From 7a30c10587997cf104197106475b611c7091ae93 Mon Sep 17 00:00:00 2001
From: William Lallemand <wlallemand@haproxy.com>
Date: Mon, 25 Aug 2025 16:41:50 +0200
Subject: [PATCH] REGTESTS: jwt: create dynamically "cert.ecdsa.pem"

Stop declaring "cert.ecdsa.pem" in a crt-store, and add it dynamically
over the stats socket insted.

This way we fully verify a JWS signature with a certificate which never
existed at HAProxy startup.
---
 reg-tests/jwt/jws_verify.vtc | 9 +++++----
 1 file changed, 5 insertions(+), 4 deletions(-)

diff --git a/reg-tests/jwt/jws_verify.vtc b/reg-tests/jwt/jws_verify.vtc
index ca367e3be..3e7b349e6 100644
--- a/reg-tests/jwt/jws_verify.vtc
+++ b/reg-tests/jwt/jws_verify.vtc
@@ -49,10 +49,6 @@ haproxy h1 -conf {
         use_backend auth_bearer_be if { path /auth_bearer }
         default_backend dflt_be
 
-    # Unnamed crt-store
-    crt-store
-        load crt "${testdir}/cert.ecdsa.pem"
-
     crt-store named_store
         load crt "${testdir}/cert.rsa.pem"
 
@@ -268,6 +264,11 @@ client c8 -connect ${h1_mainfe_sock} {
 } -run
 
 
+shell {
+    echo "new ssl cert ${testdir}/cert.ecdsa.pem" | socat "${tmpdir}/h1/stats" -
+    printf "set ssl cert ${testdir}/cert.ecdsa.pem <<\n$(cat ${testdir}/cert.ecdsa.pem)\n\n" | socat "${tmpdir}/h1/stats" -
+    echo "commit ssl cert ${testdir}/cert.ecdsa.pem" | socat "${tmpdir}/h1/stats" -
+}
 
 client c9 -connect ${h1_mainfe_sock} {
     # Token content : {"alg":"ES256","typ":"JWT"}