2 年之前 · 8fce1b5e36
--- a/test/tests/rabbitmq-tls/inet-dist-tls.config
+++ b/test/tests/rabbitmq-tls/inet-dist-tls.config
@@ -0,0 +1,17 @@
 
				+[
			
 
				+    {server, [
			
 
				+        {cacertfile,"/certs/ca.crt"},
			
 
				+        {certfile, "/certs/cert.crt"},
			
 
				+        {keyfile, "/certs/private.key"},
			
 
				+        {secure_renegotiate, true},
			
 
				+        {verify, verify_peer},
			
 
				+        {fail_if_no_peer_cert, true}
			
 
				+    ]},
			
 
				+    {client, [
			
 
				+        {cacertfile,"/certs/ca.crt"},
			
 
				+        {certfile, "/certs/cert.crt"},
			
 
				+        {keyfile, "/certs/private.key"},
			
 
				+        {secure_renegotiate, true},
			
 
				+        {verify, verify_peer}
			
 
				+    ]}
			
 
				+].
			
--- a/test/tests/rabbitmq-tls/rabbitmq-env.conf
+++ b/test/tests/rabbitmq-tls/rabbitmq-env.conf
@@ -3,13 +3,11 @@
 
				 # https://www.rabbitmq.com/clustering-ssl.html
			
 
				 ERL_SSL_PATH="$(erl -eval 'io:format("~p", [code:lib_dir(ssl, ebin)]),halt().' -noshell)"
			
 
				 
			
 
				-sslErlArgs="-pa $ERL_SSL_PATH 
			
 
				-    -proto_dist inet_tls
			
 
				-    -ssl_dist_opt server_certfile /certs/combined.pem
			
 
				-    -ssl_dist_opt server_secure_renegotiate true client_secure_renegotiate true"
			
 
				+sslErlArgs="-pa $ERL_SSL_PATH -proto_dist inet_tls -ssl_dist_optfile /etc/rabbitmq/inet-dist-tls.config"
			
 
				 
			
 
				 SERVER_ADDITIONAL_ERL_ARGS="$sslErlArgs"
			
 
				 CTL_ERL_ARGS="$sslErlArgs"
			
 
				+
			
 
				 if [ -n "$ERLANG_COOKIE" ]; then
			
 
				 	SERVER_ADDITIONAL_ERL_ARGS="$SERVER_ADDITIONAL_ERL_ARGS -setcookie $ERLANG_COOKIE"
			
 
				 	CTL_ERL_ARGS="$CTL_ERL_ARGS -setcookie $ERLANG_COOKIE"
			
--- a/test/tests/rabbitmq-tls/run.sh
+++ b/test/tests/rabbitmq-tls/run.sh
@@ -1,9 +1,10 @@
 
				 #!/usr/bin/env bash
			
 
				 set -Eeuo pipefail
			
 
				 
			
 
				+cname="rabbitmq-container-$RANDOM-$RANDOM"
			
 
				 dir="$(dirname "$(readlink -f "$BASH_SOURCE")")"
			
 
				-
			
 
				 serverImage="$("$dir/../image-name.sh" librarytest/rabbitmq-tls-server "$1")"
			
 
				+
			
 
				 "$dir/../docker-build.sh" "$dir" "$serverImage" <<EOD
			
 
				 FROM $1
			
 
				 RUN set -eux; \
			
@@ -13,10 +14,10 @@ RUN set -eux; \
 
				 		-key /certs/ca-private.key \
			
 
				 		-out /certs/ca.crt \
			
 
				 		-days $(( 365 * 30 )) \
			
 
				-		-subj '/CN=lolca'; \
			
 
				+		-subj '/CN=$cname-CA'; \
			
 
				 	openssl genrsa -out /certs/private.key 4096; \
			
 
				 	openssl req -new -key /certs/private.key \
			
 
				-		-out /certs/cert.csr -subj '/CN=lolcert'; \
			
 
				+		-out /certs/cert.csr -subj '/CN=$cname'; \
			
 
				 	openssl x509 -req -in /certs/cert.csr \
			
 
				 		-CA /certs/ca.crt -CAkey /certs/ca-private.key -CAcreateserial \
			
 
				 		-out /certs/cert.crt -days $(( 365 * 30 )); \
			
@@ -25,7 +26,7 @@ RUN set -eux; \
 
				 	chmod 0400 /certs/combined.pem; \
			
 
				 	chown -R rabbitmq:rabbitmq /certs
			
 
				 
			
 
				-COPY --chown=rabbitmq:rabbitmq dir/*.conf /etc/rabbitmq/
			
 
				+COPY --chown=rabbitmq:rabbitmq dir/*.conf* /etc/rabbitmq/
			
 
				 EOD
			
 
				 
			
 
				 testImage="$("$dir/../image-name.sh" librarytest/rabbitmq-tls-test "$1")"
			
@@ -44,7 +45,6 @@ EOD
 
				 
			
 
				 export ERLANG_COOKIE="rabbitmq-erlang-cookie-$RANDOM-$RANDOM"
			
 
				 
			
 
				-cname="rabbitmq-container-$RANDOM-$RANDOM"
			
 
				 cid="$(docker run -d --name "$cname" --hostname "$cname" -e ERLANG_COOKIE "$serverImage")"
			
 
				 trap "docker rm -vf $cid > /dev/null" EXIT