diff options
author | Kyle McCullough <kylemcc@gmail.com> | 2022-12-05 23:12:26 -0800 |
---|---|---|
committer | GitHub <noreply@github.com> | 2022-12-06 00:12:26 -0700 |
commit | bfaf2a8201b83d7369772cb6f2439abe66d9342a (patch) | |
tree | 6be62eee5163d018dcf2214c77195abeda280ea9 /caddytest/integration/pki_test.go | |
parent | fef9cb3e05ea071cdfd9ed1a6be5c8dcabf6603e (diff) |
acme_server: Configurable default lifetime for issued certificates (#5232)
* acme_server: add certificate lifetime configuration option
Signed-off-by: Kyle McCullough <kylemcc@gmail.com>
* pki: allow intermediate cert lifetime to be configured
Signed-off-by: Kyle McCullough <kylemcc@gmail.com>
Signed-off-by: Kyle McCullough <kylemcc@gmail.com>
Diffstat (limited to 'caddytest/integration/pki_test.go')
-rw-r--r-- | caddytest/integration/pki_test.go | 101 |
1 files changed, 101 insertions, 0 deletions
diff --git a/caddytest/integration/pki_test.go b/caddytest/integration/pki_test.go new file mode 100644 index 0000000..5e9928c --- /dev/null +++ b/caddytest/integration/pki_test.go @@ -0,0 +1,101 @@ +package integration + +import ( + "testing" + + "github.com/caddyserver/caddy/v2/caddytest" +) + +func TestLeafCertLifetimeLessThanIntermediate(t *testing.T) { + caddytest.AssertLoadError(t, ` + { + "apps": { + "http": { + "servers": { + "srv0": { + "listen": [ + ":443" + ], + "routes": [ + { + "handle": [ + { + "handler": "subroute", + "routes": [ + { + "handle": [ + { + "ca": "internal", + "handler": "acme_server", + "lifetime": 604800000000000 + } + ] + } + ] + } + ] + } + ] + } + } + }, + "pki": { + "certificate_authorities": { + "internal": { + "install_trust": false, + "intermediate_lifetime": 604800000000000, + "name": "Internal CA" + } + } + } + } + } + `, "json", "certificate lifetime (168h0m0s) should be less than intermediate certificate lifetime (168h0m0s)") +} + +func TestIntermediateLifetimeLessThanRoot(t *testing.T) { + caddytest.AssertLoadError(t, ` + { + "apps": { + "http": { + "servers": { + "srv0": { + "listen": [ + ":443" + ], + "routes": [ + { + "handle": [ + { + "handler": "subroute", + "routes": [ + { + "handle": [ + { + "ca": "internal", + "handler": "acme_server", + "lifetime": 2592000000000000 + } + ] + } + ] + } + ] + } + ] + } + } + }, + "pki": { + "certificate_authorities": { + "internal": { + "install_trust": false, + "intermediate_lifetime": 311040000000000000, + "name": "Internal CA" + } + } + } + } + } + `, "json", "intermediate certificate lifetime must be less than root certificate lifetime (86400h0m0s)") +} |