mirrors/haproxy
1
0
Fork 0
mirror of https://git.haproxy.org/git/haproxy.git/ synced 2025-09-20 13:21:29 +02:00
Code Issues Projects Releases Wiki Activity

REGTESTS: jwt: create dynamically "cert.ecdsa.pem"

Browse Source 
Stop declaring "cert.ecdsa.pem" in a crt-store, and add it dynamically
over the stats socket insted.

This way we fully verify a JWS signature with a certificate which never
existed at HAProxy startup.
This commit is contained in:
William Lallemand 2025-08-25 16:41:50 +02:00
parent 886a248be4
commit 7a30c10587
1 changed files with 5 additions and 4 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

9
reg-tests/jwt/jws_verify.vtc
View File

@ -49,10 +49,6 @@ haproxy h1 -conf {
use_backend auth_bearer_be if { path /auth_bearer }
default_backend dflt_be
# Unnamed crt-store
crt-store
load crt "${testdir}/cert.ecdsa.pem"
crt-store named_store
load crt "${testdir}/cert.rsa.pem"
@ -268,6 +264,11 @@ client c8 -connect ${h1_mainfe_sock} {
} -run
shell {
echo "new ssl cert ${testdir}/cert.ecdsa.pem" | socat "${tmpdir}/h1/stats" -
printf "set ssl cert ${testdir}/cert.ecdsa.pem <<\n$(cat ${testdir}/cert.ecdsa.pem)\n\n" | socat "${tmpdir}/h1/stats" -
echo "commit ssl cert ${testdir}/cert.ecdsa.pem" | socat "${tmpdir}/h1/stats" -
}
client c9 -connect ${h1_mainfe_sock} {
# Token content : {"alg":"ES256","typ":"JWT"}