On 02/20/13 11:33 AM, Erik Trauschke wrote:
On 02/19/13 03:57 PM, Shawn Walker wrote:
On 01/18/13 14:23, Erik Trauschke wrote:
Hi folks,
this is the addition of SSL client cert support to pkgrecv destinations,
pkgsend and pkgrepo.
The code changes are quite simple, it's the test suite changes which are
more complicated. I created a new TestClass which should make it easy to
test anything which requires client certs in the future.
One thing I noticed is that when reproducing the certs we use for the
signing and https tests, some sysrepo tests fail. Not sure if they use
some hard-coded cert data which wouldn't work anymore.
https://cr.opensolaris.org/action/browse/pkg/erisch/16193298/webrev/
src/pkgrepo.py:
line 1028: extra newline
lines 1503-1506: I don't think we should have the allow-timestamp thing
here, it doens't make sense. I'd just drop the first if condition and
simplify.
src/tests/cli/t_pkgrecv.py:
lines 819-824: missing ' ' after ':'; this goes for all of the other
test files where this was copy/pasted as well
line 847: extra newline
src/tests/cli/t_pkgrepo.py:
line 2228: insert another newline
general comment: I don't see any tests here to see what happens when a
user only specifies a key file and not a cert file, when they don't have
permission to read the key/cert, or when they specify a file that
doesn't exist, or when the file is zero-length. Can you add tests for
those for each command and provide sample error output for each case
from *one* of the commands?
I know that's a non-trivial amount of work, but inevitably, it will trip
us up later.
What do you want to test for? That it fails?
After speaking to Bart I think I know what you were looking for. We just
want to make sure we don't traceback if there are issues with the cert.
I'll go ahead and put that that in. It shouldn't be that complicated.
Erik
_______________________________________________
pkg-discuss mailing list
pkg-discuss@opensolaris.org
http://mail.opensolaris.org/mailman/listinfo/pkg-discuss
