From 5f94d7b36b9c167dfad1c8116717210581ae5abe Mon Sep 17 00:00:00 2001 From: Brennan Kinney <5098581+polarathene@users.noreply.github.com> Date: Mon, 30 Jan 2023 01:40:10 +1300 Subject: [PATCH] tests: `tls_cipherlists` should configure `testssl.sh` to use CA cert (#3037) This doesn't make any difference to the tests performed here (_partly due to `--preference`_). It would make a difference if performing a test for receiving a grade, which would otherwise fail due to chain of trust not being verifiable for a self-signed certificate (_or a signed certificate without a CA public key to verify against_) --- test/tests/parallel/set2/tls/tls_cipherlists.bats | 9 +++++---- 1 file changed, 5 insertions(+), 4 deletions(-) diff --git a/test/tests/parallel/set2/tls/tls_cipherlists.bats b/test/tests/parallel/set2/tls/tls_cipherlists.bats index 0538f94b..de3c6fd8 100644 --- a/test/tests/parallel/set2/tls/tls_cipherlists.bats +++ b/test/tests/parallel/set2/tls/tls_cipherlists.bats @@ -94,15 +94,15 @@ function _configure_and_run_dms_container() { # The remaining args are dependent upon test case vars: CUSTOM_SETUP_ARGUMENTS+=( --env TLS_LEVEL="${TLS_LEVEL}" - --env SSL_CERT_PATH="/config/ssl/cert.${KEY_TYPE}.pem" - --env SSL_KEY_PATH="/config/ssl/key.${KEY_TYPE}.pem" + --env SSL_CERT_PATH="/config/ssl/with_ca/ecdsa/cert.${KEY_TYPE}.pem" + --env SSL_KEY_PATH="/config/ssl/with_ca/ecdsa/key.${KEY_TYPE}.pem" ) if [[ -n ${ALT_KEY_TYPE} ]] then CUSTOM_SETUP_ARGUMENTS+=( - --env SSL_ALT_CERT_PATH="/config/ssl/cert.${ALT_KEY_TYPE}.pem" - --env SSL_ALT_KEY_PATH="/config/ssl/key.${ALT_KEY_TYPE}.pem" + --env SSL_ALT_CERT_PATH="/config/ssl/with_ca/ecdsa/cert.${ALT_KEY_TYPE}.pem" + --env SSL_ALT_KEY_PATH="/config/ssl/with_ca/ecdsa/key.${ALT_KEY_TYPE}.pem" ) fi @@ -161,6 +161,7 @@ function _collect_cipherlists() { # `--user ":"` is a workaround: Avoids `permission denied` write errors for json output, uses `id` to match user uid & gid. run docker run --rm \ + --env ADDTL_CA_FILES="/config/ssl/with_ca/ecdsa/ca-cert.ecdsa.pem" \ --user "$(id -u):$(id -g)" \ --network "${TEST_NETWORK}" \ --volume "${TLS_CONFIG_VOLUME}" \