def test_500_203(self):
# test case: reproduce issue with initially wrong agreement URL
domain = self.test_domain
name = "www." + domain
# setup: prepare md with invalid TOS url
conf = HttpdConf()
conf.add_admin("admin@" + domain)
conf.add_line("MDCertificateAgreement %s" % (TestEnv.ACME_TOS2))
conf.add_drive_mode("manual")
conf.add_md([name])
conf.install()
assert TestEnv.apache_restart() == 0
assert TestEnv.a2md(
["list",
name])['jout']['output'][0]['state'] == TestEnv.MD_S_INCOMPLETE
# drive it -> fail after account registration
assert TestEnv.a2md(["-vv", "drive", name])['rv'] == 1
# adjust config: replace TOS url with correct one
conf = HttpdConf()
conf.add_admin("admin@" + domain)
conf.add_drive_mode("manual")
conf.add_md([name])
conf.install()
time.sleep(1)
assert TestEnv.apache_restart() == 0
assert TestEnv.a2md(
["list",
name])['jout']['output'][0]['state'] == TestEnv.MD_S_INCOMPLETE
# drive it -> runs OK
assert TestEnv.a2md(["-vv", "drive", name])['rv'] == 0
assert TestEnv.a2md(
["list",
name])['jout']['output'][0]['state'] == TestEnv.MD_S_COMPLETE
def test_200_14(self):
conf = HttpdConf()
conf.add_line("""
LimitRequestFields 20
""")
conf.add_vhost_cgi()
conf.install()
assert TestEnv.apache_restart() == 0
url = TestEnv.mkurl("https", "cgi", "/")
opt = []
for i in range(21):
opt += ["-H", "x{0}: 1".format(i)]
r = TestEnv.curl_get(url, options=opt)
assert 431 == r["response"]["status"]
conf = HttpdConf()
conf.add_line("""
LimitRequestFields 0
""")
conf.add_vhost_cgi()
conf.install()
assert TestEnv.apache_restart() == 0
url = TestEnv.mkurl("https", "cgi", "/")
opt = []
for i in range(100):
opt += ["-H", "x{0}: 1".format(i)]
r = TestEnv.curl_get(url, options=opt)
assert 200 == r["response"]["status"]
def test_105_02(self):
conf = HttpdConf()
conf.add_line("""
Timeout 10
RequestReadTimeout handshake=2 header=5 body=10
""")
conf.add_vhost_cgi()
conf.install()
assert TestEnv.apache_restart() == 0
host = 'localhost'
# read with a longer timeout than the server
sock = socket.create_connection((host, int(TestEnv.HTTPS_PORT)))
try:
sock.settimeout(2.5)
buff = sock.recv(1024)
assert buff == b''
except Exception as ex:
print(f"server did not close in time: {ex}")
assert False
sock.close()
# read with a shorter timeout than the server
sock = socket.create_connection((host, int(TestEnv.HTTPS_PORT)))
try:
sock.settimeout(0.5)
buff = sock.recv(1024)
assert False
except Exception as ex:
print(f"as expected: {ex}")
sock.close()
def test_730_003(self):
# just configuring one file will not work
domain = self.test_domain
domains = [ domain, 'www.%s' % domain ]
testpath = os.path.join(TestEnv.GEN_DIR, 'test_920_001')
# cert that is only 10 more days valid
TestEnv.create_self_signed_cert(domains, { "notBefore": -80, "notAfter": 10 },
serial=730001, path=testpath)
cert_file = os.path.join(testpath, 'pubcert.pem')
pkey_file = os.path.join(testpath, 'privkey.pem')
assert os.path.exists(cert_file)
assert os.path.exists(pkey_file)
conf = HttpdConf()
conf.add_admin("*****@*****.**" )
conf.start_md(domains)
conf.add_line("MDCertificateFile %s" % (cert_file))
conf.end_md()
conf.add_vhost(domain)
conf.install()
assert TestEnv.apache_fail() == 0
conf = HttpdConf()
conf.add_admin("*****@*****.**" )
conf.start_md(domains)
