Skip to content

Commit

Permalink
test: fix custom certification tests on Windows (#6450)
Browse files Browse the repository at this point in the history 
## What's the problem this PR addresses?

The integration tests using custom certificates have been failing for
quite a while on Windows with the error `RequestError: unsuitable
certificate purpose`.

## How did you fix it?

This error was caused by the test CA certificate used; it was not
configured to be used as a CA when it was generated.

The test script that generates the CA certificate has been updated to
generate it correctly. I used the same configuration options used by the
test suite of the `pem` library that we are using for certificate
generation:
https://github.com/Dexus/pem/blob/3d71b87cec08a565ce5e73e26dd18f53b9e1fdea/test/pem.spec.js#L856

The problem does not seem to be specific to Windows; I was able to
reproduce it locally on macOS as well. I don't yet know why it's passing
on CI for Ubuntu and macOS, but not for Windows. Perhaps some difference
in the images, like the OpenSSL version (they should all be using
OpenSSL v1.1.1, but I've seen reports of Windows having v3 installed as
well).

## Checklist

<!--- Don't worry if you miss something, chores are automatically
tested. -->
<!--- This checklist exists to help you remember doing the chores when
you submit a PR. -->
<!--- Put an `x` in all the boxes that apply. -->
- [x] I have read the [Contributing
Guide](https://yarnpkg.com/advanced/contributing).

<!-- See
https://yarnpkg.com/advanced/contributing#preparing-your-pr-to-be-released
for more details. -->
<!-- Check with `yarn version check` and fix with `yarn version check
-i` -->
- [x] I have set the packages that need to be released for my changes to
be effective.

<!-- The "Testing chores" workflow validates that your PR follows our
guidelines. -->
<!-- If it doesn't pass, click on it to see details as to what your PR
might be missing. -->
- [x] I will check that all automated PR checks pass before the PR gets
reviewed.
  • Loading branch information
@Gudahtt @merceyz
Gudahtt authored and merceyz committed Aug 24, 2024
1 parent a69a09d commit 9395f33
Showing 1 changed file with 1 addition and 0 deletions.
1 change: 1 addition & 0 deletions packages/acceptance-tests/pkg-tests-core/sources/utils/tests.ts
View file
Original file line number Diff line number Diff line change
Expand Up @@ -800,6 +800,7 @@ export const getHttpsCertificates = async () => {
csr,
clientKey,
selfSigned: true,
config: [`[v3_req]`, `basicConstraints = critical,CA:TRUE\``].join(`\n`),
});

const serverCSRResult = await createCSR({commonName: `localhost`});
Expand Down

0 comments on commit 9395f33

Please sign in to comment.