On 24 June 2015 at 12:06, Matt Rogers <mrog...@0x83.com> wrote: > > In the new certificate tests I made them always launch nic, to use it as the > ocsp and crl server available regardless of the vpn status. So I say we can > make nic flexible with its configuration, and let that handle cert > generation. I always assumed a tester would generate certs on the host > machine (and I just patch the installed pyopenssl files on the host). But I > see the value of it running at the start of a test run. Maybe the first test > in a run can be a dummy test that runs distcerts on nic.
We need to be careful here and not generate new certificates on each test run. If we do that we get into a situation where it isn't possible to consistently re-run tests. I've found that having "check" depend on one of the local cert files and generating everything when it is missing to be simple and robust and one less thing to remember . However, I suspect we're some way off from having that enabled in mainline. Andrew PS: Feel free to fix my mysterious can't create cert/ directory problem :-) _______________________________________________ Swan-dev mailing list Swan-dev@lists.libreswan.org https://lists.libreswan.org/mailman/listinfo/swan-dev