conf.add_line("MDCertificateKeyFile %s" % (pkey_file))
conf.end_md()
conf.add_vhost(domain)
conf.install()
assert TestEnv.apache_fail() == 0
def test_901_011(self):
# MD with static cert files, lifetime in warn window, check message
domain = self.test_domain
domains = [ domain, 'www.%s' % domain ]
testpath = os.path.join(TestEnv.GEN_DIR, 'test_901_011')
# cert that is only 10 more days valid
TestEnv.create_self_signed_cert(domains, { "notBefore": -85, "notAfter": 5 },
serial=901011, path=testpath)
cert_file = os.path.join(testpath, 'pubcert.pem')
pkey_file = os.path.join(testpath, 'privkey.pem')
assert os.path.exists(cert_file)
assert os.path.exists(pkey_file)
conf = HttpdConf()
conf.add_admin("*****@*****.**" )
conf.add_message_cmd( "%s %s" % (self.mcmd, self.mlog) )
conf.start_md(domains)
conf.add_line("MDCertificateFile %s" % (cert_file))
conf.add_line("MDCertificateKeyFile %s" % (pkey_file))
conf.end_md()
conf.add_vhost(domain)
conf.install()
assert TestEnv.apache_restart() == 0
assert TestEnv.await_file(self.mlog)
nlines = open(self.mlog).readlines()
assert 1+self.menv_lines == len(nlines)
assert ("['%s', '%s', 'expiring', '%s']" % (self.mcmd, self.mlog, domain)) == nlines[0].strip()
# check that we do not get it resend right away again
assert TestEnv.apache_restart() == 0
time.sleep(1)
nlines = open(self.mlog).readlines()
assert 1+self.menv_lines == len(nlines)
assert ("['%s', '%s', 'expiring', '%s']" % (self.mcmd, self.mlog, domain)) == nlines[0].strip()
def test_901_004(self):
domain = self.test_domain
domains = [domain, "www." + domain]
conf = HttpdConf()
conf.add_admin("*****@*****.**")
conf.add_md(domains)
conf.add_vhost(domains)
conf.install()
assert TestEnv.apache_restart() == 0
assert TestEnv.await_completion([domain])
# force renew
conf = HttpdConf()
conf.add_admin("*****@*****.**")
conf.add_message_cmd("%s %s" % (self.mcmd, self.mlog))
conf.add_line("MDRenewWindow 120d")
conf.add_line("MDActivationDelay -7d")
conf.add_md(domains)
conf.add_vhost(domains)
conf.install()
assert TestEnv.apache_restart() == 0
assert TestEnv.await_completion([domain], restart=False)
time.sleep(3)
stat = TestEnv.get_md_status(domain)
nlines = open(self.mlog).readlines()
assert 1 == len(nlines)
assert ("['%s', '%s', 'renewed', '%s']" %
(self.mcmd, self.mlog, domain)) == nlines[0].strip()
def test_730_001(self):
# MD with static cert files, will not be driven
domain = self.test_domain
domains = [ domain, 'www.%s' % domain ]
testpath = os.path.join(TestEnv.GEN_DIR, 'test_920_001')
# cert that is only 10 more days valid
TestEnv.create_self_signed_cert(domains, { "notBefore": -80, "notAfter": 10 },
serial=730001, path=testpath)
cert_file = os.path.join(testpath, 'pubcert.pem')
pkey_file = os.path.join(testpath, 'privkey.pem')
assert os.path.exists(cert_file)
assert os.path.exists(pkey_file)
conf = HttpdConf()
conf.add_admin("*****@*****.**" )
conf.start_md(domains)
conf.add_line("MDCertificateFile %s" % (cert_file))
conf.add_line("MDCertificateKeyFile %s" % (pkey_file))
conf.end_md()
conf.add_vhost(domain)
conf.install()
assert TestEnv.apache_restart() == 0
# check if the domain uses it, it appears in our stats and renewal is off
cert = TestEnv.get_cert(domain)
assert ('%X' % 730001) == cert.get_serial()
stat = TestEnv.get_md_status(domain)
