Skip to content

Commit a5da745

Browse files
authored
Switch to trustme for test certificates (elastic#2679)
1 parent 066465e commit a5da745

File tree

5 files changed

+53
-83
lines changed

5 files changed

+53
-83
lines changed

Diff for: .buildkite/certs/README.md

+26
Original file line numberDiff line numberDiff line change
@@ -0,0 +1,26 @@
1+
# CI certificates
2+
3+
This directory contains certificates that can be used to test against Elasticsearch in CI
4+
5+
## Generating new certificates using the Certificate Authority cert and key
6+
7+
Before adding support for Python 3.13, we generated certificates with
8+
[`elasticsearch-certutil`](https://www.elastic.co/guide/en/elasticsearch/reference/current/certutil.html).
9+
However, those certificates are not compliant with RFC 5280, and Python now
10+
enforces compliance by enabling the VERIFY_X509_STRICT flag by default.
11+
12+
If you need to generate new certificates, you can do so with
13+
[trustme](https://trustme.readthedocs.io/en/latest/) as follows:
14+
15+
```
16+
```bash
17+
pip install trustme
18+
python -m trustme --identities instance
19+
# Use the filenames expected by our tests
20+
mv client.pem ca.crt
21+
mv server.pem testnode.crt
22+
mv server.key testnode.key
23+
```
24+
25+
For more control over the generated certificates, trustme also offers a Python
26+
API, but we have not needed it so far.

Diff for: .buildkite/certs/ca.crt

100755100644
+10-18
Original file line numberDiff line numberDiff line change
@@ -1,20 +1,12 @@
11
-----BEGIN CERTIFICATE-----
2-
MIIDSTCCAjGgAwIBAgIUHTeTPPuZIX3wdyudMsllXa9yZ1kwDQYJKoZIhvcNAQEL
3-
BQAwNDEyMDAGA1UEAxMpRWxhc3RpYyBDZXJ0aWZpY2F0ZSBUb29sIEF1dG9nZW5l
4-
cmF0ZWQgQ0EwHhcNMjMwODIxMTcyNTMyWhcNMjYwODIwMTcyNTMyWjA0MTIwMAYD
5-
VQQDEylFbGFzdGljIENlcnRpZmljYXRlIFRvb2wgQXV0b2dlbmVyYXRlZCBDQTCC
6-
ASIwDQYJKoZIhvcNAQEBBQADggEPADCCAQoCggEBAMZs7DXbV7ovFvQ/CiqvHHZ/
7-
40rLyAcBQMhVBke2VVCQk3hIOPpHYt3xZgb61Oyrf14lFxny483beXaUqGThZ67Y
8-
