diff options
| author | Stefan Eissing <icing@apache.org> | 2024-04-08 13:24:18 +0200 |
|---|---|---|
| committer | Stefan Eissing <icing@apache.org> | 2024-04-08 13:24:18 +0200 |
| commit | 8ffa19a1f7eb03b156e6bdbda65b3d2a2de9dfe8 (patch) | |
| tree | d35722cd2abd68e42eaf9ddcc05cf05e8d57b703 /test | |
| parent | Fix occasional pytest failures (diff) | |
| download | apache2-8ffa19a1f7eb03b156e6bdbda65b3d2a2de9dfe8.tar.xz apache2-8ffa19a1f7eb03b156e6bdbda65b3d2a2de9dfe8.zip | |
mod_md: update to v2.4.26
- Using OCSP stapling information to trigger certificate renewals. Proposed
by @frasertweedale.
- Added directive `MDCheckInterval` to control how often the server checks
for detected revocations. Added proposals for configurations in the
README.md chapter "Revocations".
- OCSP stapling: accept OCSP responses without a `nextUpdate` entry which is
allowed in RFC 6960. Treat those as having an update interval of 12 hours.
Added by @frasertweedale.
- Adapt OpenSSL usage to changes in their API. By Yann Ylavic.
Test Updates
- workarounds for using Pebble v2.5
- disable EAB tests for Pebble since v2.5 no longer
supports HS256 FWT for EAB keys
- some stability improvemnets in error/warning checks
git-svn-id: https://svn.apache.org/repos/asf/httpd/httpd/trunk@1916861 13f79535-47bb-0310-9956-ffa450edef68
Diffstat (limited to 'test')
| -rwxr-xr-x | test/modules/md/conftest.py | 3 | ||||
| -rwxr-xr-x | test/modules/md/md_cert_util.py | 4 | ||||
| -rwxr-xr-x | test/modules/md/md_env.py | 15 | ||||
| -rw-r--r-- | test/modules/md/test_300_conf_validate.py | 31 | ||||
| -rw-r--r-- | test/modules/md/test_310_conf_store.py | 220 | ||||
| -rw-r--r-- | test/modules/md/test_502_acmev2_drive.py | 10 | ||||
| -rw-r--r-- | test/modules/md/test_602_roundtrip.py | 16 | ||||
| -rw-r--r-- | test/modules/md/test_750_eab.py | 21 |
8 files changed, 53 insertions, 267 deletions
diff --git a/test/modules/md/conftest.py b/test/modules/md/conftest.py index 192cd31a80..0118de5e13 100755 --- a/test/modules/md/conftest.py +++ b/test/modules/md/conftest.py @@ -32,7 +32,8 @@ def env(pytestconfig) -> MDTestEnv: env.setup_httpd() env.apache_access_log_clear() env.httpd_error_log.clear_log() - return env + yield env + env.apache_stop() @pytest.fixture(autouse=True, scope="package") diff --git a/test/modules/md/md_cert_util.py b/test/modules/md/md_cert_util.py index 8cd99aa76f..abcd36b938 100755 --- a/test/modules/md/md_cert_util.py +++ b/test/modules/md/md_cert_util.py @@ -166,10 +166,10 @@ class MDCertUtil(object): def get_san_list(self): text = OpenSSL.crypto.dump_certificate(OpenSSL.crypto.FILETYPE_TEXT, self.cert).decode("utf-8") - m = re.search(r"X509v3 Subject Alternative Name:\s*(.*)", text) + m = re.search(r"X509v3 Subject Alternative Name:(\s+critical)?\s*(.*)", text) sans_list = [] if m: - sans_list = m.group(1).split(",") + sans_list = m.group(2).split(",") def _strip_prefix(s): return s.split(":")[1] if s.strip().startswith("DNS:") else s.strip() diff --git a/test/modules/md/md_env.py b/test/modules/md/md_env.py index e8e36e5b1b..193651948a 100755 --- a/test/modules/md/md_env.py +++ b/test/modules/md/md_env.py @@ -73,7 +73,11 @@ class MDTestEnv(HttpdTestEnv): @classmethod def has_acme_eab(cls): - return cls.get_acme_server() == 'pebble' + return False + # Pebble, since v2.5.0 no longer supports HS256 for EAB, which + # is the only thing mod_md supports. Issue opened at pebble: + # https://github.com/letsencrypt/pebble/issues/455 + # return cls.get_acme_server() == 'pebble' @classmethod def is_pebble(cls) -> bool: @@ -356,13 +360,14 @@ class MDTestEnv(HttpdTestEnv): MDCertUtil.validate_privkey(self.store_domain_file(domain, 'privkey.pem')) cert = MDCertUtil(self.store_domain_file(domain, 'pubcert.pem')) cert.validate_cert_matches_priv_key(self.store_domain_file(domain, 'privkey.pem')) - # check SANs and CN - assert cert.get_cn() == domain + # No longer check CN, it may not be set or is not trusted anyway + # assert cert.get_cn() == domain, f'CN: expected "{domain}", got {cert.get_cn()}' + # check SANs # compare lists twice in opposite directions: SAN may not respect ordering san_list = list(cert.get_san_list()) assert len(san_list) == len(domains) - assert set(san_list).issubset(domains) - assert set(domains).issubset(san_list) + assert set(san_list).issubset(domains), f'{san_list} not subset of {domains}' + assert set(domains).issubset(san_list), f'{domains} not subset of {san_list}' # check valid dates interval not_before = cert.get_not_before() not_after = cert.get_not_after() diff --git a/test/modules/md/test_300_conf_validate.py b/test/modules/md/test_300_conf_validate.py index f73bf67999..88df168341 100644 --- a/test/modules/md/test_300_conf_validate.py +++ b/test/modules/md/test_300_conf_validate.py @@ -15,7 +15,8 @@ from .md_env import MDTestEnv class TestConf: @pytest.fixture(autouse=True, scope='class') - def _class_scope(self, env): + def _class_scope(self, env, acme): + acme.start(config='default') env.clear_store() # test case: just one MDomain definition @@ -413,7 +414,7 @@ class TestConf: def test_md_300_026(self, env): assert env.apache_stop() == 0 conf = MDConf(env) - domain = f"t300_026.{env.http_tld}" + domain = f"t300-026.{env.http_tld}" conf.add(f""" MDomain {domain} """) @@ -460,11 +461,12 @@ class TestConf: def test_md_300_028(self, env): assert env.apache_stop() == 0 conf = MDConf(env) - domaina = f"t300_028a.{env.http_tld}" - domainb = f"t300_028b.{env.http_tld}" - dalias = f"t300_028alias.{env.http_tld}" + domaina = f"t300-028a.{env.http_tld}" + domainb = f"t300-028b.{env.http_tld}" + dalias = f"t300-028alias.{env.http_tld}" conf.add_vhost(port=env.http_port, domains=[domaina, domainb, dalias], with_ssl=False) conf.add(f""" + MDMembers manual MDomain {domaina} MDomain {domainb} {dalias} """) @@ -481,23 +483,28 @@ class TestConf: </VirtualHost> """) conf.install() - # This does not work as we have both MDs match domaina's vhost + # This does not work as we have both MDs match domain's vhost assert env.apache_fail() == 0 env.httpd_error_log.ignore_recent( - lognos = [ - "AH10238" # 2 MDs match the same vhost + lognos=[ + "AH10238", # 2 MDs match the same vhost ] ) # It works, if we only match on ServerNames conf.add("MDMatchNames servernames") conf.install() assert env.apache_restart() == 0 + env.httpd_error_log.ignore_recent( + lognos=[ + "AH10040", # ServerAlias not covered + ] + ) # wildcard and specfic MD overlaps def test_md_300_029(self, env): assert env.apache_stop() == 0 conf = MDConf(env) - domain = f"t300_029.{env.http_tld}" + domain = f"t300-029.{env.http_tld}" subdomain = f"sub.{domain}" conf.add_vhost(port=env.http_port, domains=[domain, subdomain], with_ssl=False) conf.add(f""" @@ -531,4 +538,10 @@ class TestConf: conf.add("MDMatchNames servernames") conf.install() assert env.apache_restart() == 0 + time.sleep(2) + assert env.apache_stop() == 0 + # we need dns-01 challenge for the wildcard, which is not configured + env.httpd_error_log.ignore_recent(matches=[ + r'.