• Home
  • History
  • Annotate
Name Date Size #Lines LOC

..08-Nov-2021-

ssl/H08-Nov-2021-888853

t/H08-Nov-2021-381219

.gitignoreH A D08-Nov-202156 43

MakefileH A D08-Nov-20215.4 KiB13580

READMEH A D08-Nov-20212.5 KiB8862

cas.configH A D08-Nov-20211.5 KiB6558

client.configH A D08-Nov-2021312 1410

client_ca.configH A D08-Nov-2021411 129

root_ca.configH A D08-Nov-2021358 1410

server-cn-and-alt-names.configH A D08-Nov-2021749 2620

server-cn-only.configH A D08-Nov-2021290 1410

server-multiple-alt-names.configH A D08-Nov-2021497 2116

server-no-names.configH A D08-Nov-2021387 1712

server-revoked.configH A D08-Nov-2021374 1612

server-single-alt-name.configH A D08-Nov-2021420 1914

server_ca.configH A D08-Nov-2021411 129

README

1src/test/ssl/README
2
3SSL regression tests
4====================
5
6This directory contains a test suite for SSL support. It tests both
7client-side functionality, i.e. verifying server certificates, and
8server-side functionality, i.e. certificate authorization.
9
10Running the tests
11=================
12
13    make check
14
15NOTE: This creates a temporary installation, and sets it up to listen for TCP
16connections on localhost. Any user on the same host is allowed to log in to
17the test installation while the tests are running. Do not run this suite
18on a multi-user system where you don't trust all local users!
19
20Certificates
21============
22
23The test suite needs a set of public/private key pairs and certificates to
24run:
25
26root_ca
27	root CA, use to sign the server and client CA certificates.
28
29server_ca
30	CA used to sign server certificates.
31
32client_ca
33	CA used to sign client certificates.
34
35server-cn-only
36server-cn-and-alt-names
37server-single-alt-name
38server-multiple-alt-names
39server-no-names
40	server certificates, with small variations in the hostnames present
41        in the certificate. Signed by server_ca.
42
43server-ss
44	same as server-cn-only, but self-signed.
45
46client
47	a client certificate, for user "ssltestuser". Signed by client_ca.
48
49client-revoked
50	like "client", but marked as revoked in the client CA's CRL.
51
52In addition, there are a few files that combine various certificates together
53in the same file:
54
55both-cas-1
56	Contains root_ca.crt, client_ca.crt and server_ca.crt, in that order.
57
58both-cas-2
59	Contains root_ca.crt, server_ca.crt and client_ca.crt, in that order.
60
61root+server_ca
62	Contains root_crt and server_ca.crt. For use as client's "sslrootcert"
63	option.
64
65root+client_ca
66	Contains root_crt and client_ca.crt. For use as server's "ssl_ca_file".
67
68client+client_ca
69	Contains client.crt and client_ca.crt in that order. For use as client's
70	certificate chain.
71
72There are also CRLs for each of the CAs: root.crl, server.crl and client.crl.
73
74For convenience, all of these keypairs and certificates are included in the
75ssl/ subdirectory. The Makefile also contains a rule, "make sslfiles", to
76recreate them if you need to make changes.
77
78TODO
79====
80
81* Allow the client-side of the tests to be run on different host easily.
82  Currently, you have to manually set up the certificates for the right
83  hostname, and modify the test file to skip setting up the server. And you
84  have to modify the server to accept connections from the client host.
85
86* Test having multiple server certificates, so that the private key chooses
87  the certificate to present to clients. (And the same in the client-side.)
88