(qpid-proton) 03/04: PROTON-2909: Modify tests to use the same ssl certificates

Wed, 03 Dec 2025 09:58:39 -0800 

This is an automated email from the ASF dual-hosted git repository.

astitcher pushed a commit to branch main
in repository https://gitbox.apache.org/repos/asf/qpid-proton.git

commit debbe8219c625d04d6760cff8f360b8133f72777
Author: Andrew Stitcher <[email protected]>
AuthorDate: Wed Dec 3 01:21:59 2025 -0500

    PROTON-2909: Modify tests to use the same ssl certificates
    
    With a CMake parameter allowing the location to be selected
---
 c/examples/broker.c           | 41 ++++++++++++++++++++++++++++-------------
 c/tests/CMakeLists.txt        |  7 +++----
 c/tests/proactor_test.cpp     | 38 ++++++++++++++++++++++----------------
 c/tests/ssl_proactor_test.cpp | 26 ++++++++++++++++++--------
 c/tests/test_config.h.in      | 26 --------------------------
 c/tests/tls_test.cpp          | 25 +++++++++++++++++--------
 cpp/examples/testme           |  2 +-
 ruby/CMakeLists.txt           |  1 +
 ruby/examples/broker.rb       |  7 ++++---
 tests/RuntimeCheck.cmake      |  6 +++++-
 tests/examples/CMakeLists.txt |  5 +++--
 11 files changed, 102 insertions(+), 82 deletions(-)

diff --git a/c/examples/broker.c b/c/examples/broker.c
index 6605582de..51eeddc15 100644
--- a/c/examples/broker.c
+++ b/c/examples/broker.c
@@ -32,20 +32,38 @@
 #include <stdlib.h>
 #include <string.h>
 
-/* The ssl-certs subdir must be in the current directory for an ssl-enabled 
broker */
-#define SSL_FILE(NAME) "ssl-certs/" NAME
-#define SSL_PW "tserverpw"
+static char* ssl_file_path(const char *name) {
+  char *env = getenv("SSL_CERT_DIR");
+  const char* cert_dir = env ? env : "ssl-certs";
+  char *r = (char*)malloc(strlen(cert_dir) + strlen(name) + 2);
+  sprintf(r, "%s/%s", cert_dir, name);
+  return r;
+}
+
+#define SSL_FILE(NAME) ssl_file_path(NAME)
+#define SSL_PW(NAME) NAME "pw"
 /* Windows vs. OpenSSL certificates */
 #if defined(_WIN32)
-#  define CERTIFICATE(NAME) SSL_FILE(NAME "-certificate.p12")
-#  define SET_CREDENTIALS(DOMAIN, NAME)                                 \
-  pn_ssl_domain_set_credentials(DOMAIN, SSL_FILE(NAME "-full.p12"), "", SSL_PW)
+#define CERTIFICATE(NAME) SSL_FILE(NAME "-certificate.p12")
+#define SSL_CRED1(NAME) SSL_FILE(NAME "-full.p12")
+#define SSL_CRED2(NAME) strdup(NAME)
 #else
-#  define CERTIFICATE(NAME) SSL_FILE(NAME "-certificate.pem")
-#  define SET_CREDENTIALS(DOMAIN, NAME)                                 \
-  pn_ssl_domain_set_credentials(DOMAIN, CERTIFICATE(NAME), SSL_FILE(NAME 
"-private-key.pem"), SSL_PW)
+#define CERTIFICATE(NAME) SSL_FILE(NAME "-certificate.pem")
+#define SSL_CRED1(NAME) CERTIFICATE(NAME)
+#define SSL_CRED2(NAME) SSL_FILE(NAME "-private-key.pem")
 #endif
 
+static void set_credentials(pn_ssl_domain_t *domain, char *cred1, char *cred2, 
const char *pwd) {
+  int err = pn_ssl_domain_set_credentials(domain, cred1, cred2, pwd);
+  if (err) {
+    printf("Failed to set up server certificate: %s, private key: %s\n", 
cred1, cred2);
+  }
+  free(cred1);
+  free(cred2);
+}
+
+#define SET_CREDENTIALS(DOMAIN, NAME) set_credentials(DOMAIN, SSL_CRED1(NAME), 
SSL_CRED2(NAME), SSL_PW(NAME))
+
 /* Simple re-sizable vector that acts as a queue */
 #define VEC(T) struct { T* data; size_t len, cap; }
 
