Extend the 'doth' system test with Strict/Mutual TLS checks
This commit extends the 'doth' system test with a set of Strict/Mutual TLS related checks. This commit also makes each doth NS instance use its own TLS certificate that includes FQDN, IPv4, and IPv6 addresses, issued using a common Certificate Authority, instead of ad-hoc certs. Extend servers initialisation timeout to 60 seconds to improve the tests stability in the CI as certain configurations could fail to initialise on time under load.
This commit is contained in:
Artem Boldariev
69
bin/tests/system/doth/CA/certs/srv04.crt01.example.com.pem
Normal file
69
bin/tests/system/doth/CA/certs/srv04.crt01.example.com.pem
Normal file
@@ -0,0 +1,69 @@
|
||||
Certificate:
|
||||
Data:
|
||||
Version: 3 (0x2)
|
||||
Serial Number: 7760573232607207429 (0x6bb3183cdef52005)
|
||||
Signature Algorithm: sha256WithRSAEncryption
|
||||
Issuer: C=UA, ST=Kharkiv Oblast', L=Kharkiv, O=Internet Systems Consortium, CN=ca.test.example.com
|
||||
Validity
|
||||
Not Before: Feb 8 17:59:14 2022 GMT
|
||||
Not After : Feb 1 17:59:14 2052 GMT
|
||||
Subject: CN=srv04.crt01.example.com
|
||||
Subject Public Key Info:
|
||||
Public Key Algorithm: id-ecPublicKey
|
||||
Public-Key: (384 bit)
|
||||
pub:
|
||||
04:9e:43:d7:cc:29:e1:8e:4b:35:a1:8f:b7:8f:30:
|
||||
0f:56:b3:5b:7f:c0:62:9b:23:21:70:b1:2b:e7:73:
|
||||
f9:ea:38:01:66:4b:52:43:31:cf:10:69:15:bf:6b:
|
||||
08:f3:69:07:3f:99:bb:b8:70:d0:3b:89:22:1d:f2:
|
||||
25:42:5a:3e:55:91:c3:fc:b4:be:c7:2d:86:51:14:
|
||||
c4:ab:fe:7c:54:34:67:c7:5e:db:86:84:cc:66:eb:
|
||||
54:af:9d:7d:dc:ce:18
|
||||
ASN1 OID: secp384r1
|
||||
NIST CURVE: P-384
|
||||
X509v3 extensions:
|
||||
X509v3 Subject Alternative Name:
|
||||
DNS:srv04.crt01.example.com, IP Address:10.53.0.4, IP Address:FD92:7065:B8E:FFFF:0:0:0:4
|
||||
Signature Algorithm: sha256WithRSAEncryption
|
||||
48:b5:38:59:79:e6:51:a6:ea:80:d7:d1:3c:29:03:70:31:e4:
|
||||
43:b4:e3:09:e7:e1:37:8c:d0:0f:2a:19:7a:f2:5a:6d:76:cd:
|
||||
17:7a:66:1c:3e:74:56:24:b8:29:06:55:b2:1c:af:9a:42:05:
|
||||
93:a4:70:cb:a5:68:85:ab:71:53:da:d9:29:a3:f4:2a:1e:df:
|
||||
0c:ec:7d:52:55:fa:9b:e6:a0:18:d5:4c:da:e6:d2:60:da:bc:
|
||||
09:5b:13:53:6d:c7:d2:30:b9:a8:a5:02:7f:a3:66:28:34:93:
|
||||
de:55:a0:de:b5:c8:dc:43:7b:b9:03:06:1f:ce:8c:5f:82:d8:
|
||||
af:40:56:ce:f8:b9:d4:73:1c:ae:c9:cb:1d:0f:a2:52:71:9b:
|
||||
8b:05:f4:d6:0b:1e:a8:db:0f:29:a0:43:b5:2f:56:09:d8:68:
|
||||
58:9c:e5:6a:df:38:91:56:9d:44:e5:d2:ca:9a:b1:41:a1:01:
|
||||
0c:68:a0:f5:0a:f7:98:4f:d5:a0:6f:99:59:a0:e0:cb:49:57:
|
||||
26:20:09:5a:fa:c2:75:40:f6:1b:6a:ac:55:47:50:8d:38:81:
|
||||
61:79:44:e7:d5:d1:b3:c7:3b:db:ec:44:59:ef:e1:82:31:a3:
|
||||
38:4c:de:40:11:31:52:8b:bb:1c:af:be:ce:c5:2b:f5:0d:c0:
|
||||
60:13:fb:7e:da:22:41:d4:85:5e:4d:ba:db:f8:f7:26:61:32:
|
||||
26:fe:fe:9e:37:a3:cc:25:3b:3c:c8:b5:a7:a5:5c:d9:4d:8f:
|
||||
a8:f2:86:98:79:b3:00:08:0f:f2:c9:1f:c6:3f:07:ad:e4:a7:
|
||||
8d:86:3d:15:fa:5b:1a:0f:96:67:b6:0a:78:0a:bb:6e:05:a6:
|
||||
54:29:48:b4:f9:48:0d:7f:f0:13:65:32:2f:c5:ee:ab:b8:e8:
|
||||
0d:b2:f9:c9:96:d2:cf:51:a2:64:3c:58:0f:65:6f:c6:99:93:
|
||||
76:2c:42:08:d9:f3:f3:13:cd:41:b6:67:8f:1d:9a:2f:da:93:
|
||||
3d:26:4c:9a:11:c1
|
||||
-----BEGIN CERTIFICATE-----
|
||||
MIIDMzCCAZugAwIBAgIIa7MYPN71IAUwDQYJKoZIhvcNAQELBQAwfTELMAkGA1UE
|
||||
BhMCVUExGDAWBgNVBAgMD0toYXJraXYgT2JsYXN0JzEQMA4GA1UEBwwHS2hhcmtp
|
||||
djEkMCIGA1UECgwbSW50ZXJuZXQgU3lzdGVtcyBDb25zb3J0aXVtMRwwGgYDVQQD
|
||||
DBNjYS50ZXN0LmV4YW1wbGUuY29tMCAXDTIyMDIwODE3NTkxNFoYDzIwNTIwMjAx
|
||||
MTc1OTE0WjAiMSAwHgYDVQQDDBdzcnYwNC5jcnQwMS5leGFtcGxlLmNvbTB2MBAG
|
||||
ByqGSM49AgEGBSuBBAAiA2IABJ5D18wp4Y5LNaGPt48wD1azW3/AYpsjIXCxK+dz
|
||||
+eo4AWZLUkMxzxBpFb9rCPNpBz+Zu7hw0DuJIh3yJUJaPlWRw/y0vscthlEUxKv+
|
||||
fFQ0Z8de24aEzGbrVK+dfdzOGKM+MDwwOgYDVR0RBDMwMYIXc3J2MDQuY3J0MDEu
|
||||
ZXhhbXBsZS5jb22HBAo1AASHEP2ScGULjv//AAAAAAAAAAQwDQYJKoZIhvcNAQEL
|
||||
BQADggGBAEi1OFl55lGm6oDX0TwpA3Ax5EO04wnn4TeM0A8qGXryWm12zRd6Zhw+
|
||||
dFYkuCkGVbIcr5pCBZOkcMulaIWrcVPa2Smj9Coe3wzsfVJV+pvmoBjVTNrm0mDa
|
||||
vAlbE1Ntx9IwuailAn+jZig0k95VoN61yNxDe7kDBh/OjF+C2K9AVs74udRzHK7J
|
||||
yx0PolJxm4sF9NYLHqjbDymgQ7UvVgnYaFic5WrfOJFWnUTl0sqasUGhAQxooPUK
|
||||
95hP1aBvmVmg4MtJVyYgCVr6wnVA9htqrFVHUI04gWF5ROfV0bPHO9vsRFnv4YIx
|
||||
ozhM3kARMVKLuxyvvs7FK/UNwGAT+37aIkHUhV5Nutv49yZhMib+/p43o8wlOzzI
|
||||
taelXNlNj6jyhph5swAID/LJH8Y/B63kp42GPRX6WxoPlme2CngKu24FplQpSLT5
|
||||
SA1/8BNlMi/F7qu46A2y+cmW0s9RomQ8WA9lb8aZk3YsQgjZ8/MTzUG2Z48dmi/a
|
||||
kz0mTJoRwQ==
|
||||
-----END CERTIFICATE-----
|
||||
Reference in New Issue
Block a user