tests: tls_cipherlists should configure testssl.sh to use CA cert (#3037)

This doesn't make any difference to the tests performed here (_partly due to `--preference`_).

It would make a difference if performing a test for receiving a grade, which would otherwise fail due to chain of trust not being verifiable for a self-signed certificate (_or a signed certificate without a CA public key to verify against_)
This commit is contained in:
Brennan Kinney 2023-01-30 01:40:10 +13:00 committed by GitHub
parent 74da0197e5
commit 5f94d7b36b
No known key found for this signature in database
GPG key ID: 4AEE18F83AFDEB23

View file

@ -94,15 +94,15 @@ function _configure_and_run_dms_container() {
# The remaining args are dependent upon test case vars:
CUSTOM_SETUP_ARGUMENTS+=(
--env TLS_LEVEL="${TLS_LEVEL}"
--env SSL_CERT_PATH="/config/ssl/cert.${KEY_TYPE}.pem"
--env SSL_KEY_PATH="/config/ssl/key.${KEY_TYPE}.pem"
--env SSL_CERT_PATH="/config/ssl/with_ca/ecdsa/cert.${KEY_TYPE}.pem"
--env SSL_KEY_PATH="/config/ssl/with_ca/ecdsa/key.${KEY_TYPE}.pem"
)
if [[ -n ${ALT_KEY_TYPE} ]]
then
CUSTOM_SETUP_ARGUMENTS+=(
--env SSL_ALT_CERT_PATH="/config/ssl/cert.${ALT_KEY_TYPE}.pem"
--env SSL_ALT_KEY_PATH="/config/ssl/key.${ALT_KEY_TYPE}.pem"
--env SSL_ALT_CERT_PATH="/config/ssl/with_ca/ecdsa/cert.${ALT_KEY_TYPE}.pem"
--env SSL_ALT_KEY_PATH="/config/ssl/with_ca/ecdsa/key.${ALT_KEY_TYPE}.pem"
)
fi
@ -161,6 +161,7 @@ function _collect_cipherlists() {
# `--user "<uid>:<gid>"` is a workaround: Avoids `permission denied` write errors for json output, uses `id` to match user uid & gid.
run docker run --rm \
--env ADDTL_CA_FILES="/config/ssl/with_ca/ecdsa/ca-cert.ecdsa.pem" \
--user "$(id -u):$(id -g)" \
--network "${TEST_NETWORK}" \
--volume "${TLS_CONFIG_VOLUME}" \