From 393d46feb9890a87c5764f40b61c51d03fe0a4fe Mon Sep 17 00:00:00 2001 From: elijah Date: Wed, 24 Feb 2016 11:10:25 -0800 Subject: check server cert expiry in tests, closes #7910 --- tests/white-box/network.rb | 18 ++++++++++++++++++ 1 file changed, 18 insertions(+) (limited to 'tests') diff --git a/tests/white-box/network.rb b/tests/white-box/network.rb index 382f857b..2436230b 100644 --- a/tests/white-box/network.rb +++ b/tests/white-box/network.rb @@ -1,4 +1,5 @@ require 'socket' +require 'openssl' raise SkipTest if $node["dummy"] @@ -69,4 +70,21 @@ class Network < LeapTest pass end + THIRTY_DAYS = 60*60*24*30 + + def test_04_Are_server_certificates_valid? + cert_paths = ["/etc/x509/certs/leap_commercial.crt", "/etc/x509/certs/leap.crt"] + cert_paths.each do |cert_path| + if File.exists?(cert_path) + cert = OpenSSL::X509::Certificate.new(File.read(cert_path)) + if cert.not_after > Time.now + fail "The certificate #{cert_path} expired on #{cert.not_after}" + elsif cert.not_after > Time.now + THIRTY_DAYS + fail "The certificate #{cert_path} will expire soon, on #{cert.not_after}" + end + end + end + pass + end + end -- cgit v1.2.3