From b494ef5bec0269d6dd55c2c94ec436c13d1fa4ce Mon Sep 17 00:00:00 2001 From: Bram Verburg Date: Tue, 25 Jun 2024 11:46:04 +0200 Subject: [PATCH] Support OTP 27 (#73) --- .github/workflows/main.yml | 5 +- lib/x509/date_time.ex | 4 +- lib/x509/private_key.ex | 4 +- lib/x509/rdn_sequence.ex | 2 +- lib/x509/test/server.ex | 10 ++ lib/x509/test/suite.ex | 1 + test/x509/certificate/extension_test.exs | 8 +- test/x509/certificate/validity_test.exs | 2 +- test/x509/certificate_test.exs | 2 +- test/x509/private_key_test.exs | 2 - test/x509/test/server_test.exs | 138 ++++++++++++----------- 11 files changed, 96 insertions(+), 82 deletions(-) diff --git a/.github/workflows/main.yml b/.github/workflows/main.yml index 58f67a1..5c97c33 100644 --- a/.github/workflows/main.yml +++ b/.github/workflows/main.yml @@ -42,10 +42,13 @@ jobs: - pair: elixir: '1.14.3' otp: '25.3' - lint: lint - pair: elixir: '1.15.1' otp: '26.0.2' + - pair: + elixir: '1.17.1' + otp: '27.0' + lint: lint steps: - uses: actions/checkout@v2 diff --git a/lib/x509/date_time.ex b/lib/x509/date_time.ex index 124ffa2..233a16c 100644 --- a/lib/x509/date_time.ex +++ b/lib/x509/date_time.ex @@ -27,7 +27,7 @@ defmodule X509.DateTime do def utc_time(%DateTime{} = datetime) do iso = DateTime.to_iso8601(datetime, :basic) [_, date, time] = Regex.run(~r/^\d\d(\d{6})T(\d{6})(?:\.\d+)?Z$/, iso) - '#{date}#{time}Z' + ~c"#{date}#{time}Z" end # Builds ASN.1 GeneralTime as charlist @@ -40,7 +40,7 @@ defmodule X509.DateTime do def general_time(%DateTime{} = datetime) do iso = DateTime.to_iso8601(datetime, :basic) [_, date, time] = Regex.run(~r/^(\d{8})T(\d{6})(?:\.\d+)?Z$/, iso) - '#{date}#{time}Z' + ~c"#{date}#{time}Z" end def to_datetime({:utcTime, time}) do diff --git a/lib/x509/private_key.ex b/lib/x509/private_key.ex index 09abb88..ce53032 100644 --- a/lib/x509/private_key.ex +++ b/lib/x509/private_key.ex @@ -236,7 +236,7 @@ defmodule X509.PrivateKey do def from_pem(pem, opts \\ []) do password = opts - |> Keyword.get(:password, '') + |> Keyword.get(:password, ~c"") |> to_charlist() pem @@ -307,6 +307,6 @@ defmodule X509.PrivateKey do end defp cipher_info() do - {'DES-EDE3-CBC', :crypto.strong_rand_bytes(8)} + {~c"DES-EDE3-CBC", :crypto.strong_rand_bytes(8)} end end diff --git a/lib/x509/rdn_sequence.ex b/lib/x509/rdn_sequence.ex index a22c90e..5671437 100644 --- a/lib/x509/rdn_sequence.ex +++ b/lib/x509/rdn_sequence.ex @@ -405,7 +405,7 @@ defmodule X509.RDNSequence do ?A..?Z |> Enum.into([]), ?a..?z |> Enum.into([]), ?0..?9 |> Enum.into([]), - ' \'()+,-./:=?' + ~c" '()+,-./:=?" ] |> List.flatten() diff --git a/lib/x509/test/server.ex b/lib/x509/test/server.ex index c9010bf..f1aad18 100644 --- a/lib/x509/test/server.ex +++ b/lib/x509/test/server.ex @@ -80,9 +80,19 @@ defmodule X509.Test.Server do end defp worker(socket, suite, response) do + # Default certificates and keys, which are overriden by sni_fun according + # to the specific test case. OTP 27 requires that valid certificates and + # keys are passed to the listener socket. + default_cert = X509.Certificate.to_der(suite.valid) + default_key = {:PrivateKeyInfo, X509.PrivateKey.to_der(suite.server_key, wrap: true)} + default_cacerts = suite.chain + opts = [ active: false, + cert: default_cert, + key: default_key, + cacerts: default_cacerts, sni_fun: X509.Test.Suite.sni_fun(suite), reuse_sessions: false ] ++ log_opts() diff --git a/lib/x509/test/suite.ex b/lib/x509/test/suite.ex index 6c24060..d975e37 100644 --- a/lib/x509/test/suite.ex +++ b/lib/x509/test/suite.ex @@ -419,6 +419,7 @@ defmodule X509.Test.Suite do ) do [ cert: X509.Certificate.to_der(valid), + cacerts: [], key: {:PrivateKeyInfo, X509.PrivateKey.to_der(server_key, wrap: true)} ] end diff --git a/test/x509/certificate/extension_test.exs b/test/x509/certificate/extension_test.exs index f006d72..ffbdf2f 100644 --- a/test/x509/certificate/extension_test.exs +++ b/test/x509/certificate/extension_test.exs @@ -63,7 +63,7 @@ defmodule X509.Certificate.ExtensionTest do assert certs.server |> X509.Certificate.extension(:subject_alt_name) |> extension(:extnValue) == - [dNSName: '*.tools.ietf.org', dNSName: 'tools.ietf.org'] + [dNSName: ~c"*.tools.ietf.org", dNSName: ~c"tools.ietf.org"] end test "crl_distribution_points", %{certs: certs} do @@ -73,7 +73,7 @@ defmodule X509.Certificate.ExtensionTest do {:DistributionPoint, {:fullName, [ - uniformResourceIdentifier: 'http://crl.starfieldtech.com/sfig2s1-128.crl' + uniformResourceIdentifier: ~c"http://crl.starfieldtech.com/sfig2s1-128.crl" ]}, :asn1_NOVALUE, :asn1_NOVALUE} ] end @@ -83,10 +83,10 @@ defmodule X509.Certificate.ExtensionTest do |> X509.Certificate.extension(:authority_info_access) |> extension(:extnValue) == [ {:AccessDescription, {1, 3, 6, 1, 5, 5, 7, 48, 1}, - {:uniformResourceIdentifier, 'http://ocsp.starfieldtech.com/'}}, + {:uniformResourceIdentifier, ~c"http://ocsp.starfieldtech.com/"}}, {:AccessDescription, {1, 3, 6, 1, 5, 5, 7, 48, 2}, {:uniformResourceIdentifier, - 'http://certificates.starfieldtech.com/repository/sfig2.crt'}} + ~c"http://certificates.starfieldtech.com/repository/sfig2.crt"}} ] end diff --git a/test/x509/certificate/validity_test.exs b/test/x509/certificate/validity_test.exs index bb590c2..bc7dca5 100644 --- a/test/x509/certificate/validity_test.exs +++ b/test/x509/certificate/validity_test.exs @@ -8,7 +8,7 @@ defmodule X509.Certificate.ValidityTest do validity = X509.Certificate.Validity.new(not_before, not_after) assert <> = :public_key.der_encode(:Validity, validity) - assert {:Validity, {:utcTime, '220101000000Z'}, {:generalTime, '20511231235959Z'}} = + assert {:Validity, {:utcTime, ~c"220101000000Z"}, {:generalTime, ~c"20511231235959Z"}} = :public_key.der_decode(:Validity, der) end end diff --git a/test/x509/certificate_test.exs b/test/x509/certificate_test.exs index c79c6da..10bebf9 100644 --- a/test/x509/certificate_test.exs +++ b/test/x509/certificate_test.exs @@ -116,7 +116,7 @@ defmodule X509.CertificateTest do |> X509.Certificate.extension(:key_usage) |> extension(:extnValue) - assert [rfc822Name: 'end.entity@example.com'] = + assert [rfc822Name: ~c"end.entity@example.com"] = cert2 |> X509.Certificate.extension(:subject_alt_name) |> extension(:extnValue) diff --git a/test/x509/private_key_test.exs b/test/x509/private_key_test.exs index 7567cfa..2aaeed7 100644 --- a/test/x509/private_key_test.exs +++ b/test/x509/private_key_test.exs @@ -64,8 +64,6 @@ defmodule X509.PrivateKeyTest do test "new" do assert match?(ec_private_key(), new_ec(:secp256r1)) assert match?(ec_private_key(), new_ec(oid(:secp256r1))) - - assert_raise(FunctionClauseError, fn -> new_ec(:no_such_curve) end) end test "wrap and unwrap", context do diff --git a/test/x509/test/server_test.exs b/test/x509/test/server_test.exs index 394887b..e21df90 100644 --- a/test/x509/test/server_test.exs +++ b/test/x509/test/server_test.exs @@ -97,14 +97,14 @@ defmodule X509.Test.ServerTest do test "valid", context do assert {:ok, _} = - request('https://valid.#{context.suite.domain}:#{context.port}/', + request(~c"https://valid.#{context.suite.domain}:#{context.port}/", cacertfile: context.cacertfile ) end test "valid-missing-chain", context do assert {:error, {:tls_alert, reason}} = - request('https://valid-missing-chain.#{context.suite.domain}:#{context.port}/', + request(~c"https://valid-missing-chain.