Skip to content

Make the SSL tests run #1110

Merged
merged 1 commit into from Feb 1, 2014

2 participants

@kinnison

This patch adds an SSL key set for use during tests and causes the SSL tests to
be run if the server was built with OPENSSL support. In addition we fix the
TLS port to be bound to 127.0.0.1 which fixes 073's behaviour in SSL mode on an
IPv6 enabled host.

Signed-Off-By: Daniel Silverstone dsilvers@digital-scurf.org

@kinnison

Overall, this makes the SSL tests pass on Wheezy in full which is worth enabling so everyone checks :-)

@skinkie
Cherokee Project member
skinkie commented Jan 31, 2014

I really really do not want generated keys in our repo. Could you change it so automake generates one for us?

@kinnison

I considered generating the key but it involves very unpleasant config files for the openssl application if you want to automate the generation. Is your objection based on something more than how unpleasant it is to have binary lumps in the repo?

@skinkie
Cherokee Project member
skinkie commented Jan 31, 2014

As mentioned before I want to prevent studity where someone actually feels stupid enough to copy the test keys from the test suite and put it in a production ssl site. Doesn't our contrib dir already have a script that creates self signed certs?

@kinnison

Aah yes, preventing stupidity is good. Unfortunately that script isn't non-interactive :-(

@kinnison
kinnison commented Feb 1, 2014

I've managed to write something, I'll be pushing a fresh branch soonish

@kinnison
kinnison commented Feb 1, 2014

Re-pushed -- opinions please :-)

@kinnison
kinnison commented Feb 1, 2014

Re-pushed for openssl.cnf

@kinnison kinnison Make the SSL tests run
This patch adds support for generating a SnakeOil SSL key during the QA suite
if the system has openssl.  It can take a little while on lower-powered systems
but on anything modern it should barely be noticable.

This means we can cause the SSL tests to be run if the server was built with
OPENSSL support.  In addition we fix the TLS port to be bound to 127.0.0.1
which fixes 073's behaviour in SSL mode on an IPv6 enabled host.

Signed-Off-By: Daniel Silverstone <dsilvers@digital-scurf.org>
9b9f711
@skinkie skinkie merged commit 3d41459 into cherokee:master Feb 1, 2014
@kinnison kinnison deleted the kinnison:kinnison/allow-ssl-tests branch Feb 1, 2014
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Something went wrong with that request. Please try again.