2017-07-06 17:28:13 +03:00
package integration
2016-12-12 20:30:31 +03:00
import (
"crypto/tls"
2018-05-16 12:44:03 +03:00
"crypto/x509"
2017-06-27 15:42:12 +03:00
"fmt"
2021-11-25 13:10:06 +03:00
"net"
2016-12-12 20:30:31 +03:00
"net/http"
2017-09-13 11:34:04 +03:00
"os"
2018-07-03 13:44:04 +03:00
"path/filepath"
2024-01-09 19:00:07 +03:00
"testing"
2016-12-12 20:30:31 +03:00
"time"
2018-07-03 13:44:04 +03:00
"github.com/miekg/dns"
2024-01-10 12:47:44 +03:00
"github.com/rs/zerolog/log"
2024-01-09 19:00:07 +03:00
"github.com/stretchr/testify/assert"
"github.com/stretchr/testify/require"
"github.com/stretchr/testify/suite"
2023-02-03 17:24:05 +03:00
"github.com/traefik/traefik/v3/integration/try"
"github.com/traefik/traefik/v3/pkg/config/static"
"github.com/traefik/traefik/v3/pkg/provider/acme"
"github.com/traefik/traefik/v3/pkg/testhelpers"
"github.com/traefik/traefik/v3/pkg/types"
2016-12-12 20:30:31 +03:00
)
2021-11-25 13:10:06 +03:00
// ACME test suites.
2016-12-12 20:30:31 +03:00
type AcmeSuite struct {
BaseSuite
2018-07-03 13:44:04 +03:00
pebbleIP string
fakeDNSServer * dns . Server
2016-12-12 20:30:31 +03:00
}
2024-01-09 19:00:07 +03:00
func TestAcmeSuite ( t * testing . T ) {
suite . Run ( t , new ( AcmeSuite ) )
}
2019-07-19 12:52:04 +03:00
type subCases struct {
host string
expectedCommonName string
expectedAlgorithm x509 . PublicKeyAlgorithm
}
2018-07-03 13:44:04 +03:00
type acmeTestCase struct {
template templateModel
2017-06-19 14:22:41 +03:00
traefikConfFilePath string
2019-07-19 12:52:04 +03:00
subCases [ ] subCases
2016-12-12 20:30:31 +03:00
}
2018-07-03 13:44:04 +03:00
type templateModel struct {
2022-09-13 21:34:08 +03:00
Domain types . Domain
2019-07-19 12:52:04 +03:00
Domains [ ] types . Domain
2018-07-03 13:44:04 +03:00
PortHTTP string
PortHTTPS string
2019-07-19 12:52:04 +03:00
Acme map [ string ] static . CertificateResolver
2018-07-03 13:44:04 +03:00
}
2017-06-27 15:42:12 +03:00
const (
// Domain to check
acmeDomain = "traefik.acme.wtf"
2017-06-19 14:22:41 +03:00
2017-06-27 15:42:12 +03:00
// Wildcard domain to check
wildcardDomain = "*.acme.wtf"
)
2017-06-19 14:22:41 +03:00
2018-06-27 16:08:05 +03:00
func ( s * AcmeSuite ) getAcmeURL ( ) string {
2021-11-25 13:10:06 +03:00
return fmt . Sprintf ( "https://%s/dir" ,
net . JoinHostPort ( s . pebbleIP , "14000" ) )
2018-07-03 13:44:04 +03:00
}
func setupPebbleRootCA ( ) ( * http . Transport , error ) {
path , err := filepath . Abs ( "fixtures/acme/ssl/pebble.minica.pem" )
if err != nil {
return nil , err
}
os . Setenv ( "LEGO_CA_CERTIFICATES" , path )
os . Setenv ( "LEGO_CA_SERVER_NAME" , "pebble" )
2021-03-04 22:08:03 +03:00
customCAs , err := os . ReadFile ( path )
2018-07-03 13:44:04 +03:00
if err != nil {
return nil , err
}
certPool := x509 . NewCertPool ( )
if ok := certPool . AppendCertsFromPEM ( customCAs ) ; ! ok {
2020-05-11 13:06:07 +03:00
return nil , fmt . Errorf ( "error creating x509 cert pool from %q: %w" , path , err )
2018-07-03 13:44:04 +03:00
}
return & http . Transport {
TLSClientConfig : & tls . Config {
ServerName : "pebble" ,
RootCAs : certPool ,
} ,
} , nil
2018-06-27 16:08:05 +03:00
}
2024-01-09 19:00:07 +03:00
func ( s * AcmeSuite ) SetupSuite ( ) {
s . BaseSuite . SetupSuite ( )
2016-12-12 20:30:31 +03:00
2024-01-09 19:00:07 +03:00
s . createComposeProject ( "pebble" )
s . composeUp ( )
// Retrieving the Docker host ip.