*None of offered challenge types.*are supported.*' + ]) diff --git a/test/modules/md/test_310_conf_store.py b/test/modules/md/test_310_conf_store.py index d56790bb1f..f2bb9c723a 100644 --- a/test/modules/md/test_310_conf_store.py +++ b/test/modules/md/test_310_conf_store.py @@ -48,11 +48,6 @@ class TestConf: assert env.apache_restart() == 0 for i in range(0, len(dns_lists)): env.check_md(dns_lists[i], state=1) - env.httpd_error_log.ignore_recent( - lognos = [ - "AH10045" # No VirtualHost matches Managed Domain - ] - ) # test case: add managed domains as separate steps def test_md_310_101(self, env): @@ -68,11 +63,6 @@ class TestConf: assert env.apache_restart() == 0 env.check_md(["testdomain.org", "www.testdomain.org", "mail.testdomain.org"], state=1) env.check_md(["testdomain2.org", "www.testdomain2.org", "mail.testdomain2.org"], state=1) - env.httpd_error_log.ignore_recent( - lognos = [ - "AH10045" # No VirtualHost matches Managed Domain - ] - ) # test case: add dns to existing md def test_md_310_102(self, env): @@ -82,11 +72,6 @@ class TestConf: """).install() assert env.apache_restart() == 0 env.check_md(["testdomain.org", "www.testdomain.org", "mail.testdomain.org"], state=1) - env.httpd_error_log.ignore_recent( - lognos = [ - "AH10045" # No VirtualHost matches Managed Domain - ] - ) # test case: add new md definition with acme url, acme protocol, acme agreement def test_md_310_103(self, env): @@ -102,11 +87,6 @@ class TestConf: env.check_md([name, "www.testdomain.org", "mail.testdomain.org"], state=1, ca="http://acme.test.org:4000/directory", protocol="ACME", agreement="http://acme.test.org:4000/terms/v1") - env.httpd_error_log.ignore_recent( - lognos = [ - "AH10045" # No VirtualHost matches Managed Domain - ] - ) # test case: add to existing md: acme url, acme protocol def test_md_310_104(self, env): @@ -128,11 +108,6 @@ class TestConf: env.check_md([name, "www.testdomain.org", "mail.testdomain.org"], state=1, ca="http://acme.test.org:4000/directory", protocol="ACME", agreement="http://acme.test.org:4000/terms/v1") - env.httpd_error_log.ignore_recent( - lognos = [ - "AH10045" # No VirtualHost matches Managed Domain - ] - ) # test case: add new md definition with server admin def test_md_310_105(self, env): @@ -143,11 +118,6 @@ class TestConf: name = "testdomain.org" env.check_md([name, "www.testdomain.org", "mail.testdomain.org"], state=1, contacts=["mailto:admin@testdomain.org"]) - env.httpd_error_log.ignore_recent( - lognos = [ - "AH10045" # No VirtualHost matches Managed Domain - ] - ) # test case: add to existing md: server admin def test_md_310_106(self, env): @@ -159,11 +129,6 @@ class TestConf: assert env.apache_restart() == 0 env.check_md([name, "www.testdomain.org", "mail.testdomain.org"], state=1, contacts=["mailto:admin@testdomain.org"]) - env.httpd_error_log.ignore_recent( - lognos = [ - "AH10045" # No VirtualHost matches Managed Domain - ] - ) # test case: assign separate contact info based on VirtualHost def test_md_310_107(self, env): @@ -196,11 +161,6 @@ class TestConf: """).install() assert env.apache_restart() == 0 env.check_md(["testdomain.org", "www.testdomain.org", "mail.testdomain.org"], state=1) - env.httpd_error_log.ignore_recent( - lognos = [ - "AH10045" # No VirtualHost matches Managed Domain - ] - ) # test case: default drive mode - auto def test_md_310_109(self, env): @@ -209,11 +169,6 @@ class TestConf: """).install() assert env.apache_restart() == 0 assert env.a2md(["list"]).json['output'][0]['renew-mode'] == 1 - env.httpd_error_log.ignore_recent( - lognos = [ - "AH10045" # No VirtualHost matches Managed Domain - ] - ) # test case: drive mode manual def test_md_310_110(self, env): @@ -223,11 +178,6 @@ class TestConf: """).install() assert env.apache_restart() == 0 assert env.a2md(["list"]).json['output'][0]['renew-mode'] == 0 - env.httpd_error_log.ignore_recent( - lognos = [ - "AH10045" # No VirtualHost matches Managed Domain - ] - ) # test case: drive mode auto def test_md_310_111(self, env): @@ -237,11 +187,6 @@ class TestConf: """).install() assert env.apache_restart() == 0 assert env.a2md(["list"]).json['output'][0]['renew-mode'] == 1 - env.httpd_error_log.ignore_recent( - lognos = [ - "AH10045" # No VirtualHost matches Managed Domain - ] - ) # test case: drive mode always def test_md_310_112(self, env): @@ -260,11 +205,6 @@ class TestConf: """).install() assert env.apache_restart() == 0 assert env.a2md(["list"]).json['output'][0]['renew-window'] == '14d' - env.httpd_error_log.ignore_recent( - lognos = [ - "AH10045" # No VirtualHost matches Managed Domain - ] - ) # test case: renew window - 10 percent def test_md_310_113b(self, env): @@ -274,12 +214,7 @@ class TestConf: """).install() assert env.apache_restart() == 0 assert env.a2md(["list"]).json['output'][0]['renew-window'] == '10%' - env.httpd_error_log.ignore_recent( - lognos = [ - "AH10045" # No VirtualHost matches Managed Domain - ] - ) - + # test case: ca challenge type - http-01 def test_md_310_114(self, env): MDConf(env, text=""" @@ -288,11 +223,6 @@ class TestConf: """).install() assert env.apache_restart() == 0 assert env.a2md(["list"]).json['output'][0]['ca']['challenges'] == ['http-01'] - env.httpd_error_log.ignore_recent( - lognos = [ - "AH10045" # No VirtualHost matches Managed Domain - ] - ) # test case: ca challenge type - http-01 def test_md_310_115(self, env): @@ -302,11 +232,6 @@ class TestConf: """).install() assert env.apache_restart() == 0 assert env.a2md(["list"]).json['output'][0]['ca']['challenges'] == ['tls-alpn-01'] - env.httpd_error_log.ignore_recent( - lognos = [ - "AH10045" # No VirtualHost matches Managed Domain - ] - ) # test case: ca challenge type - all def test_md_310_116(self, env): @@ -316,11 +241,6 @@ class TestConf: """).install() assert env.apache_restart() == 0 assert env.a2md(["list"]).json['output'][0]['ca']['challenges'] == ['http-01', 'tls-alpn-01'] - env.httpd_error_log.ignore_recent( - lognos = [ - "AH10045" # No VirtualHost matches Managed Domain - ] - ) # test case: automatically collect md names from vhost config def test_md_310_117(self, env): @@ -349,11 +269,6 @@ class TestConf: assert env.apache_restart() == 0 stat = env.get_md_status("testdomain.org") assert stat['renew-window'] == '14d' - env.httpd_error_log.ignore_recent( - lognos = [ - "AH10045" # No VirtualHost matches Managed Domain - ] - ) # test case: set RSA key length 2048 def test_md_310_119(self, env): @@ -366,11 +281,6 @@ class TestConf: "type": "RSA", "bits": 2048 } - env.httpd_error_log.ignore_recent( - lognos = [ - "AH10045" # No VirtualHost matches Managed Domain - ] - ) # test case: set