RuhNetConsulting
/
getssl
mirror of https://github.com/srvrco/getssl
1
0
Fork 0
Code Issues 0 Projects 0 Releases 51 Wiki Activity
Browse Source

Fix for DUAL_RSA_ECDSA not working with ACMEv2 (#334, #474, #502)

pull/503/head
Tim Kimber 6 years ago
parent
621d78393b
commit
83de0e3910
No known key found for this signature in database GPG Key ID: 3E1804964E76BD18
6 changed files with 1681 additions and 1564 deletions
Split View
Diff Options
Show Stats Download Patch File Download Diff File
  1. +1565
    -1558
      getssl
  2. +43
    -0
      test/3-dual-rsa-ecdsa.bats
  3. +0
    -3
      test/Dockerfile-debian
  4. +3
    -3
      test/README.md
  5. +37
    -0
      test/test-config/getssl-dns01-dual-rsa-ecdsa.cfg
  6. +33
    -0
      test/test-config/getssl-http01-dual-rsa-ecdsa.cfg

+ 1565
- 1558
getssl
File diff suppressed because it is too large
View File


+ 43
- 0
test/3-dual-rsa-ecdsa.bats View File

@ -0,0 +1,43 @@
#! /usr/bin/env bats
load '/bats-support/load.bash'
load '/bats-assert/load.bash'
load '/getssl/test/test_helper.bash'
# This is run for every test
setup() {
export CURL_CA_BUNDLE=/root/pebble-ca-bundle.crt
}
@test "Create dual certificates using HTTP-01 verification" {
CONFIG_FILE="getssl-http01-dual-rsa-ecdsa.cfg"
setup_environment
init_getssl
create_certificate
assert_success
}
@test "Force renewal of dual certificates using HTTP-01" {
#!FIXME test certificate has been updated
run ${CODE_DIR}/getssl -f $GETSSL_HOST
assert_success
}
@test "Create dual certificates using DNS-01 verification" {
CONFIG_FILE="getssl-dns01-dual-rsa-ecdsa.cfg"
setup_environment
init_getssl
create_certificate
assert_success
}
@test "Force renewal of dual certificates using DNS-01" {
#!FIXME test certificate has been updated
run ${CODE_DIR}/getssl -f $GETSSL_HOST
assert_success
cleanup_environment
}

+ 0
- 3
test/Dockerfile-debian View File

@ -10,9 +10,6 @@ WORKDIR /root
RUN mkdir /etc/nginx/pki
RUN mkdir /etc/nginx/pki/private
# Prevent "Can't load /root/.rnd into RNG" error from openssl
# RUN touch /root/.rnd
# BATS (Bash Automated Testings)
RUN git clone https://github.com/bats-core/bats-core.git /bats-core
RUN git clone https://github.com/jasonkarns/bats-support /bats-support


+ 3
- 3
test/README.md View File

@ -35,6 +35,6 @@ docker exec -it getssl-ubuntu18 /getssl/test/debug-test.sh getssl-http01.cfg
## TODO
1. Test RHEL6, Debian as well
2. Test SSH, SFTP
3. Test wildcards
1. Test wildcards
2. Test SSH, SFTP, SCP
3. Test change of key algorithm

+ 37
- 0
test/test-config/getssl-dns01-dual-rsa-ecdsa.cfg View File

@ -0,0 +1,37 @@
# Uncomment and modify any variables you need
# see https://github.com/srvrco/getssl/wiki/Config-variables for details
# see https://github.com/srvrco/getssl/wiki/Example-config-files for example configs
#
CA="https://pebble:14000/dir"
VALIDATE_VIA_DNS=true
DNS_ADD_COMMAND="/getssl/dns_scripts/dns_add_challtestsrv"
DNS_DEL_COMMAND="/getssl/dns_scripts/dns_del_challtestsrv"
DUAL_RSA_ECDSA="true"
ACCOUNT_KEY_TYPE="prime256v1"
PRIVATE_KEY_ALG="prime256v1"
# Additional domains - this could be multiple domains / subdomains in a comma separated list
SANS=""
# Acme Challenge Location. The first line for the domain, the following ones for each additional domain.
ACL=('/var/www/html/.well-known/acme-challenge')
#Set USE_SINGLE_ACL="true" to use a single ACL for all checks
USE_SINGLE_ACL="false"
# Location for all your certs, these can either be on the server (full path name)
# or using ssh /sftp as for the ACL
DOMAIN_CERT_LOCATION="/etc/nginx/pki/server.crt"
DOMAIN_KEY_LOCATION="/etc/nginx/pki/private/server.key"
CA_CERT_LOCATION="/etc/nginx/pki/chain.crt"
DOMAIN_CHAIN_LOCATION="" # this is the domain cert and CA cert
DOMAIN_PEM_LOCATION="" # this is the domain_key, domain cert and CA cert
# The command needed to reload apache / nginx or whatever you use
RELOAD_CMD="cp /getssl/test/test-config/nginx-ubuntu-ssl ${NGINX_CONFIG} && /getssl/test/restart-nginx"
# Define the server type and confirm correct certificate is installed
SERVER_TYPE="https"
CHECK_REMOTE="true"

+ 33
- 0
test/test-config/getssl-http01-dual-rsa-ecdsa.cfg View File

@ -0,0 +1,33 @@
# Uncomment and modify any variables you need
# see https://github.com/srvrco/getssl/wiki/Config-variables for details
# see https://github.com/srvrco/getssl/wiki/Example-config-files for example configs
#
CA="https://pebble:14000/dir"
DUAL_RSA_ECDSA="true"
ACCOUNT_KEY_TYPE="prime256v1"
PRIVATE_KEY_ALG="prime256v1"
# Additional domains - this could be multiple domains / subdomains in a comma separated list
SANS=""
# Acme Challenge Location.
ACL=('/var/www/html/.well-known/acme-challenge')
#Set USE_SINGLE_ACL="true" to use a single ACL for all checks
USE_SINGLE_ACL="false"
# Location for all your certs, these can either be on the server (full path name)
# or using ssh /sftp as for the ACL
DOMAIN_CERT_LOCATION="/etc/nginx/pki/server.crt"
DOMAIN_KEY_LOCATION="/etc/nginx/pki/private/server.key"
CA_CERT_LOCATION="/etc/nginx/pki/chain.crt"
DOMAIN_CHAIN_LOCATION="" # this is the domain cert and CA cert
DOMAIN_PEM_LOCATION="" # this is the domain_key, domain cert and CA cert
# The command needed to reload apache / nginx or whatever you use
RELOAD_CMD="cp /getssl/test/test-config/nginx-ubuntu-ssl ${NGINX_CONFIG} && /getssl/test/restart-nginx"
# Define the server type and confirm correct certificate is installed
SERVER_TYPE="https"
CHECK_REMOTE="true"

Write Preview
Loading…
Cancel
Save