RsxzSOS8NUi21OLZ3xaE+p+Yx9Xe6lTMQJM4RpD/A5V35uikji1K4+F0ooJghELq
9-
Fndmark/7SQFh6Bg8/aaf6Hpyar3WOWdQjHXgszNAv1Ez7+pPlfnCS8XNjYB5Y2n
10-
gAayb1krMRW/3E6hRVZAig3I2H8mezL5tF8iS5aJW1WLpw4oYnbH0DdS+gpCK1lT
11-
8GZd8Dk0QbNGpXNTu67BravVhgEoprBVMz6G1C4MiuVcBy7gA671/f46S4Tgb10C
12-
AwEAAaNTMFEwHQYDVR0OBBYEFHVhRrHXbd5QFEgk3RFn4Y4LYo9PMB8GA1UdIwQY
13-
MBaAFHVhRrHXbd5QFEgk3RFn4Y4LYo9PMA8GA1UdEwEB/wQFMAMBAf8wDQYJKoZI
14-
hvcNAQELBQADggEBACoGVPqeYE3IPRdSAtihIq071BfGA8vgfJWv0qiI0T+gYetX
15-
dnebmQc5EccdEIrxD0bLKPgzd5c3ILwQy5+uo03ua7PrplwPVdeNXnU1LodAQ0Zb
16-
GmTixXqgj8AMcvRsA7qARjXvf6w3Yyb7GO3FXRIGtqk12Vb1qnJg894CSIWrHiw0
17-
hRO5b7eJyrOy2s6QA6FucM/scM1Z/8D9tHfgwmrKM875VGerJORwfHCaCvF1YvBj
18-
cIpYNnw2vFzDvRevh63sSQbZ9q3nbtD27AZSN9LKEbipSEOoBZMKG2zgDTT/Olzx
19-
EQJ2t+Z487UuFX6+WaLZMteL2F4eh9OFWIYM3EI=
2+
MIIByTCCAW+gAwIBAgIUIYClYWXiTsB8aMrEEMrzdrk5rOswCgYIKoZIzj0EAwIw
3+
QDEXMBUGA1UECgwOdHJ1c3RtZSB2MS4yLjAxJTAjBgNVBAsMHFRlc3RpbmcgQ0Eg
4+
I2JpdzFXYzEwbHBxQ0ZRTDUwIBcNMDAwMTAxMDAwMDAwWhgPMzAwMDAxMDEwMDAw
5+
MDBaMEAxFzAVBgNVBAoMDnRydXN0bWUgdjEuMi4wMSUwIwYDVQQLDBxUZXN0aW5n
6+
IENBICNiaXcxV2MxMGxwcUNGUUw1MFkwEwYHKoZIzj0CAQYIKoZIzj0DAQcDQgAE
7+
SN7++A76LmOR0tKKra1M6VVzGUljjL9fVPxOEIblOOJJhA7mKLQguNzEHjucNV23
8+
LcDzMX/M/oUBGdYZBbAv4qNFMEMwHQYDVR0OBBYEFCrGGcO9v0UAWSsD93P/x2MT
9+
NiJbMBIGA1UdEwEB/wQIMAYBAf8CAQkwDgYDVR0PAQH/BAQDAgGGMAoGCCqGSM49
10+
BAMCA0gAMEUCIQDGyO21zIAwmARtoc2atVmmqZdPVkegHkCKCFY4P+KeEAIgKMCz
11+
aU8LPCVyA+ZF9K+tcqkNK5h/5s7wlQ5DSeKSuE8=
2012
-----END CERTIFICATE-----

Diff for: .buildkite/certs/ca.pem

-20
This file was deleted.

Diff for: .buildkite/certs/testnode.crt

100755100644
+12-18
Original file line numberDiff line numberDiff line change
@@ -1,20 +1,14 @@
11
-----BEGIN CERTIFICATE-----
2-
MIIDODCCAiCgAwIBAgIVAKLWEcNzTd4B0NqnrJL0xAKaS8DWMA0GCSqGSIb3DQEB
3-
CwUAMDQxMjAwBgNVBAMTKUVsYXN0aWMgQ2VydGlmaWNhdGUgVG9vbCBBdXRvZ2Vu
4-
ZXJhdGVkIENBMB4XDTIzMDgyMTE3MjcwMloXDTI2MDgyMDE3MjcwMlowEzERMA8G
5-
A1UEAxMIaW5zdGFuY2UwggEiMA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQC8
