ACME: support for TLS-ALPN-01 (#42158)

* Added support for TLS-ALPN-01 verification. * Unrelated commit to re-trigger tests. * Added test for TLS-ALPN-01. * Try to remove to_bytes in the hope that binary data survives in Python 2. * Using Base64 encoding for TLS-ALPN-01 value.
2026-05-06 13:22:48 +00:00 · 2018-08-07 08:52:22 +02:00
parent a24898b715
commit 7b7709ae75
4 changed files with 59 additions and 8 deletions
--- a/test/integration/targets/acme_certificate/tasks/main.yml
+++ b/test/integration/targets/acme_certificate/tasks/main.yml
@@ -174,6 +174,23 @@
      account_email: ""
  - set_fact:
      cert_5_recreate_3: "{{ challenge_data is changed }}"
+  - name: Obtain cert 6
+    include_tasks: obtain-cert.yml
+    vars:
+      certgen_title: Certificate 6
+      certificate_name: cert-6
+      key_type: rsa
+      rsa_bits: 2048
+      subject_alt_name: "DNS:example.org"
+      subject_alt_name_critical: no
+      account_key: account-ec256
+      challenge: tls-alpn-01
+      modify_account: yes
+      deactivate_authzs: no
+      force: no
+      remaining_days: 10
+      terms_agreed: yes
+      account_email: "example@example.org"
  ## DISSECT CERTIFICATES #######################################################################
  # Make sure certificates are valid. Root certificate for Pebble equals the chain certificate.
  - name: Verifying cert 1
@@ -196,6 +213,10 @@
    command: openssl verify -CAfile "{{ output_dir }}/cert-5-chain.pem" "{{ output_dir }}/cert-5.pem"
    ignore_errors: yes
    register: cert_5_valid
+  - name: Verifying cert 6
+    command: openssl verify -CAfile "{{ output_dir }}/cert-6-chain.pem" "{{ output_dir }}/cert-6.pem"
+    ignore_errors: yes
+    register: cert_6_valid
  # Dump certificate info
  - name: Dumping cert 1
    command: openssl x509 -in "{{ output_dir }}/cert-1.pem" -noout -text
@@ -212,6 +233,9 @@
  - name: Dumping cert 5
    command: openssl x509 -in "{{ output_dir }}/cert-5.pem" -noout -text
    register: cert_5_text
+  - name: Dumping cert 6
+    command: openssl x509 -in "{{ output_dir }}/cert-6.pem" -noout -text
+    register: cert_6_text

  - import_tasks: ../tests/validate.yml

--- a/test/integration/targets/acme_certificate/tests/validate.yml
+++ b/test/integration/targets/acme_certificate/tests/validate.yml
@@ -62,3 +62,12 @@
  assert:
    that:
      - cert_5_recreate_3 == True
+
+- name: Check that certificate 6 is valid
+  assert:
+    that:
+      - cert_6_valid is not failed
+- name: Check that certificate 6 contains correct SANs
+  assert:
+    that:
+      - "'DNS:example.org' in cert_6_text.stdout"
--- a/test/integration/targets/setup_acme/tasks/obtain-cert.yml
+++ b/test/integration/targets/setup_acme/tasks/obtain-cert.yml
@@ -88,7 +88,7 @@
    url: "http://{{ acme_host }}:5000/tls-alpn/{{ item.value['tls-alpn-01'].resource }}"
    method: PUT
    body_format: raw
-    body: "{{ item.value['tls-alpn-01'].resource_value | b64encode }}"
+    body: "{{ item.value['tls-alpn-01'].resource_value }}"
    headers:
      content-type: "application/octet-stream"
  with_dict: "{{ challenge_data.challenge_data }}"