RSA key length 4096 def test_md_310_120(self, env): @@ -383,11 +293,6 @@ class TestConf: "type": "RSA", "bits": 4096 } - env.httpd_error_log.ignore_recent( - lognos = [ - "AH10045" # No VirtualHost matches Managed Domain - ] - ) # test case: require HTTPS def test_md_310_121(self, env): @@ -397,12 +302,6 @@ class TestConf: """).install() assert env.apache_restart() == 0 assert env.a2md(["list"]).json['output'][0]['require-https'] == "temporary" - env.httpd_error_log.ignore_recent( - lognos = [ - "AH10045", # No VirtualHost matches Managed Domain - "AH10105" # no domain match - ] - ) # test case: require OCSP stapling def test_md_310_122(self, env): @@ -412,11 +311,6 @@ class TestConf: """).install() assert env.apache_restart() == 0 assert env.a2md(["list"]).json['output'][0]['must-staple'] is True - env.httpd_error_log.ignore_recent( - lognos = [ - "AH10045" # No VirtualHost matches Managed Domain - ] - ) # test case: remove managed domain from config def test_md_310_200(self, env): @@ -440,11 +334,6 @@ class TestConf: assert env.apache_restart() == 0 # check: DNS has been removed from md in store env.check_md(["testdomain.org", "www.testdomain.org", "mail.testdomain.org"], state=1) - env.httpd_error_log.ignore_recent( - lognos = [ - "AH10045" # No VirtualHost matches Managed Domain - ] - ) # test case: remove primary name from managed domain def test_md_310_202(self, env): @@ -458,11 +347,6 @@ class TestConf: # check: md overwrite previous name and changes name env.check_md(["testdomain.org", "www.testdomain.org", "mail.testdomain.org"], md="testdomain.org", state=1) - env.httpd_error_log.ignore_recent( - lognos = [ - "AH10045" # No VirtualHost matches Managed Domain - ] - ) # test case: remove one md, keep another def test_md_310_203(self, env): @@ -479,11 +363,6 @@ class TestConf: # all mds stay in store env.check_md(dns_list1, state=1) env.check_md(dns_list2, state=1) - env.httpd_error_log.ignore_recent( - lognos = [ - "AH10045" # No VirtualHost matches Managed Domain - ] - ) # test case: remove ca info from md, should switch over to new defaults def test_md_310_204(self, env): @@ -503,11 +382,6 @@ class TestConf: assert env.apache_restart() == 0 env.check_md([name, "www.testdomain.org", "mail.testdomain.org"], state=1, ca="https://acme-v02.api.letsencrypt.org/directory", protocol="ACME") - env.httpd_error_log.ignore_recent( - lognos = [ - "AH10045" # No VirtualHost matches Managed Domain - ] - ) # test case: remove server admin from md def test_md_310_205(self, env): @@ -524,11 +398,6 @@ class TestConf: # check: md stays the same with previous admin info env.check_md([name, "www.testdomain.org", "mail.testdomain.org"], state=1, contacts=["mailto:admin@testdomain.org"]) - env.httpd_error_log.ignore_recent( - lognos = [ - "AH10045" # No VirtualHost matches Managed Domain - ] - ) # test case: remove renew window from conf -> fallback to default def test_md_310_206(self, env): @@ -544,11 +413,6 @@ class TestConf: assert env.apache_restart() == 0 # check: renew window not set assert env.a2md(["list"]).json['output'][0]['renew-window'] == '33%' - env.httpd_error_log.ignore_recent( - lognos = [ - "AH10045" # No VirtualHost matches Managed Domain - ] - ) # test case: remove drive mode from conf -> fallback to default (auto) @pytest.mark.parametrize("renew_mode,exp_code", [ @@ -569,11 +433,6 @@ class TestConf: """).install() assert env.apache_restart() == 