e02b6b449c
urllib3 was recently bumped to 2.x[1] in global upper constraints. Adopt the unit tests to fix a few new errors. The key points are - It now strictly requires byte response - It ignores CN to verify SSL certificates and we should add SAN Also leave the script to generate test certificates and keys so that we can adjust these in the future more easily. [1] https://review.opendev.org/c/openstack/requirements/+/972462 Change-Id: I4ed7182ad38593554b0ac7cbdb63af85d984371d Signed-off-by: Takashi Kajinami <kajinamit@oss.nttdata.com>
57 lines
2.1 KiB
Bash
Executable File
57 lines
2.1 KiB
Bash
Executable File
#!/usr/bin/env bash
|
|
#
|
|
# Licensed under the Apache License, Version 2.0 (the "License"); you may
|
|
# not use this file except in compliance with the License. You may obtain
|
|
# a copy of the License at
|
|
#
|
|
# http://www.apache.org/licenses/LICENSE-2.0
|
|
#
|
|
# Unless required by applicable law or agreed to in writing, software
|
|
# distributed under the License is distributed on an "AS IS" BASIS, WITHOUT
|
|
# WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the
|
|
# License for the specific language governing permissions and limitations
|
|
# under the License.
|
|
#
|
|
# The script to generate the key file sand certificates files used in unit
|
|
# tests. These files are saved in glanceclient/tests/unit/var .
|
|
#
|
|
pushd $(dirname -- "$0")/../glanceclient/tests/unit/var
|
|
|
|
# Remove existing files
|
|
rm *.key *.csr *.crt *.srl
|
|
|
|
openssl genrsa -out ca.key 4096
|
|
|
|
openssl req -x509 -new -nodes -key ca.key -sha256 -days 3650 -out ca.crt \
|
|
-subj "/C=AU/ST=State CA/L=CA/O=OpenStack CA Org/OU=OpenStack Test CA/CN=Openstack Test Certificate Authority/emailAddress=admin@ca.example.com/" \
|
|
-addext "keyUsage=critical,digitalSignature,keyCertSign"
|
|
|
|
openssl genrsa -out privatekey.key 4096
|
|
|
|
openssl req -new -key privatekey.key -out server.csr \
|
|
-subj "/C=AU/ST=State CA/L=State1/O=OpenStack Test Org/OU=OpenStack Test Unit/CN=test.example.com/" \
|
|
-addext "subjectAltName=IP:127.0.0.1"
|
|
openssl x509 -req -in server.csr -CA ca.crt -CAkey ca.key -CAcreateserial \
|
|
-out certificate.crt -days 3650 -sha256 -copy_extensions copyall
|
|
|
|
openssl req -new -key privatekey.key -out expired-cert.csr \
|
|
-subj "/C=AU/ST=State CA/L=State1/O=OpenStack Test Org/OU=OpenStack Test Unit/CN=test.example.com/" \
|
|
-addext "subjectAltName=IP:127.0.0.1"
|
|
openssl x509 -req -in expired-cert.csr -CA ca.crt -CAkey ca.key -CAcreateserial \
|
|
-out expired-cert.crt -days 0 -sha256 -copy_extensions copyall
|
|
|
|
touch badcert.crt
|
|
|
|
for f in badcert.crt ca.crt certificate.crt expired-cert.crt privatekey.key; do
|
|
if [ -f $f ]; then
|
|
sed -i '1i # DO NOT EDIT. This file is generated by tools/generate_test_certs.sh' $f
|
|
fi
|
|
done
|
|
|
|
# Remove unused files
|
|
rm *.csr
|
|
rm ca.key
|
|
rm ca.srl
|
|
|
|
popd
|