@@ -457,10 +475,7 @@ int main(int argc, char **argv) {
   b.container_id = argv[0];
   b.threads = 4;
   b.ssl_domain = pn_ssl_domain(PN_SSL_MODE_SERVER);
-  err = SET_CREDENTIALS(b.ssl_domain, "tserver");
-  if (err) {
-    printf("Failed to set up server certificate: %s, private key: %s\n", 
CERTIFICATE("tserver"), SSL_FILE("tserver-private-key.pem"));
-  }
+  SET_CREDENTIALS(b.ssl_domain, "tserver");
   {
   /* Listen on addr */
   char addr[PN_MAX_ADDR];
diff --git a/c/tests/CMakeLists.txt b/c/tests/CMakeLists.txt
index 1dd884834..85eee84cc 100644
--- a/c/tests/CMakeLists.txt
+++ b/c/tests/CMakeLists.txt
@@ -17,12 +17,11 @@
 # under the License.
 #
 
-configure_file(test_config.h.in test_config.h)
-include_directories(${CMAKE_CURRENT_BINARY_DIR} 
${PROJECT_SOURCE_DIR}/tests/include)
+include_directories(${PROJECT_SOURCE_DIR}/tests/include)
 if (WIN32)
-  set(test_env "PATH=$<TARGET_FILE_DIR:qpid-proton-core>")
+  set(test_env 
"PATH=$<TARGET_FILE_DIR:qpid-proton-core>;TEST_CERT_DIR=${TEST_CERT_DIR}")
 else()
-  set(test_env "")
+  set(test_env "TEST_CERT_DIR=${TEST_CERT_DIR}")
   set(platform_test_src ssl_test.cpp)
 endif()
 
diff --git a/c/tests/proactor_test.cpp b/c/tests/proactor_test.cpp
index 98124a9e6..f4c075fb6 100644
--- a/c/tests/proactor_test.cpp
+++ b/c/tests/proactor_test.cpp
@@ -19,7 +19,6 @@
 
 #include "../src/proactor/proactor-internal.h"
 #include "./pn_test_proactor.hpp"
-#include "./test_config.h"
 
 #include <proton/condition.h>
 #include <proton/connection.h>
@@ -35,7 +34,7 @@
 
 #include <string.h>
 
-#include <iostream>
+#include <filesystem>
 
 using namespace pn_test;
 using Catch::Matchers::Contains;
@@ -468,20 +467,6 @@ TEST_CASE("proactor_release_free") {
   pn_connection_free(pn_connection());
 }
 
-#define SSL_FILE(NAME) CMAKE_CURRENT_SOURCE_DIR "/ssl-certs/" NAME
-#define SSL_PW "tserverpw"
-/* Windows vs. OpenSSL certificates */
-#if defined(_WIN32)
-#define CERTIFICATE(NAME) SSL_FILE(NAME "-certificate.p12")
-#define SET_CREDENTIALS(DOMAIN, NAME)                                          
\
-  pn_ssl_domain_set_credentials(DOMAIN, SSL_FILE(NAME "-full.p12"), "", SSL_PW)
-#else
-#define CERTIFICATE(NAME) SSL_FILE(NAME "-certificate.pem")
-#define SET_CREDENTIALS(DOMAIN, NAME)                                          
\
-  pn_ssl_domain_set_credentials(DOMAIN, CERTIFICATE(NAME),                     
\
-                                SSL_FILE(NAME "-private-key.pem"), SSL_PW)
-#endif
-
 namespace {
 
 struct ssl_handler : public common_handler {
@@ -516,8 +501,29 @@ struct ssl_handler : public common_handler {
   }
 };
 
+std::string ssl_file_path(const std::string &name) {
+  auto env = getenv("TEST_CERT_DIR");
+  const char* cert_dir = env ? env : "ssl-certs";
+  auto p = std::filesystem::path(cert_dir) / name;
+  return p.string();
+}
 } // namespace
 