s . fakeDNSServer = startFakeDNSServer ( s . hostIP )
s . pebbleIP = s . getComposeServiceIP ( "pebble" )
2018-07-03 13:44:04 +03:00
pebbleTransport , err := setupPebbleRootCA ( )
2024-01-09 19:00:07 +03:00
require . NoError ( s . T ( ) , err )
2018-07-03 13:44:04 +03:00
2018-08-01 17:56:04 +03:00
// wait for pebble
2018-07-03 13:44:04 +03:00
req := testhelpers . MustNewRequest ( http . MethodGet , s . getAcmeURL ( ) , nil )
client := & http . Client {
Transport : pebbleTransport ,
}
2016-12-12 20:30:31 +03:00
2018-07-03 13:44:04 +03:00
err = try . Do ( 5 * time . Second , func ( ) error {
resp , errGet := client . Do ( req )
if errGet != nil {
return errGet
}
return try . StatusCodeIs ( http . StatusOK ) ( resp )
} )
2024-01-09 19:00:07 +03:00
require . NoError ( s . T ( ) , err )
2016-12-12 20:30:31 +03:00
}
2024-01-09 19:00:07 +03:00
func ( s * AcmeSuite ) TearDownSuite ( ) {
s . BaseSuite . TearDownSuite ( )
2021-11-25 13:10:06 +03:00
if s . fakeDNSServer != nil {
err := s . fakeDNSServer . Shutdown ( )
if err != nil {
2024-01-10 12:47:44 +03:00
log . Info ( ) . Msg ( err . Error ( ) )
2021-11-25 13:10:06 +03:00
}
2018-07-03 13:44:04 +03:00
}
2024-01-09 19:00:07 +03:00
s . composeDown ( )
2016-12-12 20:30:31 +03:00
}
2024-01-09 19:00:07 +03:00
func ( s * AcmeSuite ) TestHTTP01Domains ( ) {
2018-07-03 13:44:04 +03:00
testCase := acmeTestCase {
2019-07-19 12:52:04 +03:00
traefikConfFilePath : "fixtures/acme/acme_domains.toml" ,
subCases : [ ] subCases { {
host : acmeDomain ,
expectedCommonName : acmeDomain ,
expectedAlgorithm : x509 . RSA ,
} } ,
2018-07-03 13:44:04 +03:00
template : templateModel {
2019-07-19 12:52:04 +03:00
Domains : [ ] types . Domain { {
Main : "traefik.acme.wtf" ,
} } ,
Acme : map [ string ] static . CertificateResolver {
"default" : { ACME : & acme . Configuration {
HTTPChallenge : & acme . HTTPChallenge { EntryPoint : "web" } ,
2018-07-03 13:44:04 +03:00
} } ,
} ,
2018-06-27 16:08:05 +03:00
} ,
}
2017-06-27 15:42:12 +03:00
2024-01-09 19:00:07 +03:00
s . retrieveAcmeCertificate ( testCase )
2017-06-19 14:22:41 +03:00
}
2024-01-09 19:00:07 +03:00
func ( s * AcmeSuite ) TestHTTP01StoreDomains ( ) {
2022-09-13 21:34:08 +03:00
testCase := acmeTestCase {
traefikConfFilePath : "fixtures/acme/acme_store_domains.toml" ,
subCases : [ ] subCases { {
host : acmeDomain ,
expectedCommonName : acmeDomain ,
expectedAlgorithm : x509 . RSA ,
} } ,
template : templateModel {
Domain : types . Domain {
Main : "traefik.acme.wtf" ,
} ,
Acme : map [ string ] static . CertificateResolver {