#{context.suite.domain}:#{context.port}/", cacertfile: context.cacertfile ) @@ -116,7 +116,7 @@ defmodule X509.Test.ServerTest do # intermediate CAs from the provided trust store if version(:ssl) >= [9, 0, 2] do assert {:ok, _} = - request('https://valid-missing-chain.#{context.suite.domain}:#{context.port}/', + request(~c"https://valid-missing-chain.#{context.suite.domain}:#{context.port}/", cacertfile: context.cacertfile_with_chain ) end @@ -124,7 +124,7 @@ defmodule X509.Test.ServerTest do test "valid-expired-chain", context do assert {:error, {:tls_alert, reason}} = - request('https://valid-expired-chain.#{context.suite.domain}:#{context.port}/', + request(~c"https://valid-expired-chain.#{context.suite.domain}:#{context.port}/", cacertfile: context.cacertfile ) @@ -133,7 +133,7 @@ defmodule X509.Test.ServerTest do test "valid-revoked-chain", context do assert {:error, {:tls_alert, reason}} = - request('https://valid-revoked-chain.#{context.suite.domain}:#{context.port}/', + request(~c"https://valid-revoked-chain.#{context.suite.domain}:#{context.port}/", cacertfile: context.cacertfile ) @@ -142,7 +142,7 @@ defmodule X509.Test.ServerTest do test "valid-wrong-key", context do assert {:error, {:tls_alert, reason}} = - request('https://valid-wrong-key.#{context.suite.domain}:#{context.port}/', + request(~c"https://valid-wrong-key.#{context.suite.domain}:#{context.port}/", cacertfile: context.cacertfile ) @@ -151,7 +151,7 @@ defmodule X509.Test.ServerTest do test "valid-wrong-host", context do assert {:error, {:tls_alert, reason}} = - request('https://valid-wrong-host.#{context.suite.domain}:#{context.port}/', + request(~c"https://valid-wrong-host.#{context.suite.domain}:#{context.port}/", cacertfile: context.cacertfile ) @@ -167,7 +167,7 @@ defmodule X509.Test.ServerTest do @tag :known_to_fail test "valid-cross-signed, cross-signed CA", context do assert {:ok, _} = - request('https://valid-cross-signed.#{context.suite.domain}:#{context.port}/', + request(~c"https://valid-cross-signed.#{context.suite.domain}:#{context.port}/", cacertfile: context.cacertfile ) end @@ -176,7 +176,7 @@ defmodule X509.Test.ServerTest do # TODO: this only works with 'best effort' CRL checks; this may be an # issue with the test suite assert {:ok, _} = - request('https://valid-cross-signed.#{context.suite.domain}:#{context.port}/', + request(~c"https://valid-cross-signed.#{context.suite.domain}:#{context.port}/", cacertfile: context.alternate_cacertfile, crl_check: :best_effort ) @@ -188,7 +188,7 @@ defmodule X509.Test.ServerTest do # versions this test would fail if version(:public_key) >= [1, 6] do assert {:ok, _} = - request('https://valid.wildcard.#{context.suite.domain}:#{context.port}/', + request(~c"https://valid.wildcard.#{context.suite.domain}:#{context.port}/", cacertfile: context.cacertfile ) end @@ -196,7 +196,7 @@ defmodule X509.Test.ServerTest do test "wildcard, bare domain", context do assert {:error, {:tls_alert, reason}} = - request('https://wildcard.#{context.suite.domain}:#{context.port}/', + request(~c"https://wildcard.#{context.suite.domain}:#{context.port}/", cacertfile: context.cacertfile ) @@ -206,7 +206,7 @@ defmodule X509.Test.ServerTest do test "invalid.subdomain.wildcard", context do assert {:error, {:tls_alert, reason}} = request( - 'https://invalid.subdomain.wildcard.#{context.suite.domain}:#{context.port}/', + ~c"https://invalid.subdomain.wildcard.#{context.suite.domain}:#{context.port}/", cacertfile: context.cacertfile ) @@ -215,7 +215,7 @@ defmodule X509.Test.ServerTest do test "expired", context do assert {:error, {:tls_alert, reason}} = - request('https://expired.