# test case: MDomain, misses one ServerAlias def test_md_300_011a(self, env):
env.apache_stop()
conf = MDConf(env, text="""
MDomain not-forbidden.org manual www.not-forbidden.org mail.not-forbidden.org test3.not-forbidden.org """)
conf.add_vhost(port=env.https_port, domains=[ "not-forbidden.org", "test3.not-forbidden.org", "test4.not-forbidden.org"
])
conf.install() assert env.apache_fail() == 0
env.apache_stop()
env.httpd_error_log.ignore_recent([ "AH10040"# A requested MD certificate will not match ServerName
])
# test case: MDomain, misses one ServerAlias, but auto add enabled def test_md_300_011b(self, env):
env.apache_stop()
MDConf(env, text="""
MDomain not-forbidden.org auto mail.not-forbidden.org
# test case: global server name as managed domain name def test_md_300_014(self, env):
MDConf(env, text=f"""
MDomain www.{env.http_tld} www.example2.org
MDRenewMode manual
# test case: invalid pkey specification
@pytest.mark.parametrize("line,exp_err_msg", [
("MDPrivateKeys", "needs to specify the private key type"),
("MDPrivateKeys Default RSA 1024", "'Default' allows no other parameter"),
("MDPrivateKeys RSA 1024", "must be 2048 or higher"),
("MDPrivateKeys RSA 1024", "must be 2048 or higher"),
("MDPrivateKeys rsa 2048 rsa 4096", "two keys of type 'RSA' are not possible"),
("MDPrivateKeys p-256 secp384r1 P-256", "two keys of type 'P-256' are not possible"),
]) def test_md_300_016(self, env, line, exp_err_msg):
MDConf(env, text=line).install() assert env.apache_fail() == 0 assert exp_err_msg in env.apachectl_stderr
# test case: invalid renew window directive
@pytest.mark.parametrize("line,exp_err_msg", [
("MDRenewWindow dec-31", "has unrecognized format"),
("MDRenewWindow 1y", "has unrecognized format"),
("MDRenewWindow 10 d", "takes one argument"),
("MDRenewWindow 102%", "a length of 100% or more is not allowed.")]) def test_md_300_017(self, env, line, exp_err_msg):
MDConf(env, text=line).install() assert env.apache_fail() == 0 assert exp_err_msg in env.apachectl_stderr
# test case: invalid uri for MDProxyPass
@pytest.mark.parametrize("line,exp_err_msg", [
("MDHttpProxy", "takes one argument"),
("MDHttpProxy localhost:8080", "scheme must be http or https"),
("MDHttpProxy https://127.0.0.1:-443", "invalid port"),
("MDHttpProxy HTTP localhost 8080", "takes one argument")]) def test_md_300_018(self, env, line, exp_err_msg):
MDConf(env, text=line).install() assert env.apache_fail() == 0, "Server accepted test config {}".format(line) assert exp_err_msg in env.apachectl_stderr
# test case: invalid parameter for MDRequireHttps
@pytest.mark.parametrize("line,exp_err_msg", [
("MDRequireHTTPS yes", "supported parameter values are 'temporary' and 'permanent'"),
("MDRequireHTTPS", "takes one argument")]) def test_md_300_019(self, env, line, exp_err_msg):
MDConf(env, text=line).install() assert env.apache_fail() == 0, "Server accepted test config {}".format(line) assert exp_err_msg in env.apachectl_stderr
# test case: invalid parameter for MDMustStaple
@pytest.mark.parametrize("line,exp_err_msg", [
("MDMustStaple", "takes one argument"),
("MDMustStaple yes", "supported parameter values are 'on' and 'off'"),
("MDMustStaple true", "supported parameter values are 'on' and 'off'")]) def test_md_300_020(self, env, line, exp_err_msg):
MDConf(env, text=line).install() assert env.apache_fail() == 0, "Server accepted test config {}".format(line) assert exp_err_msg in env.apachectl_stderr
# test case: alt-names incomplete detection, github isse #68 def test_md_300_021(self, env):
env.apache_stop()
conf = MDConf(env, text="""
MDMembers manual
MDomain secret.com """)
conf.add_vhost(port=12344, domains=[ "not.secret.com", "secret.com"
])
conf.install() assert env.apache_fail() == 0 # this is unreliable on debian #assert env.httpd_error_log.scan_recent( # re.compile(r'.*Virtual Host not.secret.com:0 matches Managed Domain \'secret.com\', ' # 'but the name/alias not.secret.com itself is not managed. A requested ' # 'MD certificate will not match ServerName.*'), timeout=10 #)
# test case: use MDRequireHttps in an <if> construct, but not in <Directory def test_md_300_022(self, env):
MDConf(env, text="""
MDomain secret.com
<If"1 == 1">
MDRequireHttps temporary
</If>
<VirtualHost *:12344>
ServerName secret.com
</VirtualHost> """).install() assert env.apache_restart() == 0, f'{env.apachectl_stderr}' #
env.httpd_error_log.ignore_recent(
lognos = [ "AH10105"# MD secret.com does not match any VirtualHost with 'SSLEngine on'
]
)
# test case: use MDRequireHttps not in <Directory def test_md_300_023(self, env):
conf = MDConf(env, text="""
MDomain secret.com
<Directory /tmp>
MDRequireHttps temporary
</Directory> """)
conf.add_vhost(port=12344, domains=["secret.com"])
conf.install() assert env.apache_fail() == 0
# test case: invalid parameter for MDCertificateAuthority
@pytest.mark.parametrize("ca,exp_err_msg", [
("", "takes one argument"),
("yes", "The CA name 'yes' is not known "),
