tests: tls_cipherlists should configure testssl.sh to use CA cert (#3037)

This doesn't make any difference to the tests performed here (_partly due to `--preference`_). It would make a difference if performing a test for receiving a grade, which would otherwise fail due to chain of trust not being verifiable for a self-signed certificate (_or a signed certificate without a CA public key to verify against_)
2024-01-19 02:48:50 +00:00 · 2023-01-30 01:40:10 +13:00 · 2023-01-30 01:40:10 +13:00 · 5f94d7b36b
parent 74da0197e5
commit 5f94d7b36b
1 changed files with 5 additions and 4 deletions
--- a/test/tests/parallel/set2/tls/tls_cipherlists.bats
+++ b/test/tests/parallel/set2/tls/tls_cipherlists.bats
@ -94,15 +94,15 @@ function _configure_and_run_dms_container() {
  # The remaining args are dependent upon test case vars:
  CUSTOM_SETUP_ARGUMENTS+=(
    --env TLS_LEVEL="${TLS_LEVEL}"
-    --env SSL_CERT_PATH="/config/ssl/cert.${KEY_TYPE}.pem"
-    --env SSL_KEY_PATH="/config/ssl/key.${KEY_TYPE}.pem"
+    --env SSL_CERT_PATH="/config/ssl/with_ca/ecdsa/cert.${KEY_TYPE}.pem"
+    --env SSL_KEY_PATH="/config/ssl/with_ca/ecdsa/key.${KEY_TYPE}.pem"
  )

  if [[ -n ${ALT_KEY_TYPE} ]]
  then
    CUSTOM_SETUP_ARGUMENTS+=(
-      --env SSL_ALT_CERT_PATH="/config/ssl/cert.${ALT_KEY_TYPE}.pem"
-      --env SSL_ALT_KEY_PATH="/config/ssl/key.${ALT_KEY_TYPE}.pem"
+      --env SSL_ALT_CERT_PATH="/config/ssl/with_ca/ecdsa/cert.${ALT_KEY_TYPE}.pem"
+      --env SSL_ALT_KEY_PATH="/config/ssl/with_ca/ecdsa/key.${ALT_KEY_TYPE}.pem"
    )
  fi

@ -161,6 +161,7 @@ function _collect_cipherlists() {

  # `--user "<uid>:<gid>"` is a workaround: Avoids `permission denied` write errors for json output, uses `id` to match user uid & gid.
  run docker run --rm \
+    --env ADDTL_CA_FILES="/config/ssl/with_ca/ecdsa/ca-cert.ecdsa.pem" \
    --user "$(id -u):$(id -g)" \
    --network "${TEST_NETWORK}" \
    --volume "${TLS_CONFIG_VOLUME}" \