#{context.suite.domain}:#{context.port}/', + request(~c"https://expired.#{context.suite.domain}:#{context.port}/", cacertfile: context.cacertfile ) @@ -224,7 +224,7 @@ defmodule X509.Test.ServerTest do test "revoked", context do assert {:error, {:tls_alert, reason}} = - request('https://revoked.#{context.suite.domain}:#{context.port}/', + request(~c"https://revoked.#{context.suite.domain}:#{context.port}/", cacertfile: context.cacertfile ) @@ -233,7 +233,7 @@ defmodule X509.Test.ServerTest do test "selfsigned", context do assert {:error, {:tls_alert, reason}} = - request('https://selfsigned.#{context.suite.domain}:#{context.port}/', + request(~c"https://selfsigned.#{context.suite.domain}:#{context.port}/", cacertfile: context.cacertfile ) @@ -242,7 +242,7 @@ defmodule X509.Test.ServerTest do test "client-cert", context do assert {:error, error} = - request('https://client-cert.#{context.suite.domain}:#{context.port}/', + request(~c"https://client-cert.#{context.suite.domain}:#{context.port}/", cacertfile: context.cacertfile ) @@ -264,7 +264,7 @@ defmodule X509.Test.ServerTest do end assert {:ok, _} = - request('https://client-cert.#{context.suite.domain}:#{context.port}/', + request(~c"https://client-cert.#{context.suite.domain}:#{context.port}/", cacerts: context.suite.chain ++ context.suite.cacerts, cert: X509.Certificate.to_der(context.suite.client), key: {:RSAPrivateKey, X509.PrivateKey.to_der(context.suite.client_key)} @@ -277,14 +277,14 @@ defmodule X509.Test.ServerTest do test "valid", context do assert {:ok, _} = - request('https://valid.#{context.suite.domain}:#{context.port}/', + request(~c"https://valid.#{context.suite.domain}:#{context.port}/", cacerts: context.suite.cacerts ) end test "valid-missing-chain", context do assert {:error, {:tls_alert, reason}} = - request('https://valid-missing-chain.#{context.suite.domain}:#{context.port}/', + request(~c"https://valid-missing-chain.#{context.suite.domain}:#{context.port}/", cacerts: context.suite.cacerts ) @@ -300,7 +300,7 @@ defmodule X509.Test.ServerTest do # issuer of the peer certificate in this case is taken from `cacerts`, # no CRL checks can be performed assert {:ok, _} = - request('https://valid-missing-chain.#{context.suite.domain}:#{context.port}/', + request(~c"https://valid-missing-chain.#{context.suite.domain}:#{context.port}/", cacerts: context.suite.cacerts ++ context.suite.chain, crl_check: false ) @@ -309,7 +309,7 @@ defmodule X509.Test.ServerTest do test "valid-expired-chain", context do assert {:error, {:tls_alert, reason}} = - request('https://valid-expired-chain.#{context.suite.domain}:#{context.port}/', + request(~c"https://valid-expired-chain.#{context.suite.domain}:#{context.port}/", cacerts: context.suite.cacerts ) @@ -321,7 +321,7 @@ defmodule X509.Test.ServerTest do @tag :known_to_fail test "valid-revoked-chain", context do assert {:error, {:tls_alert, reason}} = - request('https://valid-revoked-chain.#{context.suite.domain}:#{context.port}/', + request(~c"https://valid-revoked-chain.#{context.suite.domain}:#{context.port}/", cacerts: context.suite.cacerts ) @@ -330,7 +330,7 @@ defmodule X509.Test.ServerTest do test "valid-wrong-key", context do assert {:error, {:tls_alert, reason}} = - request('https://valid-wrong-key.#{context.suite.domain}:#{context.port}/', + request(~c"https://valid-wrong-key.#{context.suite.domain}:#{context.port}/", cacerts: context.suite.cacerts ) @@ -339,7 +339,7 @@ defmodule X509.Test.ServerTest do test "valid-wrong-host", context do assert {:error, {:tls_alert, reason}} = - request('https://valid-wrong-host.#{context.suite.domain}:#{context.port}/', + request(~c"https://valid-wrong-host.