regenerate expired certs (#11462)

* regenerate expired certs

* add documentation to generate tests certificates
pull/11464/head
Dhia Ayachi 2021-11-01 11:40:16 -04:00 committed by GitHub
parent 0854e1d684
commit 2801785710
No known key found for this signature in database
GPG Key ID: 4AEE18F83AFDEB23
21 changed files with 182 additions and 124 deletions

View File

@ -4531,6 +4531,8 @@ LOOP:
// TODO(rb): implement something similar to this as a full containerized test suite with proper
// isolation so requests can't "cheat" and bypass the mesh gateways
func TestAgent_JoinWAN_viaMeshGateway(t *testing.T) {
// if this test is failing because of expired certificates
// use the procedure in test/CA-GENERATION.md
if testing.Short() {
t.Skip("too slow for testing.Short")
}

View File

@ -448,6 +448,8 @@ func TestRPC_MagicByteTimeout(t *testing.T) {
}
func TestRPC_TLSHandshakeTimeout(t *testing.T) {
// if this test is failing because of expired certificates
// use the procedure in test/CA-GENERATION.md
if testing.Short() {
t.Skip("too slow for testing.Short")
}
@ -684,6 +686,8 @@ func connectClient(t *testing.T, s1 *Server, mb pool.RPCType, useTLS, wantOpen b
}
func TestRPC_RPCMaxConnsPerClient(t *testing.T) {
// if this test is failing because of expired certificates
// use the procedure in test/CA-GENERATION.md
if testing.Short() {
t.Skip("too slow for testing.Short")
}

View File

@ -641,6 +641,8 @@ func TestServer_JoinWAN_Flood(t *testing.T) {
// This is a mirror of a similar test in agent/agent_test.go
func TestServer_JoinWAN_viaMeshGateway(t *testing.T) {
// if this test is failing because of expired certificates
// use the procedure in test/CA-GENERATION.md
if testing.Short() {
t.Skip("too slow for testing.Short")
}

View File

@ -148,6 +148,8 @@ func TestNewDialer_WithALPNWrapper(t *testing.T) {
}
func TestNewDialer_IntegrationWithTLSEnabledHandler(t *testing.T) {
// if this test is failing because of expired certificates
// use the procedure in test/CA-GENERATION.md
res := resolver.NewServerResolverBuilder(newConfig(t))
registerWithGRPC(t, res)
@ -189,6 +191,8 @@ func TestNewDialer_IntegrationWithTLSEnabledHandler(t *testing.T) {
}
func TestNewDialer_IntegrationWithTLSEnabledHandler_viaMeshGateway(t *testing.T) {
// if this test is failing because of expired certificates
// use the procedure in test/CA-GENERATION.md
ports := freeport.MustTake(1)
defer freeport.Return(ports)

View File

@ -34,6 +34,8 @@ func testGRPCStreamingWorking(t *testing.T, config string) {
}
func TestGRPCWithTLSConfigs(t *testing.T) {
// if this test is failing because of expired certificates
// use the procedure in test/CA-GENERATION.md
t.Parallel()
testCases := []struct {
name string

View File

@ -405,6 +405,8 @@ func TestAPI_DefaultConfig_env(t *testing.T) {
// (environment) which has non-deterministic effects on the other tests
// which derive their default configuration from the environment
// if this test is failing because of expired certificates
// use the procedure in test/CA-GENERATION.md
addr := "1.2.3.4:5678"
token := "abcd1234"
auth := "username:password"
@ -486,6 +488,8 @@ func TestAPI_DefaultConfig_env(t *testing.T) {
}
func TestAPI_SetupTLSConfig(t *testing.T) {
// if this test is failing because of expired certificates
// use the procedure in test/CA-GENERATION.md
t.Parallel()
// A default config should result in a clean default client config.
tlsConfig := &TLSConfig{}

26
test/CA-GENERATION.md Normal file
View File

@ -0,0 +1,26 @@
# CA certificate generation procedure
## Client certificates
if tests like `TestAPI_ClientTLSOptions` (or any other test using certificates located in `./test/client_certs` ) are failing because of expired certificates, use `./generate.sh` script to regenerate a new set of certificate.
``` bash
cd test/client_certs/
rm -rf *.pem *.crt *.key && ./generate.sh
```
## CA certificates
if tests like `TestAgent_ReloadConfigTLSConfigFailure` (or any other test using certificates located in `./test/ca` ) are failing because of expired certificates, use `./generate.sh` script to regenerate a new set of certificate.
``` bash
cd test/ca/
rm -rf *.pem *.crt *.key && ./generate.sh
```
## Hostname certificates
if tests like `TestNewDialer_WithALPNWrapper` (or any other test using certificates located in `./test/hostname` ) are failing because of expired certificates, use `./generate.sh` script to regenerate a new set of certificate.
``` bash
cd test/hostname/
rm -rf *.pem *.crt *.key && ./generate.sh
```

