aboutsummaryrefslogtreecommitdiffstats
path: root/debian/patches/Adjust-test-suite-against-current-Let-s-Encrypt-staging-e.patch
blob: 063217abc3f106bd62a80aa922beffa206a89bbd (plain) 
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
153
154
155
156
157
158
159
160
161
162
163
164
165
166
167
168
169
170
171
172
173
174
175
176
177
178
179
180
181
182
183

From: Guilhem Moulin <guilhem@fripost.org>
Date: Thu, 13 Jun 2024 15:54:11 +0200
Subject: Adjust test suite against current Let's Encrypt staging environment

Origin: https://git.guilhem.org/lacme/commit/?id=cb0b301e7a62a71d9e4454f9f7af5358c857c48c
Origin: https://git.guilhem.org/lacme/commit/?id=f84716c064312dd9dc0d149f0ec7a12f5c88c3af
Origin: https://git.guilhem.org/lacme/commit/?id=a41444b8b1fe5349a4a33c45f1e96036845609bb
Origin: https://git.guilhem.org/lacme/commit/?id=98e4397f5330245cb7f8a21054ab078c4d0bba82
---
 tests/account-encrypted-gpg     |  2 +-
 tests/account-encrypted-openssl |  1 +
 tests/accountd                  |  1 +
 tests/accountd-kid              |  4 +++-
 tests/cert-install              |  2 +-
 tests/cert-revoke               |  4 ++--
 tests/cert-verify               | 20 ++++----------------
 tests/old-accountd              |  1 +
 tests/old-lacme                 |  1 +
 9 files changed, 15 insertions(+), 21 deletions(-)

diff --git a/tests/account-encrypted-gpg b/tests/account-encrypted-gpg
index fd1e4ac..7cb978d 100644
--- a/tests/account-encrypted-gpg
+++ b/tests/account-encrypted-gpg
@@ -9,7 +9,7 @@ keyid="$(gpg --list-secret-key --with-colons | grep -m1 ^fpr: | cut -sd: -f10)"
 gpg --encrypt -r "$keyid" /etc/lacme/account.key
 sed -ri '0,\|^#?privkey\s*=.*| {s||privkey = gpg:/etc/lacme/account.key.gpg|}' /etc/lacme/lacme-accountd.conf
 
-export GPG_TTY="$(tty)"
+export GPG_TTY="$(tty)" TERM="linux"
 lacme account
 
 # vim: set filetype=sh :
diff --git a/tests/account-encrypted-openssl b/tests/account-encrypted-openssl
index e79a528..a3ad707 100644
--- a/tests/account-encrypted-openssl
+++ b/tests/account-encrypted-openssl
@@ -5,6 +5,7 @@ PASSPHRASE="test"
 openssl rsa -aes128 -passout pass:"$PASSPHRASE" </etc/lacme/account.key >/etc/lacme/account.enc.key
 sed -ri '0,\|^#?privkey\s*=.*| {s||privkey = file:/etc/lacme/account.enc.key|}' /etc/lacme/lacme-accountd.conf
 
+export TERM="linux"
 lacme account
 
 # vim: set filetype=sh :
diff --git a/tests/accountd b/tests/accountd
index a603c16..d204b9c 100644
--- a/tests/accountd
+++ b/tests/accountd
@@ -65,6 +65,7 @@ grep -F "Error: " ~lacme-account/.local/share/lacme/accountd.log
 # rotate the log and start accountd
 rm -f ~lacme-account/.local/share/lacme/accountd.log
 runuser -u lacme-account -- lacme-accountd --socket="$SOCKET" --quiet & PID=$!
+sleep 1
 
 # run lacme(8) multiple times using that single lacme-accountd(1) instance
 lacme --socket="$SOCKET" --debug account 2>"$STDERR" || fail
diff --git a/tests/accountd-kid b/tests/accountd-kid
index e1bd63d..28f1c3c 100644
--- a/tests/accountd-kid
+++ b/tests/accountd-kid
@@ -23,6 +23,7 @@ EOF
 
