Select single-name SSL certificate for test servers using host network

On Windows and macOS, the containers are deployed into a virtual
machine using the host network. All the containers share the same
hostname (qt-test-server), and they are connected to the same network
domain (local).

When running test in such platforms, use the single-name SSL certificate
(qt-test-server.local) for SSL related tests.

Change-Id: Idf33e01e8dd8814510d848b87b59b5fc0edc903e
Reviewed-by: Jędrzej Nowacki <jedrzej.nowacki@qt.io>
This commit is contained in:
Ryan Chu 2019-01-25 22:48:29 +01:00 committed by Liang Qi
parent d8d60696da
commit 71cd5a6f36
7 changed files with 56 additions and 6 deletions

View File

@ -0,0 +1,16 @@
-----BEGIN CERTIFICATE-----
MIIClzCCAgACCQDeuuUc2HkfKDANBgkqhkiG9w0BAQQFADCBjzELMAkGA1UEChMC
UXQxGTAXBgNVBAsTEENvcmUgQW5kIE5ldHdvcmsxGzAZBgkqhkiG9w0BCQEWDG5v
Ym9keS5xdC5pbzENMAsGA1UEBxMET3NsbzENMAsGA1UECBMET3NsbzELMAkGA1UE
BhMCTk8xHTAbBgNVBAMTFHF0LXRlc3Qtc2VydmVyLmxvY2FsMB4XDTE5MDEyNTE1
NDE0N1oXDTQ5MDExNzE1NDE0N1owgY8xCzAJBgNVBAoTAlF0MRkwFwYDVQQLExBD
b3JlIEFuZCBOZXR3b3JrMRswGQYJKoZIhvcNAQkBFgxub2JvZHkucXQuaW8xDTAL
BgNVBAcTBE9zbG8xDTALBgNVBAgTBE9zbG8xCzAJBgNVBAYTAk5PMR0wGwYDVQQD
ExRxdC10ZXN0LXNlcnZlci5sb2NhbDCBnzANBgkqhkiG9w0BAQEFAAOBjQAwgYkC
gYEAzarbb9Y0yafxwL7kQRgZ4gLJIuan1boDLp4oevRfGndfd6kRO49+8C7Gnus6
2RLXwQxR6CRSPyPDQgwRxvIcoUL+tMJpg633cLEYFcwgKGIw8CwV5jMZr8PrHMCR
9xFolFD4STcIMtc+dd+jvGkAFd7Nhw9cAmuCyAF9avAd3HMCAwEAATANBgkqhkiG
9w0BAQQFAAOBgQB1dxK3Ia4sCpvSikKLaf1ZXu+9GKaNWKJe9bWex9/RmNOla9N2
FIh6/CfaPFDy/OXCkyEiGg78iyg/DgqVoa9JJGV3diI6berisHMPJpv1syyz9YEU
G3RQUClPcPV6EcedyqCdpbnIFtiSZbtJ0ZBGef4KzBN3rTmPucKb+bhMPg==
-----END CERTIFICATE-----

View File

@ -550,8 +550,15 @@ static void setupSslServer(QSslSocket* serverSocket)
}
#ifdef QT_TEST_SERVER
#ifdef QT_TEST_SERVER_NAME
// In this case, each server is assigned a unique hostname. Use the wildcard SSL
// certificate (*.test-net.qt.local).
const QString tst_QNetworkReply::certsFilePath = "/certs/qt-test-net-cacert.pem";
#else
// Otherwise, select the single-name SSL certificate (qt-test-server.local) instead.
const QString tst_QNetworkReply::certsFilePath = "/certs/qt-test-server-host-network-cacert.pem";
#endif // QT_TEST_SERVER_NAME
#else
const QString tst_QNetworkReply::certsFilePath = "/certs/qt-test-server-cacert.pem";
#endif