"default" : { ACME : & acme . Configuration {
HTTPChallenge : & acme . HTTPChallenge { EntryPoint : "web" } ,
} } ,
} ,
} ,
}
2024-01-09 19:00:07 +03:00
s . retrieveAcmeCertificate ( testCase )
2022-09-13 21:34:08 +03:00
}
2024-01-09 19:00:07 +03:00
func ( s * AcmeSuite ) TestHTTP01DomainsInSAN ( ) {
2018-07-03 13:44:04 +03:00
testCase := acmeTestCase {
2019-07-19 12:52:04 +03:00
traefikConfFilePath : "fixtures/acme/acme_domains.toml" ,
subCases : [ ] subCases { {
host : acmeDomain ,
expectedCommonName : "acme.wtf" ,
expectedAlgorithm : x509 . RSA ,
} } ,
2018-07-03 13:44:04 +03:00
template : templateModel {
2019-07-19 12:52:04 +03:00
Domains : [ ] types . Domain { {
Main : "acme.wtf" ,
SANs : [ ] string { "traefik.acme.wtf" } ,
} } ,
Acme : map [ string ] static . CertificateResolver {
"default" : { ACME : & acme . Configuration {
HTTPChallenge : & acme . HTTPChallenge { EntryPoint : "web" } ,
2018-07-03 13:44:04 +03:00
} } ,
} ,
2018-06-27 16:08:05 +03:00
} ,
}
2018-03-05 22:54:04 +03:00
2024-01-09 19:00:07 +03:00
s . retrieveAcmeCertificate ( testCase )
2018-03-05 22:54:04 +03:00
}
2024-01-09 19:00:07 +03:00
func ( s * AcmeSuite ) TestHTTP01OnHostRule ( ) {
2018-07-03 13:44:04 +03:00
testCase := acmeTestCase {
2018-07-12 20:10:03 +03:00
traefikConfFilePath : "fixtures/acme/acme_base.toml" ,
2019-07-19 12:52:04 +03:00
subCases : [ ] subCases { {
host : acmeDomain ,
expectedCommonName : acmeDomain ,
expectedAlgorithm : x509 . RSA ,
} } ,
2018-07-03 13:44:04 +03:00
template : templateModel {
2019-07-19 12:52:04 +03:00
Acme : map [ string ] static . CertificateResolver {
"default" : { ACME : & acme . Configuration {
HTTPChallenge : & acme . HTTPChallenge { EntryPoint : "web" } ,
} } ,
} ,
} ,
}
2024-01-09 19:00:07 +03:00
s . retrieveAcmeCertificate ( testCase )
2019-07-19 12:52:04 +03:00
}
2024-01-09 19:00:07 +03:00
func ( s * AcmeSuite ) TestMultipleResolver ( ) {
2019-07-19 12:52:04 +03:00
testCase := acmeTestCase {
traefikConfFilePath : "fixtures/acme/acme_multiple_resolvers.toml" ,
subCases : [ ] subCases {
{
host : acmeDomain ,
expectedCommonName : acmeDomain ,
expectedAlgorithm : x509 . RSA ,
} ,
{
host : "tchouk.acme.wtf" ,
expectedCommonName : "tchouk.acme.wtf" ,
expectedAlgorithm : x509 . ECDSA ,
} ,
} ,
template : templateModel {
Acme : map [ string ] static . CertificateResolver {
"default" : { ACME : & acme . Configuration {
HTTPChallenge : & acme . HTTPChallenge { EntryPoint : "web" } ,
} } ,
"tchouk" : { ACME : & acme . Configuration {
TLSChallenge : & acme . TLSChallenge { } ,