0 assert env.a2md(["list"]).json['output'][0]['renew-mode'] == 1 - env.httpd_error_log.ignore_recent( - lognos = [ - "AH10045" # No VirtualHost matches Managed Domain - ] - ) # test case: remove challenges from conf -> fallback to default (not set) def test_md_310_208(self, env): @@ -589,11 +448,6 @@ class TestConf: """).install() assert env.apache_restart() == 0 assert 'challenges' not in env.a2md(["list"]).json['output'][0]['ca'] - env.httpd_error_log.ignore_recent( - lognos = [ - "AH10045" # No VirtualHost matches Managed Domain - ] - ) # test case: specify RSA key @pytest.mark.parametrize("key_size", ["2048", "4096"]) @@ -610,11 +464,6 @@ class TestConf: """).install() assert env.apache_restart() == 0 assert "privkey" not in env.a2md(["list"]).json['output'][0] - env.httpd_error_log.ignore_recent( - lognos = [ - "AH10045" # No VirtualHost matches Managed Domain - ] - ) # test case: require HTTPS @pytest.mark.parametrize("mode", ["temporary", "permanent"]) @@ -635,12 +484,6 @@ class TestConf: assert env.apache_restart() == 0 assert "require-https" not in env.a2md(["list"]).json['output'][0], \ "HTTPS require still persisted in store. config: {}".format(mode) - env.httpd_error_log.ignore_recent( - lognos = [ - "AH10045", # No VirtualHost matches Managed Domain - "AH10105", # MDomain does not match any vhost - ] - ) # test case: require OCSP stapling def test_md_310_211(self, env): @@ -656,11 +499,6 @@ class TestConf: """).install() assert env.apache_restart() == 0 assert env.a2md(["list"]).json['output'][0]['must-staple'] is False - env.httpd_error_log.ignore_recent( - lognos = [ - "AH10045" # No VirtualHost matches Managed Domain - ] - ) # test case: reorder DNS names in md definition def test_md_310_300(self, env): @@ -673,11 +511,6 @@ class TestConf: assert env.apache_restart() == 0 # check: dns list changes env.check_md(["testdomain.org", "www.testdomain.org", "mail.testdomain.org"], state=1) - env.httpd_error_log.ignore_recent( - lognos = [ - "AH10045" # No VirtualHost matches Managed Domain - ] - ) # test case: move DNS from one md to another def test_md_310_301(self, env): @@ -693,11 +526,6 @@ class TestConf: assert env.apache_restart() == 0 env.check_md(["testdomain.org", "www.testdomain.org", "mail.testdomain.org"], state=1) env.check_md(["testdomain2.org", "www.testdomain2.org", "mail.testdomain2.org"], state=1) - env.httpd_error_log.ignore_recent( - lognos = [ - "AH10045" # No VirtualHost matches Managed Domain - ] - ) # test case: change ca info def test_md_310_302(self, env): @@ -724,11 +552,6 @@ class TestConf: env.check_md([name, "www.testdomain.org", "mail.testdomain.org"], state=1, ca="http://somewhere.com:6666/directory", protocol="ACME", agreement="http://somewhere.com:6666/terms/v1") - env.httpd_error_log.ignore_recent( - lognos = [ - "AH10045" # No VirtualHost matches Managed Domain - ] - ) # test case: change server admin def test_md_310_303(self, env): @@ -749,11 +572,6 @@ class TestConf: # check: md stays the same with previous admin info env.check_md([name, "www.testdomain.org", "mail.testdomain.org"], state=1, contacts=["mailto:webmaster@testdomain.org"]) - env.httpd_error_log.ignore_recent( - lognos = [ - "AH10045" # No VirtualHost matches Managed Domain - ] - ) # test case: change drive mode - manual -> auto -> always def test_md_310_304(self, env): @@ -777,11 +595,6 @@ class TestConf: """).install() assert