View File

@ -1,16 +1,16 @@
-----BEGIN CERTIFICATE-----
MIICnDCCAkOgAwIBAgIRAOnKNzSoGq53Rq/G5tbm85swCgYIKoZIzj0EAwIwgbkx
CzAJBgNVBAYTAlVTMQswCQYDVQQIEwJDQTEWMBQGA1UEBxMNU2FuIEZyYW5jaXNj
bzEaMBgGA1UECRMRMTAxIFNlY29uZCBTdHJlZXQxDjAMBgNVBBETBTk0MTA1MRcw
FQYDVQQKEw5IYXNoaUNvcnAgSW5jLjFAMD4GA1UEAxM3Q29uc3VsIEFnZW50IENB
IDE4NTU3MTQ5MTMzMTA0NzczNDYwMjQyMDcxODI5NjUzMzQzNTQ0MzAeFw0yMDEw
MjgyMjI3NTZaFw0yMTEwMjgyMjI3NTZaMBwxGjAYBgNVBAMTEWNsaWVudC5kYzEu
Y29uc3VsMFkwEwYHKoZIzj0CAQYIKoZIzj0DAQcDQgAEMtVdDd8tDZBaOaDFFzWD
0hTxO7soxUuz1dWaO8FGhIS07dfSBjYumEOgfNtfOzAILvkBd4gS8DrQZ2Rbks86
iKOBxzCBxDAOBgNVHQ8BAf8EBAMCBaAwHQYDVR0lBBYwFAYIKwYBBQUHAwIGCCsG
AQUFBwMBMAwGA1UdEwEB/wQCMAAwKQYDVR0OBCIEIEJWUjlDw7H2fbRpGG8fpqCq
GEX80iDpQqXOU0wg6fEPMCsGA1UdIwQkMCKAIAu+td60D/Er7Xjtyg0B6XflfKYm
IdXjPfiFy8SGeKS2MC0GA1UdEQQmMCSCEWNsaWVudC5kYzEuY29uc3Vsgglsb2Nh
bGhvc3SHBH8AAAEwCgYIKoZIzj0EAwIDRwAwRAIgYAZTf8VcZ4nQl4lbm579BfXy
6YpYz/DdfkEODUBxUyYCIDXhfmxtL/gTSkIh1E+fV7H7ZmqPKgTDH1XBV2zYnj/C
MIICmjCCAkGgAwIBAgIQVDAApftts3C9eO+JONBsNTAKBggqhkjOPQQDAjCBuDEL
MAkGA1UEBhMCVVMxCzAJBgNVBAgTAkNBMRYwFAYDVQQHEw1TYW4gRnJhbmNpc2Nv
MRowGAYDVQQJExExMDEgU2Vjb25kIFN0cmVldDEOMAwGA1UEERMFOTQxMDUxFzAV
BgNVBAoTDkhhc2hpQ29ycCBJbmMuMT8wPQYDVQQDEzZDb25zdWwgQWdlbnQgQ0Eg
MTczNzc4NzkyNTY5MTI1NTgwMTIxMzk4OTk2MjY5OTEyNzM0NzQwHhcNMjExMTAx
MTQ0NTAzWhcNMjIxMTAxMTQ0NTAzWjAcMRowGAYDVQQDExFjbGllbnQuZGMxLmNv
bnN1bDBZMBMGByqGSM49AgEGCCqGSM49AwEHA0IABGF9ORXwWyUFj1bTD7GzFIvQ
U6L+eMoEiba2tD1HkKWHaDAx/I7Df3wcHmBzVaqjgMsRChjMmJ3cDDGuLt1/BHGj
gccwgcQwDgYDVR0PAQH/BAQDAgWgMB0GA1UdJQQWMBQGCCsGAQUFBwMCBggrBgEF
BQcDATAMBgNVHRMBAf8EAjAAMCkGA1UdDgQiBCAka8yiBZ22z4cNL8yjkN1DOd/b
oN7QIaohoQ6ViYI9kzArBgNVHSMEJDAigCANnhDl60rkQhnDjjZwPgCC258oC68G
b9bIeY63KVL/7jAtBgNVHREEJjAkghFjbGllbnQuZGMxLmNvbnN1bIIJbG9jYWxo
b3N0hwR/AAABMAoGCCqGSM49BAMCA0cAMEQCIE4Dl1LytCVq1CDQfflE6dpIQR0z
D8EJ0v2d8Bx1YdVWAiB6Fhj7vrjevlmKGNZzk87xNZiMNB1/C3QvmWJYPpMPNQ==
-----END CERTIFICATE-----

View File

@ -1,5 +1,5 @@
-----BEGIN EC PRIVATE KEY-----
MHcCAQEEIDxDVYnUL3LCN7kSKF/ShH1c8HacmeUyU/2qJ/fo+5kDoAoGCCqGSM49
AwEHoUQDQgAEMtVdDd8tDZBaOaDFFzWD0hTxO7soxUuz1dWaO8FGhIS07dfSBjYu
mEOgfNtfOzAILvkBd4gS8DrQZ2Rbks86iA==
MHcCAQEEIFz6x9ap6/v3Q0ZzKD8VfCXxNOlF1ELxyosxLj+yqltsoAoGCCqGSM49
AwEHoUQDQgAEYX05FfBbJQWPVtMPsbMUi9BTov54ygSJtra0PUeQpYdoMDH8jsN/
fBweYHNVqqOAyxEKGMyYndwMMa4u3X8EcQ==
-----END EC PRIVATE KEY-----

View File

@ -1,5 +1,5 @@
-----BEGIN EC PRIVATE KEY-----
MHcCAQEEINtFYGWAzcVyRRQKjadE83olH8xAwZYe5sEn4rfPtI8xoAoGCCqGSM49
AwEHoUQDQgAErHueX3t67iU5Bj7Nh53zhggnF4pLwjuDbmTDSYIe/Tbeixc2M2Nb
7cGr9/Bk9cH8exB/o2KzbQ2nxPZ+ftBTAQ==
MHcCAQEEIEULa3Bb3xemvewpjiqz57wN+WwQSw/K7jUhwiUgAQXToAoGCCqGSM49
AwEHoUQDQgAE1EENJOb0u3rmKNX7/svm4O0bXGsqZGQ+G+vHxNECsXgk4wDzi94Z
cFGIyrN8nTKJJU0j+p6YtY3P6D1K2lp9Vw==
-----END EC PRIVATE KEY-----

