From 26e5c04abfb81bdcbd4d89d9f9329b8433920b26 Mon Sep 17 00:00:00 2001 From: Guilhem Moulin Date: Thu, 10 Dec 2020 14:34:48 +0100 Subject: test suite: always generate new certificates on `make test`. In addition, sign test certificates with the same root CA. Hence running `make test` now requires OpenSSL 1.1.1 or later. --- tests/tls-verify-peer/t | 10 +++++----- 1 file changed, 5 insertions(+), 5 deletions(-) (limited to 'tests/tls-verify-peer') diff --git a/tests/tls-verify-peer/t b/tests/tls-verify-peer/t index 35c7c8d..9b676a6 100644 --- a/tests/tls-verify-peer/t +++ b/tests/tls-verify-peer/t @@ -28,9 +28,9 @@ verified_peer() { } # backup config -install -m0600 "$XDG_CONFIG_HOME/interimap/config" "$XDG_CONFIG_HOME/interimap/config~" +install -m0600 -- "$XDG_CONFIG_HOME/interimap/config" "$XDG_CONFIG_HOME/interimap/config~" with_remote_config() { - install -m0600 "$XDG_CONFIG_HOME/interimap/config~" "$XDG_CONFIG_HOME/interimap/config" + install -m0600 -- "$XDG_CONFIG_HOME/interimap/config~" "$XDG_CONFIG_HOME/interimap/config" cat >>"$XDG_CONFIG_HOME/interimap/config" } @@ -53,12 +53,12 @@ capath=$(mktemp --tmpdir="$TMPDIR" --directory capath.XXXXXX) step_start "SSL_CAfile" if [ -f "/etc/ssl/certs/ca-certificates.crt" ]; then - # our self-signed test cert should not be in there + # our fake root CA should not be in there with_remote_config <<<"SSL_CAfile = /etc/ssl/certs/ca-certificates.crt" unverified_peer fi -doveconf -c "$HOME_remote/.dovecot/config" -hx ssl_cert >"$capath/ca-certificates.crt" +cp -T -- ~/.dovecot/conf.d/ca.crt "$capath/ca-certificates.crt" with_remote_config <<<"SSL_CAfile = $capath/ca-certificates.crt" verified_peer step_done @@ -66,7 +66,7 @@ step_done step_start "SSL_CApath" if [ -d "/etc/ssl/certs" ]; then - # our self-signed test cert should not be in there + # our fake root CA should not be in there with_remote_config <<<"SSL_CApath = /etc/ssl/certs" unverified_peer fi -- cgit v1.2.3