ComputerSurge/bind9
3
0
Fork 0
Code Pull Requests 1 Activity

Extend the 'doth' system test with Strict/Mutual TLS checks

Browse Source 
This commit extends the 'doth' system test with a set of Strict/Mutual
TLS related checks.

This commit also makes each doth NS instance use its own TLS
certificate that includes FQDN, IPv4, and IPv6 addresses, issued using
a common Certificate Authority, instead of ad-hoc certs.

Extend servers initialisation timeout to 60 seconds to improve the
tests stability in the CI as certain configurations could fail to
initialise on time under load.
This commit is contained in:
Artem Boldariev
2022-02-08 19:02:05 +02:00
parent 7b9318bf72
commit cfea9a3aec
45 changed files with 4676 additions and 18 deletions
Download Patch File Download Diff File Expand all files Collapse all files

64
bin/tests/system/doth/CA/certs/srv01.crt02-no-san.example.com.pem Normal file
View File

@@ -0,0 +1,64 @@
Certificate:
Data:
Version: 1 (0x0)
Serial Number: 7760573232607207426 (0x6bb3183cdef52002)
Signature Algorithm: sha256WithRSAEncryption
Issuer: C=UA, ST=Kharkiv Oblast', L=Kharkiv, O=Internet Systems Consortium, CN=ca.test.example.com
Validity
Not Before: Feb 8 17:21:43 2022 GMT
Not After : Feb 1 17:21:43 2052 GMT
Subject: CN=srv01.crt02-no-san.example.com
Subject Public Key Info:
Public Key Algorithm: id-ecPublicKey
Public-Key: (384 bit)
pub:
04:a3:2d:33:fd:92:90:dc:03:ef:36:f9:a4:a8:90:
f1:47:69:be:e8:8e:65:08:da:e5:b3:82:63:1c:af:
9a:37:b4:75:7c:ce:46:fb:19:17:bc:90:72:4f:74:
b6:45:39:f7:96:b3:44:85:1c:ad:6a:db:a4:76:86:
ee:8e:27:3d:f7:61:78:df:e1:04:8a:eb:91:8b:01:
67:b6:69:32:54:50:1c:56:86:da:2f:ef:e4:3d:94:
ba:f7:5b:02:14:b5:13
ASN1 OID: secp384r1
NIST CURVE: P-384
Signature Algorithm: sha256WithRSAEncryption
07:20:2a:a6:7a:52:52:ba:1e:b7:79:cf:e6:11:9c:ca:3f:43:
2b:f3:d7:2e:74:74:57:81:a1:aa:e6:68:c9:fd:d1:a8:a6:5b:
a2:ff:ea:f7:f0:b7:46:dc:a0:5a:64:5f:ce:e7:0f:76:63:14:
6d:c2:51:4b:30:ea:51:7e:4a:1b:d3:b2:f8:c2:3d:3f:c1:bf:
ad:db:4d:f8:28:31:e7:75:ae:84:37:90:00:e5:0b:6b:dc:23:
98:69:d5:ef:ce:e2:0d:e7:19:f1:31:01:1f:2a:6c:23:a3:94:
62:7a:bf:b3:b0:13:d0:62:fc:a5:a6:0d:52:bb:f4:31:ff:f3:
ce:3a:74:66:30:7f:29:04:8d:34:90:7a:9b:8f:da:82:2e:5c:
81:dd:af:fa:3a:a1:4e:bb:0a:4c:62:01:40:39:67:9c:29:27:
6e:2f:76:81:2d:33:68:ee:ee:ed:00:7f:12:7a:af:43:00:7b:
2d:34:8a:26:9a:66:1c:e5:96:17:7c:f8:6d:1e:8c:17:39:ce:
4f:0b:9e:40:72:e1:5e:33:3f:9e:84:b5:07:f5:ab:58:d7:37:
ed:d0:29:ad:ce:02:0d:fa:6f:96:a9:0e:6c:6e:32:d2:dc:11:
23:a3:4a:60:54:b4:98:31:db:8f:4b:4c:58:64:39:4f:ff:27:
d0:02:e5:cc:b2:17:e8:46:dc:aa:cb:dc:3d:ed:14:52:ec:6d:
a6:cd:04:2f:fd:54:16:6c:7e:63:34:17:f1:1d:b8:37:dd:20:
6c:f6:21:19:6f:bb:62:dd:bc:6c:41:34:ad:b1:90:eb:2a:e0:
63:ea:70:60:6a:02:e8:fe:46:51:b1:9d:3c:54:54:73:25:b7:
41:d1:4c:34:aa:88:48:b8:01:21:ae:d8:d3:06:38:05:65:78:
e7:38:f0:f6:e6:2e:61:c0:42:5e:3b:09:59:eb:09:48:4d:55:
7c:af:f4:de:c1:09:a0:b4:60:f7:9e:a2:d5:46:fc:05:61:69:
e0:c1:2d:26:dc:42
-----BEGIN CERTIFICATE-----
MIIC9TCCAV0CCGuzGDze9SACMA0GCSqGSIb3DQEBCwUAMH0xCzAJBgNVBAYTAlVB
MRgwFgYDVQQIDA9LaGFya2l2IE9ibGFzdCcxEDAOBgNVBAcMB0toYXJraXYxJDAi
BgNVBAoMG0ludGVybmV0IFN5c3RlbXMgQ29uc29ydGl1bTEcMBoGA1UEAwwTY2Eu
dGVzdC5leGFtcGxlLmNvbTAgFw0yMjAyMDgxNzIxNDNaGA8yMDUyMDIwMTE3MjE0
M1owKTEnMCUGA1UEAwwec3J2MDEuY3J0MDItbm8tc2FuLmV4YW1wbGUuY29tMHYw
EAYHKoZIzj0CAQYFK4EEACIDYgAEoy0z/ZKQ3APvNvmkqJDxR2m+6I5lCNrls4Jj
HK+aN7R1fM5G+xkXvJByT3S2RTn3lrNEhRytatukdobujic992F43+EEiuuRiwFn
tmkyVFAcVobaL+/kPZS691sCFLUTMA0GCSqGSIb3DQEBCwUAA4IBgQAHICqmelJS
uh63ec/mEZzKP0Mr89cudHRXgaGq5mjJ/dGoplui/+r38LdG3KBaZF/O5w92YxRt
wlFLMOpRfkob07L4wj0/wb+t2034KDHnda6EN5AA5Qtr3COYadXvzuIN5xnxMQEf
Kmwjo5Rier+zsBPQYvylpg1Su/Qx//POOnRmMH8pBI00kHqbj9qCLlyB3a/6OqFO
uwpMYgFAOWecKSduL3aBLTNo7u7tAH8Seq9DAHstNIommmYc5ZYXfPhtHowXOc5P
C55AcuFeMz+ehLUH9atY1zft0CmtzgIN+m+WqQ5sbjLS3BEjo0pgVLSYMduPS0xY
ZDlP/yfQAuXMshfoRtyqy9w97RRS7G2mzQQv/VQWbH5jNBfxHbg33SBs9iEZb7ti
3bxsQTStsZDrKuBj6nBgagLo/kZRsZ08VFRzJbdB0Uw0qohIuAEhrtjTBjgFZXjn
OPD25i5hwEJeOwlZ6wlITVV8r/TewQmgtGD3nqLVRvwFYWngwS0m3EI=
-----END CERTIFICATE-----