KeyType : "EC256" ,
} } ,
2018-07-03 13:44:04 +03:00
} ,
2018-06-27 16:08:05 +03:00
} ,
}
2018-05-16 12:44:03 +03:00
2024-01-09 19:00:07 +03:00
s . retrieveAcmeCertificate ( testCase )
2018-05-16 12:44:03 +03:00
}
2024-01-09 19:00:07 +03:00
func ( s * AcmeSuite ) TestHTTP01OnHostRuleECDSA ( ) {
2018-07-03 13:44:04 +03:00
testCase := acmeTestCase {
2018-07-12 20:10:03 +03:00
traefikConfFilePath : "fixtures/acme/acme_base.toml" ,
2019-07-19 12:52:04 +03:00
subCases : [ ] subCases { {
host : acmeDomain ,
expectedCommonName : acmeDomain ,
expectedAlgorithm : x509 . ECDSA ,
} } ,
2018-07-03 13:44:04 +03:00
template : templateModel {
2019-07-19 12:52:04 +03:00
Acme : map [ string ] static . CertificateResolver {
"default" : { ACME : & acme . Configuration {
HTTPChallenge : & acme . HTTPChallenge { EntryPoint : "web" } ,
KeyType : "EC384" ,
} } ,
2018-07-03 13:44:04 +03:00
} ,
2018-06-27 16:08:05 +03:00
} ,
}
2018-05-16 12:44:03 +03:00
2024-01-09 19:00:07 +03:00
s . retrieveAcmeCertificate ( testCase )
2018-05-16 12:44:03 +03:00
}
2024-01-09 19:00:07 +03:00
func ( s * AcmeSuite ) TestHTTP01OnHostRuleInvalidAlgo ( ) {
2018-07-03 13:44:04 +03:00
testCase := acmeTestCase {
2018-07-12 20:10:03 +03:00
traefikConfFilePath : "fixtures/acme/acme_base.toml" ,
2019-07-19 12:52:04 +03:00
subCases : [ ] subCases { {
host : acmeDomain ,
expectedCommonName : acmeDomain ,
expectedAlgorithm : x509 . RSA ,
} } ,
2018-07-03 13:44:04 +03:00
template : templateModel {
2019-07-19 12:52:04 +03:00
Acme : map [ string ] static . CertificateResolver {
"default" : { ACME : & acme . Configuration {
HTTPChallenge : & acme . HTTPChallenge { EntryPoint : "web" } ,
KeyType : "INVALID" ,
} } ,
2018-07-03 13:44:04 +03:00
} ,
2018-06-27 16:08:05 +03:00
} ,
}
2017-06-27 15:42:12 +03:00
2024-01-09 19:00:07 +03:00
s . retrieveAcmeCertificate ( testCase )
2017-06-19 14:22:41 +03:00
}
2024-01-09 19:00:07 +03:00
func ( s * AcmeSuite ) TestHTTP01OnHostRuleDefaultDynamicCertificatesWithWildcard ( ) {
2018-07-03 13:44:04 +03:00
testCase := acmeTestCase {
traefikConfFilePath : "fixtures/acme/acme_tls.toml" ,
2019-07-19 12:52:04 +03:00
subCases : [ ] subCases { {
host : acmeDomain ,
expectedCommonName : wildcardDomain ,
expectedAlgorithm : x509 . RSA ,
} } ,
2018-07-03 13:44:04 +03:00
template : templateModel {
2019-07-19 12:52:04 +03:00
Acme : map [ string ] static . CertificateResolver {
"default" : { ACME : & acme . Configuration {
HTTPChallenge : & acme . HTTPChallenge { EntryPoint : "web" } ,
} } ,
2018-07-03 13:44:04 +03:00