View File

@ -1,18 +1,18 @@
-----BEGIN CERTIFICATE-----
MIIC7zCCApSgAwIBAgIRAIubxOonau4Z6UJRYv5KBDMwCgYIKoZIzj0EAwIwgbkx
CzAJBgNVBAYTAlVTMQswCQYDVQQIEwJDQTEWMBQGA1UEBxMNU2FuIEZyYW5jaXNj
bzEaMBgGA1UECRMRMTAxIFNlY29uZCBTdHJlZXQxDjAMBgNVBBETBTk0MTA1MRcw
FQYDVQQKEw5IYXNoaUNvcnAgSW5jLjFAMD4GA1UEAxM3Q29uc3VsIEFnZW50IENB
IDE4NTU3MTQ5MTMzMTA0NzczNDYwMjQyMDcxODI5NjUzMzQzNTQ0MzAeFw0yMDEw
MjgyMjI3NTZaFw0yNTEwMjcyMjI3NTZaMIG5MQswCQYDVQQGEwJVUzELMAkGA1UE
CBMCQ0ExFjAUBgNVBAcTDVNhbiBGcmFuY2lzY28xGjAYBgNVBAkTETEwMSBTZWNv
bmQgU3RyZWV0MQ4wDAYDVQQREwU5NDEwNTEXMBUGA1UEChMOSGFzaGlDb3JwIElu
Yy4xQDA+BgNVBAMTN0NvbnN1bCBBZ2VudCBDQSAxODU1NzE0OTEzMzEwNDc3MzQ2
MDI0MjA3MTgyOTY1MzM0MzU0NDMwWTATBgcqhkjOPQIBBggqhkjOPQMBBwNCAASs
e55fe3ruJTkGPs2HnfOGCCcXikvCO4NuZMNJgh79Nt6LFzYzY1vtwav38GT1wfx7
EH+jYrNtDafE9n5+0FMBo3sweTAOBgNVHQ8BAf8EBAMCAYYwDwYDVR0TAQH/BAUw
AwEB/zApBgNVHQ4EIgQgC7613rQP8SvteO3KDQHpd+V8piYh1eM9+IXLxIZ4pLYw
KwYDVR0jBCQwIoAgC7613rQP8SvteO3KDQHpd+V8piYh1eM9+IXLxIZ4pLYwCgYI
KoZIzj0EAwIDSQAwRgIhALoE4RO8DHR4AkxmO5ostQxAYMIpiSTC9VZsWva3hHj4
AiEAijGw7bHPearXh9I2ghGE4jGJbGK4R9JHcLOq3+GE2Ng=
MIIC6zCCApGgAwIBAgIQDRLbmPude64vjjBAnHZGAjAKBggqhkjOPQQDAjCBuDEL
MAkGA1UEBhMCVVMxCzAJBgNVBAgTAkNBMRYwFAYDVQQHEw1TYW4gRnJhbmNpc2Nv
MRowGAYDVQQJExExMDEgU2Vjb25kIFN0cmVldDEOMAwGA1UEERMFOTQxMDUxFzAV
BgNVBAoTDkhhc2hpQ29ycCBJbmMuMT8wPQYDVQQDEzZDb25zdWwgQWdlbnQgQ0Eg
MTczNzc4NzkyNTY5MTI1NTgwMTIxMzk4OTk2MjY5OTEyNzM0NzQwHhcNMjExMTAx
MTQ0NTAzWhcNMjYxMDMxMTQ0NTAzWjCBuDELMAkGA1UEBhMCVVMxCzAJBgNVBAgT
AkNBMRYwFAYDVQQHEw1TYW4gRnJhbmNpc2NvMRowGAYDVQQJExExMDEgU2Vjb25k
IFN0cmVldDEOMAwGA1UEERMFOTQxMDUxFzAVBgNVBAoTDkhhc2hpQ29ycCBJbmMu
MT8wPQYDVQQDEzZDb25zdWwgQWdlbnQgQ0EgMTczNzc4NzkyNTY5MTI1NTgwMTIx
Mzk4OTk2MjY5OTEyNzM0NzQwWTATBgcqhkjOPQIBBggqhkjOPQMBBwNCAATUQQ0k
5vS7euYo1fv+y+bg7RtcaypkZD4b68fE0QKxeCTjAPOL3hlwUYjKs3ydMoklTSP6
npi1jc/oPUraWn1Xo3sweTAOBgNVHQ8BAf8EBAMCAYYwDwYDVR0TAQH/BAUwAwEB
/zApBgNVHQ4EIgQgDZ4Q5etK5EIZw442cD4AgtufKAuvBm/WyHmOtylS/+4wKwYD
VR0jBCQwIoAgDZ4Q5etK5EIZw442cD4AgtufKAuvBm/WyHmOtylS/+4wCgYIKoZI
zj0EAwIDSAAwRQIhAPab5jGWHNZkbDRqhQoZrA+0D9cqfJNcCOJVEB69E3f5AiBv
tbI2DANB3S6Atg8+PsRXJxCT5R1TrbPX63udY5O5GA==
-----END CERTIFICATE-----

View File

@ -1,5 +1,5 @@
-----BEGIN EC PRIVATE KEY-----
MHcCAQEEIDxDVYnUL3LCN7kSKF/ShH1c8HacmeUyU/2qJ/fo+5kDoAoGCCqGSM49
AwEHoUQDQgAEMtVdDd8tDZBaOaDFFzWD0hTxO7soxUuz1dWaO8FGhIS07dfSBjYu
mEOgfNtfOzAILvkBd4gS8DrQZ2Rbks86iA==
MHcCAQEEIFz6x9ap6/v3Q0ZzKD8VfCXxNOlF1ELxyosxLj+yqltsoAoGCCqGSM49
AwEHoUQDQgAEYX05FfBbJQWPVtMPsbMUi9BTov54ygSJtra0PUeQpYdoMDH8jsN/
fBweYHNVqqOAyxEKGMyYndwMMa4u3X8EcQ==
-----END EC PRIVATE KEY-----

