8b90d4a27c
Allow for tagged values for a few more rabbitmq.conf settings
2024-08-13 16:27:00 -04:00
01092ff31f
(c) year bumps
2024-01-01 22:02:20 -05:00
1b642353ca
Update (c) according to [1]
...
1. https://investors.broadcom.com/news-releases/news-release-details/broadcom-and-vmware-intend-close-transaction-november-22-2023
2023-11-21 23:18:22 -05:00
13087a09b4
Fix trust store system_SUITE for both OTP-25 and OTP-26
...
Due to problems with TLS 1.3 clients in OTP-25 we have to continue
using TLS 1.2 until we can drop OTP-25. Similarly, certificate
chain verification is disabled in tests (verify_none) until we
can drop OTP-25.
2023-04-27 12:08:26 +02:00
948bd35343
Explicitly set verify_peer in one test to see if it fixes it
2023-04-26 18:22:02 +02:00
4d4310806b
Fix for OTP-26 and small refactor of system_SUITE
...
The test failure was caused by a certificate generated with
an insecure digest and cipher, which resulted in the client
not sending the certificate to the server.
The client will now do a CA check of the server it connects to.
The TLS version used by the client was set to the default and
will likely use TLS 1.3 now. Note that client CA verification
is unrelated to the trust store certificate verification.
2023-04-26 17:32:43 +02:00
0ef634c563
Fix validation_success_for_AMQP_client for OTP-26
...
The test was also not testing what it claimed to test
(it was using verify_none so not sending the client
certificates). This commit fixed that as well.
2023-04-14 12:26:36 +02:00
a3e63d5890
Fix pkix_test_data code based on PR feedback
2023-04-04 17:17:15 +02:00
53c6d19434
Update ct_helper
...
Since ct_helper removes erl_make_certs some tests needed
to be updated to use public_key:pkix_test_data/1 instead.
2023-04-04 13:01:33 +02:00
ec4f1dba7d
(c) year bump: 2022 => 2023
2023-01-01 23:17:36 -05:00
2d44bb3d84
Use tlsv1.2 in //deps/rabbitmq_trust_store:system_SUITE
...
See https://github.com/erlang/otp/issues/6105#issuecomment-1168922864
2022-09-18 13:58:03 +02:00
c38a3d697d
Bump (c) year
2022-03-21 01:21:56 +04:00
a41ece3950
Make ranch parameter `num_conns_sups` configurable
...
Defaults to 1
rabbit - num_conns_sup
rabbitmq_mqtt - num_conns_sup
rabbitmq_stomp - num_conns_sup
2021-03-18 21:38:13 +01:00
52479099ec
Bump (c) year
2021-01-22 09:00:14 +03:00
6385021315
Treat ssl:setopts/2 timeout as a valid failure reason in test
...
This should reduce, but not eliminate test flakes, as setopts can hang
occasionally during what should be valid connection attempts.
However, since setopts call occurs late in the connection process, it
seems safe to assume that the connection won't otherwise succeed, and
therefore if it does hang in a test case where we expect the
connection to fail, it would have failed anyway, and the assertion of
the test case is met
2020-10-21 20:50:34 +02:00
741048c180
Update assertions in rabbitmq_trust_store system_SUITE
...
The docker image used in GitHub Actions with Erlang 23 produces different
errors when SSL connections fail. This adds these variants to those allowed
by the system_SUITE
2020-10-21 14:31:27 +02:00
a05f8886f6
system_SUITE: Adapt to Erlang 24's ssl application
...
* DSA key were apparently dropped
* Some return values were updated
2020-08-05 19:48:17 +02:00
7ec143bf9d
Switch to MPL2
2020-07-15 02:52:01 +03:00
7f35c3c79a
Update copyright (year 2020)
2020-03-10 17:00:40 +01:00
dd0a171b4c
URL Cleanup
...
This commit updates URLs to prefer the https protocol. Redirects are not followed to avoid accidentally expanding intentionally shortened URLs (i.e. if using a URL shortener).
