diff options
| author | Matt Mastracci <matthew@mastracci.com> | 2024-02-10 13:22:13 -0700 |
|---|---|---|
| committer | GitHub <noreply@github.com> | 2024-02-10 20:22:13 +0000 |
| commit | f5e46c9bf2f50d66a953fa133161fc829cecff06 (patch) | |
| tree | 8faf2f5831c1c7b11d842cd9908d141082c869a5 /tests/testdata/tls/README.md | |
| parent | d2477f780630a812bfd65e3987b70c0d309385bb (diff) | |
chore: move cli/tests/ -> tests/ (#22369)
This looks like a massive PR, but it's only a move from cli/tests ->
tests, and updates of relative paths for files.
This is the first step towards aggregate all of the integration test
files under tests/, which will lead to a set of integration tests that
can run without the CLI binary being built.
While we could leave these tests under `cli`, it would require us to
keep a more complex directory structure for the various test runners. In
addition, we have a lot of complexity to ignore various test files in
the `cli` project itself (cargo publish exclusion rules, autotests =
false, etc).
And finally, the `tests/` folder will eventually house the `test_ffi`,
`test_napi` and other testing code, reducing the size of the root repo
directory.
For easier review, the extremely large and noisy "move" is in the first
commit (with no changes -- just a move), while the remainder of the
changes to actual files is in the second commit.
Diffstat (limited to 'tests/testdata/tls/README.md')
| -rw-r--r-- | tests/testdata/tls/README.md | 47 |
1 files changed, 47 insertions, 0 deletions
diff --git a/tests/testdata/tls/README.md b/tests/testdata/tls/README.md new file mode 100644 index 000000000..19bbaec35 --- /dev/null +++ b/tests/testdata/tls/README.md @@ -0,0 +1,47 @@ +The certificates in this dir expire on Sept, 27th, 2118 + +Certificates generated using original instructions from this gist: +https://gist.github.com/cecilemuller/9492b848eb8fe46d462abeb26656c4f8 + +## Certificate authority (CA) + +Generate RootCA.pem, RootCA.key, RootCA.crt: + +```shell +openssl req -x509 -nodes -new -sha256 -days 36135 -newkey rsa:2048 -keyout RootCA.key -out RootCA.pem -subj "/C=US/CN=Example-Root-CA" +openssl x509 -outform pem -in RootCA.pem -out RootCA.crt +``` + +Note that Example-Root-CA is an example, you can customize the name. + +## Domain name certificate + +First, create a file domains.txt that lists all your local domains (here we only +list localhost): + +```shell +authorityKeyIdentifier=keyid,issuer +basicConstraints=CA:FALSE +keyUsage = digitalSignature, nonRepudiation, keyEncipherment, dataEncipherment +subjectAltName = @alt_names +[alt_names] +DNS.1 = localhost +``` + +Generate localhost.key, localhost.csr, and localhost.crt: + +```shell +openssl req -new -nodes -newkey rsa:2048 -keyout localhost.key -out localhost.csr -subj "/C=US/ST=YourState/L=YourCity/O=Example-Certificates/CN=localhost.local" +openssl x509 -req -sha256 -days 36135 -in localhost.csr -CA RootCA.pem -CAkey RootCA.key -CAcreateserial -extfile domains.txt -out localhost.crt +``` + +Note that the country / state / city / name in the first command can be +customized. + +For testing purposes we need following files: + +- `RootCA.crt` +- `RootCA.key` +- `RootCA.pem` +- `localhost.crt` +- `localhost.key` |