View File

@ -62,7 +62,19 @@ isEmpty(TESTSERVER_VERSION) {
# Make check with server "qt-test-server.qt-test-net" as a fallback
} else {
# Make check with docker test servers
DNSDOMAIN = test-net.qt.local
equals(QMAKE_HOST.os, Linux) {
# For the platform supporting docker bridge network, each container is
# assigned a unique hostname and connected to the same network domain
# to communicate with the others.
DEFINES += QT_TEST_SERVER_NAME
DNSDOMAIN = test-net.qt.local
} else {
# For the others, the containers are deployed into a virtual machine
# using the host network. All the containers share the same hostname of
# the virtual machine, and they are connected to the same network domain.
# NOTE: In Windows, Apple Bonjour only works within a single local domain.
DNSDOMAIN = local
}
equals(QMAKE_HOST.os, Darwin) {
# There is no docker bridge on macOS. It is impossible to ping a container.
@ -86,9 +98,6 @@ isEmpty(TESTSERVER_VERSION) {
TESTSERVER_COMPOSE_FILE = \
$$dirname(_QMAKE_CONF_)/tests/testserver/docker-compose-for-windows.yml
# Bonjour only works within a single broadcast domain.
DNSDOMAIN = local
# The connection configuration for the target machine
MACHINE_CONFIG = (docker-machine config qt-test-server)
@ -104,7 +113,6 @@ isEmpty(TESTSERVER_VERSION) {
CONFIG += PowerShell
} else {
TESTSERVER_COMPOSE_FILE = $$dirname(_QMAKE_CONF_)/tests/testserver/docker-compose.yml
DEFINES += QT_TEST_SERVER_NAME
# The environment variables passed to the docker-compose file
TEST_ENV = 'TEST_DOMAIN=$$DNSDOMAIN'

View File

@ -35,5 +35,6 @@ set -ex
# install ssl_certs and test data
su $USER -c "mkdir -p -m 700 ~/ssl-certs/private"
su $USER -c "cp $CONFIG/ssl/qt-test-server-cert.pem ~/ssl-certs/"
su $USER -c \
"cp $CONFIG/ssl/${test_cert:-qt-test-server-cert.pem} ~/ssl-certs/qt-test-server-cert.pem"
su $USER -c "cp $CONFIG/ssl/private/qt-test-server-key.pem ~/ssl-certs/private/"

View File

@ -0,0 +1,16 @@
-----BEGIN CERTIFICATE-----
MIIClzCCAgACCQDeuuUc2HkfKDANBgkqhkiG9w0BAQQFADCBjzELMAkGA1UEChMC
UXQxGTAXBgNVBAsTEENvcmUgQW5kIE5ldHdvcmsxGzAZBgkqhkiG9w0BCQEWDG5v
Ym9keS5xdC5pbzENMAsGA1UEBxMET3NsbzENMAsGA1UECBMET3NsbzELMAkGA1UE
BhMCTk8xHTAbBgNVBAMTFHF0LXRlc3Qtc2VydmVyLmxvY2FsMB4XDTE5MDEyNTE1
NDE0N1oXDTQ5MDExNzE1NDE0N1owgY8xCzAJBgNVBAoTAlF0MRkwFwYDVQQLExBD
b3JlIEFuZCBOZXR3b3JrMRswGQYJKoZIhvcNAQkBFgxub2JvZHkucXQuaW8xDTAL
BgNVBAcTBE9zbG8xDTALBgNVBAgTBE9zbG8xCzAJBgNVBAYTAk5PMR0wGwYDVQQD
ExRxdC10ZXN0LXNlcnZlci5sb2NhbDCBnzANBgkqhkiG9w0BAQEFAAOBjQAwgYkC
gYEAzarbb9Y0yafxwL7kQRgZ4gLJIuan1boDLp4oevRfGndfd6kRO49+8C7Gnus6
2RLXwQxR6CRSPyPDQgwRxvIcoUL+tMJpg633cLEYFcwgKGIw8CwV5jMZr8PrHMCR
9xFolFD4STcIMtc+dd+jvGkAFd7Nhw9cAmuCyAF9avAd3HMCAwEAATANBgkqhkiG
9w0BAQQFAAOBgQB1dxK3Ia4sCpvSikKLaf1ZXu+9GKaNWKJe9bWex9/RmNOla9N2
FIh6/CfaPFDy/OXCkyEiGg78iyg/DgqVoa9JJGV3diI6berisHMPJpv1syyz9YEU
G3RQUClPcPV6EcedyqCdpbnIFtiSZbtJ0ZBGef4KzBN3rTmPucKb+bhMPg==
-----END CERTIFICATE-----

View File

@ -25,6 +25,7 @@ services:
- "qt-test-server.${TEST_DOMAIN}:${MACHINE_IP}"
environment:
- test_domain=${TEST_DOMAIN}
- test_cert="qt-test-server-host-network-cacert.pem"
squid:
image: qt-test-server-squid:9c32f41b19aca3d778733c4d8fb0ecc5955e893c

View File

@ -25,6 +25,7 @@ services:
- "qt-test-server.${TEST_DOMAIN}:${MACHINE_IP}"
environment:
- test_domain=${TEST_DOMAIN}
- test_cert="qt-test-server-host-network-cacert.pem"
squid:
image: qt-test-server-squid:9c32f41b19aca3d778733c4d8fb0ecc5955e893c