View File

@ -1,16 +1,16 @@
-----BEGIN CERTIFICATE-----
MIICnDCCAkOgAwIBAgIRAOnKNzSoGq53Rq/G5tbm85swCgYIKoZIzj0EAwIwgbkx
CzAJBgNVBAYTAlVTMQswCQYDVQQIEwJDQTEWMBQGA1UEBxMNU2FuIEZyYW5jaXNj
bzEaMBgGA1UECRMRMTAxIFNlY29uZCBTdHJlZXQxDjAMBgNVBBETBTk0MTA1MRcw
FQYDVQQKEw5IYXNoaUNvcnAgSW5jLjFAMD4GA1UEAxM3Q29uc3VsIEFnZW50IENB
IDE4NTU3MTQ5MTMzMTA0NzczNDYwMjQyMDcxODI5NjUzMzQzNTQ0MzAeFw0yMDEw
MjgyMjI3NTZaFw0yMTEwMjgyMjI3NTZaMBwxGjAYBgNVBAMTEWNsaWVudC5kYzEu
Y29uc3VsMFkwEwYHKoZIzj0CAQYIKoZIzj0DAQcDQgAEMtVdDd8tDZBaOaDFFzWD
0hTxO7soxUuz1dWaO8FGhIS07dfSBjYumEOgfNtfOzAILvkBd4gS8DrQZ2Rbks86
iKOBxzCBxDAOBgNVHQ8BAf8EBAMCBaAwHQYDVR0lBBYwFAYIKwYBBQUHAwIGCCsG
AQUFBwMBMAwGA1UdEwEB/wQCMAAwKQYDVR0OBCIEIEJWUjlDw7H2fbRpGG8fpqCq
GEX80iDpQqXOU0wg6fEPMCsGA1UdIwQkMCKAIAu+td60D/Er7Xjtyg0B6XflfKYm
IdXjPfiFy8SGeKS2MC0GA1UdEQQmMCSCEWNsaWVudC5kYzEuY29uc3Vsgglsb2Nh
bGhvc3SHBH8AAAEwCgYIKoZIzj0EAwIDRwAwRAIgYAZTf8VcZ4nQl4lbm579BfXy
6YpYz/DdfkEODUBxUyYCIDXhfmxtL/gTSkIh1E+fV7H7ZmqPKgTDH1XBV2zYnj/C
MIICmjCCAkGgAwIBAgIQVDAApftts3C9eO+JONBsNTAKBggqhkjOPQQDAjCBuDEL
MAkGA1UEBhMCVVMxCzAJBgNVBAgTAkNBMRYwFAYDVQQHEw1TYW4gRnJhbmNpc2Nv
MRowGAYDVQQJExExMDEgU2Vjb25kIFN0cmVldDEOMAwGA1UEERMFOTQxMDUxFzAV
BgNVBAoTDkhhc2hpQ29ycCBJbmMuMT8wPQYDVQQDEzZDb25zdWwgQWdlbnQgQ0Eg
MTczNzc4NzkyNTY5MTI1NTgwMTIxMzk4OTk2MjY5OTEyNzM0NzQwHhcNMjExMTAx
MTQ0NTAzWhcNMjIxMTAxMTQ0NTAzWjAcMRowGAYDVQQDExFjbGllbnQuZGMxLmNv
bnN1bDBZMBMGByqGSM49AgEGCCqGSM49AwEHA0IABGF9ORXwWyUFj1bTD7GzFIvQ
U6L+eMoEiba2tD1HkKWHaDAx/I7Df3wcHmBzVaqjgMsRChjMmJ3cDDGuLt1/BHGj
gccwgcQwDgYDVR0PAQH/BAQDAgWgMB0GA1UdJQQWMBQGCCsGAQUFBwMCBggrBgEF
BQcDATAMBgNVHRMBAf8EAjAAMCkGA1UdDgQiBCAka8yiBZ22z4cNL8yjkN1DOd/b
oN7QIaohoQ6ViYI9kzArBgNVHSMEJDAigCANnhDl60rkQhnDjjZwPgCC258oC68G
b9bIeY63KVL/7jAtBgNVHREEJjAkghFjbGllbnQuZGMxLmNvbnN1bIIJbG9jYWxo
b3N0hwR/AAABMAoGCCqGSM49BAMCA0cAMEQCIE4Dl1LytCVq1CDQfflE6dpIQR0z
D8EJ0v2d8Bx1YdVWAiB6Fhj7vrjevlmKGNZzk87xNZiMNB1/C3QvmWJYPpMPNQ==
-----END CERTIFICATE-----

View File

@ -1,5 +1,5 @@
-----BEGIN EC PRIVATE KEY-----
MHcCAQEEICYdaRvHDtbGbReTekgKf9uyKFEnR7kr7VU3kw3uGzAhoAoGCCqGSM49
AwEHoUQDQgAE0etZvg/aUTU+HPwDHtEwZslBuEshwHl7AcERHQeFTuhtfjpwHQw+
uTunFkmQoqNmE+n7P4v7fe771lpxif8VwA==
MHcCAQEEIGYeUPTLPIffkIx9mAmw5stoepPHQz6hxtuwJdv2y+fvoAoGCCqGSM49
AwEHoUQDQgAEuZ7Iacvo0TN8oB5JkSw8xvm9QC0Q6DROqE/V46XYM+1PvwhPiyoJ
ZIt2zTYATwV5Z7gIvnW1BEoGtNAt4f8pZg==
-----END EC PRIVATE KEY-----

