Author: kgiusti
Date: Mon Nov 5 16:28:37 2012
New Revision: 1405865
URL: http://svn.apache.org/viewvc?rev=1405865&view=rev
Log:
NO-JIRA: add SSL test to verify rejection of bad certificate.
Added:
qpid/proton/trunk/tests/proton_tests/ssl_db/bad-server-certificate.pem
qpid/proton/trunk/tests/proton_tests/ssl_db/bad-server-private-key.pem
Modified:
qpid/proton/trunk/tests/proton_tests/ssl.py
qpid/proton/trunk/tests/proton_tests/ssl_db/README.txt
Modified: qpid/proton/trunk/tests/proton_tests/ssl.py
URL:
http://svn.apache.org/viewvc/qpid/proton/trunk/tests/proton_tests/ssl.py?rev=1405865&r1=1405864&r2=1405865&view=diff
==============================================================================
--- qpid/proton/trunk/tests/proton_tests/ssl.py (original)
+++ qpid/proton/trunk/tests/proton_tests/ssl.py Mon Nov 5 16:28:37 2012
@@ -209,4 +209,28 @@ class SslTest(common.Test):
server_conn.close()
self._pump()
+ def test_bad_server_certificate(self):
+ """ A server with a self-signed certificate that is not trusted by the
+ client. The client should reject the server.
+ """
+
self.server.set_credentials(self._testpath("bad-server-certificate.pem"),
+
self._testpath("bad-server-private-key.pem"),
+ "server-password")
+ self.server.set_peer_authentication( SSL.ANONYMOUS_PEER )
+
+ self.client.set_trusted_ca_db(self._testpath("ca-certificate.pem"))
+ self.client.set_peer_authentication( SSL.VERIFY_PEER )
+
+ client_conn = Connection()
+ self.t_client.bind(client_conn)
+ server_conn = Connection()
+ self.t_server.bind(server_conn)
+ client_conn.open()
+ server_conn.open()
+ try:
+ self._pump()
+ assert False, "Client failed to reject bad certificate."
+ except TransportException, e:
+ pass
+
Modified: qpid/proton/trunk/tests/proton_tests/ssl_db/README.txt
URL:
http://svn.apache.org/viewvc/qpid/proton/trunk/tests/proton_tests/ssl_db/README.txt?rev=1405865&r1=1405864&r2=1405865&view=diff
==============================================================================
--- qpid/proton/trunk/tests/proton_tests/ssl_db/README.txt (original)
+++ qpid/proton/trunk/tests/proton_tests/ssl_db/README.txt Mon Nov 5 16:28:37
2012
@@ -16,6 +16,7 @@ the CA.
server-private-key.pem - encrypted key used to create server-certificate.pem.
Password is
"server-password"
+bad-server-certificate.pem, bad-server-private-key.pem - a certificate/key
that is not trusted by the client, for negative test.
These certificates have been created using the OpenSSL tool.