+#define SSL_FILE(NAME) ssl_file_path(NAME)
+#define SSL_PW(NAME) NAME "pw"
+/* Windows vs. OpenSSL certificates */
+#if defined(_WIN32)
+#define CERTIFICATE(NAME) SSL_FILE(NAME "-certificate.p12").c_str()
+#define SSL_CRED1(NAME) SSL_FILE(NAME "-full.p12").c_str()
+#define SSL_CRED2(NAME) (NAME)
+#else
+#define CERTIFICATE(NAME) SSL_FILE(NAME "-certificate.pem").c_str()
+#define SSL_CRED1(NAME) CERTIFICATE(NAME)
+#define SSL_CRED2(NAME) SSL_FILE(NAME "-private-key.pem").c_str()
+#endif
+
+#define SET_CREDENTIALS(DOMAIN, NAME) pn_ssl_domain_set_credentials(DOMAIN, 
SSL_CRED1(NAME), SSL_CRED2(NAME), SSL_PW(NAME))
+
 /* Test various SSL connections between proactors*/
 TEST_CASE("proactor_ssl") {
   if (!pn_ssl_present()) {
diff --git a/c/tests/ssl_proactor_test.cpp b/c/tests/ssl_proactor_test.cpp
index 09e3031e7..e9f64051b 100644
--- a/c/tests/ssl_proactor_test.cpp
+++ b/c/tests/ssl_proactor_test.cpp
@@ -37,6 +37,8 @@
 #include <stdlib.h>
 #include <string.h>
 
+#include <filesystem>
+
 typedef struct app_data_t {
   const char *amqp_address;
   const char *container_id;
@@ -47,20 +49,28 @@ typedef struct app_data_t {
   bool transport_error;
 } app_data_t;
 
-/* Note must be run in the current directory to find certificate files */
-#define SSL_FILE(NAME) "ssl-certs/" NAME
+static std::string ssl_file_path(const std::string &name) {
+  auto env = getenv("TEST_CERT_DIR");
+  const char* cert_dir = env ? env : "ssl-certs";
+  auto p = std::filesystem::path(cert_dir) / name;
+  return p.string();
+}
+
+#define SSL_FILE(NAME) ssl_file_path(NAME)
 #define SSL_PW(NAME) NAME "pw"
 /* Windows vs. OpenSSL certificates */
 #if defined(_WIN32)
-#  define CERTIFICATE(NAME) SSL_FILE(NAME "-certificate.p12")
-#  define SET_CREDENTIALS(DOMAIN, NAME)                                 \
-  pn_ssl_domain_set_credentials(DOMAIN, SSL_FILE(NAME "-full.p12"), "", 
SSL_PW(NAME))
+#define CERTIFICATE(NAME) SSL_FILE(NAME "-certificate.p12").c_str()
+#define SSL_CRED1(NAME) SSL_FILE(NAME "-full.p12").c_str()
+#define SSL_CRED2(NAME) (NAME)
 #else
-#  define CERTIFICATE(NAME) SSL_FILE(NAME "-certificate.pem")
-#  define SET_CREDENTIALS(DOMAIN, NAME)                                 \
-  pn_ssl_domain_set_credentials(DOMAIN, CERTIFICATE(NAME), SSL_FILE(NAME 
"-private-key.pem"), SSL_PW(NAME))
+#define CERTIFICATE(NAME) SSL_FILE(NAME "-certificate.pem").c_str()
+#define SSL_CRED1(NAME) CERTIFICATE(NAME)
+#define SSL_CRED2(NAME) SSL_FILE(NAME "-private-key.pem").c_str()
 #endif
 
+#define SET_CREDENTIALS(DOMAIN, NAME) pn_ssl_domain_set_credentials(DOMAIN, 
SSL_CRED1(NAME), SSL_CRED2(NAME), SSL_PW(NAME))
+
 