]) def test_md_300_024(self, env, ca, exp_err_msg):
conf = MDConf(env, text=f"""
MDCertificateAuthority {ca}
MDRenewMode manual # lets not contact these in testing """)
conf.install() assert env.apache_fail() == 0 assert exp_err_msg in env.apachectl_stderr
# test case: configure more than 1 CA
@pytest.mark.parametrize("cas, should_work", [
(["https://acme-v02.api.letsencrypt.org/directory"], True),
(["https://acme-v02.api.letsencrypt.org/directory", "buypass"], True),
(["x", "buypass"], False),
(["letsencrypt", "abc"], False),
(["letsencrypt", "buypass"], True),
]) def test_md_300_027(self, env, cas, should_work):
domain = f"test1.{env.http_tld}"
conf = MDConf(env, text=f"""
MDCertificateAuthority {' '.join(cas)}
MDRenewMode manual """)
conf.add_md([domain])
conf.install()
rv = env.apache_restart() if should_work: assert rv == 0, "Server did not accepted CAs '{}'".format(cas)
md = env.get_md_status(domain) assert len(md['ca']['urls']) == len(cas) else: assert rv != 0, "Server should not have accepted CAs '{}'".format(cas)
# messy ServerAliases, see #301 def test_md_300_028(self, env): assert env.apache_stop() == 0
conf = MDConf(env)
domaina = f"t300-028a.{env.http_tld}"
domainb = f"t300-028b.{env.http_tld}"
dalias = f"t300-028alias.{env.http_tld}"
conf.add_vhost(port=env.http_port, domains=[domaina, domainb, dalias], with_ssl=False)
conf.add(f"""
MDMembers manual
MDomain {domaina}
MDomain {domainb} {dalias} """)
conf.add(f"""
<VirtualHost 10.0.0.1:{env.https_port}>
ServerName {domaina}
ServerAlias {dalias}
SSLEngine on
</VirtualHost>
<VirtualHost 10.0.0.1:{env.https_port}>
ServerName {domainb}
ServerAlias {dalias}
SSLEngine on
</VirtualHost> """)
conf.install() # This does not work as we have both MDs match domain's vhost assert env.apache_fail() == 0
env.httpd_error_log.ignore_recent(
lognos=[ "AH10238", # 2 MDs match the same vhost
]
) # It works, if we only match on ServerNames
conf.add("MDMatchNames servernames")
conf.install() assert env.apache_restart() == 0, f'{env.apachectl_stderr}'
env.httpd_error_log.ignore_recent(
lognos=[ "AH10040", # ServerAlias not covered
]
)
# wildcard and specfic MD overlaps def test_md_300_029(self, env): assert env.apache_stop() == 0
conf = MDConf(env)
domain = f"t300-029.{env.http_tld}"
subdomain = f"sub.{domain}"
conf.add_vhost(port=env.http_port, domains=[domain, subdomain], with_ssl=False)
conf.add(f"""
MDMembers manual
MDomain {domain} *.{domain}
MDomain {subdomain} """)
conf.add(f"""
<VirtualHost 10.0.0.1:{env.https_port}>
ServerName {domain}
SSLEngine on
</VirtualHost>
<VirtualHost 10.0.0.1:{env.https_port}>
ServerName another.{domain}
SSLEngine on
</VirtualHost>
<VirtualHost 10.0.0.1:{env.https_port}>
ServerName {subdomain}
SSLEngine on
</VirtualHost> """)
conf.install() # This does not work as we have overlapping names in MDs assert env.apache_fail() == 0
env.httpd_error_log.ignore_recent(
lognos = [ "AH10038"# 2 MDs overlap
]
) # It works, if we only match on ServerNames
conf.add("MDMatchNames servernames")
conf.install() assert env.apache_restart() == 0, f'{env.apachectl_stderr}'
time.sleep(2) assert env.apache_stop() == 0 # we need dns-01 challenge for the wildcard, which is not configured
env.httpd_error_log.ignore_recent(matches=[
r'.*None of offered challenge types.*are supported.*'
])
# test case: corrupted md/httpd.json, see #369 def test_md_300_030(self, env):
domain = self.test_domain
domains = [domain]
conf = MDConf(env, admin="admin@" + domain)
conf.add_drive_mode("manual")
conf.add_md(domains)
conf.add_vhost(domain)
conf.install() assert env.apache_restart() == 0, f'{env.apachectl_stderr}' with open(os.path.join(env.store_dir, 'httpd.json'), 'w') as fd:
fd.write('garbage\n') # self-repairing now assert env.apache_restart() == 0, f'{env.apachectl_stderr}'
env.httpd_error_log.ignore_recent(matches=[
r'.*failed to load JSON file.*'
])
# test case: corrupted md/md_store.json, related to #369 def test_md_300_031(self, env):
env.purge_store()
domain = self.test_domain
domains = [domain]
conf = MDConf(env, admin="admin@" + domain)
conf.add_drive_mode("manual")
conf.add_md(domains)
conf.add_vhost(domain)
conf.install() assert env.apache_restart() == 0, f'{env.apachectl_stderr}' with open(os.path.join(env.store_dir, 'md_store.json'), 'w') as fd:
fd.write('garbage\n') # not self-repairing, failing to start
r = env.apache_restart()
env.purge_store() assert r != 0, f'{env.apachectl_stderr}'
env.httpd_error_log.ignore_recent(matches=[
r'.*failed to load JSON file.*',
r'.*init fs store at .*',
f'.* The central store file .* seems to exist, but its content are not readable.*',
], lognos=[ "AH10046"# setup store
])
Die Informationen auf dieser Webseite wurden
nach bestem Wissen sorgfältig zusammengestellt. Es wird jedoch weder Vollständigkeit, noch Richtigkeit,
noch Qualität der bereit gestellten Informationen zugesichert.
Bemerkung:
Die farbliche Syntaxdarstellung ist noch experimentell.
