From: Nick Porter Date: Thu, 12 Jun 2025 07:45:25 +0000 (+0100) Subject: Use separate CRL file for each test X-Git-Url: http://git.ipfire.org/cgi-bin/gitweb.cgi?a=commitdiff_plain;h=59f997dadc21c0dc69fc3c548db47bafdce60f49;p=thirdparty%2Ffreeradius-server.git Use separate CRL file for each test To avoid conflicts when running in parallel --- diff --git a/src/tests/modules/crl/accept.unlang b/src/tests/modules/crl/accept.unlang index cd496660a01..493ab27dac9 100644 --- a/src/tests/modules/crl/accept.unlang +++ b/src/tests/modules/crl/accept.unlang @@ -11,6 +11,8 @@ prepare_cnf create_client_cert +build_crl + read_cert_serial session-state.TLS-Certificate.Serial = %bin(serial) diff --git a/src/tests/modules/crl/module.conf b/src/tests/modules/crl/module.conf index c8a23cb0926..7b7f15e039c 100644 --- a/src/tests/modules/crl/module.conf +++ b/src/tests/modules/crl/module.conf @@ -1,7 +1,7 @@ crl { source { dynamic { - http = %exec_bin('/bin/cat', 'raddb/certs/rsa/ca.crl') + http = %exec_bin('/bin/cat', "$ENV{MODULE_TEST_DIR}/ca%{clientno}.crl") } } ca_file = raddb/certs/rsa/ca.pem diff --git a/src/tests/modules/crl/policy.conf b/src/tests/modules/crl/policy.conf index 3184d67698b..1e8a8f04fb6 100644 --- a/src/tests/modules/crl/policy.conf +++ b/src/tests/modules/crl/policy.conf @@ -29,8 +29,14 @@ create_client_cert { # revoke_client_cert { %exec('/usr/bin/openssl', 'ca', '-config', "$ENV{MODULE_TEST_DIR}/ca%{clientno}.cnf", '-batch', '-revoke', "$ENV{MODULE_TEST_DIR}/client%{clientno}.crt", '-keyfile', "$ENV{top_srcdir}raddb/certs/rsa/ca.key", '-cert', "$ENV{top_srcdir}raddb/certs/rsa/ca.pem", '-passin', 'pass:whatever') - %exec('/usr/bin/openssl', 'ca', '-gencrl', '-keyfile', "$ENV{top_srcdir}raddb/certs/rsa/ca.key", '-cert', "$ENV{top_srcdir}raddb/certs/rsa/ca.pem", '-config', "$ENV{MODULE_TEST_DIR}/ca%{clientno}.cnf", '-out', "$ENV{top_srcdir}raddb/certs/rsa/ca-crl.pem", '-key', 'whatever') - %exec('/usr/bin/openssl', 'crl', '-in', "$ENV{top_srcdir}raddb/certs/rsa/ca-crl.pem", '-outform', 'DER', '-out', "$ENV{top_srcdir}raddb/certs/rsa/ca.crl") +} + +# +# Build the CRL +# +build_crl { + %exec('/usr/bin/openssl', 'ca', '-gencrl', '-keyfile', "$ENV{top_srcdir}raddb/certs/rsa/ca.key", '-cert', "$ENV{top_srcdir}raddb/certs/rsa/ca.pem", '-config', "$ENV{MODULE_TEST_DIR}/ca%{clientno}.cnf", '-out', "$ENV{MODULE_TEST_DIR}/ca-crl%{clientno}.pem", '-key', 'whatever') + %exec('/usr/bin/openssl', 'crl', '-in', "$ENV{MODULE_TEST_DIR}/ca-crl%{clientno}.pem", '-outform', 'DER', '-out', "$ENV{MODULE_TEST_DIR}/ca%{clientno}.crl") } # diff --git a/src/tests/modules/crl/reject.unlang b/src/tests/modules/crl/reject.unlang index 54d7b7014b6..1c2fe7b9e30 100644 --- a/src/tests/modules/crl/reject.unlang +++ b/src/tests/modules/crl/reject.unlang @@ -13,6 +13,8 @@ create_client_cert revoke_client_cert +build_crl + read_cert_serial session-state.TLS-Certificate.Serial = %bin(serial) diff --git a/src/tests/modules/crl/reload.unlang b/src/tests/modules/crl/reload.unlang index 709cd23121b..0336ca88156 100644 --- a/src/tests/modules/crl/reload.unlang +++ b/src/tests/modules/crl/reload.unlang @@ -11,6 +11,8 @@ prepare_cnf create_client_cert +build_crl + read_cert_serial session-state.TLS-Certificate.Serial = %bin(serial) @@ -35,6 +37,8 @@ if (!ok) { # revoke_client_cert +build_crl + crl { reject = 1 }