From 7a7b8904ef22212190bb988fab1ef696fe1a59de Mon Sep 17 00:00:00 2001 From: Jacob Champion Date: Mon, 14 Jun 2021 15:04:26 -0700 Subject: [PATCH] test/ssl: fix NSS server-side CRL test Make sure the database is created during `make nssfiles`, and expect a revocation failure message. --- src/test/ssl/Makefile | 2 ++ src/test/ssl/t/001_ssltests.pl | 2 +- 2 files changed, 3 insertions(+), 1 deletion(-) diff --git a/src/test/ssl/Makefile b/src/test/ssl/Makefile index 14ca1f8bf3..557cbe223f 100644 --- a/src/test/ssl/Makefile +++ b/src/test/ssl/Makefile @@ -45,6 +45,7 @@ NSSFILES := ssl/nss/client_ca.crt.db \ ssl/nss/client-revoked.crt__client-revoked.key.db \ ssl/nss/server-cn-only.crt__server-password.key.db \ ssl/nss/server-cn-only.crt__server-cn-only.key.db \ + ssl/nss/server-cn-only.crt__server-cn-only.key.crldir.db \ ssl/nss/root.crl \ ssl/nss/server.crl \ ssl/nss/client.crl \ @@ -167,6 +168,7 @@ ssl/nss/server-cn-only.crt__server-cn-only.key.db: ssl/server-cn-only.crt ssl/se pk12util -i ssl/nss/server-cn-only.pfx -d "sql:$@" -W '' ssl/nss/server-cn-only.crt__server-cn-only.key.crldir.db: ssl/nss/server-cn-only.crt__server-cn-only.key.db + cp -R $< $@ for c in $(shell ls ssl/root+client-crldir) ; do \ echo $${c} ; \ openssl crl -in ssl/root+client-crldir/$${c} -outform der -out ssl/nss/$${c} ; \ diff --git a/src/test/ssl/t/001_ssltests.pl b/src/test/ssl/t/001_ssltests.pl index 4105a67b94..aec99e7bf6 100644 --- a/src/test/ssl/t/001_ssltests.pl +++ b/src/test/ssl/t/001_ssltests.pl @@ -664,7 +664,7 @@ $node->connect_fails( "$common_connstr user=ssltestuser sslcert=ssl/client-revoked.crt sslkey=ssl/client-revoked_tmp.key ssldatabase=ssl/nss/client-revoked.crt__client-revoked.key.db", "certificate authorization fails with revoked client cert with server-side CRL directory", expected_stderr => - qr/SSL error: sslv3 alert certificate revoked|SSL error: Encountered end of file/); + qr/SSL error: sslv3 alert certificate revoked|SSL peer rejected your certificate as revoked/); # clean up -- 2.25.1