcNMjExMTAx +MTQ0NTAzWhcNMjIxMTAxMTQ0NTAzWjAcMRowGAYDVQQDExFjbGllbnQuZGMxLmNv +bnN1bDBZMBMGByqGSM49AgEGCCqGSM49AwEHA0IABGF9ORXwWyUFj1bTD7GzFIvQ +U6L+eMoEiba2tD1HkKWHaDAx/I7Df3wcHmBzVaqjgMsRChjMmJ3cDDGuLt1/BHGj +gccwgcQwDgYDVR0PAQH/BAQDAgWgMB0GA1UdJQQWMBQGCCsGAQUFBwMCBggrBgEF +BQcDATAMBgNVHRMBAf8EAjAAMCkGA1UdDgQiBCAka8yiBZ22z4cNL8yjkN1DOd/b +oN7QIaohoQ6ViYI9kzArBgNVHSMEJDAigCANnhDl60rkQhnDjjZwPgCC258oC68G +b9bIeY63KVL/7jAtBgNVHREEJjAkghFjbGllbnQuZGMxLmNvbnN1bIIJbG9jYWxo +b3N0hwR/AAABMAoGCCqGSM49BAMCA0cAMEQCIE4Dl1LytCVq1CDQfflE6dpIQR0z +D8EJ0v2d8Bx1YdVWAiB6Fhj7vrjevlmKGNZzk87xNZiMNB1/C3QvmWJYPpMPNQ== -----END CERTIFICATE----- diff --git a/test/client_certs/dc1-server-consul-0-key.pem b/test/client_certs/dc1-server-consul-0-key.pem index 7c2a0af70b..d35047d487 100644 --- a/test/client_certs/dc1-server-consul-0-key.pem +++ b/test/client_certs/dc1-server-consul-0-key.pem @@ -1,5 +1,5 @@ -----BEGIN EC PRIVATE KEY----- -MHcCAQEEICYdaRvHDtbGbReTekgKf9uyKFEnR7kr7VU3kw3uGzAhoAoGCCqGSM49 -AwEHoUQDQgAE0etZvg/aUTU+HPwDHtEwZslBuEshwHl7AcERHQeFTuhtfjpwHQw+ -uTunFkmQoqNmE+n7P4v7fe771lpxif8VwA== +MHcCAQEEIGYeUPTLPIffkIx9mAmw5stoepPHQz6hxtuwJdv2y+fvoAoGCCqGSM49 +AwEHoUQDQgAEuZ7Iacvo0TN8oB5JkSw8xvm9QC0Q6DROqE/V46XYM+1PvwhPiyoJ +ZIt2zTYATwV5Z7gIvnW1BEoGtNAt4f8pZg== -----END EC PRIVATE KEY----- diff --git a/test/client_certs/dc1-server-consul-0.pem b/test/client_certs/dc1-server-consul-0.pem index 2dca4b5267..3fbcb6bb95 100644 --- a/test/client_certs/dc1-server-consul-0.pem +++ b/test/client_certs/dc1-server-consul-0.pem @@ -1,17 +1,17 @@ -----BEGIN CERTIFICATE----- -MIICxjCCAmugAwIBAgIRAOKZmO0GuFJUOfJ7Ycf0WOEwCgYIKoZIzj0EAwIwgbkx -CzAJBgNVBAYTAlVTMQswCQYDVQQIEwJDQTEWMBQGA1UEBxMNU2FuIEZyYW5jaXNj -bzEaMBgGA1UECRMRMTAxIFNlY29uZCBTdHJlZXQxDjAMBgNVBBETBTk0MTA1MRcw -FQYDVQQKEw5IYXNoaUNvcnAgSW5jLjFAMD4GA1UEAxM3Q29uc3VsIEFnZW50IENB -IDE4NTU3MTQ5MTMzMTA0NzczNDYwMjQyMDcxODI5NjUzMzQzNTQ0MzAeFw0yMDEw -MjgyMjI3NTZaFw0yMTEwMjgyMjI3NTZaMBwxGjAYBgNVBAMTEXNlcnZlci5kYzEu -Y29uc3VsMFkwEwYHKoZIzj0CAQYIKoZIzj0DAQcDQgAE0etZvg/aUTU+HPwDHtEw -ZslBuEshwHl7AcERHQeFTuhtfjpwHQw+uTunFkmQoqNmE+n7P4v7fe771lpxif8V -wKOB7zCB7DAOBgNVHQ8BAf8EBAMCBaAwHQYDVR0lBBYwFAYIKwYBBQUHAwEGCCsG -AQUFBwMCMAwGA1UdEwEB/wQCMAAwKQYDVR0OBCIEIEA1xxAYluRqg6wFwGu75o/5 -8Ty6FWR9RgIYvZzCM2N9MCsGA1UdIwQkMCKAIAu+td60D/Er7Xjtyg0B6XflfKYm -IdXjPfiFy8SGeKS2MFUGA1UdEQROMEyCC2NvbnN1bC50ZXN0ghlzZXJ2ZXIwLnNl -cnZlci5kYzEuY29uc3VsghFzZXJ2ZXIuZGMxLmNvbnN1bIIJbG9jYWxob3N0hwR/ -AAABMAoGCCqGSM49BAMCA0kAMEYCIQDz9YnCvKkgGqw5M0HLDI82rqwQsH2SRQUs -kogKi3oGmQIhAPBA5AgF3y1E94PbeYfvoDBJy1JiY3KsckY2Gz+M8Iyc +MIICwzCCAmmgAwIBAgIQLMLWUI6B0ebm1Ii/WuRZ8DAKBggqhkjOPQQDAjCBuDEL +MAkGA1UEBhMCVVMxCzAJBgNVBAgTAkNBMRYwFAYDVQQHEw1TYW4gRnJhbmNpc2Nv +MRowGAYDVQQJExExMDEgU2Vjb25kIFN0cmVldDEOMAwGA1UEERMFOTQxMDUxFzAV +BgNVBAoTDkhhc2hpQ29ycCBJbmMuMT8wPQYDVQQDEzZDb25zdWwgQWdlbnQgQ0Eg +MTczNzc4NzkyNTY5MTI1NTgwMTIxMzk4OTk2MjY5OTEyNzM0NzQwHhcNMjExMTAx +MTQ0NTAzWhcNMjIxMTAxMTQ0NTAzWjAcMRowGAYDVQQDExFzZXJ2ZXIuZGMxLmNv +bnN1bDBZMBMGByqGSM49AgEGCCqGSM49AwEHA0IABLmeyGnL6NEzfKAeSZEsPMb5 +vUAtEOg0TqhP1eOl2DPtT78IT4sqCWSLds02AE8FeWe4CL51tQRKBrTQLeH/KWaj +ge8wgewwDgYDVR0PAQH/BAQDAgWgMB0GA1UdJQQWMBQGCCsGAQUFBwMBBggrBgEF +BQcDAjAMBgNVHRMBAf8EAjAAMCkGA1UdDgQiBCCg/S6k7agUE+aei8EyDz0c76Oo +rvZaXkQwVwFzjPSsRzArBgNVHSMEJDAigCANnhDl60rkQhnDjjZwPgCC258oC68G +b9bIeY63KVL/7jBVBgNVHREETjBMggtjb25zdWwudGVzdIIZc2VydmVyMC5zZXJ2 +ZXIuZGMxLmNvbnN1bIIRc2VydmVyLmRjMS5jb25zdWyCCWxvY2FsaG9zdIcEfwAA +ATAKBggqhkjOPQQDAgNIADBFAiAREeH2p06CtuScx/d9iBrA4cLJgDzjyeHJBbDH +ETHRxgIhAIzsPAVVnbuMx1+R/VWh9EWAOGvI1V/sKWqFdID8Krdp -----END CERTIFICATE----- diff --git a/test/client_certs/path/rootca.crt b/test/client_certs/path/rootca.crt index 1c37931205..71281432aa 100644 --- a/test/client_certs/path/rootca.crt +++ b/test/client_certs/path/rootca.crt @@ -1,18 +1,18 @@ -----BEGIN CERTIFICATE----- -MIIC7zCCApSgAwIBAgIRAIubxOonau4Z6UJRYv5KBDMwCgYIKoZIzj0EAwIwgbkx -CzAJBgNVBAYTAlVTMQswCQYDVQQIEwJDQTEWMBQGA1UEBxMNU2FuIEZyYW5jaXNj -bzEaMBgGA1UECRMRMTAxIFNlY29uZCBTdHJlZXQxDjAMBgNVBBETBTk0MTA1MRcw -FQYDVQQKEw5IYXNoaUNvcnAgSW5jLjFAMD4GA1UEAxM3Q29uc3VsIEFnZW50IENB -IDE4NTU3MTQ5MTMzMTA0NzczNDYwMjQyMDcxODI5NjUzMzQzNTQ0MzAeFw0yMDEw -MjgyMjI3NTZaFw0yNTEwMjcyMjI3NTZaMIG5MQswCQYDVQQGEwJVUzELMAkGA1UE -CBMCQ0ExFjAUBgNVBAcTDVNhbiBGcmFuY2lzY28xGjAYBgNVBAkTETEwMSBTZWNv -bmQgU3RyZWV0MQ4wDAYDVQQREwU5NDEwNTEXMBUGA1UEChMOSGFzaGlDb3JwIElu -Yy4xQDA+BgNVBAMTN0NvbnN1bCBBZ2VudCBDQSAxODU1NzE0OTEzMzEwNDc3MzQ2 -MDI0MjA3MTgyOTY1MzM0MzU0NDMwWTATBgcqhkjOPQIBBggqhkjOPQMBBwNCAASs -e55fe3ruJTkGPs2HnfOGCCcXikvCO4NuZMNJgh79Nt6LFzYzY1vtwav38GT1wfx7 -EH+jYrNtDafE9n5+0FMBo3sweTAOBgNVHQ8BAf8EBAMCAYYwDwYDVR0TAQH/BAUw -AwEB/zApBgNVHQ4EIgQgC7613rQP8SvteO3KDQHpd+V8piYh1eM9+IXLxIZ4pLYw -KwYDVR0jBCQwIoAgC7613rQP8SvteO3KDQHpd+V8piYh1eM9+IXLxIZ4pLYwCgYI -KoZIzj0EAwIDSQAwRgIhALoE4RO8DHR4AkxmO5ostQxAYMIpiSTC9VZsWva3hHj4 -AiEAijGw7bHPearXh9I2ghGE4jGJbGK4R9JHcLOq3+GE2Ng= +MIIC6zCCApGgAwIBAgIQDRLbmPude64vjjBAnHZGAjAKBggqhkjOPQQDAjCBuDEL +MAkGA1UEBhMCVVMxCzAJBgNVBAgTAkNBMRYwFAYDVQQHEw1TYW4gRnJhbmNpc2Nv +MRowGAYDVQQJExExMDEgU2Vjb25kIFN0cmVldDEOMAwGA1UEERMFOTQxMDUxFzAV +BgNVBAoTDkhhc2hpQ29ycCBJbmMuMT8wPQYDVQQDEzZDb25zdWwgQWdlbnQgQ0Eg +MTczNzc4NzkyNTY5MTI1NTgwMTIxMzk4OTk2MjY5OTEyNzM0NzQwHhcNMjExMTAx +MTQ0NTAzWhcNMjYxMDMxMTQ0NTAzWjCBuDELMAkGA1UEBhMCVVMxCzAJBgNVBAgT +AkNBMRYwFAYDVQQHEw1TYW4gRnJhbmNpc2NvMRowGAYDVQQJExExMDEgU2Vjb25k +IFN0cmVldDEOMAwGA1UEERMFOTQxMDUxFzAVBgNVBAoTDkhhc2hpQ29ycCBJbmMu +MT8wPQYDVQQDEzZDb25zdWwgQWdlbnQgQ0EgMTczNzc4NzkyNTY5MTI1NTgwMTIx +Mzk4OTk2MjY5OTEyNzM0NzQwWTATBgcqhkjOPQIBBggqhkjOPQMBBwNCAATUQQ0k +5vS7euYo1fv+y+bg7RtcaypkZD4b68fE0QKxeCTjAPOL3hlwUYjKs3ydMoklTSP6 +npi1jc/oPUraWn1Xo3sweTAOBgNVHQ8BAf8EBAMCAYYwDwYDVR0TAQH/BAUwAwEB +/zApBgNVHQ4EIgQgDZ4Q5etK5EIZw442cD4AgtufKAuvBm/WyHmOtylS/+4wKwYD +VR0jBCQwIoAgDZ4Q5etK5EIZw442cD4AgtufKAuvBm/WyHmOtylS/+4wCgYIKoZI +zj0EAwIDSAAwRQIhAPab5jGWHNZkbDRqhQoZrA+0D9cqfJNcCOJVEB69E3f5AiBv +tbI2DANB3S6Atg8+PsRXJxCT5R1TrbPX63udY5O5GA== -----END CERTIFICATE----- diff --git a/test/client_certs/rootca.crt b/test/client_certs/rootca.crt index 1c37931205..71281432aa 100644 --- a/test/client_certs/rootca.crt +++ b/test/client_certs/rootca.crt @@ -1,18 +1,18 @@ -----BEGIN