assert stat
assert 'cert' in stat
assert stat['renew'] == True
assert not 'renewal' in stat
def test_901_010(self):
# MD with static cert files, lifetime in renewal window, no message about renewal
domain = self.test_domain
domains = [domain, 'www.%s' % domain]
testpath = os.path.join(TestEnv.GEN_DIR, 'test_901_010')
# cert that is only 10 more days valid
TestEnv.create_self_signed_cert(domains, {
"notBefore": -70,
"notAfter": 20
},
serial=901010,
path=testpath)
cert_file = os.path.join(testpath, 'pubcert.pem')
pkey_file = os.path.join(testpath, 'privkey.pem')
assert os.path.exists(cert_file)
assert os.path.exists(pkey_file)
conf = HttpdConf()
conf.add_admin("*****@*****.**")
conf.add_message_cmd("%s %s" % (self.mcmd, self.mlog))
conf.start_md(domains)
conf.add_line("MDCertificateFile %s" % (cert_file))
conf.add_line("MDCertificateKeyFile %s" % (pkey_file))
conf.end_md()
conf.add_vhost(domain)
conf.install()
assert TestEnv.apache_restart() == 0
assert not os.path.isfile(self.mlog)
def test_920_020(self):
domain = self.test_domain
domains = [domain]
conf = HttpdConf()
conf.add_admin("*****@*****.**")
conf.add_line("MDStapling on")
conf.add_line("MDPrivateKeys secp256r1 RSA")
conf.add_md(domains)
conf.add_vhost(domain)
conf.install()
assert TestEnv.apache_restart() == 0
assert TestEnv.await_completion([domain], restart=False)
# In the stats JSON, we excpect 2 certificates under 'renewal'
stat = TestEnv.get_md_status(domain)
assert 'renewal' in stat
assert 'cert' in stat['renewal']
assert 'rsa' in stat['renewal']['cert']
assert 'secp256r1' in stat['renewal']['cert']
# In /.httpd/certificate-status 'renewal' we excpect 2 certificates
status = TestEnv.get_certificate_status(domain)
assert 'renewal' in status
assert 'cert' in status['renewal']
assert 'secp256r1' in status['renewal']['cert']
assert 'rsa' in status['renewal']['cert']
# restart and activate
# once activated, certs are listed in status
assert TestEnv.apache_restart() == 0
stat = TestEnv.get_md_status(domain)
assert 'cert' in stat
assert 'valid' in stat['cert']
for ktype in ['rsa', 'secp256r1']:
assert ktype in stat['cert']
assert 'ocsp' in stat['cert'][ktype]
def test_700_011(self):
domain = self.test_domain
domains = [domain, "www." + domain]
# generate 1 MD and 1 vhost, map port 443 onto itself where the server does not listen
conf = HttpdConf()
conf.add_admin("admin@" + domain)
conf.add_line("Protocols http/1.1 acme-tls/1")
conf.add_drive_mode("auto")
conf.add_ca_challenges(["tls-alpn-01"])
conf._add_line("MDPortMap 443:99")
conf.add_md(domains)
conf.add_vhost(domains)
conf.install()
assert TestEnv.apache_restart() == 0
TestEnv.check_md(domains)
assert not TestEnv.is_renewing(domain)
#
# now the same with a 443 mapped to a supported port
conf = HttpdConf()
conf.add_admin("admin@" + domain)
conf.add_line("Protocols http/1.1 acme-tls/1")
conf.add_drive_mode("auto")
conf.add_ca_challenges(["tls-alpn-01"])
conf._add_line("MDPortMap 443:%s" % TestEnv.HTTPS_PORT)
conf.add_md(domains)
conf.add_vhost(domains)
conf.install()
assert TestEnv.apache_restart() == 0
TestEnv.check_md(domains)
assert TestEnv.await_completion([domain])
def configure_httpd(cls, domain, add_lines=""):
cls.domain = domain
conf = HttpdConf()
conf.add_admin("admin@" + domain)
