Check for ca_key_file before loading ca keymp/chef-12091

Checking for csr_file wasn't correct, because that's not what we're using to load the ca key. This also adds an inspec verification to ensure that the generated `openssl_x509_certificate` in the _openssl.rb test is valid. It fails without the supporting change. Signed-off-by: Marc A. Paradise <marc.paradise@gmail.com>
author: Marc A. Paradise <marc.paradise@gmail.com> 2021-09-27 14:00:45 -0400
committer: Marc A. Paradise <marc.paradise@gmail.com> 2021-09-27 16:04:55 -0400
commit: 7485cf079c8b60e4600a03b03f6ef00cb0d89495 (patch)
tree: ec82a47e23dfe36e15d44f83f59da2cfddf1802a /kitchen-tests
parent: 092b0ea9fb7952b9a09aa13d1e67346a34c97ecd (diff)
download: chef-7485cf079c8b60e4600a03b03f6ef00cb0d89495.tar.gz
1 files changed, 6 insertions, 0 deletions
diff --git a/kitchen-tests/test/integration/end-to-end/_openssl.rb b/kitchen-tests/test/integration/end-to-end/_openssl.rb
new file mode 100644
index 0000000000..c68889f3bb
--- /dev/null
+++ b/kitchen-tests/test/integration/end-to-end/_openssl.rb
@@ -0,0 +1,6 @@
+# Reference recipes/_openssl.rb test to 'generate and sign a certificate with the CA'
+# This ensures that the generated certificate is valid.
+describe command("/opt/chef/embedded/bin/openssl verify -CAfile /etc/ssl_test/my_ca.crt /etc/ssl_test/my_signed_cert.crt") do
+  its("stdout") { should match /my_signed_cert.*OK/ }
+  its("stderr") { should be_empty }
+end
author	Marc A. Paradise <marc.paradise@gmail.com>	2021-09-27 14:00:45 -0400
committer	Marc A. Paradise <marc.paradise@gmail.com>	2021-09-27 16:04:55 -0400
commit	7485cf079c8b60e4600a03b03f6ef00cb0d89495 (patch)
tree	ec82a47e23dfe36e15d44f83f59da2cfddf1802a /kitchen-tests
parent	092b0ea9fb7952b9a09aa13d1e67346a34c97ecd (diff)
download	chef-7485cf079c8b60e4600a03b03f6ef00cb0d89495.tar.gz