summaryrefslogtreecommitdiff
diff options
context:
space:
mode:
authorelijah <elijah@riseup.net>2016-02-24 11:10:25 -0800
committerelijah <elijah@riseup.net>2016-02-24 11:10:25 -0800
commit393d46feb9890a87c5764f40b61c51d03fe0a4fe (patch)
treecb64beb4cd4a1e6cef96c1f9bdad5c8cfaf0a62b
parente1d0289eb3b5e386b4db39fdc9d2d7c3b4fbf17e (diff)
check server cert expiry in tests, closes #7910
-rw-r--r--tests/white-box/network.rb18
1 files changed, 18 insertions, 0 deletions
diff --git a/tests/white-box/network.rb b/tests/white-box/network.rb
index 382f857b..2436230b 100644
--- a/tests/white-box/network.rb
+++ b/tests/white-box/network.rb
@@ -1,4 +1,5 @@
require 'socket'
+require 'openssl'
raise SkipTest if $node["dummy"]
@@ -69,4 +70,21 @@ class Network < LeapTest
pass
end
+ THIRTY_DAYS = 60*60*24*30
+
+ def test_04_Are_server_certificates_valid?
+ cert_paths = ["/etc/x509/certs/leap_commercial.crt", "/etc/x509/certs/leap.crt"]
+ cert_paths.each do |cert_path|
+ if File.exists?(cert_path)
+ cert = OpenSSL::X509::Certificate.new(File.read(cert_path))
+ if cert.not_after > Time.now
+ fail "The certificate #{cert_path} expired on #{cert.not_after}"
+ elsif cert.not_after > Time.now + THIRTY_DAYS
+ fail "The certificate #{cert_path} will expire soon, on #{cert.not_after}"
+ end
+ end
+ end
+ pass
+ end
+
end