conf.add_line(add_lines)
conf.add_md([domain])
conf.add_vhost(domain)
conf.install()
return domain
def test_901_030(self):
domain = self.test_domain
domains = [domain, "www." + domain]
conf = HttpdConf()
conf.add_admin("*****@*****.**")
conf.add_md(domains)
conf.add_vhost(domains)
conf.install()
assert TestEnv.apache_restart() == 0
assert TestEnv.await_completion([domain])
# set the warn window that triggers right away and a failing message command
conf = HttpdConf()
conf.add_admin("*****@*****.**")
conf.add_message_cmd("%s %s" % (self.mcmdfail, self.mlog))
conf.add_md(domains)
conf.add_line("""
MDWarnWindow 100d
""")
conf.add_vhost(domains)
conf.install()
assert TestEnv.apache_restart() == 0
TestEnv.get_md_status(domain)
# this command should have failed and logged an error
# shut down server to make sure that md has completed
assert TestEnv.await_file(TestEnv.store_staged_file(domain, 'job.json'))
while True:
with open(TestEnv.store_staged_file(domain, 'job.json')) as f:
job = json.load(f)
if job["errors"] > 0:
assert job["errors"] > 0, "unexpected job result: {0}".format(job)
assert job["last"]["problem"] == "urn:org:apache:httpd:log:AH10109:"
break
time.sleep(0.1)
# reconfigure to a working notification command and restart
conf = HttpdConf()
conf.add_admin("*****@*****.**")
conf.add_message_cmd("%s %s" % (self.mcmd, self.mlog))
conf.add_md(domains)
conf.add_line("""
MDWarnWindow 100d
""")
conf.add_vhost(domains)
conf.install()
assert TestEnv.apache_restart() == 0
assert TestEnv.await_file(self.mlog)
# we see the notification logged by the command
nlines = open(self.mlog).readlines()
assert 1 == len(nlines)
assert ("['%s', '%s', 'expiring', '%s']" % (self.mcmd, self.mlog, domain)) == nlines[0].strip()
# the error needs to be gone
assert TestEnv.await_file(TestEnv.store_staged_file(domain, 'job.json'))
with open(TestEnv.store_staged_file(domain, 'job.json')) as f:
job = json.load(f)
assert job["errors"] == 0
def test_702_050(self):
domain = self.test_domain
conf = HttpdConf()
conf.add_line("""
MDBaseServer on
ServerAdmin admin@%s
ServerName %s
""" % (domain, domain))
conf.add_md([domain])
conf.install()
assert TestEnv.apache_restart() == 0
assert TestEnv.await_completion([domain])
def set_get_pkeys(self, domain, pkeys, conf=None):
domains = [domain]
if conf is None:
conf = HttpdConf()
conf.add_admin("admin@" + domain)
conf.add_line("MDPrivateKeys {0}".format(" ".join(
[p['spec'] for p in pkeys])))
conf.add_md(domains)
conf.add_vhost(domains)
conf.install()
assert TestEnv.apache_restart() == 0
assert TestEnv.await_completion([domain])
def test_710_003(self):
domain = "a-" + self.test_domain
domainb = "b-" + self.test_domain
# use ACMEv1 initially
TestEnv.set_acme('acmev1')
ca_url = TestEnv.ACME_URL
domains = [domain, "www." + domain]
conf = HttpdConf(local_CA=False,
text="""
ServerAdmin [email protected]
MDCertificateAuthority %s
MDCertificateAgreement accepted
MDMembers auto
""" % (ca_url))
conf.add_md([domain])
conf.add_vhost(domains)
conf.install()
assert TestEnv.apache_restart() == 0
TestEnv.check_md(domains)
assert TestEnv.await_completion([domain])
assert (0, 0) == TestEnv.httpd_error_log_count()
TestEnv.check_md(domains, ca=ca_url)
# use ACMEv2 now, same MD, no CA url
TestEnv.set_acme('acmev2')