#{context.suite.domain}:#{context.port}/", cacerts: context.suite.cacerts ) @@ -355,7 +355,7 @@ defmodule X509.Test.ServerTest do @tag :known_to_fail test "valid-cross-signed, cross-signed CA", context do assert {:ok, _} = - request('https://valid-cross-signed.#{context.suite.domain}:#{context.port}/', + request(~c"https://valid-cross-signed.#{context.suite.domain}:#{context.port}/", cacerts: context.suite.cacerts ) end @@ -364,7 +364,7 @@ defmodule X509.Test.ServerTest do # TODO: this does not work with CRL checks at all, not even peer-only; # this may be an issue with the test suite assert {:ok, _} = - request('https://valid-cross-signed.#{context.suite.domain}:#{context.port}/', + request(~c"https://valid-cross-signed.#{context.suite.domain}:#{context.port}/", cacerts: context.suite.alternate_cacerts, crl_check: false ) @@ -376,7 +376,7 @@ defmodule X509.Test.ServerTest do # versions this test would fail if version(:public_key) >= [1, 6] do assert {:ok, _} = - request('https://valid.wildcard.#{context.suite.domain}:#{context.port}/', + request(~c"https://valid.wildcard.#{context.suite.domain}:#{context.port}/", cacerts: context.suite.cacerts ) end @@ -384,7 +384,7 @@ defmodule X509.Test.ServerTest do test "wildcard, bare domain", context do assert {:error, {:tls_alert, reason}} = - request('https://wildcard.#{context.suite.domain}:#{context.port}/', + request(~c"https://wildcard.#{context.suite.domain}:#{context.port}/", cacerts: context.suite.cacerts ) @@ -394,7 +394,7 @@ defmodule X509.Test.ServerTest do test "invalid.subdomain.wildcard", context do assert {:error, {:tls_alert, reason}} = request( - 'https://invalid.subdomain.wildcard.#{context.suite.domain}:#{context.port}/', + ~c"https://invalid.subdomain.wildcard.#{context.suite.domain}:#{context.port}/", cacerts: context.suite.cacerts ) @@ -403,7 +403,7 @@ defmodule X509.Test.ServerTest do test "expired", context do assert {:error, {:tls_alert, reason}} = - request('https://expired.#{context.suite.domain}:#{context.port}/', + request(~c"https://expired.#{context.suite.domain}:#{context.port}/", cacerts: context.suite.cacerts ) @@ -416,7 +416,7 @@ defmodule X509.Test.ServerTest do @tag :known_to_fail test "revoked", context do assert {:error, {:tls_alert, reason}} = - request('https://revoked.#{context.suite.domain}:#{context.port}/', + request(~c"https://revoked.#{context.suite.domain}:#{context.port}/", cacerts: context.suite.cacerts ) @@ -425,7 +425,7 @@ defmodule X509.Test.ServerTest do test "selfsigned", context do assert {:error, {:tls_alert, reason}} = - request('https://selfsigned.#{context.suite.domain}:#{context.port}/', + request(~c"https://selfsigned.#{context.suite.domain}:#{context.port}/", cacerts: context.suite.cacerts ) @@ -434,7 +434,7 @@ defmodule X509.Test.ServerTest do test "client-cert", context do assert {:error, error} = - request('https://client-cert.#{context.suite.domain}:#{context.port}/', + request(~c"https://client-cert.#{context.suite.domain}:#{context.port}/", cacerts: context.suite.cacerts ) @@ -456,7 +456,7 @@ defmodule X509.Test.ServerTest do end assert {:ok, _} = - request('https://client-cert.#{context.suite.domain}:#{context.port}/', + request(~c"https://client-cert.#{context.suite.domain}:#{context.port}/", cacerts: context.suite.chain ++ context.suite.cacerts, cert: X509.Certificate.to_der(context.suite.client), key: {:RSAPrivateKey, X509.PrivateKey.to_der(context.suite.client_key)} @@ -471,14 +471,14 @@ defmodule X509.Test.ServerTest do test "valid", context do assert {:ok, _} = - request('https://valid.#{context.suite.domain}:#{context.port}/', + request(~c"https://valid.