View File

@ -1,17 +1,17 @@
-----BEGIN CERTIFICATE-----
MIICxjCCAmugAwIBAgIRAOKZmO0GuFJUOfJ7Ycf0WOEwCgYIKoZIzj0EAwIwgbkx
CzAJBgNVBAYTAlVTMQswCQYDVQQIEwJDQTEWMBQGA1UEBxMNU2FuIEZyYW5jaXNj
bzEaMBgGA1UECRMRMTAxIFNlY29uZCBTdHJlZXQxDjAMBgNVBBETBTk0MTA1MRcw
FQYDVQQKEw5IYXNoaUNvcnAgSW5jLjFAMD4GA1UEAxM3Q29uc3VsIEFnZW50IENB
IDE4NTU3MTQ5MTMzMTA0NzczNDYwMjQyMDcxODI5NjUzMzQzNTQ0MzAeFw0yMDEw
MjgyMjI3NTZaFw0yMTEwMjgyMjI3NTZaMBwxGjAYBgNVBAMTEXNlcnZlci5kYzEu
Y29uc3VsMFkwEwYHKoZIzj0CAQYIKoZIzj0DAQcDQgAE0etZvg/aUTU+HPwDHtEw
ZslBuEshwHl7AcERHQeFTuhtfjpwHQw+uTunFkmQoqNmE+n7P4v7fe771lpxif8V
wKOB7zCB7DAOBgNVHQ8BAf8EBAMCBaAwHQYDVR0lBBYwFAYIKwYBBQUHAwEGCCsG
AQUFBwMCMAwGA1UdEwEB/wQCMAAwKQYDVR0OBCIEIEA1xxAYluRqg6wFwGu75o/5
8Ty6FWR9RgIYvZzCM2N9MCsGA1UdIwQkMCKAIAu+td60D/Er7Xjtyg0B6XflfKYm
IdXjPfiFy8SGeKS2MFUGA1UdEQROMEyCC2NvbnN1bC50ZXN0ghlzZXJ2ZXIwLnNl
cnZlci5kYzEuY29uc3VsghFzZXJ2ZXIuZGMxLmNvbnN1bIIJbG9jYWxob3N0hwR/
AAABMAoGCCqGSM49BAMCA0kAMEYCIQDz9YnCvKkgGqw5M0HLDI82rqwQsH2SRQUs
kogKi3oGmQIhAPBA5AgF3y1E94PbeYfvoDBJy1JiY3KsckY2Gz+M8Iyc
MIICwzCCAmmgAwIBAgIQLMLWUI6B0ebm1Ii/WuRZ8DAKBggqhkjOPQQDAjCBuDEL
MAkGA1UEBhMCVVMxCzAJBgNVBAgTAkNBMRYwFAYDVQQHEw1TYW4gRnJhbmNpc2Nv
MRowGAYDVQQJExExMDEgU2Vjb25kIFN0cmVldDEOMAwGA1UEERMFOTQxMDUxFzAV
BgNVBAoTDkhhc2hpQ29ycCBJbmMuMT8wPQYDVQQDEzZDb25zdWwgQWdlbnQgQ0Eg
MTczNzc4NzkyNTY5MTI1NTgwMTIxMzk4OTk2MjY5OTEyNzM0NzQwHhcNMjExMTAx
MTQ0NTAzWhcNMjIxMTAxMTQ0NTAzWjAcMRowGAYDVQQDExFzZXJ2ZXIuZGMxLmNv
bnN1bDBZMBMGByqGSM49AgEGCCqGSM49AwEHA0IABLmeyGnL6NEzfKAeSZEsPMb5
vUAtEOg0TqhP1eOl2DPtT78IT4sqCWSLds02AE8FeWe4CL51tQRKBrTQLeH/KWaj
ge8wgewwDgYDVR0PAQH/BAQDAgWgMB0GA1UdJQQWMBQGCCsGAQUFBwMBBggrBgEF
BQcDAjAMBgNVHRMBAf8EAjAAMCkGA1UdDgQiBCCg/S6k7agUE+aei8EyDz0c76Oo
rvZaXkQwVwFzjPSsRzArBgNVHSMEJDAigCANnhDl60rkQhnDjjZwPgCC258oC68G
b9bIeY63KVL/7jBVBgNVHREETjBMggtjb25zdWwudGVzdIIZc2VydmVyMC5zZXJ2
ZXIuZGMxLmNvbnN1bIIRc2VydmVyLmRjMS5jb25zdWyCCWxvY2FsaG9zdIcEfwAA
ATAKBggqhkjOPQQDAgNIADBFAiAREeH2p06CtuScx/d9iBrA4cLJgDzjyeHJBbDH
ETHRxgIhAIzsPAVVnbuMx1+R/VWh9EWAOGvI1V/sKWqFdID8Krdp
-----END CERTIFICATE-----