# this changes the default CA url
assert TestEnv.ACME_URL_DEFAULT != ca_url
conf = HttpdConf(local_CA=False,
text="""
ServerAdmin [email protected]
MDCertificateAgreement accepted
MDMembers auto
""")
conf.start_md([domain])
conf.end_md()
conf.start_md2([domainb])
# this willg get the reald Let's Encrypt URL assigned, turn off
# auto renewal, so we will not talk to them
conf.add_line("MDRenewMode manual")
conf.end_md2()
conf.add_vhost(domains)
conf.add_vhost(domainb)
conf.install()
assert TestEnv.apache_restart() == 0
assert (0, 0) == TestEnv.httpd_error_log_count()
# the existing MD was migrated to new CA url
TestEnv.check_md(domains, ca=TestEnv.ACME_URL_DEFAULT)
# the new MD got the new default anyway
TestEnv.check_md([domainb], ca=TestEnv.ACME_URL_DEFAULT)
def test_920_011(self):
# MD with static cert files in base server, see issue #161
domain = self.test_domain
domains = [domain, 'www.%s' % domain]
testpath = os.path.join(TestEnv.GEN_DIR, 'test_920_011')
# cert that is only 10 more days valid
TestEnv.create_self_signed_cert(domains, {
"notBefore": -70,
"notAfter": 20
},
serial=920011,
path=testpath)
cert_file = os.path.join(testpath, 'pubcert.pem')
pkey_file = os.path.join(testpath, 'privkey.pem')
assert os.path.exists(cert_file)
assert os.path.exists(pkey_file)
conf = HttpdConf()
conf = HttpdConf(std_vhosts=False,
text=f"""
LogLevel md:trace2
LogLevel ssl:debug
MDPortMap http:- https:{TestEnv.HTTPS_PORT}
Listen {TestEnv.HTTPS_PORT}
ServerAdmin [email protected]
ServerName {domain}
SSLEngine on
Protocols h2 http/1.1 acme-tls/1
MDBaseServer on
<Location "/server-status">
SetHandler server-status
</Location>
<Location "/md-status">
SetHandler md-status
</Location>
""")
conf.start_md(domains)
conf.add_line(f"MDCertificateFile {cert_file}")
conf.add_line(f"MDCertificateKeyFile {pkey_file}")
conf.end_md()
conf.install()
TestEnv.HTTPD_CHECK_URL = TestEnv.HTTPD_URL_SSL
assert TestEnv.apache_restart() == 0
status = TestEnv.get_md_status(domain)
assert status
assert not 'renewal' in status
print(status)
assert status['state'] == TestEnv.MD_S_COMPLETE
assert status['renew-mode'] == 1 # manual
def test_702_051(self):
domain = self.test_domain
conf = HttpdConf()
conf.add_line("""
MDBaseServer on
MDPortMap http:-
ServerAdmin admin@%s
ServerName %s
""" % (domain, domain))
conf.add_md([domain])
conf.install()
assert TestEnv.apache_restart() == 0
assert TestEnv.await_error(domain)
def test_920_003(self):
domain = self.test_domain
domains = [domain]
conf = HttpdConf()
conf.add_admin("*****@*****.**")
conf.add_md(domains)
conf.add_line("MDCertificateStatus off")
conf.add_vhost(domain)
conf.install()
assert TestEnv.apache_restart() == 0
assert TestEnv.await_completion([domain], restart=False)
status = TestEnv.get_certificate_status(domain)
assert not status
def test_801_010(self):
assert TestEnv.apache_stop() == 0
TestEnv.clear_ocsp_store()
md = TestStapling.mdA
domains = [md]
conf = HttpdConf()
conf.add_admin("*****@*****.**")
conf.start_md(domains)
conf.add_line("MDStapling on")
conf.end_md()
conf.install()
assert TestEnv.apache_restart() == 0
stat = TestEnv.get_server_status()
assert stat
def test_920_004(self):
domain = self.test_domain
domains = [domain]
conf = HttpdConf()
conf.add_admin("*****@*****.**")
conf.add_md(domains)
