test suite: always generate new certificates on `make test`.

In addition, sign test certificates with the same root CA.  Hence
running `make test` now requires OpenSSL 1.1.1 or later.

1 files changed, 5 insertions, 5 deletions

diff --git a/tests/tls-verify-peer/t b/tests/tls-verify-peer/t
index 35c7c8d..9b676a6 100644
--- a/tests/tls-verify-peer/t
+++ b/tests/tls-verify-peer/t
@@ -28,9 +28,9 @@ verified_peer() {
 }
 
 # backup config
-install -m0600 "$XDG_CONFIG_HOME/interimap/config" "$XDG_CONFIG_HOME/interimap/config~"
+install -m0600 -- "$XDG_CONFIG_HOME/interimap/config" "$XDG_CONFIG_HOME/interimap/config~"
 with_remote_config() {
-    install -m0600 "$XDG_CONFIG_HOME/interimap/config~" "$XDG_CONFIG_HOME/interimap/config"
+    install -m0600 -- "$XDG_CONFIG_HOME/interimap/config~" "$XDG_CONFIG_HOME/interimap/config"
     cat >>"$XDG_CONFIG_HOME/interimap/config"
 }
 
@@ -53,12 +53,12 @@ capath=$(mktemp --tmpdir="$TMPDIR" --directory capath.XXXXXX)
 
 step_start "SSL_CAfile"
 if [ -f "/etc/ssl/certs/ca-certificates.crt" ]; then
-    # our self-signed test cert should not be in there
+    # our fake root CA should not be in there
     with_remote_config <<<"SSL_CAfile = /etc/ssl/certs/ca-certificates.crt"
     unverified_peer
 fi
 
-doveconf -c "$HOME_remote/.dovecot/config" -hx ssl_cert >"$capath/ca-certificates.crt"
+cp -T -- ~/.dovecot/conf.d/ca.crt "$capath/ca-certificates.crt"
 with_remote_config <<<"SSL_CAfile = $capath/ca-certificates.crt"
 verified_peer
 step_done
@@ -66,7 +66,7 @@ step_done
 
 step_start "SSL_CApath"
 if [ -d "/etc/ssl/certs" ]; then
-    # our self-signed test cert should not be in there
+    # our fake root CA should not be in there
     with_remote_config <<<"SSL_CApath = /etc/ssl/certs"
     unverified_peer
 fi