Closed stephdl closed 3 months ago
QA
Test traefik from ghcr.io/nethserver/traefik:2.2.3-dev.2 test that you can use a rsa or dsa or ec key
test case: FAILED
The check added with the PR#89 is not enough.
After the key check, the action script try to calculate the modulus
of certificate and key to verify if they match each other:
# check if cert is provided by key
cert_hash="$(openssl x509 -noout -modulus -in $CERT_FILE | openssl md5)"
key_hash="$(openssl $TYPE_KEY -noout -modulus -in $KEY_FILE | openssl md5)"
if [ "$cert_hash" != "$key_hash" ]; then
echo "Key didn't generate certificate."
del_certs
exit 3
fi
but modulus
is not available for EC keys, so the action fails:
ec: Unknown cipher: modulus
ec: Use -help for summary.
809BA672C07F0000:error:0308010C:digital envelope routines:inner_evp_generic_fetch:unsupported:crypto/evp/evp_fetch.c:373:Global default library context, Algorithm (modulus : 0), Properties (<null>)
new version to test @nrauso ghcr.io/nethserver/traefik:2.2.3-dev.2
test case: VERIFIED
Steps to reproduce
Expected behavior
I expect that my certificate that it could be a RSA or a DSA or a EC certs is accepted
Actual behavior
only RSA certs are accepted
Components
traefik 2.2.2
See also
thank @nrauso