particle-os/debian-forge-composer
1
0
Fork 0
Code Issues Pull requests Projects Releases Packages Wiki Activity Actions

tests: introduce auth tests

Browse source 
This commit introduces a new test binary responsible for testing TLS
authentication.

Currently, it covers both remote worker API and Koji API. It tests that
the server refuses certificates issued by an untrusted CA or self-signed ones.
Also, it tests that the certificate is issued for an allowed domain.

TODO: certs with subject alternative name are currently not used in tests.
They should work just right, but a proper testing requires more tinkering with
OpenSSL than I'm willing to accept at this time
This commit is contained in:
Ondřej Budai 2020-09-23 10:04:28 +02:00 committed by Tom Gundersen
parent fbaaf31a34
commit 68be242850
7 changed files with 262 additions and 4 deletions
Download patch file Download diff file Expand all files Collapse all files

4
cmd/osbuild-composer/main.go
View file

@ -61,7 +61,9 @@ func createTLSConfig(c *connectionConfig) (*tls.Config, error) {
VerifyPeerCertificate: func(rawCerts [][]byte, verifiedChains [][]*x509.Certificate) error {
for _, chain := range verifiedChains {
for _, domain := range c.AllowedDomains {
return chain[0].VerifyHostname(domain)
if chain[0].VerifyHostname(domain) == nil {
return nil
}
}
}