View File

@ -1,18 +1,18 @@
-----BEGIN CERTIFICATE-----
MIIC7zCCApSgAwIBAgIRAIubxOonau4Z6UJRYv5KBDMwCgYIKoZIzj0EAwIwgbkx
CzAJBgNVBAYTAlVTMQswCQYDVQQIEwJDQTEWMBQGA1UEBxMNU2FuIEZyYW5jaXNj
bzEaMBgGA1UECRMRMTAxIFNlY29uZCBTdHJlZXQxDjAMBgNVBBETBTk0MTA1MRcw
FQYDVQQKEw5IYXNoaUNvcnAgSW5jLjFAMD4GA1UEAxM3Q29uc3VsIEFnZW50IENB
IDE4NTU3MTQ5MTMzMTA0NzczNDYwMjQyMDcxODI5NjUzMzQzNTQ0MzAeFw0yMDEw
MjgyMjI3NTZaFw0yNTEwMjcyMjI3NTZaMIG5MQswCQYDVQQGEwJVUzELMAkGA1UE
CBMCQ0ExFjAUBgNVBAcTDVNhbiBGcmFuY2lzY28xGjAYBgNVBAkTETEwMSBTZWNv
bmQgU3RyZWV0MQ4wDAYDVQQREwU5NDEwNTEXMBUGA1UEChMOSGFzaGlDb3JwIElu
Yy4xQDA+BgNVBAMTN0NvbnN1bCBBZ2VudCBDQSAxODU1NzE0OTEzMzEwNDc3MzQ2
MDI0MjA3MTgyOTY1MzM0MzU0NDMwWTATBgcqhkjOPQIBBggqhkjOPQMBBwNCAASs
e55fe3ruJTkGPs2HnfOGCCcXikvCO4NuZMNJgh79Nt6LFzYzY1vtwav38GT1wfx7
EH+jYrNtDafE9n5+0FMBo3sweTAOBgNVHQ8BAf8EBAMCAYYwDwYDVR0TAQH/BAUw
AwEB/zApBgNVHQ4EIgQgC7613rQP8SvteO3KDQHpd+V8piYh1eM9+IXLxIZ4pLYw
KwYDVR0jBCQwIoAgC7613rQP8SvteO3KDQHpd+V8piYh1eM9+IXLxIZ4pLYwCgYI
KoZIzj0EAwIDSQAwRgIhALoE4RO8DHR4AkxmO5ostQxAYMIpiSTC9VZsWva3hHj4
AiEAijGw7bHPearXh9I2ghGE4jGJbGK4R9JHcLOq3+GE2Ng=
MIIC6zCCApGgAwIBAgIQDRLbmPude64vjjBAnHZGAjAKBggqhkjOPQQDAjCBuDEL
MAkGA1UEBhMCVVMxCzAJBgNVBAgTAkNBMRYwFAYDVQQHEw1TYW4gRnJhbmNpc2Nv
MRowGAYDVQQJExExMDEgU2Vjb25kIFN0cmVldDEOMAwGA1UEERMFOTQxMDUxFzAV
BgNVBAoTDkhhc2hpQ29ycCBJbmMuMT8wPQYDVQQDEzZDb25zdWwgQWdlbnQgQ0Eg
MTczNzc4NzkyNTY5MTI1NTgwMTIxMzk4OTk2MjY5OTEyNzM0NzQwHhcNMjExMTAx
MTQ0NTAzWhcNMjYxMDMxMTQ0NTAzWjCBuDELMAkGA1UEBhMCVVMxCzAJBgNVBAgT
AkNBMRYwFAYDVQQHEw1TYW4gRnJhbmNpc2NvMRowGAYDVQQJExExMDEgU2Vjb25k
IFN0cmVldDEOMAwGA1UEERMFOTQxMDUxFzAVBgNVBAoTDkhhc2hpQ29ycCBJbmMu
MT8wPQYDVQQDEzZDb25zdWwgQWdlbnQgQ0EgMTczNzc4NzkyNTY5MTI1NTgwMTIx
Mzk4OTk2MjY5OTEyNzM0NzQwWTATBgcqhkjOPQIBBggqhkjOPQMBBwNCAATUQQ0k
5vS7euYo1fv+y+bg7RtcaypkZD4b68fE0QKxeCTjAPOL3hlwUYjKs3ydMoklTSP6
npi1jc/oPUraWn1Xo3sweTAOBgNVHQ8BAf8EBAMCAYYwDwYDVR0TAQH/BAUwAwEB
/zApBgNVHQ4EIgQgDZ4Q5etK5EIZw442cD4AgtufKAuvBm/WyHmOtylS/+4wKwYD
VR0jBCQwIoAgDZ4Q5etK5EIZw442cD4AgtufKAuvBm/WyHmOtylS/+4wCgYIKoZI
zj0EAwIDSAAwRQIhAPab5jGWHNZkbDRqhQoZrA+0D9cqfJNcCOJVEB69E3f5AiBv
tbI2DANB3S6Atg8+PsRXJxCT5R1TrbPX63udY5O5GA==
-----END CERTIFICATE-----

View File

@ -1,18 +1,18 @@
-----BEGIN CERTIFICATE-----
MIIC7zCCApSgAwIBAgIRAIubxOonau4Z6UJRYv5KBDMwCgYIKoZIzj0EAwIwgbkx
CzAJBgNVBAYTAlVTMQswCQYDVQQIEwJDQTEWMBQGA1UEBxMNU2FuIEZyYW5jaXNj
bzEaMBgGA1UECRMRMTAxIFNlY29uZCBTdHJlZXQxDjAMBgNVBBETBTk0MTA1MRcw
FQYDVQQKEw5IYXNoaUNvcnAgSW5jLjFAMD4GA1UEAxM3Q29uc3VsIEFnZW50IENB
IDE4NTU3MTQ5MTMzMTA0NzczNDYwMjQyMDcxODI5NjUzMzQzNTQ0MzAeFw0yMDEw
MjgyMjI3NTZaFw0yNTEwMjcyMjI3NTZaMIG5MQswCQYDVQQGEwJVUzELMAkGA1UE
CBMCQ0ExFjAUBgNVBAcTDVNhbiBGcmFuY2lzY28xGjAYBgNVBAkTETEwMSBTZWNv
bmQgU3RyZWV0MQ4wDAYDVQQREwU5NDEwNTEXMBUGA1UEChMOSGFzaGlDb3JwIElu
Yy4xQDA+BgNVBAMTN0NvbnN1bCBBZ2VudCBDQSAxODU1NzE0OTEzMzEwNDc3MzQ2
MDI0MjA3MTgyOTY1MzM0MzU0NDMwWTATBgcqhkjOPQIBBggqhkjOPQMBBwNCAASs
e55fe3ruJTkGPs2HnfOGCCcXikvCO4NuZMNJgh79Nt6LFzYzY1vtwav38GT1wfx7
EH+jYrNtDafE9n5+0FMBo3sweTAOBgNVHQ8BAf8EBAMCAYYwDwYDVR0TAQH/BAUw
AwEB/zApBgNVHQ4EIgQgC7613rQP8SvteO3KDQHpd+V8piYh1eM9+IXLxIZ4pLYw
KwYDVR0jBCQwIoAgC7613rQP8SvteO3KDQHpd+V8piYh1eM9+IXLxIZ4pLYwCgYI
KoZIzj0EAwIDSQAwRgIhALoE4RO8DHR4AkxmO5ostQxAYMIpiSTC9VZsWva3hHj4
AiEAijGw7bHPearXh9I2ghGE4jGJbGK4R9JHcLOq3+GE2Ng=
MIIC6zCCApGgAwIBAgIQDRLbmPude64vjjBAnHZGAjAKBggqhkjOPQQDAjCBuDEL
MAkGA1UEBhMCVVMxCzAJBgNVBAgTAkNBMRYwFAYDVQQHEw1TYW4gRnJhbmNpc2Nv
MRowGAYDVQQJExExMDEgU2Vjb25kIFN0cmVldDEOMAwGA1UEERMFOTQxMDUxFzAV
BgNVBAoTDkhhc2hpQ29ycCBJbmMuMT8wPQYDVQQDEzZDb25zdWwgQWdlbnQgQ0Eg
MTczNzc4NzkyNTY5MTI1NTgwMTIxMzk4OTk2MjY5OTEyNzM0NzQwHhcNMjExMTAx
MTQ0NTAzWhcNMjYxMDMxMTQ0NTAzWjCBuDELMAkGA1UEBhMCVVMxCzAJBgNVBAgT
AkNBMRYwFAYDVQQHEw1TYW4gRnJhbmNpc2NvMRowGAYDVQQJExExMDEgU2Vjb25k
IFN0cmVldDEOMAwGA1UEERMFOTQxMDUxFzAVBgNVBAoTDkhhc2hpQ29ycCBJbmMu
MT8wPQYDVQQDEzZDb25zdWwgQWdlbnQgQ0EgMTczNzc4NzkyNTY5MTI1NTgwMTIx
Mzk4OTk2MjY5OTEyNzM0NzQwWTATBgcqhkjOPQIBBggqhkjOPQMBBwNCAATUQQ0k
5vS7euYo1fv+y+bg7RtcaypkZD4b68fE0QKxeCTjAPOL3hlwUYjKs3ydMoklTSP6
npi1jc/oPUraWn1Xo3sweTAOBgNVHQ8BAf8EBAMCAYYwDwYDVR0TAQH/BAUwAwEB
/zApBgNVHQ4EIgQgDZ4Q5etK5EIZw442cD4AgtufKAuvBm/WyHmOtylS/+4wKwYD
VR0jBCQwIoAgDZ4Q5etK5EIZw442cD4AgtufKAuvBm/WyHmOtylS/+4wCgYIKoZI
zj0EAwIDSAAwRQIhAPab5jGWHNZkbDRqhQoZrA+0D9cqfJNcCOJVEB69E3f5AiBv
tbI2DANB3S6Atg8+PsRXJxCT5R1TrbPX63udY5O5GA==
-----END CERTIFICATE-----

