1d448d40ca
Summary: This diff implements OpenSSL support in the network stack. Currently SSL support is only enabled for Bolt connections, support for RPC connections will be added in another diff. Reviewers: buda, teon.banek Reviewed By: buda Subscribers: pullbot Differential Revision: https://phabricator.memgraph.io/D1328
79 lines
1.9 KiB
Bash
Executable File
79 lines
1.9 KiB
Bash
Executable File
#!/bin/bash -e
|
|
|
|
pushd () { command pushd "$@" > /dev/null; }
|
|
popd () { command popd "$@" > /dev/null; }
|
|
die () { printf "\033[1;31m~~ Test failed! ~~\033[0m\n\n"; exit 1; }
|
|
|
|
DIR="$( cd "$( dirname "${BASH_SOURCE[0]}" )" && pwd )"
|
|
cd "$DIR"
|
|
|
|
tmpdir=/tmp/memgraph_integration_ssl
|
|
|
|
if [ -d $tmpdir ]; then
|
|
rm -rf $tmpdir
|
|
fi
|
|
mkdir -p $tmpdir
|
|
cd $tmpdir
|
|
|
|
easyrsa="EasyRSA-3.0.4"
|
|
wget -nv http://deps.memgraph.io/$easyrsa.tgz
|
|
|
|
tar -xf $easyrsa.tgz
|
|
mv $easyrsa ca1
|
|
cp -r ca1 ca2
|
|
|
|
for i in ca1 ca2; do
|
|
pushd $i
|
|
./easyrsa --batch init-pki
|
|
./easyrsa --batch build-ca nopass
|
|
./easyrsa --batch build-server-full server nopass
|
|
./easyrsa --batch build-client-full client nopass
|
|
popd
|
|
done
|
|
|
|
binary_dir="$DIR/../../../build"
|
|
if [ ! -d $binary_dir ]; then
|
|
binary_dir="$DIR/../../../build_debug"
|
|
fi
|
|
|
|
set +e
|
|
|
|
echo
|
|
for i in ca1 ca2; do
|
|
for j in none ca1 ca2; do
|
|
for k in false true; do
|
|
printf "\033[1;36m~~ Server CA: $i; Client CA: $j; Verify peer: $k ~~\033[0m\n"
|
|
|
|
if [ "$j" == "none" ]; then
|
|
client_key=""
|
|
client_cert=""
|
|
else
|
|
client_key=$j/pki/private/client.key
|
|
client_cert=$j/pki/issued/client.crt
|
|
fi
|
|
|
|
$binary_dir/tests/integration/ssl/tester \
|
|
--server-key-file=$i/pki/private/server.key \
|
|
--server-cert-file=$i/pki/issued/server.crt \
|
|
--server-ca-file=$i/pki/ca.crt \
|
|
--server-verify-peer=$k \
|
|
--client-key-file=$client_key \
|
|
--client-cert-file=$client_cert
|
|
|
|
exitcode=$?
|
|
|
|
if [ "$i" == "$j" ]; then
|
|
[ $exitcode -eq 0 ] || die
|
|
else
|
|
if $k; then
|
|
[ $exitcode -ne 0 ] || die
|
|
else
|
|
[ $exitcode -eq 0 ] || die
|
|
fi
|
|
fi
|
|
|
|
printf "\033[1;32m~~ Test ok! ~~\033[0m\n\n"
|
|
done
|
|
done
|
|
done
|