CERTIFICATE----- -MIIC7zCCApSgAwIBAgIRAIubxOonau4Z6UJRYv5KBDMwCgYIKoZIzj0EAwIwgbkx -CzAJBgNVBAYTAlVTMQswCQYDVQQIEwJDQTEWMBQGA1UEBxMNU2FuIEZyYW5jaXNj -bzEaMBgGA1UECRMRMTAxIFNlY29uZCBTdHJlZXQxDjAMBgNVBBETBTk0MTA1MRcw -FQYDVQQKEw5IYXNoaUNvcnAgSW5jLjFAMD4GA1UEAxM3Q29uc3VsIEFnZW50IENB -IDE4NTU3MTQ5MTMzMTA0NzczNDYwMjQyMDcxODI5NjUzMzQzNTQ0MzAeFw0yMDEw -MjgyMjI3NTZaFw0yNTEwMjcyMjI3NTZaMIG5MQswCQYDVQQGEwJVUzELMAkGA1UE -CBMCQ0ExFjAUBgNVBAcTDVNhbiBGcmFuY2lzY28xGjAYBgNVBAkTETEwMSBTZWNv -bmQgU3RyZWV0MQ4wDAYDVQQREwU5NDEwNTEXMBUGA1UEChMOSGFzaGlDb3JwIElu -Yy4xQDA+BgNVBAMTN0NvbnN1bCBBZ2VudCBDQSAxODU1NzE0OTEzMzEwNDc3MzQ2 -MDI0MjA3MTgyOTY1MzM0MzU0NDMwWTATBgcqhkjOPQIBBggqhkjOPQMBBwNCAASs -e55fe3ruJTkGPs2HnfOGCCcXikvCO4NuZMNJgh79Nt6LFzYzY1vtwav38GT1wfx7 -EH+jYrNtDafE9n5+0FMBo3sweTAOBgNVHQ8BAf8EBAMCAYYwDwYDVR0TAQH/BAUw -AwEB/zApBgNVHQ4EIgQgC7613rQP8SvteO3KDQHpd+V8piYh1eM9+IXLxIZ4pLYw -KwYDVR0jBCQwIoAgC7613rQP8SvteO3KDQHpd+V8piYh1eM9+IXLxIZ4pLYwCgYI -KoZIzj0EAwIDSQAwRgIhALoE4RO8DHR4AkxmO5ostQxAYMIpiSTC9VZsWva3hHj4 -AiEAijGw7bHPearXh9I2ghGE4jGJbGK4R9JHcLOq3+GE2Ng= +MIIC6zCCApGgAwIBAgIQDRLbmPude64vjjBAnHZGAjAKBggqhkjOPQQDAjCBuDEL +MAkGA1UEBhMCVVMxCzAJBgNVBAgTAkNBMRYwFAYDVQQHEw1TYW4gRnJhbmNpc2Nv +MRowGAYDVQQJExExMDEgU2Vjb25kIFN0cmVldDEOMAwGA1UEERMFOTQxMDUxFzAV +BgNVBAoTDkhhc2hpQ29ycCBJbmMuMT8wPQYDVQQDEzZDb25zdWwgQWdlbnQgQ0Eg +MTczNzc4NzkyNTY5MTI1NTgwMTIxMzk4OTk2MjY5OTEyNzM0NzQwHhcNMjExMTAx +MTQ0NTAzWhcNMjYxMDMxMTQ0NTAzWjCBuDELMAkGA1UEBhMCVVMxCzAJBgNVBAgT +AkNBMRYwFAYDVQQHEw1TYW4gRnJhbmNpc2NvMRowGAYDVQQJExExMDEgU2Vjb25k +IFN0cmVldDEOMAwGA1UEERMFOTQxMDUxFzAVBgNVBAoTDkhhc2hpQ29ycCBJbmMu +MT8wPQYDVQQDEzZDb25zdWwgQWdlbnQgQ0EgMTczNzc4NzkyNTY5MTI1NTgwMTIx +Mzk4OTk2MjY5OTEyNzM0NzQwWTATBgcqhkjOPQIBBggqhkjOPQMBBwNCAATUQQ0k +5vS7euYo1fv+y+bg7RtcaypkZD4b68fE0QKxeCTjAPOL3hlwUYjKs3ydMoklTSP6 +npi1jc/oPUraWn1Xo3sweTAOBgNVHQ8BAf8EBAMCAYYwDwYDVR0TAQH/BAUwAwEB +/zApBgNVHQ4EIgQgDZ4Q5etK5EIZw442cD4AgtufKAuvBm/WyHmOtylS/+4wKwYD +VR0jBCQwIoAgDZ4Q5etK5EIZw442cD4AgtufKAuvBm/WyHmOtylS/+4wCgYIKoZI +zj0EAwIDSAAwRQIhAPab5jGWHNZkbDRqhQoZrA+0D9cqfJNcCOJVEB69E3f5AiBv +tbI2DANB3S6Atg8+PsRXJxCT5R1TrbPX63udY5O5GA== -----END CERTIFICATE----- diff --git a/test/client_certs/rootca.key b/test/client_certs/rootca.key index f6791f3902..cfceffc111 100644 --- a/test/client_certs/rootca.key +++ b/test/client_certs/rootca.key @@ -1,5 +1,5 @@ -----BEGIN EC PRIVATE KEY----- -MHcCAQEEINtFYGWAzcVyRRQKjadE83olH8xAwZYe5sEn4rfPtI8xoAoGCCqGSM49 -AwEHoUQDQgAErHueX3t67iU5Bj7Nh53zhggnF4pLwjuDbmTDSYIe/Tbeixc2M2Nb -7cGr9/Bk9cH8exB/o2KzbQ2nxPZ+ftBTAQ== +MHcCAQEEIEULa3Bb3xemvewpjiqz57wN+WwQSw/K7jUhwiUgAQXToAoGCCqGSM49 +AwEHoUQDQgAE1EENJOb0u3rmKNX7/svm4O0bXGsqZGQ+G+vHxNECsXgk4wDzi94Z +cFGIyrN8nTKJJU0j+p6YtY3P6D1K2lp9Vw== -----END EC PRIVATE KEY----- diff --git a/test/client_certs/server.crt b/test/client_certs/server.crt index 2dca4b5267..3fbcb6bb95 100644 --- a/test/client_certs/server.crt +++ b/test/client_certs/server.crt @@ -1,17 +1,17 @@ -----BEGIN CERTIFICATE----- -MIICxjCCAmugAwIBAgIRAOKZmO0GuFJUOfJ7Ycf0WOEwCgYIKoZIzj0EAwIwgbkx -CzAJBgNVBAYTAlVTMQswCQYDVQQIEwJDQTEWMBQGA1UEBxMNU2FuIEZyYW5jaXNj -bzEaMBgGA1UECRMRMTAxIFNlY29uZCBTdHJlZXQxDjAMBgNVBBETBTk0MTA1MRcw -FQYDVQQKEw5IYXNoaUNvcnAgSW5jLjFAMD4GA1UEAxM3Q29uc3VsIEFnZW50IENB -IDE4NTU3MTQ5MTMzMTA0NzczNDYwMjQyMDcxODI5NjUzMzQzNTQ0MzAeFw0yMDEw -MjgyMjI3NTZaFw0yMTEwMjgyMjI3NTZaMBwxGjAYBgNVBAMTEXNlcnZlci5kYzEu -Y29uc3VsMFkwEwYHKoZIzj0CAQYIKoZIzj0DAQcDQgAE0etZvg/aUTU+HPwDHtEw -ZslBuEshwHl7AcERHQeFTuhtfjpwHQw+uTunFkmQoqNmE+n7P4v7fe771lpxif8V -wKOB7zCB7DAOBgNVHQ8BAf8EBAMCBaAwHQYDVR0lBBYwFAYIKwYBBQUHAwEGCCsG -AQUFBwMCMAwGA1UdEwEB/wQCMAAwKQYDVR0OBCIEIEA1xxAYluRqg6wFwGu75o/5 -8Ty6FWR9RgIYvZzCM2N9MCsGA1UdIwQkMCKAIAu+td60D/Er7Xjtyg0B6XflfKYm -IdXjPfiFy8SGeKS2MFUGA1UdEQROMEyCC2NvbnN1bC50ZXN0ghlzZXJ2ZXIwLnNl -cnZlci5kYzEuY29uc3VsghFzZXJ2ZXIuZGMxLmNvbnN1bIIJbG9jYWxob3N0hwR/ -AAABMAoGCCqGSM49BAMCA0kAMEYCIQDz9YnCvKkgGqw5M0HLDI82rqwQsH2SRQUs -kogKi3oGmQIhAPBA5AgF3y1E94PbeYfvoDBJy1JiY3KsckY2Gz+M8Iyc +MIICwzCCAmmgAwIBAgIQLMLWUI6B0ebm1Ii/WuRZ8DAKBggqhkjOPQQDAjCBuDEL +MAkGA1UEBhMCVVMxCzAJBgNVBAgTAkNBMRYwFAYDVQQHEw1TYW4gRnJhbmNpc2Nv +MRowGAYDVQQJExExMDEgU2Vjb25kIFN0cmVldDEOMAwGA1UEERMFOTQxMDUxFzAV +BgNVBAoTDkhhc2hpQ29ycCBJbmMuMT8wPQYDVQQDEzZDb25zdWwgQWdlbnQgQ0Eg +MTczNzc4NzkyNTY5MTI1NTgwMTIxMzk4OTk2MjY5OTEyNzM0NzQwHhcNMjExMTAx +MTQ0NTAzWhcNMjIxMTAxMTQ0NTAzWjAcMRowGAYDVQQDExFzZXJ2ZXIuZGMxLmNv +bnN1bDBZMBMGByqGSM49AgEGCCqGSM49AwEHA0IABLmeyGnL6NEzfKAeSZEsPMb5 +vUAtEOg0TqhP1eOl2DPtT78IT4sqCWSLds02AE8FeWe4CL51tQRKBrTQLeH/KWaj +ge8wgewwDgYDVR0PAQH/BAQDAgWgMB0GA1UdJQQWMBQGCCsGAQUFBwMBBggrBgEF +BQcDAjAMBgNVHRMBAf8EAjAAMCkGA1UdDgQiBCCg/S6k7agUE+aei8EyDz0c76Oo +rvZaXkQwVwFzjPSsRzArBgNVHSMEJDAigCANnhDl60rkQhnDjjZwPgCC258oC68G +b9bIeY63KVL/7jBVBgNVHREETjBMggtjb25zdWwudGVzdIIZc2VydmVyMC5zZXJ2 +ZXIuZGMxLmNvbnN1bIIRc2VydmVyLmRjMS5jb25zdWyCCWxvY2FsaG9zdIcEfwAA +ATAKBggqhkjOPQQDAgNIADBFAiAREeH2p06CtuScx/d9iBrA4cLJgDzjyeHJBbDH +ETHRxgIhAIzsPAVVnbuMx1+R/VWh9EWAOGvI1V/sKWqFdID8Krdp -----END CERTIFICATE----- diff --git a/test/client_certs/server.key b/test/client_certs/server.key index 7c2a0af70b..d35047d487 100644 --- a/test/client_certs/server.key +++ b/test/client_certs/server.key @@ -1,5 +1,5 @@ -----BEGIN EC PRIVATE KEY----- -MHcCAQEEICYdaRvHDtbGbReTekgKf9uyKFEnR7kr7VU3kw3uGzAhoAoGCCqGSM49 -AwEHoUQDQgAE0etZvg/aUTU+HPwDHtEwZslBuEshwHl7AcERHQeFTuhtfjpwHQw+ -uTunFkmQoqNmE+n7P4v7fe771lpxif8VwA== +MHcCAQEEIGYeUPTLPIffkIx9mAmw5stoepPHQz6hxtuwJdv2y+fvoAoGCCqGSM49 +AwEHoUQDQgAEuZ7Iacvo0TN8oB5JkSw8xvm9QC0Q6DROqE/V46XYM+1PvwhPiyoJ +ZIt2zTYATwV5Z7gIvnW1BEoGtNAt4f8pZg== -----END EC PRIVATE KEY----- diff --git a/tlsutil/config_test.go b/tlsutil/config_test.go index b2f27d6d5d..cad4baac5e 100644 --- a/tlsutil/config_test.go +++ b/tlsutil/config_test.go @@ -72,6 +72,8 @@ func startTLSServer(config *Config, alpnProtos []string, doAlpnVariant bool) (ne } func TestConfigurator_outgoingWrapper_OK(t *testing.T) { + // if this test is failing because of expired certificates + // use the procedure in test/CA-GENERATION.md config := Config{ CAFile: "../test/hostname/CertAuth.crt", CertFile: "../test/hostname/Alice.crt", @@ -103,6 +105,8 @@ func TestConfigurator_outgoingWrapper_OK(t *testing.T) { } func TestConfigurator_outgoingWrapper_noverify_OK(t *testing.T) { + // if this test is failing because of expired certificates + // use the procedure in test/CA-GENERATION.md config := Config{ VerifyOutgoing: true, CAFile: "../test/hostname/CertAuth.crt", @@ -133,6 +137,8 @@ func TestConfigurator_outgoingWrapper_noverify_OK(t *testing.T) { } func TestConfigurator_outgoingWrapper_BadDC(t *testing.T) { + // if this test is failing because of expired certificates + // use the procedure in test/CA-GENERATION.md config := Config{ CAFile: "../test/hostname/CertAuth.crt", CertFile: "../test/hostname/Alice.crt", @@ -194,6 +200,8 @@ func TestConfigurator_outgoingWrapper_BadCert(t *testing.T) { } func TestConfigurator_outgoingWrapperALPN_OK(t *testing.T) { + // if this test is failing because of expired certificates + // use the procedure in test/CA-GENERATION.md config := Config{ CAFile: "../test/hostname/CertAuth.crt", CertFile: "../test/hostname/Bob.crt", @@ -226,6 +234,8 @@ func TestConfigurator_outgoingWrapperALPN_OK(t *testing.T) { } func TestConfigurator_outgoingWrapperALPN_serverHasNoNodeNameInSAN(t *testing.T) { + // if this test is failing because of expired certificates + // use the procedure in test/CA-GENERATION.md srvConfig := Config{ CAFile: "../test/hostname/CertAuth.crt", CertFile: "../test/hostname/Alice.crt", @@ -264,6 +274,8 @@ func TestConfigurator_outgoingWrapperALPN_serverHasNoNodeNameInSAN(t *testing.T) } func TestConfigurator_outgoingWrapperALPN_BadDC(t *testing.T) { + // if this test is failing because of expired certificates + // use the procedure in test/CA-GENERATION.md config := Config{ CAFile: "../test/hostname/CertAuth.crt", CertFile: "../test/hostname/Bob.crt", @@ -761,6 +773,8 @@ func TestConfigurator_OutgoingRPCTLSDisabled(t *testing.T) { } func TestConfigurator_MutualTLSCapable(t *testing.T) { + // if this test is failing because of expired certificates + // use the procedure in test/CA-GENERATION.md t.Run("no ca", func(t *testing.T) { config := Config{ Domain: "consul",