summaryrefslogtreecommitdiff
path: root/spec/integration/ssl
diff options
context:
space:
mode:
Diffstat (limited to 'spec/integration/ssl')
-rwxr-xr-xspec/integration/ssl/certificate_authority_spec.rb26
-rwxr-xr-xspec/integration/ssl/certificate_request_spec.rb6
-rwxr-xr-xspec/integration/ssl/certificate_revocation_list_spec.rb2
-rwxr-xr-xspec/integration/ssl/host_spec.rb2
4 files changed, 26 insertions, 10 deletions
diff --git a/spec/integration/ssl/certificate_authority_spec.rb b/spec/integration/ssl/certificate_authority_spec.rb
index acbc38cbc..3cf494afa 100755
--- a/spec/integration/ssl/certificate_authority_spec.rb
+++ b/spec/integration/ssl/certificate_authority_spec.rb
@@ -99,6 +99,32 @@ describe Puppet::SSL::CertificateAuthority, :unless => Puppet.features.microsoft
end
end
+ describe "when revoking certificate" do
+ it "should work for one certificate" do
+ certificate_request_for("luke.madstop.com")
+
+ ca.sign("luke.madstop.com")
+ ca.revoke("luke.madstop.com")
+
+ expect { ca.verify("luke.madstop.com") }.to raise_error(
+ Puppet::SSL::CertificateAuthority::CertificateVerificationError,
+ "certificate revoked"
+ )
+ end
+
+ it "should work for several certificates" do
+ 3.times.each do |c|
+ certificate_request_for("luke.madstop.com")
+ ca.sign("luke.madstop.com")
+ ca.destroy("luke.madstop.com")
+ end
+ ca.revoke("luke.madstop.com")
+
+ ca.crl.content.revoked.map { |r| r.serial }.should == [2,3,4] # ca has serial 1
+ end
+
+ end
+
it "allows autosigning certificates concurrently", :unless => Puppet::Util::Platform.windows? do
Puppet[:autosign] = true
hosts = (0..4).collect { |i| certificate_request_for("host#{i}") }
diff --git a/spec/integration/ssl/certificate_request_spec.rb b/spec/integration/ssl/certificate_request_spec.rb
index 4a035d532..eeb29da79 100755
--- a/spec/integration/ssl/certificate_request_spec.rb
+++ b/spec/integration/ssl/certificate_request_spec.rb
@@ -10,8 +10,6 @@ describe Puppet::SSL::CertificateRequest do
# Get a safe temporary file
dir = tmpdir("csr_integration_testing")
- Puppet.settings.clear
-
Puppet.settings[:confdir] = dir
Puppet.settings[:vardir] = dir
Puppet.settings[:group] = Process.gid
@@ -26,10 +24,6 @@ describe Puppet::SSL::CertificateRequest do
Puppet::SSL::CertificateRequest.indirection.termini.clear
end
- after do
- Puppet.settings.clear
- end
-
it "should be able to generate CSRs" do
@csr.generate(@key)
end
diff --git a/spec/integration/ssl/certificate_revocation_list_spec.rb b/spec/integration/ssl/certificate_revocation_list_spec.rb
index 06a69a741..ec344926b 100755
--- a/spec/integration/ssl/certificate_revocation_list_spec.rb
+++ b/spec/integration/ssl/certificate_revocation_list_spec.rb
@@ -20,8 +20,6 @@ describe Puppet::SSL::CertificateRevocationList do
after {
Puppet::SSL::Host.ca_location = :none
- Puppet.settings.clear
-
# This is necessary so the terminus instances don't lie around.
Puppet::SSL::Host.indirection.termini.clear
}
diff --git a/spec/integration/ssl/host_spec.rb b/spec/integration/ssl/host_spec.rb
index fbb108db7..18f0d17fc 100755
--- a/spec/integration/ssl/host_spec.rb
+++ b/spec/integration/ssl/host_spec.rb
@@ -22,8 +22,6 @@ describe Puppet::SSL::Host do
after {
Puppet::SSL::Host.ca_location = :none
-
- Puppet.settings.clear
}
it "should be considered a CA host if its name is equal to 'ca'" do
generated by cgit v1.2.3 (git 2.39.1) at 2025-08-08 15:58:44 +0000