} ,
2018-06-27 16:08:05 +03:00
} ,
}
2018-01-15 18:04:05 +03:00
2024-01-09 19:00:07 +03:00
s . retrieveAcmeCertificate ( testCase )
2018-01-15 18:04:05 +03:00
}
2024-01-09 19:00:07 +03:00
func ( s * AcmeSuite ) TestHTTP01OnHostRuleDynamicCertificatesWithWildcard ( ) {
2018-07-03 13:44:04 +03:00
testCase := acmeTestCase {
traefikConfFilePath : "fixtures/acme/acme_tls_dynamic.toml" ,
2019-07-19 12:52:04 +03:00
subCases : [ ] subCases { {
host : acmeDomain ,
expectedCommonName : wildcardDomain ,
expectedAlgorithm : x509 . RSA ,
} } ,
2018-07-03 13:44:04 +03:00
template : templateModel {
2019-07-19 12:52:04 +03:00
Acme : map [ string ] static . CertificateResolver {
"default" : { ACME : & acme . Configuration {
HTTPChallenge : & acme . HTTPChallenge { EntryPoint : "web" } ,
} } ,
2018-07-03 13:44:04 +03:00
} ,
2018-06-27 16:08:05 +03:00
} ,
}
2018-01-15 18:04:05 +03:00
2024-01-09 19:00:07 +03:00
s . retrieveAcmeCertificate ( testCase )
2018-01-15 18:04:05 +03:00
}
2024-01-09 19:00:07 +03:00
func ( s * AcmeSuite ) TestTLSALPN01OnHostRuleTCP ( ) {
2018-07-03 13:44:04 +03:00
testCase := acmeTestCase {
2019-07-19 12:52:04 +03:00
traefikConfFilePath : "fixtures/acme/acme_tcp.toml" ,
subCases : [ ] subCases { {
host : acmeDomain ,
expectedCommonName : acmeDomain ,
expectedAlgorithm : x509 . RSA ,
} } ,
2018-07-03 13:44:04 +03:00
template : templateModel {
2019-07-19 12:52:04 +03:00
Acme : map [ string ] static . CertificateResolver {
"default" : { ACME : & acme . Configuration {
TLSChallenge : & acme . TLSChallenge { } ,
} } ,
2018-07-03 13:44:04 +03:00
} ,
2018-06-27 16:08:05 +03:00
} ,
}
2017-11-09 14:16:03 +03:00
2024-01-09 19:00:07 +03:00
s . retrieveAcmeCertificate ( testCase )
2017-11-09 14:16:03 +03:00
}
2024-01-09 19:00:07 +03:00
func ( s * AcmeSuite ) TestTLSALPN01OnHostRule ( ) {
2018-07-03 13:44:04 +03:00
testCase := acmeTestCase {
2018-07-12 20:10:03 +03:00
traefikConfFilePath : "fixtures/acme/acme_base.toml" ,
2019-07-19 12:52:04 +03:00
subCases : [ ] subCases { {
host : acmeDomain ,
expectedCommonName : acmeDomain ,
expectedAlgorithm : x509 . RSA ,
} } ,
2018-07-03 13:44:04 +03:00
template : templateModel {
2019-07-19 12:52:04 +03:00
Acme : map [ string ] static . CertificateResolver {
"default" : { ACME : & acme . Configuration {
TLSChallenge : & acme . TLSChallenge { } ,
2018-07-03 13:44:04 +03:00
} } ,
} ,
} ,
}
2024-01-09 19:00:07 +03:00
s . retrieveAcmeCertificate ( testCase )
2018-07-03 13:44:04 +03:00
}
2024-01-09 19:00:07 +03:00
func ( s * AcmeSuite ) TestTLSALPN01Domains ( ) {