 SOCKET=~lacme-account/S.lacme
 runuser -u lacme-account -- lacme-accountd --socket="$SOCKET" --quiet & PID=$!
+sleep 1
 
 # newAccount resource fails as per RFC 8555 sec. 6.2 it requires a JWK
 ! lacme --socket="$SOCKET" account 2>"$STDERR" || fail
@@ -37,6 +38,7 @@ wait
 
 rm ~lacme-account/.local/share/lacme/accountd.log
 runuser -u lacme-account -- lacme-accountd --socket="$SOCKET" --quiet & PID=$!
+sleep 1
 
 # newOrder works fine without JWK
 lacme --socket="$SOCKET" newOrder
@@ -46,7 +48,7 @@ test /etc/lacme/simpletest.rsa.crt -nt /etc/lacme/simpletest.rsa.key
 lacme --socket="$SOCKET" revokeCert /etc/lacme/simpletest.rsa.crt
 ! lacme --socket="$SOCKET" revokeCert /etc/lacme/simpletest.rsa.crt 2>"$STDERR" || fail
 grepstderr -Fxq "Revoking /etc/lacme/simpletest.rsa.crt"
-grepstderr -Fxq "400 Bad Request (Certificate already revoked)"
+grepstderr -Fq "400 Bad Request (unable to revoke"
 grepstderr -Fxq "Warning: Couldn't revoke /etc/lacme/simpletest.rsa.crt"
 
 kill $PID
diff --git a/tests/cert-install b/tests/cert-install
index 69faae4..dfb882a 100644
--- a/tests/cert-install
+++ b/tests/cert-install
@@ -79,7 +79,7 @@ check_chain() {
 
 # 'certificate' installs only the leaf certificate
 openssl genpkey -algorithm RSA -out /etc/lacme/test1.key
-subject="/CN=$(head -c10 /dev/urandom | base32 -w0).$DOMAINNAME"
+subject="/CN=$(head -c10 /dev/urandom | base32 -w0 | tr "A-Z" "a-z").$DOMAINNAME"
 cat >"/etc/lacme/lacme-certs.conf.d/test1.conf" <<- EOF
 	[test1]
 	certificate-key = /etc/lacme/test1.key
diff --git a/tests/cert-revoke b/tests/cert-revoke
index f3d585e..179ccba 100644
--- a/tests/cert-revoke
+++ b/tests/cert-revoke
@@ -18,7 +18,7 @@ test /etc/lacme/simpletest.ecdsa.crt -nt /etc/lacme/simpletest.ecdsa.key
 lacme revokeCert /etc/lacme/simpletest.ecdsa.crt
 ! lacme revokeCert /etc/lacme/simpletest.ecdsa.crt 2>"$STDERR" || fail
 grepstderr -Fxq "Revoking /etc/lacme/simpletest.ecdsa.crt"
-grepstderr -Fxq "400 Bad Request (Certificate already revoked)"
+grepstderr -Fq "400 Bad Request (unable to revoke"
 grepstderr -Fxq "Warning: Couldn't revoke /etc/lacme/simpletest.ecdsa.crt"
 
 # and the RSA certificate using the service key
@@ -26,7 +26,7 @@ mv -vfT /etc/lacme/simpletest.rsa.key /etc/lacme/account.key
 lacme revokeCert /etc/lacme/simpletest.rsa.crt
 ! lacme revokeCert /etc/lacme/simpletest.rsa.crt 2>"$STDERR" || fail
 grepstderr -Fxq "Revoking /etc/lacme/simpletest.rsa.crt"
-grepstderr -Fxq "400 Bad Request (Certificate already revoked)"
+grepstderr -Fq "400 Bad Request (unable to revoke"
 grepstderr -Fxq "Warning: Couldn't revoke /etc/lacme/simpletest.rsa.crt"
 
 # vim: set filetype=sh :
diff --git a/tests/cert-verify b/tests/cert-verify
index 49629f2..7d27c98 100644
--- a/tests/cert-verify
+++ b/tests/cert-verify
@@ -8,9 +8,9 @@ for ca in /usr/share/lacme/letsencrypt-stg-root-*.pem; do
 done
 update-ca-certificates
 
