Generate test CA and certificates in rake by nevans · Pull Request #958 · eventmachine/eventmachine · GitHub
Skip to content

Generate test CA and certificates in rake#958

Merged
sodabrew merged 1 commit into
eventmachine:masterfrom
nevans:generate-test-certs
Sep 5, 2024
Merged

Generate test CA and certificates in rake#958
sodabrew merged 1 commit into
eventmachine:masterfrom
nevans:generate-test-certs

Conversation

@nevans

@nevans nevans commented Nov 13, 2021

Copy link
Copy Markdown
Contributor

As part of tidying up the SSL implementation, I'm updating all of the
tests to use secure defaults. This commit doesn't enable certificate
verification or identity verification, yet. This just adds a little bit
of infrastructure for quickly testing several different SSL scenarios.

Currently, it's just a single CA which has signed a single "localhost"
certificate. I'll update it to use intermediate certs and multiple
hostnames, etc, in future PRs.

@nevans

nevans commented Nov 13, 2021

Copy link
Copy Markdown
Contributor Author

@nevans

nevans commented Nov 13, 2021

Copy link
Copy Markdown
Contributor Author

FYI: I didn't get master to compile in docker for 2.2 or 2.3. Perhaps the github actions set things up better than the official docker images?

@MSP-Greg

Copy link
Copy Markdown
Contributor

Maybe run GitHub Actions in your fork?

@nevans

nevans commented Nov 13, 2021

Copy link
Copy Markdown
Contributor Author

Ah, thanks. Took me a minute to figure out how to run actions from my phone 🙃 And I see you have your own Ruby setup action, which makes sense, since none of the others seem to work with old ruby & old openssl.

Anyway, they all passed except for a MacOS 2.6 🤔https://github.com/nevans/eventmachine/runs/4198820287?check_suite_focus=true

@MSP-Greg

Copy link
Copy Markdown
Contributor

Glad you got Actions running. Not sure about the macOS issue...

you have your own Ruby setup action

MSP-Greg/setup-ruby-pkgs uses the code from ruby/setup-ruby to install Ruby, it just adds the ability to install packages, in this case, openssl on Windows. It also works with apt and brew.

I've helped several repos convert to Actions, as it runs a high number of concurrent jobs, often speeding up CI...

@nevans

nevans commented Nov 13, 2021

Copy link
Copy Markdown
Contributor Author

Well, they're all passing now! Flaky test? Could the private keys be generated in such a way that key[100] is insignificant? If so, perhaps something like the following could be less flaky?

idx = badkey.length / 2
badkey[idx] = badkey[idx].tr("A-Za-z", "N-ZA-Mn-za-m")

@nevans

nevans commented Nov 13, 2021

Copy link
Copy Markdown
Contributor Author

(that specific tr wouldn't work if the characters aren't alphabetic, but that's simple to fix with a second tr)

@nevans nevans force-pushed the generate-test-certs branch from 3ead025 to aa112b6 Compare November 22, 2021 22:57
@nevans nevans force-pushed the generate-test-certs branch from aa112b6 to 8fd5036 Compare August 27, 2024 18:40
@nevans

nevans commented Aug 27, 2024

Copy link
Copy Markdown
Contributor Author

As part of tidying up the SSL implementation, I'm updating all of the
tests to use secure defaults.  This commit doesn't enable certificate
verification or identity verification, yet.  This just adds a little bit
of infrastructure for quickly testing several different SSL scenarios.

Currently, it's just a single CA which has signed a single "localhost"
certificate.  I'll update it to use intermediate certs and multiple
hostnames, etc, in future PRs.
@nevans nevans force-pushed the generate-test-certs branch from 8fd5036 to 4851031 Compare September 5, 2024 14:26
@sodabrew sodabrew merged commit bcf3353 into eventmachine:master Sep 5, 2024
@nevans nevans deleted the generate-test-certs branch September 5, 2024 19:11
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Labels

None yet

Projects

None yet

Development

Successfully merging this pull request may close these issues.

3 participants