6-
eLXL3ZX5v8JlHcfg+96Bpq24EeiqV+7RPPKbcH80ODjkETqYUpam+TcOl2gt23p/
7-
rpiPSSpOX8pFdmY78wTmxo2GCQZ/db2h0gZOOYpb8HQku+hJ4bAmtzizrqWW76Wz
8-
csen3DSUkT0bKkJTjUMmwVhRaMpfv8EIcUbrHAwc3VCj7grnFL0kdAuQa6iyBH4I
9-
lTUYOIOVyEJ8zZ7R4BJO3QU+TRuJ5+w/QiZMeDqxtrdDL37vYQHPW7L/XISCCOMp
10-
sA3avzFphoQXBQ8mjdB8Txkd4sH7mJTqnRp5ILhRzVpcPPgQYFeIB567B+kFeSau
11-
aJJmc0EVgOcK5aSMtOH3AgMBAAGjYjBgMB0GA1UdDgQWBBQsZbZDudZ63h52FlU5
12-
N2g3pznkETAfBgNVHSMEGDAWgBR1YUax123eUBRIJN0RZ+GOC2KPTzATBgNVHREE
13-
DDAKgghpbnN0YW5jZTAJBgNVHRMEAjAAMA0GCSqGSIb3DQEBCwUAA4IBAQAyv0Cw
14-
OrvZn7FHHS8TJI5vTi1F43R/eSNMNL/+q/nK93KaxWJH1T4zrJhrJ9KpzkFcalXP
15-
bu02oTh28b3o3QpS2wdwMv/Q3NLoMBEmQlG2UrELFvV43nS8LCiwCX3o11L1HZP3
16-
1Z/rclwxbA4OQ/ZkPcol++TDZQTM/8WkIdZmTL4UDb/ppDjX24nTOitkMRZlYAOY
17-
mid9GGExhKrUJ0I9/A3w1hWRA1Hwc+1TFDcPphl2x2uQ9HJFBueAvuFXmIjDki1x
18-
qrvnFZ+mneI9kR4m82MX900WF15KS35GzmMui0tsf0wbfy3Jh+WnpMlIIa2OQXw7
19-
prbkg9tScQSsvhC8
2+
MIICKzCCAdKgAwIBAgIUZeLIKR7XTP5Gx/moiuzcWcfHaSswCgYIKoZIzj0EAwIw
3+
QDEXMBUGA1UECgwOdHJ1c3RtZSB2MS4yLjAxJTAjBgNVBAsMHFRlc3RpbmcgQ0Eg
4+
I2JpdzFXYzEwbHBxQ0ZRTDUwIBcNMDAwMTAxMDAwMDAwWhgPMzAwMDAxMDEwMDAw
5+
MDBaMEIxFzAVBgNVBAoMDnRydXN0bWUgdjEuMi4wMScwJQYDVQQLDB5UZXN0aW5n
6+
IGNlcnQgIzNPWkpxTWh0WmxrNGlDMm0wWTATBgcqhkjOPQIBBggqhkjOPQMBBwNC
7+
AASp6UadRZ0ZP3F2KeEkIUOf0B8GOTX55B91RO/PLUQb26wZcWmHGPOJ0HAy9F2E
8+
Y+rJ1zDUnfB5msowei/iuoaMo4GlMIGiMB0GA1UdDgQWBBSP5z3h8b13ul407YOd
9+
kyjKNcf/vTAMBgNVHRMBAf8EAjAAMB8GA1UdIwQYMBaAFCrGGcO9v0UAWSsD93P/
10+
x2MTNiJbMBYGA1UdEQEB/wQMMAqCCGluc3RhbmNlMA4GA1UdDwEB/wQEAwIFoDAq
11+
BgNVHSUBAf8EIDAeBggrBgEFBQcDAgYIKwYBBQUHAwEGCCsGAQUFBwMDMAoGCCqG
12+
SM49BAMCA0cAMEQCIHPP7chQolK+N+GZ+rJ49euoTSzb2YIU5vnCY/bFEWO+AiBC
13+
OTFYhR9Mw/e+WdJVZO78XZYKy5uA28JwsZuu7E0kZA==
2014
-----END CERTIFICATE-----

Diff for: .buildkite/certs/testnode.key

100755100644
+5-27
Original file line numberDiff line numberDiff line change
@@ -1,27 +1,5 @@
1-
-----BEGIN RSA PRIVATE KEY-----
2-
MIIEowIBAAKCAQEAvHi1y92V+b/CZR3H4PvegaatuBHoqlfu0Tzym3B/NDg45BE6