# HTTP URLs that Could Not Be Fixed
These URLs were unable to be fixed. Please review them to see if they can be manually resolved.
* http://blog.listincomprehension.com/search/label/procket (200) with 1 occurrences could not be migrated:
([https](https://blog.listincomprehension.com/search/label/procket ) result ClosedChannelException).
* http://dozzie.jarowit.net/trac/wiki/TOML (200) with 1 occurrences could not be migrated:
([https](https://dozzie.jarowit.net/trac/wiki/TOML ) result SSLHandshakeException).
* http://dozzie.jarowit.net/trac/wiki/subproc (200) with 1 occurrences could not be migrated:
([https](https://dozzie.jarowit.net/trac/wiki/subproc ) result SSLHandshakeException).
* http://e2project.org (200) with 1 occurrences could not be migrated:
([https](https://e2project.org ) result AnnotatedConnectException).
* http://nitrogenproject.com/ (200) with 2 occurrences could not be migrated:
([https](https://nitrogenproject.com/ ) result ConnectTimeoutException).
* http://proper.softlab.ntua.gr (200) with 1 occurrences could not be migrated:
([https](https://proper.softlab.ntua.gr ) result SSLHandshakeException).
* http://yaws.hyber.org (200) with 1 occurrences could not be migrated:
([https](https://yaws.hyber.org ) result AnnotatedConnectException).
* http://choven.ca (503) with 1 occurrences could not be migrated:
([https](https://choven.ca ) result ConnectTimeoutException).
# Fixed URLs
## Fixed But Review Recommended
These URLs were fixed, but the https status was not OK. However, the https status was the same as the http request or http redirected to an https URL, so they were migrated. Your review is recommended.
* http://fixprotocol.org/ (301) with 1 occurrences migrated to:
https://fixtrading.org ([https](https://fixprotocol.org/ ) result SSLHandshakeException).
* http://erldb.org (UnknownHostException) with 1 occurrences migrated to:
https://erldb.org ([https](https://erldb.org ) result UnknownHostException).
* http://example.cert.url/path (UnknownHostException) with 3 occurrences migrated to:
https://example.cert.url/path ([https](https://example.cert.url/path ) result UnknownHostException).
## Fixed Success
These URLs were switched to an https URL with a 2xx status. While the status was successful, your review is still recommended.
* http://cloudi.org/ with 27 occurrences migrated to:
https://cloudi.org/ ([https](https://cloudi.org/ ) result 200).
* http://erlware.org/ with 1 occurrences migrated to:
https://erlware.org/ ([https](https://erlware.org/ ) result 200).
* http://example.com with 2 occurrences migrated to:
https://example.com ([https](https://example.com ) result 200).
* http://inaka.github.io/cowboy-trails/ with 1 occurrences migrated to:
https://inaka.github.io/cowboy-trails/ ([https](https://inaka.github.io/cowboy-trails/ ) result 200).
* http://ninenines.eu with 6 occurrences migrated to:
https://ninenines.eu ([https](https://ninenines.eu ) result 200).
* http://tbaggery.com/2008/04/19/a-note-about-git-commit-messages.html with 1 occurrences migrated to:
https://tbaggery.com/2008/04/19/a-note-about-git-commit-messages.html ([https](https://tbaggery.com/2008/04/19/a-note-about-git-commit-messages.html ) result 200).
* http://www.actordb.com/ with 2 occurrences migrated to:
https://www.actordb.com/ ([https](https://www.actordb.com/ ) result 200).
* http://www.cs.kent.ac.uk/projects/wrangler/Home.html with 1 occurrences migrated to:
https://www.cs.kent.ac.uk/projects/wrangler/Home.html ([https](https://www.cs.kent.ac.uk/projects/wrangler/Home.html ) result 200).
