httpd-cvs mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From ic...@apache.org
Subject svn commit: r1828719 - in /httpd/test/mod_h2/trunk: Makefile.am conf/sites/test.example.org.conf test/test_ssl.sh
Date Mon, 09 Apr 2018 13:56:31 GMT
Author: icing
Date: Mon Apr  9 13:56:31 2018
New Revision: 1828719

URL: http://svn.apache.org/viewvc?rev=1828719&view=rev
Log:
tweaks for tlsv1.3 testing

Modified:
    httpd/test/mod_h2/trunk/Makefile.am
    httpd/test/mod_h2/trunk/conf/sites/test.example.org.conf
    httpd/test/mod_h2/trunk/test/test_ssl.sh

Modified: httpd/test/mod_h2/trunk/Makefile.am
URL: http://svn.apache.org/viewvc/httpd/test/mod_h2/trunk/Makefile.am?rev=1828719&r1=1828718&r2=1828719&view=diff
==============================================================================
--- httpd/test/mod_h2/trunk/Makefile.am (original)
+++ httpd/test/mod_h2/trunk/Makefile.am Mon Apr  9 13:56:31 2018
@@ -336,6 +336,7 @@ $(SERVER_DIR)/.test-setup: \
 	$(SERVER_DIR)/conf/ssl/test.example.org.pem \
 	$(SERVER_DIR)/conf/ssl/noh2.example.org.key \
 	$(SERVER_DIR)/conf/ssl/noh2.example.org.pem \
+ 	$(SERVER_DIR)/conf/ssl/client1-complete.pem \
 	$(SERVER_DIR)/.testdocs-setup
 	@echo -n setup httpd locally...
 	@mkdir -p $(SERVER_DIR)/bin
@@ -362,7 +363,7 @@ $(SERVER_DIR)/.test-setup: \
 
 $(SERVER_DIR)/conf/ssl/test.example.org.key:
 	@mkdir -p $(SERVER_DIR)/conf/ssl
-	openssl genrsa -out $(SERVER_DIR)/conf/ssl/test.example.org.key 4096
+	openssl genrsa -out $(SERVER_DIR)/conf/ssl/test.example.org.key 2048
 
 $(SERVER_DIR)/conf/ssl/test.example.org.req: \
 		$(SERVER_DIR)/conf/ssl/test.example.org.key \
@@ -383,7 +384,7 @@ $(SERVER_DIR)/conf/ssl/test.example.org.
 
 $(SERVER_DIR)/conf/ssl/noh2.example.org.key:
 	@mkdir -p $(SERVER_DIR)/conf/ssl
-	openssl genrsa -out $(SERVER_DIR)/conf/ssl/noh2.example.org.key 4096
+	openssl genrsa -out $(SERVER_DIR)/conf/ssl/noh2.example.org.key 2048
 
 $(SERVER_DIR)/conf/ssl/noh2.example.org.req: \
 		$(SERVER_DIR)/conf/ssl/noh2.example.org.key \
@@ -402,6 +403,34 @@ $(SERVER_DIR)/conf/ssl/noh2.example.org.
 		-out $(SERVER_DIR)/conf/ssl/noh2.example.org.pem \
         -extfile conf/ssl/extensions.conf -extensions ssl_test
 
+
+$(SERVER_DIR)/conf/ssl/client1.key:
+	@mkdir -p $(SERVER_DIR)/conf/ssl
+	openssl genrsa -out $(SERVER_DIR)/conf/ssl/client1.key 2048
+
+$(SERVER_DIR)/conf/ssl/client1.req: \
+        $(SERVER_DIR)/conf/ssl/client1.key \
+	conf/ssl/client1-template.conf
+	openssl req -new -key $(SERVER_DIR)/conf/ssl/client1.key \
+		-out $(SERVER_DIR)/conf/ssl/client1.req \
+		-config conf/ssl/client1-template.conf
+
+$(SERVER_DIR)/conf/ssl/client1.pem: \
+        $(SERVER_DIR)/conf/ssl/client1.key \
+        $(SERVER_DIR)/conf/ssl/client1.req \
+        conf/ssl/extensions.conf
+	openssl x509 -req -sha256 -days 1095 \
+		-signkey $(SERVER_DIR)/conf/ssl/client1.key \
+		-in $(SERVER_DIR)/conf/ssl/client1.req \
+		-out $(SERVER_DIR)/conf/ssl/client1.pem \
+		-extfile conf/ssl/extensions.conf -extensions ssl_test
+
+$(SERVER_DIR)/conf/ssl/client1-complete.pem: \
+        $(SERVER_DIR)/conf/ssl/client1.key \
+        $(SERVER_DIR)/conf/ssl/client1.pem
+	cat $(SERVER_DIR)/conf/ssl/client1.key $(SERVER_DIR)/conf/ssl/client1.pem >$(SERVER_DIR)/conf/ssl/client1-complete.pem
+ 
+    
 ################################################################################
 # php-fpm configuration
 #

Modified: httpd/test/mod_h2/trunk/conf/sites/test.example.org.conf
URL: http://svn.apache.org/viewvc/httpd/test/mod_h2/trunk/conf/sites/test.example.org.conf?rev=1828719&r1=1828718&r2=1828719&view=diff
==============================================================================
--- httpd/test/mod_h2/trunk/conf/sites/test.example.org.conf (original)
+++ httpd/test/mod_h2/trunk/conf/sites/test.example.org.conf Mon Apr  9 13:56:31 2018
@@ -22,7 +22,8 @@
 
 <Directory "SUBST_SERVER_ROOT_SUBST/htdocs/test.example.org/ssl-client-verify">
     Require all granted
-     SSLVerifyClient require
+    SSLVerifyClient require
+    SSLVerifyDepth 0
 </Directory>
 
 <Directory "SUBST_SERVER_ROOT_SUBST/htdocs/test.example.org/apache.org-files">
@@ -32,6 +33,8 @@
     </IfModule>
 </Directory>
 
+SSLCACertificateFile conf/ssl/client1.pem
+
 <VirtualHost *:SUBST_PORT_HTTPS_SUBST>
 	ServerName test.example.org
     ServerAlias test3.example.org

Modified: httpd/test/mod_h2/trunk/test/test_ssl.sh
URL: http://svn.apache.org/viewvc/httpd/test/mod_h2/trunk/test/test_ssl.sh?rev=1828719&r1=1828718&r2=1828719&view=diff
==============================================================================
--- httpd/test/mod_h2/trunk/test/test_ssl.sh (original)
+++ httpd/test/mod_h2/trunk/test/test_ssl.sh Mon Apr  9 13:56:31 2018
@@ -40,7 +40,9 @@ URL_PREFIX="$URL1"
 # signal fallback to HTTP/1.1
 #
 if min_httpd_version 2.4.18; then
-    nghttp_check_rst_error ssl/renegotiate/cipher "HTTP_1_1_REQUIRED" "nghttp reneg cipher"
+    if test $EXP_HTTPS_SSL_PROTOCOL = 'TLSv1.2'; then
+        nghttp_check_rst_error ssl/renegotiate/cipher "HTTP_1_1_REQUIRED" "nghttp reneg cipher"
+    fi
     nghttp_check_rst_error ssl/renegotiate/verify "HTTP_1_1_REQUIRED" "nghttp reneg verify"
 
 



Mime
View raw message