#{context.suite.domain}:#{context.port}/", cacertfile: context.cacertfile ) end test "valid-missing-chain", context do assert {:error, {:tls_alert, reason}} = - request('https://valid-missing-chain.#{context.suite.domain}:#{context.port}/', + request(~c"https://valid-missing-chain.#{context.suite.domain}:#{context.port}/", cacertfile: context.cacertfile ) @@ -490,7 +490,8 @@ defmodule X509.Test.ServerTest do # intermediate CAs from the provided trust store if version(:ssl) >= [9, 0, 2] do assert {:ok, _} = - request('https://valid-missing-chain.#{context.suite.domain}:#{context.port}/', + request( + ~c"https://valid-missing-chain.#{context.suite.domain}:#{context.port}/", cacertfile: context.cacertfile_with_chain ) end @@ -498,7 +499,7 @@ defmodule X509.Test.ServerTest do test "valid-expired-chain", context do assert {:error, {:tls_alert, reason}} = - request('https://valid-expired-chain.#{context.suite.domain}:#{context.port}/', + request(~c"https://valid-expired-chain.#{context.suite.domain}:#{context.port}/", cacertfile: context.cacertfile ) @@ -507,7 +508,7 @@ defmodule X509.Test.ServerTest do test "valid-revoked-chain", context do assert {:error, {:tls_alert, reason}} = - request('https://valid-revoked-chain.#{context.suite.domain}:#{context.port}/', + request(~c"https://valid-revoked-chain.#{context.suite.domain}:#{context.port}/", cacertfile: context.cacertfile ) @@ -516,7 +517,7 @@ defmodule X509.Test.ServerTest do test "valid-wrong-key", context do assert {:error, {:tls_alert, reason}} = - request('https://valid-wrong-key.#{context.suite.domain}:#{context.port}/', + request(~c"https://valid-wrong-key.#{context.suite.domain}:#{context.port}/", cacertfile: context.cacertfile ) @@ -525,7 +526,7 @@ defmodule X509.Test.ServerTest do test "valid-wrong-host", context do assert {:error, {:tls_alert, reason}} = - request('https://valid-wrong-host.#{context.suite.domain}:#{context.port}/', + request(~c"https://valid-wrong-host.#{context.suite.domain}:#{context.port}/", cacertfile: context.cacertfile ) @@ -541,7 +542,7 @@ defmodule X509.Test.ServerTest do @tag :known_to_fail test "valid-cross-signed, cross-signed CA", context do assert {:ok, _} = - request('https://valid-cross-signed.#{context.suite.domain}:#{context.port}/', + request(~c"https://valid-cross-signed.#{context.suite.domain}:#{context.port}/", cacertfile: context.cacertfile ) end @@ -550,7 +551,7 @@ defmodule X509.Test.ServerTest do # TODO: this only works with 'best effort' CRL checks; this may be an # issue with the test suite assert {:ok, _} = - request('https://valid-cross-signed.#{context.suite.domain}:#{context.port}/', + request(~c"https://valid-cross-signed.#{context.suite.domain}:#{context.port}/", cacertfile: context.alternate_cacertfile, crl_check: :best_effort ) @@ -562,7 +563,7 @@ defmodule X509.Test.ServerTest do # versions this test would fail if version(:public_key) >= [1, 6] do assert {:ok, _} = - request('https://valid.wildcard.#{context.suite.domain}:#{context.port}/', + request(~c"https://valid.wildcard.#{context.suite.domain}:#{context.port}/", cacertfile: context.cacertfile ) end @@ -570,7 +571,7 @@ defmodule X509.Test.ServerTest do test "wildcard, bare domain", context do assert {:error, {:tls_alert, reason}} = - request('https://wildcard.#{context.suite.domain}:#{context.port}/', + request(~c"https://wildcard.#{context.suite.domain}:#{context.port}/", cacertfile: context.cacertfile ) @@ -580,7 +581,7 @@ defmodule X509.Test.ServerTest do test "invalid.subdomain.wildcard", context do assert {:error, {:tls_alert, reason}} = request( - 'https://invalid.subdomain.wildcard.#{context.suite.domain}:#{context.port}/', + ~c"https://invalid.subdomain.wildcard.