diff options
author | Ryan Chu <ryan.chu@qt.io> | 2019-01-25 22:48:29 +0100 |
---|---|---|
committer | Liang Qi <liang.qi@qt.io> | 2019-01-28 14:03:34 +0000 |
commit | 71cd5a6f3643a5369b883d0e36478693de6db024 (patch) | |
tree | ec3be7c85ddb8736ca23b9249047b2b6f518787a | |
parent | d8d60696da8bbb168ac4554b51c96ea244e407b8 (diff) | |
download | qtbase-71cd5a6f3643a5369b883d0e36478693de6db024.tar.gz |
Select single-name SSL certificate for test servers using host network
On Windows and macOS, the containers are deployed into a virtual
machine using the host network. All the containers share the same
hostname (qt-test-server), and they are connected to the same network
domain (local).
When running test in such platforms, use the single-name SSL certificate
(qt-test-server.local) for SSL related tests.
Change-Id: Idf33e01e8dd8814510d848b87b59b5fc0edc903e
Reviewed-by: Jędrzej Nowacki <jedrzej.nowacki@qt.io>
7 files changed, 56 insertions, 6 deletions
diff --git a/tests/auto/network/access/qnetworkreply/certs/qt-test-server-host-network-cacert.pem b/tests/auto/network/access/qnetworkreply/certs/qt-test-server-host-network-cacert.pem new file mode 100644 index 0000000000..5bdce3a3f9 --- /dev/null +++ b/tests/auto/network/access/qnetworkreply/certs/qt-test-server-host-network-cacert.pem @@ -0,0 +1,16 @@ +-----BEGIN CERTIFICATE----- +MIIClzCCAgACCQDeuuUc2HkfKDANBgkqhkiG9w0BAQQFADCBjzELMAkGA1UEChMC +UXQxGTAXBgNVBAsTEENvcmUgQW5kIE5ldHdvcmsxGzAZBgkqhkiG9w0BCQEWDG5v +Ym9keS5xdC5pbzENMAsGA1UEBxMET3NsbzENMAsGA1UECBMET3NsbzELMAkGA1UE +BhMCTk8xHTAbBgNVBAMTFHF0LXRlc3Qtc2VydmVyLmxvY2FsMB4XDTE5MDEyNTE1 +NDE0N1oXDTQ5MDExNzE1NDE0N1owgY8xCzAJBgNVBAoTAlF0MRkwFwYDVQQLExBD +b3JlIEFuZCBOZXR3b3JrMRswGQYJKoZIhvcNAQkBFgxub2JvZHkucXQuaW8xDTAL +BgNVBAcTBE9zbG8xDTALBgNVBAgTBE9zbG8xCzAJBgNVBAYTAk5PMR0wGwYDVQQD +ExRxdC10ZXN0LXNlcnZlci5sb2NhbDCBnzANBgkqhkiG9w0BAQEFAAOBjQAwgYkC +gYEAzarbb9Y0yafxwL7kQRgZ4gLJIuan1boDLp4oevRfGndfd6kRO49+8C7Gnus6 +2RLXwQxR6CRSPyPDQgwRxvIcoUL+tMJpg633cLEYFcwgKGIw8CwV5jMZr8PrHMCR +9xFolFD4STcIMtc+dd+jvGkAFd7Nhw9cAmuCyAF9avAd3HMCAwEAATANBgkqhkiG +9w0BAQQFAAOBgQB1dxK3Ia4sCpvSikKLaf1ZXu+9GKaNWKJe9bWex9/RmNOla9N2 +FIh6/CfaPFDy/OXCkyEiGg78iyg/DgqVoa9JJGV3diI6berisHMPJpv1syyz9YEU +G3RQUClPcPV6EcedyqCdpbnIFtiSZbtJ0ZBGef4KzBN3rTmPucKb+bhMPg== +-----END CERTIFICATE----- diff --git a/tests/auto/network/access/qnetworkreply/tst_qnetworkreply.cpp b/tests/auto/network/access/qnetworkreply/tst_qnetworkreply.cpp index 61f0f70ea7..0d6828797a 100644 --- a/tests/auto/network/access/qnetworkreply/tst_qnetworkreply.cpp +++ b/tests/auto/network/access/qnetworkreply/tst_qnetworkreply.cpp @@ -550,8 +550,15 @@ static void setupSslServer(QSslSocket* serverSocket) } #ifdef QT_TEST_SERVER +#ifdef QT_TEST_SERVER_NAME +// In this case, each server is assigned a unique hostname. Use the wildcard SSL +// certificate (*.test-net.qt.local). const QString tst_QNetworkReply::certsFilePath = "/certs/qt-test-net-cacert.pem"; #else +// Otherwise, select the single-name SSL certificate (qt-test-server.local) instead. +const QString tst_QNetworkReply::certsFilePath = "/certs/qt-test-server-host-network-cacert.pem"; +#endif // QT_TEST_SERVER_NAME +#else const QString tst_QNetworkReply::certsFilePath = "/certs/qt-test-server-cacert.pem"; #endif diff --git a/tests/auto/testserver.pri b/tests/auto/testserver.pri index 0042571115..54c8b51d49 100644 --- a/tests/auto/testserver.pri +++ b/tests/auto/testserver.pri @@ -62,7 +62,19 @@ isEmpty(TESTSERVER_VERSION) { # Make check with server "qt-test-server.qt-test-net" as a fallback } else { # Make check with docker test servers - DNSDOMAIN = test-net.qt.local + equals(QMAKE_HOST.os, Linux) { + # For the platform supporting docker bridge network, each container is + # assigned a unique hostname and connected to the same network domain + # to communicate with the others. + DEFINES += QT_TEST_SERVER_NAME + DNSDOMAIN = test-net.qt.local + } else { + # For the others, the containers are deployed into a virtual machine + # using the host network. All the containers share the same hostname of + # the virtual machine, and they are connected to the same network domain. + # NOTE: In Windows, Apple Bonjour only works within a single local domain. + DNSDOMAIN = local + } equals(QMAKE_HOST.os, Darwin) { # There is no docker bridge on macOS. It is impossible to ping a container. @@ -86,9 +98,6 @@ isEmpty(TESTSERVER_VERSION) { TESTSERVER_COMPOSE_FILE = \ $$dirname(_QMAKE_CONF_)/tests/testserver/docker-compose-for-windows.yml - # Bonjour only works within a single broadcast domain. - DNSDOMAIN = local - # The connection configuration for the target machine MACHINE_CONFIG = (docker-machine config qt-test-server) @@ -104,7 +113,6 @@ isEmpty(TESTSERVER_VERSION) { CONFIG += PowerShell } else { TESTSERVER_COMPOSE_FILE = $$dirname(_QMAKE_CONF_)/tests/testserver/docker-compose.yml - DEFINES += QT_TEST_SERVER_NAME # The environment variables passed to the docker-compose file TEST_ENV = 'TEST_DOMAIN=$$DNSDOMAIN' diff --git a/tests/testserver/common/ssl.sh b/tests/testserver/common/ssl.sh index 8a4728ad4d..2593a22979 100755 --- a/tests/testserver/common/ssl.sh +++ b/tests/testserver/common/ssl.sh @@ -35,5 +35,6 @@ set -ex # install ssl_certs and test data su $USER -c "mkdir -p -m 700 ~/ssl-certs/private" -su $USER -c "cp $CONFIG/ssl/qt-test-server-cert.pem ~/ssl-certs/" +su $USER -c \ + "cp $CONFIG/ssl/${test_cert:-qt-test-server-cert.pem} ~/ssl-certs/qt-test-server-cert.pem" su $USER -c "cp $CONFIG/ssl/private/qt-test-server-key.pem ~/ssl-certs/private/" diff --git a/tests/testserver/common/testdata/ssl/qt-test-server-host-network-cacert.pem b/tests/testserver/common/testdata/ssl/qt-test-server-host-network-cacert.pem new file mode 100644 index 0000000000..5bdce3a3f9 --- /dev/null +++ b/tests/testserver/common/testdata/ssl/qt-test-server-host-network-cacert.pem @@ -0,0 +1,16 @@ +-----BEGIN CERTIFICATE----- +MIIClzCCAgACCQDeuuUc2HkfKDANBgkqhkiG9w0BAQQFADCBjzELMAkGA1UEChMC +UXQxGTAXBgNVBAsTEENvcmUgQW5kIE5ldHdvcmsxGzAZBgkqhkiG9w0BCQEWDG5v +Ym9keS5xdC5pbzENMAsGA1UEBxMET3NsbzENMAsGA1UECBMET3NsbzELMAkGA1UE +BhMCTk8xHTAbBgNVBAMTFHF0LXRlc3Qtc2VydmVyLmxvY2FsMB4XDTE5MDEyNTE1 +NDE0N1oXDTQ5MDExNzE1NDE0N1owgY8xCzAJBgNVBAoTAlF0MRkwFwYDVQQLExBD +b3JlIEFuZCBOZXR3b3JrMRswGQYJKoZIhvcNAQkBFgxub2JvZHkucXQuaW8xDTAL +BgNVBAcTBE9zbG8xDTALBgNVBAgTBE9zbG8xCzAJBgNVBAYTAk5PMR0wGwYDVQQD +ExRxdC10ZXN0LXNlcnZlci5sb2NhbDCBnzANBgkqhkiG9w0BAQEFAAOBjQAwgYkC +gYEAzarbb9Y0yafxwL7kQRgZ4gLJIuan1boDLp4oevRfGndfd6kRO49+8C7Gnus6 +2RLXwQxR6CRSPyPDQgwRxvIcoUL+tMJpg633cLEYFcwgKGIw8CwV5jMZr8PrHMCR +9xFolFD4STcIMtc+dd+jvGkAFd7Nhw9cAmuCyAF9avAd3HMCAwEAATANBgkqhkiG +9w0BAQQFAAOBgQB1dxK3Ia4sCpvSikKLaf1ZXu+9GKaNWKJe9bWex9/RmNOla9N2 +FIh6/CfaPFDy/OXCkyEiGg78iyg/DgqVoa9JJGV3diI6berisHMPJpv1syyz9YEU +G3RQUClPcPV6EcedyqCdpbnIFtiSZbtJ0ZBGef4KzBN3rTmPucKb+bhMPg== +-----END CERTIFICATE----- diff --git a/tests/testserver/docker-compose-for-macOS.yml b/tests/testserver/docker-compose-for-macOS.yml index bbd1f71a62..aa610dfb88 100644 --- a/tests/testserver/docker-compose-for-macOS.yml +++ b/tests/testserver/docker-compose-for-macOS.yml @@ -25,6 +25,7 @@ services: - "qt-test-server.${TEST_DOMAIN}:${MACHINE_IP}" environment: - test_domain=${TEST_DOMAIN} + - test_cert="qt-test-server-host-network-cacert.pem" squid: image: qt-test-server-squid:9c32f41b19aca3d778733c4d8fb0ecc5955e893c diff --git a/tests/testserver/docker-compose-for-windows.yml b/tests/testserver/docker-compose-for-windows.yml index bbd1f71a62..aa610dfb88 100644 --- a/tests/testserver/docker-compose-for-windows.yml +++ b/tests/testserver/docker-compose-for-windows.yml @@ -25,6 +25,7 @@ services: - "qt-test-server.${TEST_DOMAIN}:${MACHINE_IP}" environment: - test_domain=${TEST_DOMAIN} + - test_cert="qt-test-server-host-network-cacert.pem" squid: image: qt-test-server-squid:9c32f41b19aca3d778733c4d8fb0ecc5955e893c |