diff options
| author | Stefan Eissing <icing@apache.org> | 2024-04-08 13:24:18 +0200 |
|---|---|---|
| committer | Stefan Eissing <icing@apache.org> | 2024-04-08 13:24:18 +0200 |
| commit | 8ffa19a1f7eb03b156e6bdbda65b3d2a2de9dfe8 (patch) | |
| tree | d35722cd2abd68e42eaf9ddcc05cf05e8d57b703 /test/modules/md/md_env.py | |
| parent | Fix occasional pytest failures (diff) | |
| download | apache2-8ffa19a1f7eb03b156e6bdbda65b3d2a2de9dfe8.tar.xz apache2-8ffa19a1f7eb03b156e6bdbda65b3d2a2de9dfe8.zip | |
mod_md: update to v2.4.26
- Using OCSP stapling information to trigger certificate renewals. Proposed
by @frasertweedale.
- Added directive `MDCheckInterval` to control how often the server checks
for detected revocations. Added proposals for configurations in the
README.md chapter "Revocations".
- OCSP stapling: accept OCSP responses without a `nextUpdate` entry which is
allowed in RFC 6960. Treat those as having an update interval of 12 hours.
Added by @frasertweedale.
- Adapt OpenSSL usage to changes in their API. By Yann Ylavic.
Test Updates
- workarounds for using Pebble v2.5
- disable EAB tests for Pebble since v2.5 no longer
supports HS256 FWT for EAB keys
- some stability improvemnets in error/warning checks
git-svn-id: https://svn.apache.org/repos/asf/httpd/httpd/trunk@1916861 13f79535-47bb-0310-9956-ffa450edef68
Diffstat (limited to 'test/modules/md/md_env.py')
| -rwxr-xr-x | test/modules/md/md_env.py | 15 |
1 files changed, 10 insertions, 5 deletions
diff --git a/test/modules/md/md_env.py b/test/modules/md/md_env.py index e8e36e5b1b..193651948a 100755 --- a/test/modules/md/md_env.py +++ b/test/modules/md/md_env.py @@ -73,7 +73,11 @@ class MDTestEnv(HttpdTestEnv): @classmethod def has_acme_eab(cls): - return cls.get_acme_server() == 'pebble' + return False + # Pebble, since v2.5.0 no longer supports HS256 for EAB, which + # is the only thing mod_md supports. Issue opened at pebble: + # https://github.com/letsencrypt/pebble/issues/455 + # return cls.get_acme_server() == 'pebble' @classmethod def is_pebble(cls) -> bool: @@ -356,13 +360,14 @@ class MDTestEnv(HttpdTestEnv): MDCertUtil.validate_privkey(self.store_domain_file(domain, 'privkey.pem')) cert = MDCertUtil(self.store_domain_file(domain, 'pubcert.pem')) cert.validate_cert_matches_priv_key(self.store_domain_file(domain, 'privkey.pem')) - # check SANs and CN - assert cert.get_cn() == domain + # No longer check CN, it may not be set or is not trusted anyway + # assert cert.get_cn() == domain, f'CN: expected "{domain}", got {cert.get_cn()}' + # check SANs # compare lists twice in opposite directions: SAN may not respect ordering san_list = list(cert.get_san_list()) assert len(san_list) == len(domains) - assert set(san_list).issubset(domains) - assert set(domains).issubset(san_list) + assert set(san_list).issubset(domains), f'{san_list} not subset of {domains}' + assert set(domains).issubset(san_list), f'{domains} not subset of {san_list}' # check valid dates interval not_before = cert.get_not_before() not_after = cert.get_not_after() |