search

TinCanTech / easy-tls

Manage and Inline OpenVPN TLS keys and Easy-RSA PKI credentials. Supports OpenVPN TLS-Crypt-V2 key system and OpenVPN Peer-Fingerprint mode.
GNU General Public License v2.0
87 stars 19 forks source link

Do not build Easy-RSA PKI for unit-tests #279

Closed TinCanTech closed 2 years ago

TinCanTech commented 2 years ago

Instead, create the appropriate PKI(s) in dev and add them to the repository.

TinCanTech commented 2 years ago

This is the reason for the expected_error miscount:

------------------------------------------------------------
 ./easytls-cryptv2-verify.sh -v -s=/home/tct/git/tct/easy-tls/master-new/0 0/unit-test-tmp/easytls-cryptv2-verify.vars -c=/home/tct/git/tct/easy-tls/master-new/0 0/et-tdir1 -g=tincantech --via-ca
* easytls-metadata.lib v2.8 loaded
Using configuration from /home/tct/git/tct/easy-tls/master-new/0 0/et-tdir1/safessl-easyrsa.cnf
140514899789120:error:02001002:system library:fopen:No such file or directory:../crypto/bio/bss_file.c:69:fopen('/home/tct/git/tct/easy-tls/master-new/et-tdir1/index.txt','r')
140514899789120:error:2006D080:BIO routines:BIO_new_file:no such file:../crypto/bio/bss_file.c:76:

Easy-TLS version: 2.8.0

<ERROR> * Easy-TLS-cryptv2-verify => (ca) => vars loaded => V2-lock-acquired => CN: c05 => easytls OK => custom_group tincantech OK => tlskey-hash verified OK => Key age 0 days OK => Enabled OK => identity OK

ERROR: Serial status via CA has broken
** subtot_expected_errors 18
 ./easytls-client-connect.sh -v -m -s=/home/tct/git/tct/easy-tls/master-new/0 0/unit-test-tmp/easytls-client-connect.vars
* easytls-metadata.lib v2.8 loaded
* easytls-tctip.lib v2.8 loaded
 <EXOK> * EasyTLS-client-connect => vars loaded => CN: c05 => tls key serial: 067c0e5cc218650478165938cef2514cc0612e7672a0a78fa31028764dbf39de => IGNORE incorrect UV_TLSKEY_SERIAL => hwaddr not pushed => IGNORE hwaddr not required => connection allowed => IGNORE hwaddr mismatch! => temp-files deleted

 ./easytls-client-disconnect.sh -v -s=/home/tct/git/tct/easy-tls/master-new/0 0/unit-test-tmp/easytls-client-disconnect.vars
 <EXOK> * EasyTLS-client-disconnect => vars loaded => CN: c05 => tls key serial: 067c0e5cc218650478165938cef2514cc0612e7672a0a78fa31028764dbf39de => stack-lock-acquired => stack-lock-released => disconnect completed => temp-files deleted

* vars rebuilt
------------------------------------------------------------

safessl-easyrsa.cnf points to files on my home computer .. because mktemp ..

TinCanTech commented 2 years ago

That was fun ... and also enlightening.