View File

@ -1,5 +1,5 @@
-----BEGIN EC PRIVATE KEY-----
MHcCAQEEINtFYGWAzcVyRRQKjadE83olH8xAwZYe5sEn4rfPtI8xoAoGCCqGSM49
AwEHoUQDQgAErHueX3t67iU5Bj7Nh53zhggnF4pLwjuDbmTDSYIe/Tbeixc2M2Nb
7cGr9/Bk9cH8exB/o2KzbQ2nxPZ+ftBTAQ==
MHcCAQEEIEULa3Bb3xemvewpjiqz57wN+WwQSw/K7jUhwiUgAQXToAoGCCqGSM49
AwEHoUQDQgAE1EENJOb0u3rmKNX7/svm4O0bXGsqZGQ+G+vHxNECsXgk4wDzi94Z
cFGIyrN8nTKJJU0j+p6YtY3P6D1K2lp9Vw==
-----END EC PRIVATE KEY-----

View File

@ -1,17 +1,17 @@
-----BEGIN CERTIFICATE-----
MIICxjCCAmugAwIBAgIRAOKZmO0GuFJUOfJ7Ycf0WOEwCgYIKoZIzj0EAwIwgbkx
CzAJBgNVBAYTAlVTMQswCQYDVQQIEwJDQTEWMBQGA1UEBxMNU2FuIEZyYW5jaXNj
bzEaMBgGA1UECRMRMTAxIFNlY29uZCBTdHJlZXQxDjAMBgNVBBETBTk0MTA1MRcw
FQYDVQQKEw5IYXNoaUNvcnAgSW5jLjFAMD4GA1UEAxM3Q29uc3VsIEFnZW50IENB
IDE4NTU3MTQ5MTMzMTA0NzczNDYwMjQyMDcxODI5NjUzMzQzNTQ0MzAeFw0yMDEw
MjgyMjI3NTZaFw0yMTEwMjgyMjI3NTZaMBwxGjAYBgNVBAMTEXNlcnZlci5kYzEu
Y29uc3VsMFkwEwYHKoZIzj0CAQYIKoZIzj0DAQcDQgAE0etZvg/aUTU+HPwDHtEw
ZslBuEshwHl7AcERHQeFTuhtfjpwHQw+uTunFkmQoqNmE+n7P4v7fe771lpxif8V
wKOB7zCB7DAOBgNVHQ8BAf8EBAMCBaAwHQYDVR0lBBYwFAYIKwYBBQUHAwEGCCsG
AQUFBwMCMAwGA1UdEwEB/wQCMAAwKQYDVR0OBCIEIEA1xxAYluRqg6wFwGu75o/5
8Ty6FWR9RgIYvZzCM2N9MCsGA1UdIwQkMCKAIAu+td60D/Er7Xjtyg0B6XflfKYm
IdXjPfiFy8SGeKS2MFUGA1UdEQROMEyCC2NvbnN1bC50ZXN0ghlzZXJ2ZXIwLnNl
cnZlci5kYzEuY29uc3VsghFzZXJ2ZXIuZGMxLmNvbnN1bIIJbG9jYWxob3N0hwR/
AAABMAoGCCqGSM49BAMCA0kAMEYCIQDz9YnCvKkgGqw5M0HLDI82rqwQsH2SRQUs
kogKi3oGmQIhAPBA5AgF3y1E94PbeYfvoDBJy1JiY3KsckY2Gz+M8Iyc
MIICwzCCAmmgAwIBAgIQLMLWUI6B0ebm1Ii/WuRZ8DAKBggqhkjOPQQDAjCBuDEL
MAkGA1UEBhMCVVMxCzAJBgNVBAgTAkNBMRYwFAYDVQQHEw1TYW4gRnJhbmNpc2Nv
MRowGAYDVQQJExExMDEgU2Vjb25kIFN0cmVldDEOMAwGA1UEERMFOTQxMDUxFzAV
BgNVBAoTDkhhc2hpQ29ycCBJbmMuMT8wPQYDVQQDEzZDb25zdWwgQWdlbnQgQ0Eg
MTczNzc4NzkyNTY5MTI1NTgwMTIxMzk4OTk2MjY5OTEyNzM0NzQwHhcNMjExMTAx
MTQ0NTAzWhcNMjIxMTAxMTQ0NTAzWjAcMRowGAYDVQQDExFzZXJ2ZXIuZGMxLmNv
bnN1bDBZMBMGByqGSM49AgEGCCqGSM49AwEHA0IABLmeyGnL6NEzfKAeSZEsPMb5
vUAtEOg0TqhP1eOl2DPtT78IT4sqCWSLds02AE8FeWe4CL51tQRKBrTQLeH/KWaj
ge8wgewwDgYDVR0PAQH/BAQDAgWgMB0GA1UdJQQWMBQGCCsGAQUFBwMBBggrBgEF
BQcDAjAMBgNVHRMBAf8EAjAAMCkGA1UdDgQiBCCg/S6k7agUE+aei8EyDz0c76Oo
rvZaXkQwVwFzjPSsRzArBgNVHSMEJDAigCANnhDl60rkQhnDjjZwPgCC258oC68G
b9bIeY63KVL/7jBVBgNVHREETjBMggtjb25zdWwudGVzdIIZc2VydmVyMC5zZXJ2
ZXIuZGMxLmNvbnN1bIIRc2VydmVyLmRjMS5jb25zdWyCCWxvY2FsaG9zdIcEfwAA
ATAKBggqhkjOPQQDAgNIADBFAiAREeH2p06CtuScx/d9iBrA4cLJgDzjyeHJBbDH
ETHRxgIhAIzsPAVVnbuMx1+R/VWh9EWAOGvI1V/sKWqFdID8Krdp
-----END CERTIFICATE-----