env.apache_restart() == 0 assert env.a2md(["list"]).json['output'][0]['renew-mode'] == 2 - env.httpd_error_log.ignore_recent( - lognos = [ - "AH10045" # No VirtualHost matches Managed Domain - ] - ) # test case: change config value for renew window, use various syntax alternatives def test_md_310_305(self, env): @@ -806,11 +619,6 @@ class TestConf: assert env.apache_restart() == 0 md = env.a2md(["list"]).json['output'][0] assert md['renew-window'] == '10%' - env.httpd_error_log.ignore_recent( - lognos = [ - "AH10045" # No VirtualHost matches Managed Domain - ] - ) # test case: change challenge types - http -> tls-sni -> all def test_md_310_306(self, env): @@ -834,11 +642,6 @@ class TestConf: """).install() assert env.apache_restart() == 0 assert env.a2md(["list"]).json['output'][0]['ca']['challenges'] == ['http-01', 'tls-alpn-01'] - env.httpd_error_log.ignore_recent( - lognos = [ - "AH10045" # No VirtualHost matches Managed Domain - ] - ) # test case: RSA key length: 4096 -> 2048 -> 4096 def test_md_310_307(self, env): @@ -869,11 +672,6 @@ class TestConf: "type": "RSA", "bits": 4096 } - env.httpd_error_log.ignore_recent( - lognos = [ - "AH10045" # No VirtualHost matches Managed Domain - ] - ) # test case: change HTTPS require settings on existing md def test_md_310_308(self, env): @@ -899,12 +697,6 @@ class TestConf: """).install() assert env.apache_restart() == 0 assert env.a2md(["list"]).json['output'][0]['require-https'] == "permanent" - env.httpd_error_log.ignore_recent( - lognos = [ - "AH10045", # No VirtualHost matches Managed Domain - "AH10105", # MDomain matches no vhost - ] - ) # test case: change OCSP stapling settings on existing md def test_md_310_309(self, env): @@ -928,11 +720,6 @@ class TestConf: """).install() assert env.apache_restart() == 0 assert env.a2md(["list"]).json['output'][0]['must-staple'] is False - env.httpd_error_log.ignore_recent( - lognos = [ - "AH10045" # No VirtualHost matches Managed Domain - ] - ) # test case: change renew window parameter @pytest.mark.parametrize("window", [ @@ -1005,11 +792,6 @@ class TestConf: env.check_md(["testdomain.org", "www.testdomain.org", "mail.testdomain.org"], state=1) env.clear_store() env.set_store_dir_default() - env.httpd_error_log.ignore_recent( - lognos = [ - "AH10045" # No VirtualHost matches Managed Domain - ] - ) # test case: place an unexpected file into the store, check startup survival, see #218 def test_md_310_501(self, env): diff --git a/test/modules/md/test_502_acmev2_drive.py b/test/modules/md/test_502_acmev2_drive.py index a98e4ad97c..eb754f25ef 100644 --- a/test/modules/md/test_502_acmev2_drive.py +++ b/test/modules/md/test_502_acmev2_drive.py @@ -436,11 +436,6 @@ class TestDrivev2: md = env.a2md(["list", name]).json['output'][0] assert md["renew"] == tc["renew"], \ "Expected renew == {} indicator in {}, test case {}".format(tc["renew"], md, tc) - env.httpd_error_log.ignore_recent( - lognos = [ - "AH10045" # No VirtualHost matches Managed Domain - ] - ) @pytest.mark.parametrize("key_type,key_params,exp_key_length", [ ("RSA", [2048], 2048), @@ -467,11 +462,6 @@ class TestDrivev2: # check cert key length cert = MDCertUtil(env.store_domain_file(name, 'pubcert.pem')) assert cert.get_key_length() == exp_key_length - env.httpd_error_log.ignore_recent( - lognos = [ - "AH10045" # No VirtualHost matches Managed Domain - ] - ) # test_502_203 removed, as ToS agreement is