#{context.suite.domain}:#{context.port}/", cacertfile: context.cacertfile ) @@ -589,7 +590,7 @@ defmodule X509.Test.ServerTest do test "expired", context do assert {:error, {:tls_alert, reason}} = - request('https://expired.#{context.suite.domain}:#{context.port}/', + request(~c"https://expired.#{context.suite.domain}:#{context.port}/", cacertfile: context.cacertfile ) @@ -598,7 +599,7 @@ defmodule X509.Test.ServerTest do test "revoked", context do assert {:error, {:tls_alert, reason}} = - request('https://revoked.#{context.suite.domain}:#{context.port}/', + request(~c"https://revoked.#{context.suite.domain}:#{context.port}/", cacertfile: context.cacertfile ) @@ -607,7 +608,7 @@ defmodule X509.Test.ServerTest do test "selfsigned", context do assert {:error, {:tls_alert, reason}} = - request('https://selfsigned.#{context.suite.domain}:#{context.port}/', + request(~c"https://selfsigned.#{context.suite.domain}:#{context.port}/", cacertfile: context.cacertfile ) @@ -616,7 +617,7 @@ defmodule X509.Test.ServerTest do test "client-cert", context do assert {:error, error} = - request('https://client-cert.#{context.suite.domain}:#{context.port}/', + request(~c"https://client-cert.#{context.suite.domain}:#{context.port}/", cacertfile: context.cacertfile ) @@ -638,7 +639,7 @@ defmodule X509.Test.ServerTest do end assert {:ok, _} = - request('https://client-cert.#{context.suite.domain}:#{context.port}/', + request(~c"https://client-cert.#{context.suite.domain}:#{context.port}/", cacerts: context.suite.chain ++ context.suite.cacerts, cert: X509.Certificate.to_der(context.suite.client), key: {:ECPrivateKey, X509.PrivateKey.to_der(context.suite.client_key)} @@ -651,14 +652,14 @@ defmodule X509.Test.ServerTest do test "valid", context do assert {:ok, _} = - request('https://valid.#{context.suite.domain}:#{context.port}/', + request(~c"https://valid.#{context.suite.domain}:#{context.port}/", cacerts: context.suite.cacerts ) end test "valid-missing-chain", context do assert {:error, {:tls_alert, reason}} = - request('https://valid-missing-chain.#{context.suite.domain}:#{context.port}/', + request(~c"https://valid-missing-chain.#{context.suite.domain}:#{context.port}/", cacerts: context.suite.cacerts ) @@ -674,7 +675,8 @@ defmodule X509.Test.ServerTest do # issuer of the peer certificate in this case is taken from `cacerts`, # no CRL checks can be performed assert {:ok, _} = - request('https://valid-missing-chain.#{context.suite.domain}:#{context.port}/', + request( + ~c"https://valid-missing-chain.#{context.suite.domain}:#{context.port}/", cacerts: context.suite.cacerts ++ context.suite.chain, crl_check: false ) @@ -683,7 +685,7 @@ defmodule X509.Test.ServerTest do test "valid-expired-chain", context do assert {:error, {:tls_alert, reason}} = - request('https://valid-expired-chain.#{context.suite.domain}:#{context.port}/', + request(~c"https://valid-expired-chain.#{context.suite.domain}:#{context.port}/", cacerts: context.suite.cacerts ) @@ -695,7 +697,7 @@ defmodule X509.Test.ServerTest do @tag :known_to_fail test "valid-revoked-chain", context do assert {:error, {:tls_alert, reason}} = - request('https://valid-revoked-chain.#{context.suite.domain}:#{context.port}/', + request(~c"https://valid-revoked-chain.#{context.suite.domain}:#{context.port}/", cacerts: context.suite.cacerts ) @@ -704,7 +706,7 @@ defmodule X509.Test.ServerTest do test "valid-wrong-key", context do assert {:error, {:tls_alert, reason}} = - request('https://valid-wrong-key.#{context.suite.domain}:#{context.port}/', + request(~c"https://valid-wrong-key.