conf.add_line("MDCertificateStatus off")
conf.add_vhost(domain)
conf.install()
assert TestEnv.apache_restart() == 0
assert TestEnv.await_completion([domain])
status = TestEnv.get_md_status("")
assert "version" in status
assert "managed-domains" in status
assert 1 == len(status["managed-domains"])
def test_810_004(self):
domain = self.test_domain
# generate config with one MD
domains = [domain]
conf = HttpdConf()
conf.add_admin("admin@" + domain)
conf.add_line("MDPrivateKeys secp192r1")
conf.add_md(domains)
conf.add_vhost(domains)
conf.install()
assert TestEnv.apache_restart() == 0
md = TestEnv.await_error(domain)
assert md
assert md['renewal']['errors'] > 0
assert md['renewal']['last'][
'problem'] == 'urn:ietf:params:acme:error:malformed'
def configure_httpd(cls, domains=None, add_lines="", ssl_stapling=False):
if not isinstance(domains, list):
domains = [domains] if domains else []
conf = HttpdConf()
conf.add_admin("admin@" + cls.domain)
if ssl_stapling:
conf.add_line("""
LogLevel ssl:trace2
SSLUseStapling On
SSLStaplingCache \"shmcb:logs/ssl_stapling(32768)\"
""")
conf.add_line(add_lines)
for domain in domains:
conf.add_md([domain])
conf.add_vhost(domain)
return conf
def test_702_052(self):
domain = self.test_domain
conf = HttpdConf()
conf.add_line("""
MDBaseServer on
MDPortMap http:-
Protocols h2 http/1.1 acme-tls/1
ServerAdmin admin@%s
ServerName %s
SSLEngine on
""" % (domain, domain))
conf.add_md([domain])
conf.install()
assert TestEnv.apache_restart() == 0
stat = TestEnv.get_md_status(domain)
assert stat["proto"]["acme-tls/1"] == [domain]
assert TestEnv.await_completion([domain])
def test_310_501(self):
# setup: create complete md in store
domain = self.test_domain
conf = HttpdConf()
conf.add_admin("admin@" + domain)
conf.start_md([domain])
conf.end_md()
conf.add_vhost(domain)
conf.add_line('LogLevel md:trace1')
conf.install()
assert TestEnv.apache_restart() == 0
# add a file at top level
assert TestEnv.await_completion([domain])
fpath = os.path.join(TestEnv.store_domains(), "wrong.com")
with open(fpath, 'w') as fd:
fd.write("this does not belong here\n")
assert TestEnv.apache_restart() == 0
def test_901_020(self):
domain = self.test_domain
domains = [ domain ]
conf = HttpdConf()
conf.add_admin( "*****@*****.**" )
conf.add_message_cmd( "%s %s" % (self.mcmd, self.mlog) )
conf.add_drive_mode( "auto" )
conf.add_md(domains)
conf.add_line("MDStapling on")
conf.add_vhost(domains)
conf.install()
assert TestEnv.apache_restart() == 0
assert TestEnv.await_completion( [ domain ] )
stat = TestEnv.await_ocsp_status(domain)
assert os.path.isfile(self.mlog)
nlines = open(self.mlog).readlines()
assert 2 == len(nlines)
assert ("['%s', '%s', 'renewed', '%s']" % (self.mcmd, self.mlog, domain)) == nlines[0].strip()
assert ("['%s', '%s', 'ocsp-renewed', '%s']" % (self.mcmd, self.mlog, domain)) == nlines[1].strip()
def test_105_03(self):
conf = HttpdConf()
conf.add_line("""
Timeout 10
RequestReadTimeout handshake=1 header=5 body=10
""")
conf.add_vhost_cgi()
conf.install()
assert TestEnv.apache_restart() == 0
url = TestEnv.mkurl("https", "cgi", "/necho.py")
r = TestEnv.curl_get(url, 5, [
"-vvv",
"-F",
("count=%d" % (100)),
"-F",
("text=%s" % ("abcdefghijklmnopqrstuvwxyz")),
"-F",
("wait1=%f" % (1.5)),
])
assert 200 == r["response"]["status"]