 /* Returns true to continue, false if finished */
 static bool server_handler(app_data_t* app, pn_event_t* event) {
diff --git a/c/tests/test_config.h.in b/c/tests/test_config.h.in
deleted file mode 100644
index d1d3a1800..000000000
--- a/c/tests/test_config.h.in
+++ /dev/null
@@ -1,26 +0,0 @@
-#ifndef TESTS_TEST_CONFIG_H
-#define TESTS_TEST_CONFIG_H
-
-/*
- * Licensed to the Apache Software Foundation (ASF) under one
- * or more contributor license agreements.  See the NOTICE file
- * distributed with this work for additional information
- * regarding copyright ownership.  The ASF licenses this file
- * to you under the Apache License, Version 2.0 (the
- * "License"); you may not use this file except in compliance
- * with the License.  You may obtain a copy of the License at
- *
- *   http://www.apache.org/licenses/LICENSE-2.0
- *
- * Unless required by applicable law or agreed to in writing,
- * software distributed under the License is distributed on an
- * "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
- * KIND, either express or implied.  See the License for the
- * specific language governing permissions and limitations
- * under the License.
- */
-
-/* Make source tree locations available to tests */
-#define CMAKE_CURRENT_SOURCE_DIR "@CMAKE_CURRENT_SOURCE_DIR@"
-
-#endif // TESTS_TEST_CONFIG_H
diff --git a/c/tests/tls_test.cpp b/c/tests/tls_test.cpp
index c735abe44..fab25a2cc 100644
--- a/c/tests/tls_test.cpp
+++ b/c/tests/tls_test.cpp
@@ -30,25 +30,34 @@
 #endif
 
 #include <cstring>
+#include <filesystem>
 
 using namespace pn_test;
 using Catch::Matchers::Contains;
 using Catch::Matchers::Equals;
 
-/* Note must be run in the current directory to find certificate files */
-#define SSL_FILE(NAME) "ssl-certs/" NAME
+static std::string ssl_file_path(const std::string &name) {
+  auto env = getenv("TEST_CERT_DIR");
+  const char* cert_dir = env ? env : "ssl-certs";
+  auto p = std::filesystem::path(cert_dir) / name;
+  return p.string();
+}
+
+#define SSL_FILE(NAME) ssl_file_path(NAME)
 #define SSL_PW(NAME) NAME "pw"
 /* Windows vs. OpenSSL certificates */
 #if defined(_WIN32)
-#  define CERTIFICATE(NAME) SSL_FILE(NAME "-certificate.p12")
-#  define SET_CREDENTIALS(DOMAIN, NAME)                                 \
-  pn_tls_config_set_credentials(DOMAIN, SSL_FILE(NAME "-full.p12"), "", 
SSL_PW(NAME))
+#define CERTIFICATE(NAME) SSL_FILE(NAME "-certificate.p12").c_str()
+#define SSL_CRED1(NAME) SSL_FILE(NAME "-full.p12").c_str()
+#define SSL_CRED2(NAME) (NAME)
 #else
-#  define CERTIFICATE(NAME) SSL_FILE(NAME "-certificate.pem")
-#  define SET_CREDENTIALS(DOMAIN, NAME)                                 \
-  pn_tls_config_set_credentials(DOMAIN, CERTIFICATE(NAME), SSL_FILE(NAME 
"-private-key.pem"), SSL_PW(NAME))
+#define CERTIFICATE(NAME) SSL_FILE(NAME "-certificate.pem").c_str()
+#define SSL_CRED1(NAME) CERTIFICATE(NAME)
+#define SSL_CRED2(NAME) SSL_FILE(NAME "-private-key.pem").c_str()
 #endif
 
+#define SET_CREDENTIALS(DOMAIN, NAME) pn_tls_config_set_credentials(DOMAIN, 
SSL_CRED1(NAME), SSL_CRED2(NAME), SSL_PW(NAME))
+
 static void reset_rbuf(pn_raw_buffer_t *rb) {
   memset(rb, 0, sizeof(*rb));
 }
diff --git a/cpp/examples/testme b/cpp/examples/testme
index 2d470197f..1a4e0a671 100755
--- a/cpp/examples/testme
+++ b/cpp/examples/testme
@@ -185,7 +185,7 @@ class ContainerExampleSSLTest(unittest.TestCase):
 
     def ssl_certs_dir(self):
         """Absolute path to the test SSL certificates"""
-        return os.path.join(dirname(sys.argv[0]), "ssl-certs")
+        return os.getenv('TEST_CERT_DIR') or 
os.path.join(dirname(sys.argv[0]), "ssl-certs")
 
