diff options
| author | Kevin Lin <developer@kevinlin.info> | 2019-09-21 14:25:01 -0700 |
|---|---|---|
| committer | dormando <dormando@rydia.net> | 2019-09-28 00:37:11 -0700 |
| commit | af65dccf86862557568c9d466f2e35451a93954a (patch) | |
| tree | 9feb0b085ebb852f9c1cfedd7c5d21936afd3d91 /t/ssl_cert_refresh.t | |
| parent | 06d06ff9477780d82ef3a1851525e3bc2aa4280f (diff) | |
| download | memcached-af65dccf86862557568c9d466f2e35451a93954a.tar.gz | |
Reload CA cert in refresh routine
This change also reloads the CA certificate, if supplied, in addition
to the certificate and private key when the server receives a
`refresh_certs` command.
Diffstat (limited to 't/ssl_cert_refresh.t')
| -rw-r--r-- | t/ssl_cert_refresh.t | 9 |
1 files changed, 7 insertions, 2 deletions
diff --git a/t/ssl_cert_refresh.t b/t/ssl_cert_refresh.t index 6fdb37a..9a0a25d 100644 --- a/t/ssl_cert_refresh.t +++ b/t/ssl_cert_refresh.t @@ -13,14 +13,16 @@ if (!enabled_tls_testing()) { exit 0; } +my $ca_cert = "t/" . MemcachedTest::CA_CRT; my $cert = "t/". MemcachedTest::SRV_CRT; my $key = "t/". MemcachedTest::SRV_KEY; +my $ca_cert_back = "t/ca_cert_back"; my $cert_back = "t/cert_back"; my $key_back = "t/pkey_back"; my $new_cert_key = "t/server.pem"; my $default_crt_ou = "OU=Subunit of Test Organization"; -my $server = new_memcached(); +my $server = new_memcached("-o ssl_ca_cert=$ca_cert"); my $stats = mem_stats($server->sock); my $pid = $stats->{pid}; my $sock = $server->sock; @@ -32,8 +34,10 @@ $cert_details =~ m/(OU=([^\/\n]*))/; is($1, $default_crt_ou, 'Got the default cert'); # Swap a new certificate with a key +copy($ca_cert, $ca_cert_back) or die "CA cert backup failed: $!"; copy($cert, $cert_back) or die "Cert backup failed: $!"; copy($key, $key_back) or die "Key backup failed: $!"; +copy($new_cert_key, $ca_cert) or die "New CA cert copy failed: $!"; copy($new_cert_key, $cert) or die "New Cert copy failed: $!"; copy($new_cert_key, $key) or die "New key copy failed: $!"; @@ -46,7 +50,7 @@ $cert_details = $server->new_sock->dump_peer_certificate(); $cert_details =~ m/(OU=([^\/]*))/; is($1, 'OU=FOR TESTING PURPOSES ONLY','Got the new cert'); # Old connection should use the previous certificate -$cert_details =$sock->dump_peer_certificate(); +$cert_details = $sock->dump_peer_certificate(); $cert_details =~ m/(OU=([^\/\n]*))/; is($1, $default_crt_ou, 'Old connection still has the old cert'); @@ -56,6 +60,7 @@ sleep 2; $stats = mem_stats($sock); # Restore and ensure previous certificate is back for new connections. +move($ca_cert_back, $ca_cert) or die "CA cert restore failed: $!"; move($cert_back, $cert) or die "Cert restore failed: $!"; move($key_back, $key) or die "Key restore failed: $!"; print $sock "refresh_certs\r\n"; |