Skip to content

Commit

Permalink
fix(test): update travis and e2e selfSignedCert fn
Browse files Browse the repository at this point in the history 
- add go.mod/go.sum
- update .travis.yml to test against supported Go versions
- drop golint from CI checks

To satisfy modern Go crypto in the tlsrouter e2e_test.go:
- bump RSA keysize to minimum 2048 bits
- set NotBefore to valid recent timestamp
- include CommonName in SANs

Signed-off-by: Dominic Evans <dominic.evans@uk.ibm.com>
  • Loading branch information
@dnwe @danderson
dnwe authored and danderson committed Aug 24, 2021
1 parent b6bb9b5 commit 2825d76
Show file tree
Hide file tree
Showing 5 changed files with 14 additions and 14 deletions.
2 changes: 0 additions & 2 deletions .gitignore
View file

This file was deleted.

11 changes: 3 additions & 8 deletions .travis.yml
View file
@@ -1,24 +1,19 @@
language: go
go:
- "1.12"
- "1.13"
- "1.16.x"
- "1.17.x"
- tip
os:
- linux
install:
- go get github.com/golang/lint/golint
before_script:
script:
- go get -t ./...
- go build ./...
- go test ./...
- go vet ./...
- golint -set_exit_status .

jobs:
include:
- stage: deploy
go: "1.13"
go: "1.16"
install:
- gem install fpm
script:
Expand Down
8 changes: 4 additions & 4 deletions cmd/tlsrouter/e2e_test.go
View file
Expand Up @@ -182,7 +182,7 @@ func serveTLS(t *testing.T, value string, understandProxy bool, domains ...strin
}

func selfSignedCert(domains []string) (tls.Certificate, *x509.CertPool, error) {
pkey, err := rsa.GenerateKey(rand.Reader, 512)
pkey, err := rsa.GenerateKey(rand.Reader, 2048)
if err != nil {
return tls.Certificate{}, nil, err
}
Expand All @@ -192,16 +192,16 @@ func selfSignedCert(domains []string) (tls.Certificate, *x509.CertPool, error) {
Organization: []string{"Test Co"},
CommonName: domains[0],
},
NotBefore: time.Time{},
NotBefore: time.Now().Add(-5 * time.Minute),
NotAfter: time.Now().Add(60 * time.Minute),
IsCA: true,
KeyUsage: x509.KeyUsageKeyEncipherment | x509.KeyUsageDigitalSignature | x509.KeyUsageCertSign,
ExtKeyUsage: []x509.ExtKeyUsage{x509.ExtKeyUsageServerAuth},
BasicConstraintsValid: true,
DNSNames: domains[1:],
DNSNames: domains[:],
}

derBytes, err := x509.CreateCertificate(rand.Reader, template, template, &pkey.PublicKey, pkey)
derBytes, err := x509.CreateCertificate(rand.Reader, template, template, pkey.Public(), pkey)
if err != nil {
return tls.Certificate{}, nil, err
}
Expand Down
5 changes: 5 additions & 0 deletions go.mod
View file
@@ -0,0 +1,5 @@
module inet.af/tcpproxy

go 1.16

require github.com/armon/go-proxyproto v0.0.0-20210323213023-7e956b284f0a
2 changes: 2 additions & 0 deletions go.sum
View file
@@ -0,0 +1,2 @@
github.com/armon/go-proxyproto v0.0.0-20210323213023-7e956b284f0a h1:AP/vsCIvJZ129pdm9Ek7bH7yutN3hByqsMoNrWAxRQc=
github.com/armon/go-proxyproto v0.0.0-20210323213023-7e956b284f0a/go.mod h1:QmP9hvJ91BbJmGVGSbutW19IC0Q9phDCLGaomwTJbgU=

0 comments on commit 2825d76

Please sign in to comment.