     def test_ssl(self):
         # SSL without SASL, VERIFY_PEER_NAME
diff --git a/ruby/CMakeLists.txt b/ruby/CMakeLists.txt
index 8eafc751b..ac7f72a82 100644
--- a/ruby/CMakeLists.txt
+++ b/ruby/CMakeLists.txt
@@ -101,6 +101,7 @@ execute_process(COMMAND ${RUBY_EXECUTABLE} -r minitest -e ""
 if (result EQUAL 0)  # Have minitest
   set(test_env
     "PATH=${PATH}"
+    "SSL_CERT_DIR=${TEST_CERT_DIR}"
     "RUBYLIB=${RUBYLIB}"
     "${COVERAGE}"
     "COVERAGE_DIR=${PROJECT_BINARY_DIR}/coverage_results/ruby"
diff --git a/ruby/examples/broker.rb b/ruby/examples/broker.rb
index 65e7142f3..9686a22d1 100644
--- a/ruby/examples/broker.rb
+++ b/ruby/examples/broker.rb
@@ -133,11 +133,12 @@ class Broker < Qpid::Proton::Listener::Handler
   def ssl_setup
     # Optional SSL setup
     ssl = Qpid::Proton::SSLDomain.new(Qpid::Proton::SSLDomain::MODE_SERVER)
-    cert_passsword = "tserverpw"
+    cert_password = "tserverpw"
+    cert_dir = ENV['SSL_CERT_DIR'] || 'ssl-certs'
     if Gem.win_platform?       # Use P12 certs for windows schannel
-      ssl.credentials("ssl-certs/tserver-certificate.p12", "", cert_passsword)
+      ssl.credentials(File.join(cert_dir, 'tserver-certificate.p12'), "", 
cert_password)
     else
-      ssl.credentials("ssl-certs/tserver-certificate.pem", 
"ssl-certs/tserver-private-key.pem", cert_passsword)
+      ssl.credentials(File.join(cert_dir, 'tserver-certificate.pem'), 
File.join(cert_dir, 'tserver-private-key.pem'), cert_password)
     end
     ssl.allow_unsecured_client # SSL is optional, this is not secure.
     @connection_options[:ssl_domain] = ssl if ssl
diff --git a/tests/RuntimeCheck.cmake b/tests/RuntimeCheck.cmake
index 09fd0c09a..68e494885 100644
--- a/tests/RuntimeCheck.cmake
+++ b/tests/RuntimeCheck.cmake
@@ -27,7 +27,11 @@
 set(TEST_EXE_PREFIX "" CACHE STRING "Prefix for test executable command line")
 set(TEST_WRAP_PREFIX "" CACHE STRING "Prefix for interpreter tests (e.g. 
python, ruby) that load proton as an extension")
 set(TEST_ENV "" CACHE STRING "Extra environment for tests: 
name1=value1;name2=value2")
-mark_as_advanced(TEST_EXE_PREFIX TEST_WRAP_PREFIX TEST_ENV)
+
+# Set here to group with other TEST_ options
+set(TEST_CERT_DIR "${Proton_SOURCE_DIR}/tests/ssl-certs" CACHE PATH "Directory 
containing test SSL certificates")
+
+mark_as_advanced(FORCE TEST_EXE_PREFIX TEST_WRAP_PREFIX TEST_ENV TEST_CERT_DIR)
 
 # Check for valgrind
 find_program(VALGRIND_EXECUTABLE valgrind DOC "location of valgrind program")
diff --git a/tests/examples/CMakeLists.txt b/tests/examples/CMakeLists.txt
index 11f20ed22..8bdb6360c 100644
--- a/tests/examples/CMakeLists.txt
+++ b/tests/examples/CMakeLists.txt
@@ -31,6 +31,7 @@ endif()
 
 set(c_test_env
   "PATH=${c_test_path}"
+  "SSL_CERT_DIR=${TEST_CERT_DIR}"
   "PYTHONPATH=${Proton_SOURCE_DIR}/tests/py")
 
 pn_add_test(
@@ -50,8 +51,8 @@ if (BUILD_CPP)
 
   set(cpp_test_env
     "PATH=${cpp_test_path}"
-    "PYTHONPATH=${Proton_SOURCE_DIR}/tests/py"
-    "HAS_CPP11=$<$<BOOL:${HAS_ENOUGH_CPP11}>:1>")
+    "TEST_CERT_DIR=${TEST_CERT_DIR}"
+    "PYTHONPATH=${Proton_SOURCE_DIR}/tests/py")
 
   pn_add_test(
     UNWRAPPED


---------------------------------------------------------------------
To unsubscribe, e-mail: [email protected]
For additional commands, e-mail: [email protected]

Reply via email to