not really checked in ACMEv2 diff --git a/test/modules/md/test_602_roundtrip.py b/test/modules/md/test_602_roundtrip.py index e2e74c7d81..9ff87e5df7 100644 --- a/test/modules/md/test_602_roundtrip.py +++ b/test/modules/md/test_602_roundtrip.py @@ -52,13 +52,9 @@ class TestRoundtripv2: # check: SSL is running OK cert = env.get_cert(domain) assert domain in cert.get_san_list() + # check file system permissions: env.check_file_permissions(domain) - env.httpd_error_log.ignore_recent( - lognos = [ - "AH10045" # No VirtualHost matches Managed Domain - ] - ) def test_md_602_001(self, env): # test case: same as test_600_000, but with two parallel managed domains @@ -97,11 +93,6 @@ class TestRoundtripv2: assert domains_a == cert_a.get_san_list() cert_b = env.get_cert(domain_b) assert domains_b == cert_b.get_san_list() - env.httpd_error_log.ignore_recent( - lognos = [ - "AH10045" # No VirtualHost matches Managed Domain - ] - ) def test_md_602_002(self, env): # test case: one md, that covers two vhosts @@ -143,11 +134,6 @@ class TestRoundtripv2: assert cert_a.same_serial_as(cert_b) assert env.get_content(name_a, "/name.txt") == name_a assert env.get_content(name_b, "/name.txt") == name_b - env.httpd_error_log.ignore_recent( - lognos = [ - "AH10045" # No VirtualHost matches Managed Domain - ] - ) # --------- _utils_ --------- diff --git a/test/modules/md/test_750_eab.py b/test/modules/md/test_750_eab.py index 7d81917829..aec7e89b8c 100644 --- a/test/modules/md/test_750_eab.py +++ b/test/modules/md/test_750_eab.py @@ -82,14 +82,17 @@ class TestEab: assert env.apache_restart() == 0 md = env.await_error(domain) assert md['renewal']['errors'] > 0 - assert md['renewal']['last']['problem'] == 'urn:ietf:params:acme:error:unauthorized' + assert md['renewal']['last']['problem'] in [ + 'urn:ietf:params:acme:error:unauthorized', + 'urn:ietf:params:acme:error:malformed', + ] # env.httpd_error_log.ignore_recent( lognos = [ "AH10056" # the field 'kid' references a key that is not known to the ACME server ], matches = [ - r'.*urn:ietf:params:acme:error:unauthorized.*' + r'.*urn:ietf:params:acme:error:(unauthorized|malformed).*' ] ) @@ -105,14 +108,17 @@ class TestEab: assert env.apache_restart() == 0 md = env.await_error(domain) assert md['renewal']['errors'] > 0 - assert md['renewal']['last']['problem'] == 'urn:ietf:params:acme:error:unauthorized' + assert md['renewal']['last']['problem'] in [ + 'urn:ietf:params:acme:error:unauthorized', + 'urn:ietf:params:acme:error:malformed', + ] # env.httpd_error_log.ignore_recent( lognos = [ "AH10056" # the field 'kid' references a key that is not known to the ACME server ], matches = [ - r'.*urn:ietf:params:acme:error:unauthorized.*' + r'.*urn:ietf:params:acme:error:(unauthorized|malformed).*' ] ) @@ -128,14 +134,17 @@ class TestEab: assert env.apache_restart() == 0 md = env.await_error(domain) assert md['renewal']['errors'] > 0 - assert md['renewal']['last']['problem'] == 'urn:ietf:params:acme:error:unauthorized' + assert md['renewal']['last']['problem'] in [ + 'urn:ietf:params:acme:error:unauthorized', + 'urn:ietf:params:acme:error:malformed', + ] # env.httpd_error_log.ignore_recent( lognos = [ "AH10056" # external account binding JWS verification error: square/go-jose: error in cryptographic primitive ], matches = [ - r'.*urn:ietf:params:acme:error:unauthorized.*' + r'.*urn:ietf:params:acme:error:(unauthorized|malformed).*' ] ) |