RuhNetConsulting
/
getssl
mirror of https://github.com/srvrco/getssl
1
0
Fork 0
Code Issues 0 Projects 0 Releases 51 Wiki Activity
Browse Source

Add test for IGNORE_DIRECTORY_DOMAIN

pull/534/head
Tim Kimber 6 years ago
parent
8a8fe446e7
commit
804c71ffec
No known key found for this signature in database GPG Key ID: 3E1804964E76BD18
3 changed files with 59 additions and 0 deletions
Split View
Diff Options
Show Stats Download Patch File Download Diff File
  1. +1
    -0
      getssl
  2. +19
    -0
      test/9-multiple-domains-dns01.bats
  3. +39
    -0
      test/test-config/getssl-ignore-directory-domain.cfg

+ 1
- 0
getssl View File

@ -215,6 +215,7 @@
# 2020-02-22 Change sign_string to use openssl asn1parse (better fix for #424)
# 2020-02-23 Add dig to config check for systems without drill (ubuntu)
# 2020-03-11 Use dig +trace to find primary name server and improve dig parsing of CNAME
# 2020-03-12 Fix bug with DNS validation and multiple domains (#524)
# 2020-03-24 Find primary ns using all dns utils (dig, host, nslookup) (2.21)
# ----------------------------------------------------------------------------------------


+ 19
- 0
test/9-multiple-domains-dns01.bats View File

@ -45,3 +45,22 @@ setup() {
cleanup_environment
curl --silent -X POST -d '{"host":"getssl.tst"}' http://10.30.50.3:8055/clear-a
}
@test "Test IGNORE_DIRECTORY_DOMAIN using DNS-01 verification" {
# This tests we can create a certificate for getssl.test and <os>.getssl.test (*both* in SANS)
if [ -n "$STAGING" ]; then
skip "Using staging server, skipping internal test"
fi
CONFIG_FILE="getssl-ignore-directory-domain.cfg"
setup_environment
# Add top level domain from SANS to DNS
curl --silent -X POST -d '{"host":"getssl.test", "addresses":["'$GETSSL_IP'"]}' http://10.30.50.3:8055/add-a
init_getssl
create_certificate
assert_success
refute_output --regexp '[Ff][Aa][Ii][Ll][Ee][Dd]'
refute_output --regexp '[Ee][Rr][Rr][Oo][Rr]'
refute_output --regexp '[Ww][Aa][Rr][Nn][Ii][Nn][Gg]'
}

+ 39
- 0
test/test-config/getssl-ignore-directory-domain.cfg View File

@ -0,0 +1,39 @@
# Uncomment and modify any variables you need
# see https://github.com/srvrco/getssl/wiki/Config-variables for details
# see https://github.com/srvrco/getssl/wiki/Example-config-files for example configs
#
CA="https://pebble:14000/dir"
VALIDATE_VIA_DNS=true
DNS_ADD_COMMAND="/getssl/dns_scripts/dns_add_challtestsrv"
DNS_DEL_COMMAND="/getssl/dns_scripts/dns_del_challtestsrv"
PUBLIC_DNS_SERVER=10.30.50.3
DNS_EXTRA_WAIT=""
# Ignore directory domain (i.e. the domain passed on the command line), and just use the domains in the SANS list
IGNORE_DIRECTORY_DOMAIN="true"
SANS="getssl.test,$GETSSL_HOST"
# Acme Challenge Location. The first line for the domain, the following ones for each additional domain.
ACL=(
'/var/www/html/.well-known/acme-challenge'
'/var/www/html/.well-known/acme-challenge'
)
#Set USE_SINGLE_ACL="true" to use a single ACL for all checks
USE_SINGLE_ACL="false"
# Location for all your certs, these can either be on the server (full path name)
# or using ssh /sftp as for the ACL
DOMAIN_CERT_LOCATION="/etc/nginx/pki/server.crt"
DOMAIN_KEY_LOCATION="/etc/nginx/pki/private/server.key"
CA_CERT_LOCATION="/etc/nginx/pki/chain.crt"
DOMAIN_CHAIN_LOCATION="" # this is the domain cert and CA cert
DOMAIN_PEM_LOCATION="" # this is the domain_key, domain cert and CA cert
# The command needed to reload apache / nginx or whatever you use
RELOAD_CMD="cp /getssl/test/test-config/nginx-ubuntu-ssl ${NGINX_CONFIG} && /getssl/test/restart-nginx"
# Define the server type and confirm correct certificate is installed
SERVER_TYPE="https"
CHECK_REMOTE="true"

Write Preview
Loading…
Cancel
Save