diff options
| author | Brad Warren <bmw@users.noreply.github.com> | 2017-01-26 05:40:22 +0300 |
|---|---|---|
| committer | GitHub <noreply@github.com> | 2017-01-26 05:40:22 +0300 |
| commit | 4d860b37b0cb106d8a1b85dad18db2bc9cd4fd89 (patch) | |
| tree | 37b07f5f570a3637baf6a715af93b665deaa525b /tests/boulder-integration.sh | |
| parent | 2f50dfd7bec1d8b735b7916d3fd722e466e91351 (diff) | |
Preserve preferred-challenges on renewal (#4112)
* use challenge type strings, not objectS
* Factor out parse_preferred_challenges
* restore pref_challs
* save pref_challs
* Make CheckCertCount more flexible
* improve integration tests
* Make pref_challs more flexible
Diffstat (limited to 'tests/boulder-integration.sh')
| -rwxr-xr-x | tests/boulder-integration.sh | 31 |
1 files changed, 19 insertions, 12 deletions
diff --git a/tests/boulder-integration.sh b/tests/boulder-integration.sh index 9c6bc7708..930cf1c0e 100755 --- a/tests/boulder-integration.sh +++ b/tests/boulder-integration.sh @@ -96,7 +96,7 @@ common certonly -a manual -d le.wtf --rsa-key-size 4096 \ --pre-hook 'echo wtf2.pre >> "$HOOK_TEST"' \ --post-hook 'echo wtf2.post >> "$HOOK_TEST"' -common certonly -a manual -d dns.le.wtf --preferred-challenges dns-01 \ +common certonly -a manual -d dns.le.wtf --preferred-challenges dns,tls-sni \ --manual-auth-hook ./tests/manual-dns-auth.sh export CSR_PATH="${root}/csr.der" KEY_PATH="${root}/key.pem" \ @@ -113,29 +113,30 @@ common --domains le3.wtf install \ --key-path "${root}/csr/key.pem" CheckCertCount() { - CERTCOUNT=`ls "${root}/conf/archive/le.wtf/cert"* | wc -l` - if [ "$CERTCOUNT" -ne "$1" ] ; then - echo Wrong cert count, not "$1" `ls "${root}/conf/archive/le.wtf/"*` + CERTCOUNT=`ls "${root}/conf/archive/$1/cert"* | wc -l` + if [ "$CERTCOUNT" -ne "$2" ] ; then + echo Wrong cert count, not "$2" `ls "${root}/conf/archive/$1/"*` exit 1 fi } -CheckCertCount 1 +CheckCertCount "le.wtf" 1 # This won't renew (because it's not time yet) common_no_force_renew renew -CheckCertCount 1 +CheckCertCount "le.wtf" 1 -# --renew-by-default is used, so renewal should occur -[ -f "$HOOK_TEST" ] && rm -f "$HOOK_TEST" -common renew -CheckCertCount 2 -CheckHooks +# renew using HTTP manual auth hooks +common renew --cert-name le.wtf --authenticator manual +CheckCertCount "le.wtf" 2 +# renew using DNS manual auth hooks +common renew --cert-name dns.le.wtf --authenticator manual +CheckCertCount "dns.le.wtf" 2 # This will renew because the expiry is less than 10 years from now sed -i "4arenew_before_expiry = 4 years" "$root/conf/renewal/le.wtf.conf" common_no_force_renew renew --rsa-key-size 2048 -CheckCertCount 3 +CheckCertCount "le.wtf" 3 # The 4096 bit setting should persist to the first renewal, but be overriden in the second @@ -149,6 +150,12 @@ if [ "$size1" -lt 3000 ] || [ "$size2" -lt 3000 ] || [ "$size3" -gt 1800 ] ; the exit 1 fi +# --renew-by-default is used, so renewal should occur +[ -f "$HOOK_TEST" ] && rm -f "$HOOK_TEST" +common renew +CheckCertCount "le.wtf" 4 +CheckHooks + # ECDSA openssl ecparam -genkey -name secp384r1 -out "${root}/privkey-p384.pem" SAN="DNS:ecdsa.le.wtf" openssl req -new -sha256 \ |