aboutsummaryrefslogtreecommitdiffstats
diff options
context:
space:
mode:
authorGuilhem Moulin <guilhem@fripost.org>2024-06-13 15:54:11 +0200
committerGuilhem Moulin <guilhem@fripost.org>2024-06-13 17:38:40 +0200
commit98e4397f5330245cb7f8a21054ab078c4d0bba82 (patch)
tree7dcfe835ee6b3f97e8e3db223c8c8340a4e243f1
parent83f4cabd85c240cd0f13fdd4c88266648eb0a90c (diff)
Fix test suite.
Since we don't pin staging intermediate certificates anymore we drop the test where the CA bundle contains only intermediates.
-rw-r--r--tests/cert-verify22
-rw-r--r--tests/old-lacme9
2 files changed, 10 insertions, 21 deletions
diff --git a/tests/cert-verify b/tests/cert-verify
index 4d254c6..a6cd336 100644
--- a/tests/cert-verify
+++ b/tests/cert-verify
@@ -8,31 +8,19 @@ for ca in /usr/share/lacme/letsencrypt-stg-root-*.pem; do
done
update-ca-certificates
-# test (modified) trust store for intermediate certificates
-openssl verify -no-CAfile -CApath /etc/ssl/certs -show_chain /usr/share/lacme/letsencrypt-stg-int-*.pem
-openssl verify -no-CApath -CAfile /etc/ssl/certs/ca-certificates.crt -show_chain /usr/share/lacme/letsencrypt-stg-int-*.pem
+# test (modified) trust store
+openssl verify -no-CAfile -CApath /etc/ssl/certs -show_chain /usr/share/lacme/letsencrypt-stg-root-x1.pem
+openssl verify -no-CApath -CAfile /etc/ssl/certs/ca-certificates.crt -show_chain /usr/share/lacme/letsencrypt-stg-root-x1.pem
mv /usr/share/lacme/ca-certificates.crt /usr/share/lacme/ca-certificates.crt.back
! lacme newOrder 2>"$STDERR" || fail
-grepstderr -Fxq "Could not open file or uri for loading certs of trusted certificates from /usr/share/lacme/ca-certificates.crt"
+grepstderr -Fq "Could not open file or uri for loading trusted certificates from /usr/share/lacme/ca-certificates.crt:"
grepstderr -Fxq "[simpletest-rsa] Error: Received invalid X.509 certificate from ACME server!"
# verification error for unrelated CA bundle
cat /etc/ssl/certs/ssl-cert-snakeoil.pem >/usr/share/lacme/ca-certificates.crt
! lacme newOrder 2>"$STDERR" || fail
-grepstderr -Fxq "error 20 at 0 depth lookup: unable to get local issuer certificate"
-grepstderr -Fxq "[simpletest-rsa] Error: Received invalid X.509 certificate from ACME server!"
-
-# verification error when the CA bundle contains only the root certificates
-cat /usr/share/lacme/letsencrypt-stg-root-*.pem >/usr/share/lacme/ca-certificates.crt
-! lacme newOrder 2>"$STDERR" || fail
-grepstderr -Fxq "error 20 at 0 depth lookup: unable to get local issuer certificate"
-grepstderr -Fxq "[simpletest-rsa] Error: Received invalid X.509 certificate from ACME server!"
-
-# verification error when the CA bundle contains only the intermediate certificates
-cat /usr/share/lacme/letsencrypt-stg-int-*.pem >/usr/share/lacme/ca-certificates.crt
-! lacme newOrder 2>"$STDERR" || fail
-grepstderr -Fxq "error 2 at 1 depth lookup: unable to get issuer certificate"
+grepstderr -Fxq "error 20 at 1 depth lookup: unable to get local issuer certificate"
grepstderr -Fxq "[simpletest-rsa] Error: Received invalid X.509 certificate from ACME server!"
# use saved bundle as custom CAfile
diff --git a/tests/old-lacme b/tests/old-lacme
index b1c9f88..278a705 100644
--- a/tests/old-lacme
+++ b/tests/old-lacme
@@ -1,5 +1,6 @@
-# IPC test between recent lacme-accountd(1) and ancient lacme(8) 0.5 from Debian buster
-# (we don't try earlier versions as we need v2 support of the ACME API)
+# IPC test between recent lacme-accountd(1) and ancient lacme(8) 0.8 from Debian Bullseye
+# (we don't try earlier versions as we need v2 support of the ACME API
+# and non-pinned intermediates)
adduser --disabled-password \
--home /home/lacme-account \
@@ -14,12 +15,12 @@ cat >~lacme-account/.config/lacme/lacme-accountd.conf <<-EOF
privkey = file:/etc/lacme/account.key
EOF
-echo "deb http://deb.debian.org/debian buster main" >>/etc/apt/sources.list
+echo "deb http://deb.debian.org/debian bullseye main" >>/etc/apt/sources.list
DEBIAN_FRONTEND="noninteractive" apt update
DEBIAN_FRONTEND="noninteractive" apt install -y --no-install-recommends \
--reinstall --allow-downgrades \
-oDPkg::Options::="--force-confdef" -oDPkg::Options::="--force-overwrite" \
- lacme/buster
+ lacme/bullseye
# restore staging environment
mv -f /usr/share/lacme/ca-certificates.crt.back /usr/share/lacme/ca-certificates.crt