2018-07-03 13:44:04 +03:00
testCase := acmeTestCase {
2019-07-19 12:52:04 +03:00
traefikConfFilePath : "fixtures/acme/acme_domains.toml" ,
subCases : [ ] subCases { {
host : acmeDomain ,
expectedCommonName : acmeDomain ,
expectedAlgorithm : x509 . RSA ,
} } ,
2018-07-03 13:44:04 +03:00
template : templateModel {
2019-07-19 12:52:04 +03:00
Domains : [ ] types . Domain { {
Main : "traefik.acme.wtf" ,
} } ,
Acme : map [ string ] static . CertificateResolver {
"default" : { ACME : & acme . Configuration {
TLSChallenge : & acme . TLSChallenge { } ,
2018-07-03 13:44:04 +03:00
} } ,
} ,
2018-06-27 16:08:05 +03:00
} ,
}
2017-11-09 14:16:03 +03:00
2024-01-09 19:00:07 +03:00
s . retrieveAcmeCertificate ( testCase )
2017-06-19 14:22:41 +03:00
}
2024-01-09 19:00:07 +03:00
func ( s * AcmeSuite ) TestTLSALPN01DomainsInSAN ( ) {
2018-07-12 20:10:03 +03:00
testCase := acmeTestCase {
2019-07-19 12:52:04 +03:00
traefikConfFilePath : "fixtures/acme/acme_domains.toml" ,
subCases : [ ] subCases { {
host : acmeDomain ,
expectedCommonName : "acme.wtf" ,
expectedAlgorithm : x509 . RSA ,
} } ,
2018-07-12 20:10:03 +03:00
template : templateModel {
2019-07-19 12:52:04 +03:00
Domains : [ ] types . Domain { {
Main : "acme.wtf" ,
SANs : [ ] string { "traefik.acme.wtf" } ,
} } ,
Acme : map [ string ] static . CertificateResolver {
"default" : { ACME : & acme . Configuration {
TLSChallenge : & acme . TLSChallenge { } ,
2018-07-12 20:10:03 +03:00
} } ,
} ,
} ,
}
2024-01-09 19:00:07 +03:00
s . retrieveAcmeCertificate ( testCase )
2018-07-12 20:10:03 +03:00
}
2020-05-11 13:06:07 +03:00
// Test Let's encrypt down.
2024-01-09 19:00:07 +03:00
func ( s * AcmeSuite ) TestNoValidLetsEncryptServer ( ) {
file := s . adaptFile ( "fixtures/acme/acme_base.toml" , templateModel {
2019-07-19 12:52:04 +03:00
Acme : map [ string ] static . CertificateResolver {
"default" : { ACME : & acme . Configuration {
CAServer : "http://wrongurl:4001/directory" ,
HTTPChallenge : & acme . HTTPChallenge { EntryPoint : "web" } ,
} } ,
2018-07-03 13:44:04 +03:00
} ,
2018-06-27 16:08:05 +03:00
} )
2024-01-09 19:00:07 +03:00
s . traefikCmd ( withConfigFile ( file ) )
2018-02-05 20:20:04 +03:00
// Expected traefik works
2024-01-09 19:00:07 +03:00
err := try . GetRequest ( "http://127.0.0.1:8080/api/rawdata" , 10 * time . Second , try . StatusCodeIs ( http . StatusOK ) )
require . NoError ( s . T ( ) , err )
2018-02-05 20:20:04 +03:00
}
2017-06-19 14:22:41 +03:00
2020-05-11 13:06:07 +03:00
// Doing an HTTPS request and test the response certificate.
