Closed
Description
Issue Description
=================================== FAILURES ===================================
_____________________ test_tls_command_returns_error_text ______________________
self = <lib389.nss_ssl.NssSsl object at 0x7fb7eb9333e0>
input_key = '/etc/dirsrv/slapd-standalone1/dse.ldif'
input_cert = '/etc/dirsrv/slapd-standalone1/dse.ldif'
def add_server_key_and_cert(self, input_key, input_cert):
if not os.path.exists(input_key):
raise ValueError("The key file ({}) does not exist".format(input_key))
if not os.path.exists(input_cert):
raise ValueError("The cert file ({}) does not exist".format(input_cert))
self.log.debug(f"Importing key and cert -> {input_key}, {input_cert}")
p12_bundle = "%s/temp_server_key_cert.p12" % self._certdb
# Remove the p12 if it exists
if os.path.exists(p12_bundle):
os.remove(p12_bundle)
# Transform to p12
cmd = [
'openssl',
'pkcs12',
'-export',
'-in', input_cert,
'-inkey', input_key,
'-out', p12_bundle,
'-name', CERT_NAME,
'-passout', 'pass:',
'-aes128'
]
self.log.debug("nss cmd: %s", format_cmd_list(cmd))
try:
> check_output(cmd, stderr=subprocess.STDOUT)
/usr/lib/python3.12/site-packages/lib389/nss_ssl.py:1235:
_ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _
/usr/lib64/python3.12/subprocess.py:[466](https://github.com/vashirov/389-ds-base/actions/runs/9316760810/job/25646047451#step:7:467): in check_output
return run(*popenargs, stdout=PIPE, timeout=timeout, check=True,
_ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _
input = None, capture_output = False, timeout = None, check = True
popenargs = (['openssl', 'pkcs12', '-export', '-in', '/etc/dirsrv/slapd-standalone1/dse.ldif', '-inkey', ...],)
kwargs = {'stderr': -2, 'stdout': -1}
2. Success
3. Success
4. Success
5. Success
"""
# dsctl localhost tls generate-server-cert-csr -s "bad"
tls = NssSsl(dirsrv=topo.standalone)
try:
tls.create_rsa_key_and_csr([], "bad")
assert False
except ValueError as e:
assert '255' not in str(e)
assert 'improperly formatted name' in str(e)
# dsctl localhost tls remove-cert
try:
tls.del_cert("bad")
assert False
except ValueError as e:
assert '255' not in str(e)
assert 'could not find certificate named' in str(e)
# dsctl localhost tls import-ca
try:
invalid_file = topo.standalone.confdir + '/dse.ldif'
tls.add_cert(nickname="bad", input_file=invalid_file)
assert False
except ValueError as e:
assert '255' not in str(e)
assert 'Unable to load PEM file' in str(e)
# dsctl localhost tls import-server-cert
try:
invalid_file = topo.standalone.confdir + '/dse.ldif'
tls.import_rsa_crt(crt=invalid_file)
assert False
except ValueError as e:
assert '255' not in str(e)
assert 'error converting ascii to binary' in str(e)
# dsctl localhost tls import-server-key-cert
try:
invalid_file = topo.standalone.confdir + '/dse.ldif'
tls.add_server_key_and_cert(invalid_file, invalid_file)
assert False
except ValueError as e:
assert '255' not in str(e)
if 'OpenSSL 3' in ssl.OPENSSL_VERSION:
> assert 'Could not read private key from' in str(e)
E AssertionError: assert 'Could not read private key from' in 'Warning: output encryption option -aes128 ignored with -export\nCould not find private key from -inkey file from /etc/dirsrv/slapd-standalone1/dse.ldif'
E + where 'Warning: output encryption option -aes128 ignored with -export\nCould not find private key from -inkey file from /etc/dirsrv/slapd-standalone1/dse.ldif' = str(ValueError('Warning: output encryption option -aes128 ignored with -export\nCould not find private key from -inkey file from /etc/dirsrv/slapd-standalone1/dse.ldif'))
dirsrvtests/tests/suites/clu/dsctl_tls_test.py:82: AssertionError