@@ -32,4 +33,5 @@ The following commands were used to crea
openssl req -newkey rsa:2048 -keyout client-private-key.pem -passout
pass:client-password -out client-request.pem -subj "/O=Client/CN=127.0.0.1"
openssl x509 -req -in client-request.pem -CA ca-certificate.pem -CAkey
ca-private-key.pem -CAcreateserial -passin pass:ca-password -days 99999 -out
client-certificate.pem
-
+# Create a "bad" certificate - not signed by a trusted authority
+ openssl req -x509 -newkey rsa:2048 -keyout bad-server-private-key.pem
-passout pass:server-password -out bad-server-certificate.pem -days 99999
-subj "/O=Not Trusted, Inc/CN=127.0.0.1"
Added: qpid/proton/trunk/tests/proton_tests/ssl_db/bad-server-certificate.pem
URL:
http://svn.apache.org/viewvc/qpid/proton/trunk/tests/proton_tests/ssl_db/bad-server-certificate.pem?rev=1405865&view=auto
==============================================================================
--- qpid/proton/trunk/tests/proton_tests/ssl_db/bad-server-certificate.pem
(added)
+++ qpid/proton/trunk/tests/proton_tests/ssl_db/bad-server-certificate.pem Mon
Nov 5 16:28:37 2012
@@ -0,0 +1,20 @@
+-----BEGIN CERTIFICATE-----
+MIIDMzCCAhugAwIBAgIJAImy10Xen1EeMA0GCSqGSIb3DQEBBQUAMC8xGTAXBgNV
+BAoMEE5vdCBUcnVzdGVkLCBJbmMxEjAQBgNVBAMMCTEyNy4wLjAuMTAgFw0xMjEw
+MjkxNzQ4MzdaGA8yMjg2MDgxMzE3NDgzN1owLzEZMBcGA1UECgwQTm90IFRydXN0
+ZWQsIEluYzESMBAGA1UEAwwJMTI3LjAuMC4xMIIBIjANBgkqhkiG9w0BAQEFAAOC
+AQ8AMIIBCgKCAQEArOfXgL+eov/1+WC4YV5X5SbdHSiAk5G1CWhhJ/qucd9IIzSk
+JQ5TD2asJWs41hV80Yv50dBG7dr849oLzghpmFrRCPgmqgBbPpB/FcqgruU721Ab
+rW++nsJF0T63dZHHY2yIC73Ua8PrPeqHgShEymJ/TlSkO96CiigcTrCpqS1JdMfU
+njrGI3w5hCaRNdD2hXN6v/4SYp/eVPnVL2VXn8mFVbjpc9hZ+DFyinQzjZsEX/PZ
+gcsCDvDsdgnVgAVHRQ+X1T6m2e3gsGvc2yljVYt/LD7qvnOsq5GihnBBx7GKvBG1
+xzKyMApCso549eOT4pYN/vedtUwkSjt/mXR5AwIDAQABo1AwTjAdBgNVHQ4EFgQU
++PZbZUy2kKi/5r/4wyBf5wbiU9swHwYDVR0jBBgwFoAU+PZbZUy2kKi/5r/4wyBf
+5wbiU9swDAYDVR0TBAUwAwEB/zANBgkqhkiG9w0BAQUFAAOCAQEAR3dGkyMtGF5Y
+ssK2uWhdW7YTibkOK2Eo3407LgBJ1yVcLSTtXqOSJ5g7cXHAMPDjuLS+U3t7pPOY
+j+xN5i/Cxiln11ENg9e1WwqSaAS+mRvtthaASosNmX9E8Mv1d5Oel5aXOSpGAVFh
+mcOhd4OtwAADQ20vpd0zY2TYSoFc1yc/A/iiVbWl7fIzqfFmFAnyHHlF3KZG601g
+olEqth5tZuFg43Caki85NxawWt/08YvcH7EBY8PhRmQ9YPIn6OC6l6+EOQXuDuNH
+77J/qZrHqrJrdJ8pVp+AnmFD404WYiAo61xi04zsLNz2bsJbmqU5cChiXAj4LFbb
+RxvsH9Hz3g==
+-----END CERTIFICATE-----
Added: qpid/proton/trunk/tests/proton_tests/ssl_db/bad-server-private-key.pem
URL:
http://svn.apache.org/viewvc/qpid/proton/trunk/tests/proton_tests/ssl_db/bad-server-private-key.pem?rev=1405865&view=auto
==============================================================================
--- qpid/proton/trunk/tests/proton_tests/ssl_db/bad-server-private-key.pem
(added)
+++ qpid/proton/trunk/tests/proton_tests/ssl_db/bad-server-private-key.pem Mon
Nov 5 16:28:37 2012
@@ -0,0 +1,30 @@
+-----BEGIN ENCRYPTED PRIVATE KEY-----
+MIIFDjBABgkqhkiG9w0BBQ0wMzAbBgkqhkiG9w0BBQwwDgQIwerO2Q6JSj4CAggA
+MBQGCCqGSIb3DQMHBAhaNd3+ck6zqASCBMhnZ3Dr0TCjf7wmcf+QvnEDQFUEZmWF
+EL3fBx77qdal+miKU4ArUzgHDZXXR/7P+BnFZ0G7C+RnOBm9qo7xQGnfL/LTowHa
+j6STkmLXXItuIMVkCgST4mztWqia9DikkxREnkwzh3dtzK4AD4xBIC8lQ84Rk1T6
+5ECPFDTbxV6GDWHlxLmfalPAe3M+uYOu7VXmzdMdUAwLKi5HBlxiqtfR26DaBf8l
+OX0zg50xWs/xzTnTSOvNNPD+u8Kys4cH3eL75D9KwVBGzr2eLSSxGTvAUf/+zY19
+DrmNky6lv70tO7WOt3zabv0N6eS1HNsrgsUmOd4Lds+THoA2YEmpzIh6NZ2cTTyH
+AuYNtCRI7CVlfMqZ7uVWxr6bB25rQB7Go6AO/uC3edjzab2DHYGCXqUujmdyjW28
+nDwc287P88xd1b++XsJwkM3XiLX1HPjyC+6aVRADU+tHVa99t91u6IxoGATaljDI
+vLJItirP9jkXLmW7JwEGtjcxs14XZh4TjujdBfeZ+A0b8u2O/90g8no188WkCeP7
+7z9ociuv4eo/fMTYq2iL8cAj1xpMaey4APuoUmhJaO5v+GNUobld+ZpzJwOYsXjC
+wt/Tt2ftd/weAZWrM6VvPnMeEKXLBt38JKd0djanr3HU9z0Fmjhkvnq8lg1NEra7
+1FXlZvr/70kQ5KXLh9P5gucJmZw56RH+PwxfIjEFn/nz7jwYy0YFVLvC/Ay672Pu
+6qqgI3B7mdQNBPC9fh0m0hHMVTQwNh5UC37s/CHyk2YPc50Db4E/kXPOznSTMXuJ
+ILUdL3RleHVtosZrGz3DG/SSGs+r6Xgbr53DWzYTaH9U5t6DTlkoi4Lu5fUBZbRF
+hgl8DrtuQP6UHK/Sn9DGdDSSoZHfY3ZUzc59jjz1U0OPNZnLgbGKaAAA2lOhqxv7
+8eMAO6zj2xZAvZEvR/WkiG8eh8DBI295McnQqzCIBX9j95/U0XidtaFO72QDiVkB
+pAzM1zc20D29b9kBT0TgJKknhbvdarlsr+Q3jK6IqFD/3hAoF1u25iCKIqso50RT
+iCItiME0QB/62om9zCvOOIDV7vCsYW3qnhNdoK1g3vkPP5ySq+uFwuYPVbD66vP+
+HzWw/HTD4TIJ9SVfz5thFOKYsz8Lymc8WFDkBJhBNSfeTJ6UzNLaSEeNsBxjjmyR
+qOwRfSROcl4o9yXVn/A4dJs6CAZMs7f7gRyyyxJyEfZTenepcir1Z8xwKdErjKed
+1qPZw322VWc8w1iLnsyWbvzQlttdNsIGta9cqm717ea7GdfCqLGmGRLsAfnvuBUI
+ncL67+UKomU+Y8qwCcQRFV5Cmo56R3iTw50ZOH6uZ1rr29yhTO8VW5IdpvdTYwmN
+b+LGQ09AKHLkF49F44EBBc5DVP8BouUJQnJd0O542GrieMgpx2LMQqdcNvl9LqdO
+We2SDqhAhwJIXLLA8zn2aZbyFE/GEvvRJtQ4780BV11QTkWz87A/PNnsoBk/nCJt
+6BURBzobDo3InMx1DxZr6aiNSB0iVxy3JEAOk9mGGem4uMDf2LwRiJYWwxBGhz1+
+cXkSb0XeV9NWzg4+gatIrLhhSpFVAK6fwtgdFBdCPiDp6TaaKRysdAAjGPcrc+Lx
+YgE=
+-----END ENCRYPTED PRIVATE KEY-----
---------------------------------------------------------------------
To unsubscribe, e-mail: [email protected]
For additional commands, e-mail: [email protected]