#{context.suite.domain}:#{context.port}/", cacerts: context.suite.cacerts ) @@ -713,7 +715,7 @@ defmodule X509.Test.ServerTest do test "valid-wrong-host", context do assert {:error, {:tls_alert, reason}} = - request('https://valid-wrong-host.#{context.suite.domain}:#{context.port}/', + request(~c"https://valid-wrong-host.#{context.suite.domain}:#{context.port}/", cacerts: context.suite.cacerts ) @@ -729,7 +731,7 @@ defmodule X509.Test.ServerTest do @tag :known_to_fail test "valid-cross-signed, cross-signed CA", context do assert {:ok, _} = - request('https://valid-cross-signed.#{context.suite.domain}:#{context.port}/', + request(~c"https://valid-cross-signed.#{context.suite.domain}:#{context.port}/", cacerts: context.suite.cacerts ) end @@ -738,7 +740,7 @@ defmodule X509.Test.ServerTest do # TODO: this does not work with CRL checks at all, not even peer-only; # this may be an issue with the test suite assert {:ok, _} = - request('https://valid-cross-signed.#{context.suite.domain}:#{context.port}/', + request(~c"https://valid-cross-signed.#{context.suite.domain}:#{context.port}/", cacerts: context.suite.alternate_cacerts, crl_check: false ) @@ -750,7 +752,7 @@ defmodule X509.Test.ServerTest do # versions this test would fail if version(:public_key) >= [1, 6] do assert {:ok, _} = - request('https://valid.wildcard.#{context.suite.domain}:#{context.port}/', + request(~c"https://valid.wildcard.#{context.suite.domain}:#{context.port}/", cacerts: context.suite.cacerts ) end @@ -758,7 +760,7 @@ defmodule X509.Test.ServerTest do test "wildcard, bare domain", context do assert {:error, {:tls_alert, reason}} = - request('https://wildcard.#{context.suite.domain}:#{context.port}/', + request(~c"https://wildcard.#{context.suite.domain}:#{context.port}/", cacerts: context.suite.cacerts ) @@ -768,7 +770,7 @@ defmodule X509.Test.ServerTest do test "invalid.subdomain.wildcard", context do assert {:error, {:tls_alert, reason}} = request( - 'https://invalid.subdomain.wildcard.#{context.suite.domain}:#{context.port}/', + ~c"https://invalid.subdomain.wildcard.#{context.suite.domain}:#{context.port}/", cacerts: context.suite.cacerts ) @@ -777,7 +779,7 @@ defmodule X509.Test.ServerTest do test "expired", context do assert {:error, {:tls_alert, reason}} = - request('https://expired.#{context.suite.domain}:#{context.port}/', + request(~c"https://expired.#{context.suite.domain}:#{context.port}/", cacerts: context.suite.cacerts ) @@ -790,7 +792,7 @@ defmodule X509.Test.ServerTest do @tag :known_to_fail test "revoked", context do assert {:error, {:tls_alert, reason}} = - request('https://revoked.#{context.suite.domain}:#{context.port}/', + request(~c"https://revoked.#{context.suite.domain}:#{context.port}/", cacerts: context.suite.cacerts ) @@ -799,7 +801,7 @@ defmodule X509.Test.ServerTest do test "selfsigned", context do assert {:error, {:tls_alert, reason}} = - request('https://selfsigned.#{context.suite.domain}:#{context.port}/', + request(~c"https://selfsigned.#{context.suite.domain}:#{context.port}/", cacerts: context.suite.cacerts ) @@ -808,7 +810,7 @@ defmodule X509.Test.ServerTest do test "client-cert", context do assert {:error, error} = - request('https://client-cert.#{context.suite.domain}:#{context.port}/', + request(~c"https://client-cert.#{context.suite.domain}:#{context.port}/", cacerts: context.suite.cacerts ) @@ -830,7 +832,7 @@ defmodule X509.Test.ServerTest do end assert {:ok, _} = - request('https://client-cert.#{context.suite.domain}:#{context.port}/', + request(~c"https://client-cert.#{context.suite.domain}:#{context.port}/", cacerts: context.suite.chain ++ context.suite.cacerts, cert: X509.Certificate.to_der(context.suite.client), key: {:ECPrivateKey, X509.PrivateKey.to_der(context.suite.client_key)}