From 05ca44280aed90319c1826fa63b993e0a2ff880c Mon Sep 17 00:00:00 2001 From: Reuben Miller Date: Wed, 19 Jun 2024 13:39:27 +0200 Subject: [PATCH] tests: include loopback address in alternative names when generating certs for localhost Signed-off-by: Reuben Miller --- crates/common/axum_tls/test_data/_regenerate_certs.sh | 2 +- .../tests/cumulocity/configuration/generate_certificates.sh | 4 ++-- tests/RobotFramework/tests/mqtt/gen_certs.sh | 2 +- tests/images/debian-systemd/files/bootstrap.sh | 4 ++-- 4 files changed, 6 insertions(+), 6 deletions(-) diff --git a/crates/common/axum_tls/test_data/_regenerate_certs.sh b/crates/common/axum_tls/test_data/_regenerate_certs.sh index aac21b159a6..6926d40cae0 100755 --- a/crates/common/axum_tls/test_data/_regenerate_certs.sh +++ b/crates/common/axum_tls/test_data/_regenerate_certs.sh @@ -6,7 +6,7 @@ days=365000 args=("-days" "$days" "-noenc" \ -subj "/CN=localhost" \ - -addext "subjectAltName=DNS:localhost,DNS:*.localhost" \ + -addext "subjectAltName=DNS:localhost,DNS:*.localhost,IP:127.0.0.1" \ -addext "basicConstraints=critical,CA:false") set -eux diff --git a/tests/RobotFramework/tests/cumulocity/configuration/generate_certificates.sh b/tests/RobotFramework/tests/cumulocity/configuration/generate_certificates.sh index e24e047a9ff..138cc8ba806 100755 --- a/tests/RobotFramework/tests/cumulocity/configuration/generate_certificates.sh +++ b/tests/RobotFramework/tests/cumulocity/configuration/generate_certificates.sh @@ -30,7 +30,7 @@ authorityKeyIdentifier=keyid basicConstraints=CA:FALSE keyUsage = digitalSignature, keyAgreement extendedKeyUsage = serverAuth, clientAuth -subjectAltName=DNS:localhost,IP:$C8Y_PROXY_COMMON_NAME +subjectAltName=DNS:localhost,IP:$C8Y_PROXY_COMMON_NAME,IP:127.0.0.1 EOF openssl x509 -req \ @@ -49,7 +49,7 @@ authorityKeyIdentifier=keyid basicConstraints=CA:FALSE keyUsage = digitalSignature, keyAgreement extendedKeyUsage = serverAuth, clientAuth -subjectAltName=DNS:localhost,IP:$FTS_COMMON_NAME +subjectAltName=DNS:localhost,IP:$FTS_COMMON_NAME,IP:127.0.0.1 EOF openssl genrsa -out main-agent.key 2048 diff --git a/tests/RobotFramework/tests/mqtt/gen_certs.sh b/tests/RobotFramework/tests/mqtt/gen_certs.sh index 06ede937419..00db412cfb4 100644 --- a/tests/RobotFramework/tests/mqtt/gen_certs.sh +++ b/tests/RobotFramework/tests/mqtt/gen_certs.sh @@ -21,7 +21,7 @@ cat > v3.ext << EOF authorityKeyIdentifier=keyid basicConstraints=CA:FALSE keyUsage = digitalSignature, keyAgreement -subjectAltName=DNS:$(hostname),DNS:localhost +subjectAltName=DNS:$(hostname),DNS:localhost,IP:127.0.0.1 EOF openssl x509 -req \ diff --git a/tests/images/debian-systemd/files/bootstrap.sh b/tests/images/debian-systemd/files/bootstrap.sh index 259834c68d1..b0448c31837 100755 --- a/tests/images/debian-systemd/files/bootstrap.sh +++ b/tests/images/debian-systemd/files/bootstrap.sh @@ -695,7 +695,7 @@ gen_certs() { authorityKeyIdentifier=keyid basicConstraints=CA:FALSE keyUsage = digitalSignature, keyAgreement - subjectAltName=DNS:$(hostname), DNS:localhost + subjectAltName=DNS:$(hostname), DNS:localhost, IP:127.0.0.1 EOF openssl x509 -req \ @@ -774,7 +774,7 @@ authorityKeyIdentifier=keyid basicConstraints=CA:FALSE keyUsage = digitalSignature, keyAgreement extendedKeyUsage = serverAuth, clientAuth -subjectAltName=DNS:${CN},DNS:localhost +subjectAltName=DNS:${CN},DNS:localhost,IP:127.0.0.1 EOF )