diff options
| author | elijah <elijah@riseup.net> | 2016-02-24 11:10:25 -0800 |
|---|---|---|
| committer | elijah <elijah@riseup.net> | 2016-02-24 11:10:25 -0800 |
| commit | 393d46feb9890a87c5764f40b61c51d03fe0a4fe (patch) | |
| tree | cb64beb4cd4a1e6cef96c1f9bdad5c8cfaf0a62b | |
| parent | e1d0289eb3b5e386b4db39fdc9d2d7c3b4fbf17e (diff) | |
check server cert expiry in tests, closes #7910
| -rw-r--r-- | tests/white-box/network.rb | 18 |
1 files changed, 18 insertions, 0 deletions
diff --git a/tests/white-box/network.rb b/tests/white-box/network.rb index 382f857b..2436230b 100644 --- a/tests/white-box/network.rb +++ b/tests/white-box/network.rb @@ -1,4 +1,5 @@ require 'socket' +require 'openssl' raise SkipTest if $node["dummy"] @@ -69,4 +70,21 @@ class Network < LeapTest pass end + THIRTY_DAYS = 60*60*24*30 + + def test_04_Are_server_certificates_valid? + cert_paths = ["/etc/x509/certs/leap_commercial.crt", "/etc/x509/certs/leap.crt"] + cert_paths.each do |cert_path| + if File.exists?(cert_path) + cert = OpenSSL::X509::Certificate.new(File.read(cert_path)) + if cert.not_after > Time.now + fail "The certificate #{cert_path} expired on #{cert.not_after}" + elsif cert.not_after > Time.now + THIRTY_DAYS + fail "The certificate #{cert_path} will expire soon, on #{cert.not_after}" + end + end + end + pass + end + end |