def test_702_040(self):
domain = self.test_domain
domains = [domain, "www." + domain]
#
# generate 1 MD and 1 vhost
conf = HttpdConf()
conf.add_admin("admin@" + domain)
conf.add_line("LogLevel core:debug")
conf.add_line("LogLevel ssl:debug")
conf.add_line("Protocols http/1.1 acme-tls/1")
conf.add_drive_mode("auto")
conf.add_ca_challenges(["tls-alpn-01"])
conf.add_md(domains)
conf.add_vhost(domains)
conf.install()
#
# restart (-> drive), check that MD was synched and completes
assert TestEnv.apache_restart() == 0
TestEnv.check_md(domains)
# check that acme-tls/1 is available for all domains
stat = TestEnv.get_md_status(domain)
assert stat["proto"]["acme-tls/1"] == domains
assert TestEnv.await_completion([domain])
TestEnv.check_md_complete(domain)
#
# check SSL running OK
cert = TestEnv.get_cert(domain)
assert domain in cert.get_san_list()
def test_801_009(self):
assert TestEnv.apache_stop() == 0
md = TestStapling.mdA
domains = [md]
testpath = os.path.join(TestEnv.GEN_DIR, 'test_801_009')
# cert that is 30 more days valid
TestEnv.create_self_signed_cert(domains, {
"notBefore": -60,
"notAfter": 30
},
serial=801009,
path=testpath)
cert_file = os.path.join(testpath, 'pubcert.pem')
pkey_file = os.path.join(testpath, 'privkey.pem')
assert os.path.exists(cert_file)
assert os.path.exists(pkey_file)
conf = HttpdConf()
conf.add_admin("*****@*****.**")
conf.start_md(domains)
conf.add_line("MDCertificateFile %s" % cert_file)
conf.add_line("MDCertificateKeyFile %s" % pkey_file)
conf.add_line("MDStapling on")
conf.end_md()
conf.add_vhost(md)
conf.install()
assert TestEnv.apache_restart() == 0
time.sleep(1)
stat = TestEnv.get_ocsp_status(md)
assert stat['ocsp'] == "no response sent"
def test_901_020(self):
domain = self.test_domain
domains = [ domain ]
conf = HttpdConf()
conf.add_admin( "*****@*****.**" )
conf.add_message_cmd( "%s %s" % (self.mcmd, self.mlog) )
conf.add_drive_mode( "auto" )
conf.add_md(domains)
conf.add_line("MDStapling on")
conf.add_vhost(domains)
conf.install()
assert TestEnv.apache_restart() == 0
assert TestEnv.await_completion( [ domain ] )
stat = TestEnv.await_ocsp_status(domain)
assert TestEnv.await_file(self.mlog)
nlines = open(self.mlog).readlines()
# since v2.1.10, the 'installed' message is second in log
lc = 1+self.menv_lines
assert 3*lc == len(nlines)
assert ("['%s', '%s', 'renewed', '%s']" % (self.mcmd, self.mlog, domain)) == nlines[0*lc].strip()
assert ("['%s', '%s', 'installed', '%s']" % (self.mcmd, self.mlog, domain)) == nlines[1*lc].strip()
assert ("['%s', '%s', 'ocsp-renewed', '%s']" % (self.mcmd, self.mlog, domain)) == nlines[2*lc].strip()
def test_700_004(self, challengeType):
# generate 1 MD and 1 vhost
domain = self.test_domain
domains = [domain, "www." + domain]
conf = HttpdConf()
conf.add_admin("admin@" + domain)
conf.add_line("Protocols http/1.1 acme-tls/1")
conf.add_drive_mode("auto")
conf.add_ca_challenges([challengeType])
conf.add_md(domains)
conf.add_vhost(domains)
conf.install()
#
# restart (-> drive), check that MD was synched and completes
assert TestEnv.apache_restart() == 0
TestEnv.check_md(domains)
assert TestEnv.await_completion([domain])
TestEnv.check_md_complete(domain)
#
# check SSL running OK
cert = TestEnv.get_cert(domain)
assert domain in cert.get_san_list()
