REGTESTS: jwt: create dynamically "cert.ecdsa.pem"

Stop declaring "cert.ecdsa.pem" in a crt-store, and add it dynamically
over the stats socket insted.

This way we fully verify a JWS signature with a certificate which never
existed at HAProxy startup.

diff --git a/reg-tests/jwt/jws_verify.vtc b/reg-tests/jwt/jws_verify.vtc
index ca367e3be94afd6230263ef15740cf64b35db243..3e7b349e677aada9930c9be8e5c6f9bcd3b4cec6 100644 (file)
--- a/reg-tests/jwt/jws_verify.vtc
+++ b/reg-tests/jwt/jws_verify.vtc
@@ -49,10 +49,6 @@ haproxy h1 -conf {
         use_backend auth_bearer_be if { path /auth_bearer }
         default_backend dflt_be
 
-    # Unnamed crt-store
-    crt-store
-        load crt "${testdir}/cert.ecdsa.pem"
-
     crt-store named_store
         load crt "${testdir}/cert.rsa.pem"
 
@@ -268,6 +264,11 @@ client c8 -connect ${h1_mainfe_sock} {
 } -run
 
 
+shell {
+    echo "new ssl cert ${testdir}/cert.ecdsa.pem" | socat "${tmpdir}/h1/stats" -
+    printf "set ssl cert ${testdir}/cert.ecdsa.pem <<\n$(cat ${testdir}/cert.ecdsa.pem)\n\n" | socat "${tmpdir}/h1/stats" -
+    echo "commit ssl cert ${testdir}/cert.ecdsa.pem" | socat "${tmpdir}/h1/stats" -
+}
 
 client c9 -connect ${h1_mainfe_sock} {
     # Token content : {"alg":"ES256","typ":"JWT"}