fix: native tls tests (#220)

digikata · web-flow · commit 030c3ff1533f · 2023-11-29T17:58:47.000Z
* Sync cargo lock w/ toml config

* fix: cert generation, macos openssl3 requires -legacy option

* chore: adjust ci for openssl version support
diff --git a/.github/workflows/ci.yml b/.github/workflows/ci.yml
@@ -61,9 +61,14 @@ jobs:
         if: ${{ matrix.check == 'fmt' }}
         run: make check-fmt
       - name: Test
-        if: ${{ matrix.check == 'test' }}
+        if: ${{ matrix.check == 'test' && matrix.os != 'macos-latest' }}
         timeout-minutes: 15
         run: make test-all
+      - name: Test (macos)
+        if: ${{ matrix.check == 'test' && matrix.os == 'macos-latest'}}
+        timeout-minutes: 15
+        # macos-latest is by default on openssl 1.x
+        run: make PFX_OPTS="" test-all
       - name: cargo audit
         if: ${{ matrix.check == 'audit' }}
         timeout-minutes: 15
diff --git a/Makefile b/Makefile
@@ -1,11 +1,12 @@
 RUST_DOCKER_IMAGE=rust:latest
+PFX_OPTS ?= "-legacy"
 
 build-all:
 	cargo build --all-features
 
 .PHONY: certs
 certs:
-	make -C certs generate-certs
+	make -C certs generate-certs PFX_OPTS=${PFX_OPTS}
 
 test-all:	certs test-derive
 	cargo test --all-features
diff --git a/async-test-derive/Cargo.lock b/async-test-derive/Cargo.lock
diff --git a/certs/Makefile b/certs/Makefile
@@ -1,9 +1,13 @@
+# -legacy is an openssl3 option for pkcs12 formats whose default
+# has shifted
+PFX_OPTS ?= "-legacy"
+
 clean:
 	rm -rf test-certs
 
 setup:
 	mkdir -p test-certs
-
+	openssl version
 
 generate-certs:	setup generate-ca-crt generate-intermediate-ca-crt generate-server-crt generate-intermediate-chain generate-client-crt generate-pk12-certs
 
@@ -12,7 +16,7 @@ generate-pk12-certs:	generate-server-pk12 generate-client-pk12
 
 ### CA Generation
 
-generate-ca-key:	
+generate-ca-key:
 	openssl genrsa  -out test-certs/ca.key 4096
 
 generate-ca-crt:	generate-ca-key
@@ -21,7 +25,7 @@ generate-ca-crt:	generate-ca-key
 
 ### Intermediate CA Generation
 
-generate-intermediate-ca-key:	
+generate-intermediate-ca-key:
 	openssl genrsa  -out test-certs/intermediate-ca.key 4096
 
 generate-intermediate-ca-csr: generate-intermediate-ca-key
@@ -56,19 +60,19 @@ generate-server-csr:	generate-server-key
 
 ### Intermediate Chain Server
 
-generate-intermediate-server-key:	
+generate-intermediate-server-key:
 	openssl genrsa -out test-certs/intermediate-server.key 4096
 
 
 generate-intermediate-server-csr:	generate-intermediate-server-key
 	openssl req -new -key test-certs/intermediate-server.key \
 		-out test-certs/intermediate-server.csr \
-		-config  cert.conf 
+		-config  cert.conf
 
 # generate anonymous pk12
 .PHONY: generate-server-pk12
-generate-server-pk12:	
-	openssl pkcs12 -export -out test-certs/server.pfx -inkey test-certs/server.key -in test-certs/server.crt -certfile  test-certs/ca.crt -passout pass:test
+generate-server-pk12:
+	openssl pkcs12 -export -out test-certs/server.pfx ${PFX_OPTS} -inkey test-certs/server.key -in test-certs/server.crt -certfile  test-certs/ca.crt -passout pass:test
 
 
 
@@ -131,7 +135,7 @@ generate-client-crt:	generate-client-csr
 		-extfile openssl.cnf
 
 generate-client-pk12:
-	openssl pkcs12 -export -out test-certs/client.pfx -inkey test-certs/client.key -in test-certs/client.crt -certfile  test-certs/ca.crt -passout pass:test
+	openssl pkcs12 -export -out test-certs/client.pfx ${PFX_OPTS} -inkey test-certs/client.key -in test-certs/client.crt -certfile  test-certs/ca.crt -passout pass:test
 
 
 # for non mac
@@ -151,7 +155,7 @@ start-nginx:
 	nginx -c $(MAKE_DIR)/nginx.conf
 
 start-intermediate-nginx:
-	nginx -c $(MAKE_DIR)/intermediate-nginx.conf 
+	nginx -c $(MAKE_DIR)/intermediate-nginx.conf
 
 stop-nginx:
 	nginx -s quit