* http://www.rabbitmq.com/community-plugins.html with 1 occurrences migrated to:
https://www.rabbitmq.com/community-plugins.html ([https](https://www.rabbitmq.com/community-plugins.html ) result 200).
* http://www.rabbitmq.com/plugin-development.html with 1 occurrences migrated to:
https://www.rabbitmq.com/plugin-development.html ([https](https://www.rabbitmq.com/plugin-development.html ) result 200).
* http://www.rabbitmq.com/plugins.html with 1 occurrences migrated to:
https://www.rabbitmq.com/plugins.html ([https](https://www.rabbitmq.com/plugins.html ) result 200).
* http://www.rebar3.org with 1 occurrences migrated to:
https://www.rebar3.org ([https](https://www.rebar3.org ) result 200).
* http://contributor-covenant.org with 1 occurrences migrated to:
https://contributor-covenant.org ([https](https://contributor-covenant.org ) result 301).
* http://contributor-covenant.org/version/1/3/0/ with 1 occurrences migrated to:
https://contributor-covenant.org/version/1/3/0/ ([https](https://contributor-covenant.org/version/1/3/0/ ) result 301).
* http://inaka.github.com/apns4erl with 1 occurrences migrated to:
https://inaka.github.com/apns4erl ([https](https://inaka.github.com/apns4erl ) result 301).
* http://inaka.github.com/edis/ with 1 occurrences migrated to:
https://inaka.github.com/edis/ ([https](https://inaka.github.com/edis/ ) result 301).
* http://lasp-lang.org/ with 1 occurrences migrated to:
https://lasp-lang.org/ ([https](https://lasp-lang.org/ ) result 301).
* http://saleyn.github.com/erlexec with 1 occurrences migrated to:
https://saleyn.github.com/erlexec ([https](https://saleyn.github.com/erlexec ) result 301).
* http://www.mozilla.org/MPL/ with 4 occurrences migrated to:
https://www.mozilla.org/MPL/ ([https](https://www.mozilla.org/MPL/ ) result 301).
* http://zhongwencool.github.io/observer_cli with 1 occurrences migrated to:
https://zhongwencool.github.io/observer_cli ([https](https://zhongwencool.github.io/observer_cli ) result 301).
# Ignored
These URLs were intentionally ignored.
* http://127.0.0.1 with 1 occurrences
* http://127.0.0.1:8000/ with 1 occurrences
2019-03-20 03:24:48 -05:00
5e301b09c1
Handle OTP-21.3 TLS errors.
2019-03-18 17:35:57 -04:00
ca3612ba62
Explain why each group uses a dedicated node
...
Pair: @kjnilsson.
2018-09-12 15:16:25 +02:00
d1e8ac6c8e
Start a node per test group
...
They use different plugin configurations.
Pairs: @kjnilsson, @dumbbell.
2018-09-12 14:50:19 +02:00
60a09423a7
Don't assert on function name
...
Pair: @kjnilsson.
2018-09-12 13:50:15 +02:00
4fc10741f0
Tear down whitelisted certificate dir between group runs
...
Investigating test interference in CI.
Pair: @kjnilsson.
2018-09-12 13:49:35 +02:00
89abc070ad
Fix remaining tests
2017-12-11 07:00:04 -08:00
9197a78849
Begin fixing tests
2017-12-11 07:00:04 -08:00
44d58aba6c
Config schema test for plugin
...
Part of [#141481501 ]
Moved from rabbitmq-server
2017-03-17 11:02:25 +00:00
605cecd816
system_SUITE: Work around file provider issue in `list` testcase
...
The file provider uses stat(2) which has a resolution of one second in
Erlang. Thus, the refresh may miss the new test certificates if the
creation happens in the same second after the previous refresh.
References #58 .
2017-03-15 12:31:22 +01:00
cf10607ddb
system_SUITE: Accept `{error, closed}` as connection failures
...
With Erlang 18.3, there is a regression which causes the SSL connection
to crash with the following exception:
** {badarg,[{ets,update_counter,[1507362,#Ref<0.0.3.9>,-1],[]},
{ssl_pkix_db,ref_count,3,...
