diff options
author | Guilhem Moulin <guilhem@fripost.org> | 2020-12-10 14:34:48 +0100 |
---|---|---|
committer | Guilhem Moulin <guilhem@fripost.org> | 2020-12-11 11:20:41 +0100 |
commit | 26e5c04abfb81bdcbd4d89d9f9329b8433920b26 (patch) | |
tree | e73554f83d12471c55834be114bcd186885c2043 /tests/tls-verify-peer | |
parent | 17b263c49df682fc45f0e50cceb01db4366ad9a7 (diff) |
test suite: always generate new certificates on `make test`.
In addition, sign test certificates with the same root CA. Hence
running `make test` now requires OpenSSL 1.1.1 or later.
Diffstat (limited to 'tests/tls-verify-peer')
-rw-r--r-- | tests/tls-verify-peer/t | 10 |
1 files changed, 5 insertions, 5 deletions
diff --git a/tests/tls-verify-peer/t b/tests/tls-verify-peer/t index 35c7c8d..9b676a6 100644 --- a/tests/tls-verify-peer/t +++ b/tests/tls-verify-peer/t @@ -28,9 +28,9 @@ verified_peer() { } # backup config -install -m0600 "$XDG_CONFIG_HOME/interimap/config" "$XDG_CONFIG_HOME/interimap/config~" +install -m0600 -- "$XDG_CONFIG_HOME/interimap/config" "$XDG_CONFIG_HOME/interimap/config~" with_remote_config() { - install -m0600 "$XDG_CONFIG_HOME/interimap/config~" "$XDG_CONFIG_HOME/interimap/config" + install -m0600 -- "$XDG_CONFIG_HOME/interimap/config~" "$XDG_CONFIG_HOME/interimap/config" cat >>"$XDG_CONFIG_HOME/interimap/config" } @@ -53,12 +53,12 @@ capath=$(mktemp --tmpdir="$TMPDIR" --directory capath.XXXXXX) step_start "SSL_CAfile" if [ -f "/etc/ssl/certs/ca-certificates.crt" ]; then - # our self-signed test cert should not be in there + # our fake root CA should not be in there with_remote_config <<<"SSL_CAfile = /etc/ssl/certs/ca-certificates.crt" unverified_peer fi -doveconf -c "$HOME_remote/.dovecot/config" -hx ssl_cert >"$capath/ca-certificates.crt" +cp -T -- ~/.dovecot/conf.d/ca.crt "$capath/ca-certificates.crt" with_remote_config <<<"SSL_CAfile = $capath/ca-certificates.crt" verified_peer step_done @@ -66,7 +66,7 @@ step_done step_start "SSL_CApath" if [ -d "/etc/ssl/certs" ]; then - # our self-signed test cert should not be in there + # our fake root CA should not be in there with_remote_config <<<"SSL_CApath = /etc/ssl/certs" unverified_peer fi |