2024-01-09 19:00:07 +03:00
func ( s * AcmeSuite ) retrieveAcmeCertificate ( testCase acmeTestCase ) {
2018-07-03 13:44:04 +03:00
if len ( testCase . template . PortHTTP ) == 0 {
testCase . template . PortHTTP = ":5002"
}
if len ( testCase . template . PortHTTPS ) == 0 {
testCase . template . PortHTTPS = ":5001"
}
2019-07-19 12:52:04 +03:00
for _ , value := range testCase . template . Acme {
if len ( value . ACME . CAServer ) == 0 {
value . ACME . CAServer = s . getAcmeURL ( )
}
2018-07-03 13:44:04 +03:00
}
2024-01-09 19:00:07 +03:00
file := s . adaptFile ( testCase . traefikConfFilePath , testCase . template )
s . traefikCmd ( withConfigFile ( file ) )
2017-06-27 15:42:12 +03:00
2018-04-10 11:52:04 +03:00
// A real file is needed to have the right mode on acme.json file
defer os . Remove ( "/tmp/acme.json" )
2016-12-12 20:30:31 +03:00
2020-07-17 16:38:04 +03:00
backend := startTestServer ( "9010" , http . StatusOK , "" )
2016-12-12 20:30:31 +03:00
defer backend . Close ( )
2022-02-07 13:58:04 +03:00
client := & http . Client {
Transport : & http . Transport {
TLSClientConfig : & tls . Config { InsecureSkipVerify : true } ,
} ,
}
2016-12-12 20:30:31 +03:00
2022-02-07 13:58:04 +03:00
// wait for traefik (generating acme account take some seconds)
2024-01-09 19:00:07 +03:00
err := try . Do ( 60 * time . Second , func ( ) error {
2022-02-07 13:58:04 +03:00
_ , errGet := client . Get ( "https://127.0.0.1:5001" )
return errGet
} )
2024-01-09 19:00:07 +03:00
require . NoError ( s . T ( ) , err )
2019-07-19 12:52:04 +03:00
2022-02-07 13:58:04 +03:00
for _ , sub := range testCase . subCases {
2019-07-19 12:52:04 +03:00
client = & http . Client {
Transport : & http . Transport {
TLSClientConfig : & tls . Config {
InsecureSkipVerify : true ,
ServerName : sub . host ,
} ,
2022-02-07 13:58:04 +03:00
// Needed so that each subcase redoes the SSL handshake
DisableKeepAlives : true ,
2018-06-27 16:08:05 +03:00
} ,
2019-07-19 12:52:04 +03:00
}
2017-06-27 15:42:12 +03:00
2019-07-19 12:52:04 +03:00
req := testhelpers . MustNewRequest ( http . MethodGet , "https://127.0.0.1:5001/" , nil )
req . Host = sub . host
req . Header . Set ( "Host" , sub . host )
req . Header . Set ( "Accept" , "*/*" )
2017-06-19 14:22:41 +03:00
2019-07-19 12:52:04 +03:00
var resp * http . Response
2017-06-27 15:42:12 +03:00
2019-07-19 12:52:04 +03:00
// Retry to send a Request which uses the LE generated certificate
2024-01-09 19:00:07 +03:00
err := try . Do ( 60 * time . Second , func ( ) error {
2019-07-19 12:52:04 +03:00
resp , err = client . Do ( req )
if err != nil {
return err
}
2017-06-27 15:42:12 +03:00
2019-07-19 12:52:04 +03:00
cn := resp . TLS . PeerCertificates [ 0 ] . Subject . CommonName
if cn != sub . expectedCommonName {
return fmt . Errorf ( "domain %s found instead of %s" , cn , sub . expectedCommonName )
}
2017-06-27 15:42:12 +03:00
2019-07-19 12:52:04 +03:00
return nil
} )
2017-06-27 15:42:12 +03:00
2024-01-09 19:00:07 +03:00
require . NoError ( s . T ( ) , err )
assert . Equal ( s . T ( ) , http . StatusOK , resp . StatusCode )
2019-07-19 12:52:04 +03:00
// Check Domain into response certificate
2024-01-09 19:00:07 +03:00
assert . Equal ( s . T ( ) , sub . expectedCommonName , resp . TLS . PeerCertificates [ 0 ] . Subject . CommonName )
assert . Equal ( s . T ( ) , sub . expectedAlgorithm , resp . TLS . PeerCertificates [ 0 ] . PublicKeyAlgorithm )
2019-07-19 12:52:04 +03:00
}
2016-12-12 20:30:31 +03:00
}