-# test (modified) trust store for intermediate certificates
-openssl verify -no-CAfile -CApath /etc/ssl/certs                     -show_chain /usr/share/lacme/letsencrypt-stg-int-*.pem
-openssl verify -no-CApath -CAfile /etc/ssl/certs/ca-certificates.crt -show_chain /usr/share/lacme/letsencrypt-stg-int-*.pem
+# test (modified) trust store
+openssl verify -no-CAfile -CApath /etc/ssl/certs                     -show_chain /usr/share/lacme/letsencrypt-stg-root-x1.pem
+openssl verify -no-CApath -CAfile /etc/ssl/certs/ca-certificates.crt -show_chain /usr/share/lacme/letsencrypt-stg-root-x1.pem
 
 mv /usr/share/lacme/ca-certificates.crt /usr/share/lacme/ca-certificates.crt.back
 ! lacme newOrder 2>"$STDERR" || fail
@@ -20,19 +20,7 @@ grepstderr -Fxq "[simpletest-rsa] Error: Received invalid X.509 certificate from
 # verification error for unrelated CA bundle
 cat /etc/ssl/certs/ssl-cert-snakeoil.pem >/usr/share/lacme/ca-certificates.crt
 ! lacme newOrder 2>"$STDERR" || fail
-grepstderr -Fxq "error 20 at 0 depth lookup: unable to get local issuer certificate"
-grepstderr -Fxq "[simpletest-rsa] Error: Received invalid X.509 certificate from ACME server!"
-
-# verification error when the CA bundle contains only the root certificates
-cat /usr/share/lacme/letsencrypt-stg-root-*.pem >/usr/share/lacme/ca-certificates.crt
-! lacme newOrder 2>"$STDERR" || fail
-grepstderr -Fxq "error 20 at 0 depth lookup: unable to get local issuer certificate"
-grepstderr -Fxq "[simpletest-rsa] Error: Received invalid X.509 certificate from ACME server!"
-
-# verification error when the CA bundle contains only the intermediate certificates
-cat /usr/share/lacme/letsencrypt-stg-int-*.pem >/usr/share/lacme/ca-certificates.crt
-! lacme newOrder 2>"$STDERR" || fail
-grepstderr -Fxq "error 2 at 1 depth lookup: unable to get issuer certificate"
+grepstderr -Fxq "error 20 at 1 depth lookup: unable to get local issuer certificate"
 grepstderr -Fxq "[simpletest-rsa] Error: Received invalid X.509 certificate from ACME server!"
 
 # use saved bundle as custom CAfile
diff --git a/tests/old-accountd b/tests/old-accountd
index b44f7ec..abd330d 100644
--- a/tests/old-accountd
+++ b/tests/old-accountd
@@ -21,6 +21,7 @@ DEBIAN_FRONTEND="noninteractive" apt install -y --no-install-recommends \
 
 SOCKET=~lacme-account/S.lacme
 runuser -u lacme-account -- lacme-accountd --socket="$SOCKET" & PID=$!
+sleep 1
 lacme --socket="$SOCKET" account
 lacme --socket="$SOCKET" newOrder
 
diff --git a/tests/old-lacme b/tests/old-lacme
index fa7d827..b1c9f88 100644
--- a/tests/old-lacme
+++ b/tests/old-lacme
@@ -26,6 +26,7 @@ mv -f /usr/share/lacme/ca-certificates.crt.back /usr/share/lacme/ca-certificates
 
 SOCKET=~lacme-account/S.lacme
 runuser -u lacme-account -- lacme-accountd --socket="$SOCKET" & PID=$!
+sleep 1
 sed -ri "s/^\[accountd]$/#&/" /etc/lacme/lacme.conf # https://bugs.debian.org/955767
 lacme --socket="$SOCKET" account
 lacme --socket="$SOCKET" newOrder
generated by cgit v1.2.3 (git 2.25.1) at 2024-06-29 18:38:24 +0000