Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

tests: Enable client certificate verification in the TLS tests #8211

Merged
merged 2 commits into from
Dec 13, 2023
Merged

tests: Enable client certificate verification in the TLS tests #8211

merged 2 commits into from
Dec 13, 2023

Conversation

Smjert
Copy link
Member

@Smjert Smjert commented Dec 6, 2023
edited

  • Add an option in the python test server to enable client certificate
    verification, since it was assumed to be on by some tests,
    but it wasn't.

  • Enable osquery_remote_transports_remotetransportstlstests-test
    on Windows, since it was incorrectly skipped.

  • Format test_http_server.py using black.

  • Use the non deprecated flag in the server
    to select the protocol versions

  • Regenerate test certificates to support strict checks with TLS 1.3 and OpenSSL 3.x

@Smjert
tests: Enable client certificate verification in the TLS tests
fb2504d 
- Add an option in the python test server to enable client certificate
  verification, since it was assumed to be on by some tests,
  but it wasn't.

- Enable osquery_remote_transports_remotetransportstlstests-test
  on Windows, since it was incorrectly skipped.

- Format test_http_server.py using black.
@Smjert Smjert marked this pull request as ready for review December 6, 2023 20:11
@Smjert Smjert requested review from a team as code owners December 6, 2023 20:11
directionless
directionless previously approved these changes Dec 6, 2023
View reviewed changes
@Smjert
Copy link
Member Author

Smjert commented Dec 6, 2023

I think there's some differences in python 3.12 here on the CI. I was testing locally via Windows and it was working, but I do have python 3.10.

@Smjert
Fix certificates for TLS 1.3 and OpenSSL 3.x
8ff36df 
Since TLS 1.3 and newer OpenSSL versions the strict
check requires for certificates to have a key usage.
Our test certificates did not - regenerate them.

Also use the non deprecated flag in the server
to select the protocol versions.
@Smjert Smjert merged commit f50be81 into osquery:master Dec 13, 2023
16 checks passed
@Smjert Smjert deleted the stefano/tests/mtls-tests branch December 13, 2023 18:02
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@directionless directionless directionless approved these changes

Assignees
No one assigned
Labels
remote test
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.

None yet
2 participants
@Smjert @directionless