root1.create_signed_cert('client1')
root1.create_signed_cert('new_client1')
root2 = RootCert('new_root')
root2.create_signed_cert('server2')
root2.create_signed_cert('client2')
# start ghostunnel
ghostunnel = Popen(['../ghostunnel', 'client', '--listen={0}:13004'.format(LOCALHOST),
'--target={0}:13005'.format(LOCALHOST), '--keystore=client1.p12',
'--cacert=root1.crt', '--status={0}:{1}'.format(LOCALHOST, STATUS_PORT)])
# ensure ghostunnel connects with server1
pair1 = SocketPair(TcpClient(13004), TlsServer('server1', 'root1', 13005))
pair1.validate_can_send_from_client("toto", "pair1 works")
pair1.validate_client_cert("client1", "pair1: ou=client1 -> ...")
# check certificate on status port
TlsClient(None, 'root1', STATUS_PORT).connect(20, 'client1')
print_ok("got client1 on /_status")
# replace keystore and check ghostunnel connects with new_client1
os.rename('new_client1.p12', 'client1.p12')
ghostunnel.send_signal(signal.SIGUSR1)
TlsClient(None, 'root1', STATUS_PORT).connect(20, 'new_client1')
print_ok("reload done")
pair2 = SocketPair(TcpClient(13004), TlsServer('server1', 'root1', 13005))
pair2.validate_can_send_from_client("toto", "pair2 works")
pair2.validate_client_cert("new_client1", "pair2: ou=new_client1 -> ...")