When this exception reaches the connection process before the expected
TLS error, amqp_connection:start() returns `{error, closed}` instead.
Now, testcases tolerate `{error, closed}` as a return value: we know
that the connection was indeed terminated.
Signed-off: Gerhard Lazu <gerhard@rabbitmq.com>
2017-03-13 17:57:22 +01:00
800bedeb78
system_SUITE: Wait 5 seconds in wait_for_trust_store_refresh()
...
... instead of 2 seconds. Hopefully, this increases the chance of test
success.
The real fix would be to explicitely verify that the trust store was
refreshed.
2017-03-08 09:40:29 +01:00
6606c712db
Test http provider
2017-02-08 16:07:53 +00:00
e9b35b9b5d
system_SUITE: Increase timetrap to 3 minutes
2017-02-08 13:24:31 +00:00
fe375a69ca
Refactor tests to be provider agnostic
2017-02-08 13:24:06 +00:00
a973da27c7
Removing test logs
2017-01-17 14:35:23 +00:00
2b412bdb7d
Add/delete certificate providers in realtime
2017-01-17 14:35:23 +00:00
0cee5aaccf
system_SUITE: Ensure SSL listeners are stopped
...
Because if a previous testcase fails, it won't have terminated its own
listener.
[#135953005 ]
2016-12-12 18:17:45 +01:00
96a7290019
Correct a typo
2016-06-23 16:29:16 +03:00
5935bedaf4
Validate the peer in a presented certificate chain
2016-06-23 13:28:33 +01:00
870833131c
Function to list loaded certs
2016-06-21 16:01:01 +01:00
8c1e1155d1
handle invalid and badly formatted certificatates
...
- add logging
2016-06-20 18:04:44 +01:00
675ff4c4c3
Move to common test
...
- use the private directory for the test run instead of TMPDIR
- use dynamic TCP port allocation
- get hostname from test configuration
- do not use hardcoded tcp port numbers
- don't test for the existence of the whitelist directory
- increase test timeout
- create test dir per test case
- use ct groups
- use a subdirectory of the certs directory for trust store certs
Fixes #29 .
2016-06-20 18:32:38 +02:00
9ea50eff8f
ensure that a replaced certificate with the same
...
name is picked up
- add test for replacing cert with same name
- disable use of ssl session cache
- gitignore
- document use of reuse_sessions
2016-05-18 10:16:52 +01:00
8b9ebb94c4
test refactoring:
...
- improve naming
- remove trailing whitespace
- add parens to make logic more explicit
- shorten long lines
- switch to using a proplist getter instead of lists:keyfind
2016-05-17 11:16:28 +01:00
c165bd4183
ensure binary directory paths are handled
2016-05-06 10:23:28 +01:00
d9f9f6cca5
Updated components.mk. Added setup/teardown to tests
2016-04-14 16:07:31 +01:00
765000d066
Delete directory tree in test cases with a library procedure
2016-02-24 18:07:28 +01:00
2c111d2d55
Test with a "whitelist" directory under TMPDIR
...
This reverts changes made in an earlier commit.
2016-02-24 17:05:30 +01:00
20ca1a2dea
Make & remove a data directory for each test case
...
We need somewhere to write and remove certificate files. The test set
uses a directory `data` which is relative to it's current path. It's
an improvement over what was there before becuase this is more
contained and portable between OSs.
2016-02-16 16:38:07 +01:00
b2d9455cc3
Change how `refresh_interval` is configured to be in line with README
2016-02-16 10:04:36 +01:00
Michael Klishin
Michael Klishin
Loïc Hoguin
Michael Klishin
Rin Kuryloski
dcorbacho
Jean-Sébastien Pédron
Spring Operator
Daniil Fedotov
Luke Bakken
Luke Bakken
Daniil Fedotov
kjnilsson
kjnilsson
Joseph Yiasemides