3-
mFKWpvk3DpdoLdt6f66Yj0kqTl/KRXZmO/ME5saNhgkGf3W9odIGTjmKW/B0JLvo
4-
SeGwJrc4s66llu+ls3LHp9w0lJE9GypCU41DJsFYUWjKX7/BCHFG6xwMHN1Qo+4K
5-
5xS9JHQLkGuosgR+CJU1GDiDlchCfM2e0eASTt0FPk0biefsP0ImTHg6sba3Qy9+
6-
72EBz1uy/1yEggjjKbAN2r8xaYaEFwUPJo3QfE8ZHeLB+5iU6p0aeSC4Uc1aXDz4
7-
EGBXiAeeuwfpBXkmrmiSZnNBFYDnCuWkjLTh9wIDAQABAoIBAAU0iEDTI9s78pB8
8-
XBLYofKOuemFhRl/SDc7KbAlUT4N93RFDYs7bLG73Eto3xW1JBL2rXv3l1WGy71T
9-
YctyEMaW4T28bhODGvOnK0lpyWp0n6CMGARCWW0YTlaYEjay866bEuyN5l3cDQX9
10-
Csvn8NzXJitJa51tXFVxW3YO1j7Nyc/M59oyBZ1ARYYmQqFYLEu6lvJOW0cKDFkZ
11-
AcMVlOIxZQL/Mf+RO72aQGVuYNjqxlLIXLuE9zFR2gDFM2+l3FMUWDGHGBDFyjKU
12-
iMk4+sSlOTFXqO9VQzua6FLFMsQT6m5PFD4uPY92KR6CPfH/NrWqwqr+jpjaU+gs
13-
3U9GN+ECgYEA58qX7tKPk7CWdk3kyk5NsNcs/qib+heXWEubfhoU8LmSnbBQhOAz
14-
wi//r/xm0OHGj84y66+G3T347iudrLjhr07oGM1QfjYT3kb90efLjwAfCECtyVYL
15-
EQrWO5UeoTnmrhlB1mGL3sWaVAsVqNLz8i2H5c7sj0hxHsvM62159r8CgYEA0Cff
16-
opJqmUpMpHm3sgjMWctylVrHBuQe5cl5Ad80pbd6mvtt4TvGXbUGNdzURfyve9DS
17-
x1CVlj4Sz8VuelFQgYL+7/qUqZoms1aSgJpxWv8ou+wUHmlF3kVO8VKt3BNHV+8J
18-
euSB6NG91BGguBoHgnOoVcjbDGdhJGRTojCNWskCgYEA1jE3nwDCnrbTA3XNk0ky
19-
r9TXhmgm4r+EIpqTkL7nVOAXZVJ1xaQtECgsveKe3C2WwHLKSVMFbFMFQonZha+/
20-
FbHz9l9cH5U3XPL7QEpTp8xz4LtsHJ4/UbtS5vJQwKnxyjYaydGQYAb4KuunUz/F
21-
H6kFaM6DeZB2v/+SWIfs6Z8CgYARUdAEyeP+vzTjVpFXSe4e5pOxI619wEtl2T6t
22-
TjImO78C2DrLS9r0fxR2NNqgvCapybVQCj94EdAk44uOt+dX71thAluORRpFP8XO
23-
14rpBGQSRtFhumaq2N95quR2dFAyW9xREmRQx+rgk1rpFplbXF48TQsU3CE0Evj2
24-
fM22KQKBgDhob7M9sWvXecxoyy3J17jUTcFqmqKcqGnx3ZJ7Q9CgAfjYqNNQws27
25-
wTuaJB0PEuCOu4t+lUHEBMIjGkBfo1bHd4EZaW04Xgbfn2j8MK2e+9GlRtedxxFg
26-
c1JdRb5+eTgPwLcDsmMWIW357PDW7RDEI07G1ZB4SqxGTKkU7JOW
27-
-----END RSA PRIVATE KEY-----
1+
-----BEGIN EC PRIVATE KEY-----
2+
MHcCAQEEIN+K8+F47YchiH+7gA8KBG8u35PWcOJN+Fszv8TPEEpdoAoGCCqGSM49
3+
AwEHoUQDQgAEqelGnUWdGT9xdinhJCFDn9AfBjk1+eQfdUTvzy1EG9usGXFphxjz
4+
idBwMvRdhGPqydcw1J3weZrKMHov4rqGjA==
5+
-----END EC PRIVATE KEY-----

0 commit comments

Comments
 (0)