diff options
| author | John McCrae <john.mccrae@progress.com> | 2023-05-01 07:53:05 -0700 |
|---|---|---|
| committer | GitHub <noreply@github.com> | 2023-05-01 07:53:05 -0700 |
| commit | 668cd60b3f903b13efec2fc0520a6433bb154443 (patch) | |
| tree | efa95b263d934ba77a3597fd708e2d255c9ca3d2 | |
| parent | b7eb3f0168025a81432b0b4f975372daac19de65 (diff) | |
| parent | e79348a381ac53ab716c8d3dc3ac632aeed4060f (diff) | |
| download | chef-668cd60b3f903b13efec2fc0520a6433bb154443.tar.gz | |
Merge pull request #13726 from chef/jfm/chef17_kitchen_part2
[chef-17] 18 of X - Refactoring the badssl.com code
| -rw-r--r-- | cspell.json | 1 | ||||
| -rw-r--r-- | kitchen-tests/cookbooks/end_to_end/recipes/_chef_client_trusted_certificate.rb | 43 |
2 files changed, 15 insertions, 29 deletions
diff --git a/cspell.json b/cspell.json index 5d9170773f..5d6a7882e8 100644 --- a/cspell.json +++ b/cspell.json @@ -1209,6 +1209,7 @@ "someuser", "sourceline", "spawninstance", + "showcerts", "specdoc", "splunkserviceapi", "srand", diff --git a/kitchen-tests/cookbooks/end_to_end/recipes/_chef_client_trusted_certificate.rb b/kitchen-tests/cookbooks/end_to_end/recipes/_chef_client_trusted_certificate.rb index ecd5ef7aea..28d6f4a882 100644 --- a/kitchen-tests/cookbooks/end_to_end/recipes/_chef_client_trusted_certificate.rb +++ b/kitchen-tests/cookbooks/end_to_end/recipes/_chef_client_trusted_certificate.rb @@ -1,33 +1,18 @@ +# First grab the cert. While this wouldn't ordinarily be secure, this isn't +# trying to secure something, we simply want to make sure that if we +# have said a certificate is trusted, it will be trusted. So lets grab it, trust +# it, and then try to use it. + +# First, grab it +out = Mixlib::ShellOut.new( + %w{openssl s_client -showcerts -connect self-signed.badssl.com:443} +).run_command.stdout + +cert = Mixlib::ShellOut.new(%w{openssl x509}, input: out).run_command.stdout + +# Second trust it chef_client_trusted_certificate "self-signed.badssl.com" do - certificate <<~CERT ------BEGIN CERTIFICATE----- -MIIEnTCCAoWgAwIBAgIJAI7EiWecd+VOMA0GCSqGSIb3DQEBCwUAMH4xCzAJBgNV -BAYTAlVTMRMwEQYDVQQIDApDYWxpZm9ybmlhMRYwFAYDVQQHDA1TYW4gRnJhbmNp -c2NvMQ8wDQYDVQQKDAZCYWRTU0wxMTAvBgNVBAMMKEJhZFNTTCBDbGllbnQgUm9v -dCBDZXJ0aWZpY2F0ZSBBdXRob3JpdHkwHhcNMjMwNDI0MDAwMTQ0WhcNMjUwNDIz -MDAwMTQ0WjBvMQswCQYDVQQGEwJVUzETMBEGA1UECAwKQ2FsaWZvcm5pYTEWMBQG -A1UEBwwNU2FuIEZyYW5jaXNjbzEPMA0GA1UECgwGQmFkU1NMMSIwIAYDVQQDDBlC -YWRTU0wgQ2xpZW50IENlcnRpZmljYXRlMIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8A -MIIBCgKCAQEAxzdfEeseTs/rukjly6MSLHM+Rh0enA3Ai4Mj2sdl31x3SbPoen08 -utVhjPmlxIUdkiMG4+ffe7N+JtDLG75CaxZp9CxytX7kywooRBJsRnQhmQPca8MR -WAJBIz+w/L+3AFkTIqWBfyT+1VO8TVKPkEpGdLDovZOmzZAASi9/sj+j6gM7AaCi -DeZTf2ES66abA5pOp60Q6OEdwg/vCUJfarhKDpi9tj3P6qToy9Y4DiBUhOct4MG8 -w5XwmKAC+Vfm8tb7tMiUoU0yvKKOcL6YXBXxB2kPcOYxYNobXavfVBEdwSrjQ7i/ -s3o6hkGQlm9F7JPEuVgbl/Jdwa64OYIqjQIDAQABoy0wKzAJBgNVHRMEAjAAMBEG -CWCGSAGG+EIBAQQEAwIHgDALBgNVHQ8EBAMCBeAwDQYJKoZIhvcNAQELBQADggIB -ACa+9LOj2+z3iKIxJDoKxwPu0oUjQCHI2Gj7Kk5pdh7r1Lc8R9gusKbkMNjuRXmq -S1XI516A4iccw5riZXLSo/tiVJGyQySbXmtKbvRfIHCQ9NttZc8fPXf2Y85k1h/B -nGxzmNI+iEBi1FJ55W9dNC6EBXb2DTj8e2+FwRrH7B4yfcLWXhj2mufoZasiSjtY -LRKIh8NPH9FdJp9kWeRIEtm7dFBBfRGrPdB8QuBq00n3YYBU/aIegHUPYAVxcXdE -CTVIAPtkvyh7XzB9h4/3Sc9pL6z8vmNR1DCzM2X3ojkFFEgTjHR5vpMyIWWE49y5 -FMU9yHQD14P9URTtAaeESmw46/+2SbQisNkl7lhxzKRf5Wlza2QMS28G9FY4tEsv -l/aM+rW8FXkP7uWDY0TPOlR9LQoz4oqWYuZCwD9Q4PcCWqR1CfQ74Geo4j7OFqJj -XkVN10jurG9m1xG7rqOVmNRFoVhgDlFeao+5LySXG+rJl//0FVKHoR9VeX/52nhs -OPTL5EbpWvDmIoBGus7jHE04YSOMAJ7/9H88EjH5Qusf+c1MlUXbDGkcub5NG8S6 -eyoz/w+I2xeAmd5llIj5hA34W1YHkT5mHNa4ekJCvLHxyaNrCACd0mzizSKOBxcw -Ea8zQ5JbgtfAfJ5Arikxey3B3qFtHxkJ7rgSIH4+kohL ------END CERTIFICATE----- - CERT + certificate cert end # see if we can fetch from our new trusted domain |