/acl-notify.list.yml
/acl.list.yml
/recursor.yml
+/rec-api.d
+/ca.key
+/ca.pem
+/ca.srl
+/server.chain
+/server.csr
+/server.key
+/server.pem
+/server.p12
--- /dev/null
+clean-certs:
+ rm -f ca.key ca.pem ca.srl server.csr server.key server.pem server.chain server.ocsp
+clean-configs:
+ rm -rf configs/*
+certs:
+ # Generate a new CA
+ openssl req -new -x509 -days 1 -extensions v3_ca -keyout ca.key -out ca.pem -nodes -config configCA.conf
+ # Generate a new server certificate request
+ openssl req -new -newkey rsa:2048 -nodes -keyout server.key -out server.csr -config configServer.conf
+ # Sign the server cert
+ openssl x509 -req -days 1 -CA ca.pem -CAkey ca.key -CAcreateserial -in server.csr -out server.pem -extfile configServer.conf -extensions v3_req
+ # Generate a chain
+ cat server.pem ca.pem > server.chain
+ # Generate a password-protected PKCS12 file
+ openssl pkcs12 -export -passout pass:passw0rd -clcerts -in server.pem -CAfile ca.pem -inkey server.key -out server.p12
--- /dev/null
+[req]
+default_bits = 2048
+encrypt_key = no
+prompt = no
+distinguished_name = distinguished_name
+
+[v3_ca]
+subjectKeyIdentifier = hash
+authorityKeyIdentifier = keyid:always,issuer:always
+basicConstraints = critical, CA:true
+keyUsage = critical, cRLSign, keyCertSign
+
+[distinguished_name]
+CN = PowerDNS Recursor TLS regression tests CA
+OU = PowerDNS.com BV
+countryName = NL
+
+[CA_default]
+copy_extensions = copy
--- /dev/null
+[req]
+default_bits = 2048
+encrypt_key = no
+prompt = no
+distinguished_name = server_distinguished_name
+req_extensions = v3_req
+
+[server_distinguished_name]
+CN = tls.tests.powerdns.com
+OU = PowerDNS.com BV
+countryName = NL
+
+[v3_req]
+basicConstraints = CA:FALSE
+keyUsage = nonRepudiation, digitalSignature, keyEncipherment
+subjectAltName = @alt_names
+
+[alt_names]
+DNS.1 = tls.tests.powerdns.com
+DNS.2 = powerdns.com
+IP.3 = 127.0.0.1
pip install -U pip wheel | cat
pip install -r requirements.txt | cat
+make clean-certs
+make certs
+
if [ -z "${SDIG}" ]; then
export SDIG=$(type -P sdig)
fi
allow_from_file: acl.list.yml
allow_notify_from_file: acl-notify.list.yml
webservice:
+ webserver: true
api_dir: %(api_dir)s
+ listen:
+ - addresses: [ 127.0.0.1:"""+str(WEBPORT)+""" ]
+ tls:
+ certificate: server.chain
+ key: server.key
+ api_key: """+APIKEY+"""
+ password: """+WEBPASSWORD+"""
recursor:
include_dir: %(conf_dir)s
devonly_regression_test_mode: true
"--webserver-password="+WEBPASSWORD,
"--api-key="+APIKEY
]
+rec_args = [
+ "--daemon=no", "--socket-dir=.", "--config-dir=.",
+ "--local-address=127.0.0.1", "--local-port="+str(DNSPORT),
+]
# Take sdig if it exists (recursor in travis), otherwise build it from Authoritative source.
sdig = os.environ.get("SDIG", "")
with open(conf_dir+'/example.com.yml', 'w') as conf_file:
conf_file.write(REC_EXAMPLE_COM_CONF_TPL)
- servercmd = [pdns_recursor] + common_args
+ servercmd = [pdns_recursor] + rec_args
# Now run pdns and the tests.
time.sleep(1)
for try_number in range(0, 10):
try:
- res = requests.get('http://127.0.0.1:%s/' % WEBPORT)
+ if daemon == 'authoritative':
+ res = requests.get('http://127.0.0.1:%s/' % WEBPORT)
+ else:
+ res = requests.get('https://127.0.0.1:%s/' % WEBPORT, verify=False)
available = True
break
except HTTPError as http_err:
class TestBasics(ApiTestCase):
def test_unauth(self):
- r = requests.get(self.url("/api/v1/servers/localhost"))
+ r = requests.get(self.url("/api/v1/servers/localhost"), verify=False)
self.assertEqual(r.status_code, requests.codes.unauthorized)
def test_index_html(self):
- r = requests.get(self.url("/"), auth=('admin', self.server_web_password))
+ r = requests.get(self.url("/"), auth=('admin', self.server_web_password), verify=False)
self.assertEqual(r.status_code, requests.codes.ok)
def test_split_request(self):
@unittest.skipIf(is_auth(), "Not applicable")
def test_read_statistics_using_password(self):
- r = requests.get(self.url("/api/v1/servers/localhost/statistics"), auth=('admin', self.server_web_password))
+ r = requests.get(self.url("/api/v1/servers/localhost/statistics"), auth=('admin', self.server_web_password), verify=False)
self.assertEqual(r.status_code, requests.codes.ok)
self.assert_success_json(r)
self.server_web_password = os.environ.get('WEBPASSWORD', 'MISSING')
self.session = requests.Session()
self.session.headers = {'X-API-Key': os.environ.get('APIKEY', 'changeme-key'), 'Origin': 'http://%s:%s' % (self.server_address, self.server_port)}
+ if is_recursor():
+ self.server_url = 'https://%s:%s/' % (self.server_address, self.server_port)
+ self.session.verify = False
def url(self, relative_url):
return urljoin(self.server_url, relative_url)
/server.key
/server.pem
/server.p12
-
projects / thirdparty / pdns.git / commitdiff
