dnsdist: Add regression tests for IP-only TLS certificates

Signed-off-by: Remi Gacogne <remi.gacogne@powerdns.com>

diff --git a/regression-tests.dnsdist/.gitignore b/regression-tests.dnsdist/.gitignore
index f5c450fbbd4ba282757c0f25cdb356af46f0b186..fb34804195aa95beb01c2765b76d4681ee2627b3 100644 (file)
--- a/regression-tests.dnsdist/.gitignore
+++ b/regression-tests.dnsdist/.gitignore
@@ -29,6 +29,7 @@
 /server-ocsp.p12
 /server-tls.*
 /server.ocsp
+/server-ip-only.*
 /configs
 /dnsdist.log
 /dnsdist_test.conf

diff --git a/regression-tests.dnsdist/Makefile b/regression-tests.dnsdist/Makefile
index e851c8c1492b29530b6cfee82195a45fb55d7cd2..f755d3d845c91bec4039a67855f878176f48a257 100644 (file)
--- a/regression-tests.dnsdist/Makefile
+++ b/regression-tests.dnsdist/Makefile
@@ -27,3 +27,9 @@ certs:
        openssl x509 -req -days 1 -CA ca.pem -CAkey ca.key -CAcreateserial -in server-ec.csr -out server-ec.pem -extfile configServer.conf -extensions v3_req
        # Generate a chain
        cat server-ec.pem ca.pem > server-ec.chain
+       # Generate a new server certificate request (IP-only)
+       openssl req -new -newkey rsa:2048 -nodes -keyout server-ip-only.key -out server-ip-only.csr -config configServer-ip-only.conf
+       # Sign the server cert
+       openssl x509 -req -days 1 -CA ca.pem -CAkey ca.key -CAcreateserial -in server-ip-only.csr -out server-ip-only.pem -extfile configServer-ip-only.conf -extensions v3_req
+       # Generate a chain
+       cat server-ip-only.pem ca.pem > server-ip-only.chain

diff --git a/regression-tests.dnsdist/test_TLS.py b/regression-tests.dnsdist/test_TLS.py
index 8223d28a57e41ea669892938e13f4cd9f3424465..cbf3be16bf2848dcb09c7b999c877243e9d15ad9 100644 (file)
--- a/regression-tests.dnsdist/test_TLS.py
+++ b/regression-tests.dnsdist/test_TLS.py
@@ -272,17 +272,21 @@ class TestOpenSSL(DNSDistTest, TLSTests):
     _serverKey = 'server-tls.key'
     _serverCert = 'server-tls.chain'
     _serverName = 'tls.tests.dnsdist.org'
+    _serverIPOnlyKey = 'server-ip-only.key'
+    _serverIPOnlyCert = 'server-ip-only.chain'
     _caCert = 'ca.pem'
     _tlsServerPort = pickAvailablePort()
+    _tlsServerPort2 = pickAvailablePort()
     _config_template = """
     setKey("%s")
     controlSocket("127.0.0.1:%d")
 
     newServer{address="127.0.0.1:%d"}
     addTLSLocal("127.0.0.1:%d", "%s", "%s", { provider="openssl" })
+    addTLSLocal("127.0.0.1:%d", "%s", "%s", { provider="openssl" })
     addAction(SNIRule("powerdns.com"), SpoofAction("1.2.3.4"))
     """
-    _config_params = ['_consoleKeyB64', '_consolePort', '_testServerPort', '_tlsServerPort', '_serverCert', '_serverKey']
+    _config_params = ['_consoleKeyB64', '_consolePort', '_testServerPort', '_tlsServerPort', '_serverCert', '_serverKey', '_tlsServerPort2', '_serverIPOnlyCert', '_serverIPOnlyKey']
 
     @classmethod
     def setUpClass(cls):
@@ -301,17 +305,21 @@ class TestGnuTLS(DNSDistTest, TLSTests):
     _serverKey = 'server-tls.key'
     _serverCert = 'server-tls.chain'
     _serverName = 'tls.tests.dnsdist.org'
+    _serverIPOnlyKey = 'server-ip-only.key'
+    _serverIPOnlyCert = 'server-ip-only.chain'
     _caCert = 'ca.pem'
     _tlsServerPort = pickAvailablePort()
+    _tlsServerPort2 = pickAvailablePort()
     _config_template = """
     setKey("%s")
     controlSocket("127.0.0.1:%d")
 
     newServer{address="127.0.0.1:%d"}
     addTLSLocal("127.0.0.1:%d", "%s", "%s", { provider="gnutls" })
+    addTLSLocal("127.0.0.1:%d", "%s", "%s", { provider="gnutls" })
     addAction(SNIRule("powerdns.com"), SpoofAction("1.2.3.4"))
     """
-    _config_params = ['_consoleKeyB64', '_consolePort', '_testServerPort', '_tlsServerPort', '_serverCert', '_serverKey']
+    _config_params = ['_consoleKeyB64', '_consolePort', '_testServerPort', '_tlsServerPort', '_serverCert', '_serverKey', '_tlsServerPort2', '_serverIPOnlyCert', '_serverIPOnlyKey']
 
     @classmethod
     def setUpClass(cls):