View File

@ -1,5 +1,5 @@
-----BEGIN EC PRIVATE KEY-----
MHcCAQEEICYdaRvHDtbGbReTekgKf9uyKFEnR7kr7VU3kw3uGzAhoAoGCCqGSM49
AwEHoUQDQgAE0etZvg/aUTU+HPwDHtEwZslBuEshwHl7AcERHQeFTuhtfjpwHQw+
uTunFkmQoqNmE+n7P4v7fe771lpxif8VwA==
MHcCAQEEIGYeUPTLPIffkIx9mAmw5stoepPHQz6hxtuwJdv2y+fvoAoGCCqGSM49
AwEHoUQDQgAEuZ7Iacvo0TN8oB5JkSw8xvm9QC0Q6DROqE/V46XYM+1PvwhPiyoJ
ZIt2zTYATwV5Z7gIvnW1BEoGtNAt4f8pZg==
-----END EC PRIVATE KEY-----

View File

@ -72,6 +72,8 @@ func startTLSServer(config *Config, alpnProtos []string, doAlpnVariant bool) (ne
}
func TestConfigurator_outgoingWrapper_OK(t *testing.T) {
// if this test is failing because of expired certificates
// use the procedure in test/CA-GENERATION.md
config := Config{
CAFile: "../test/hostname/CertAuth.crt",
CertFile: "../test/hostname/Alice.crt",
@ -103,6 +105,8 @@ func TestConfigurator_outgoingWrapper_OK(t *testing.T) {
}
func TestConfigurator_outgoingWrapper_noverify_OK(t *testing.T) {
// if this test is failing because of expired certificates
// use the procedure in test/CA-GENERATION.md
config := Config{
VerifyOutgoing: true,
CAFile: "../test/hostname/CertAuth.crt",
@ -133,6 +137,8 @@ func TestConfigurator_outgoingWrapper_noverify_OK(t *testing.T) {
}
func TestConfigurator_outgoingWrapper_BadDC(t *testing.T) {
// if this test is failing because of expired certificates
// use the procedure in test/CA-GENERATION.md
config := Config{
CAFile: "../test/hostname/CertAuth.crt",
CertFile: "../test/hostname/Alice.crt",
@ -194,6 +200,8 @@ func TestConfigurator_outgoingWrapper_BadCert(t *testing.T) {
}
func TestConfigurator_outgoingWrapperALPN_OK(t *testing.T) {
// if this test is failing because of expired certificates
// use the procedure in test/CA-GENERATION.md
config := Config{
CAFile: "../test/hostname/CertAuth.crt",
CertFile: "../test/hostname/Bob.crt",
@ -226,6 +234,8 @@ func TestConfigurator_outgoingWrapperALPN_OK(t *testing.T) {
}
func TestConfigurator_outgoingWrapperALPN_serverHasNoNodeNameInSAN(t *testing.T) {
// if this test is failing because of expired certificates
// use the procedure in test/CA-GENERATION.md
srvConfig := Config{
CAFile: "../test/hostname/CertAuth.crt",
CertFile: "../test/hostname/Alice.crt",
@ -264,6 +274,8 @@ func TestConfigurator_outgoingWrapperALPN_serverHasNoNodeNameInSAN(t *testing.T)
}
func TestConfigurator_outgoingWrapperALPN_BadDC(t *testing.T) {
// if this test is failing because of expired certificates
// use the procedure in test/CA-GENERATION.md
config := Config{
CAFile: "../test/hostname/CertAuth.crt",
CertFile: "../test/hostname/Bob.crt",
@ -761,6 +773,8 @@ func TestConfigurator_OutgoingRPCTLSDisabled(t *testing.T) {
}
func TestConfigurator_MutualTLSCapable(t *testing.T) {
// if this test is failing because of expired certificates
// use the procedure in test/CA-GENERATION.md
t.Run("no ca", func(t *testing.T) {
config := Config{
Domain: "consul",