Skip to content

Commit f837ae6

Browse files
cpucomplexspaces
cpu
authored and
complexspaces
committed
tests: update agilebits_com_valid cert/chain
The existing `agilebits.com` end-entity cert expired on Nov 15 2023. This commit replaces it with an updated copy fetched from agilebits.com that expires Oct 16 2024. Additionally, the chain of intermediates no longer matches the ones used by `1password.com`, so we add the required intermediates and remove the "SHARED_CHAIN" bits from the realworld verification tests.
1 parent b83fe22 commit f837ae6

File tree

5 files changed

+8
-16
lines changed

5 files changed

+8
-16
lines changed

src/tests/verification_real_world/agilebits_com_valid_1.crt

1 Byte
Binary file not shown.

src/tests/verification_real_world/agilebits_com_valid_2.crt

1.1 KB
Binary file not shown.

src/tests/verification_real_world/agilebits_com_valid_3.crt

1.15 KB
Binary file not shown.

src/tests/verification_real_world/agilebits_com_valid_4.crt

1.12 KB
Binary file not shown.

src/tests/verification_real_world/mod.rs

Lines changed: 8 additions & 16 deletions
Original file line numberDiff line numberDiff line change
@@ -46,14 +46,6 @@ use crate::tests::assert_cert_error_eq;
4646
use rustls::{CertificateError, Error as TlsError};
4747
use std::convert::TryFrom;
4848

49-
const SHARED_CHAIN: &[&[u8]] = &[
50-
include_bytes!("1password_com_valid_2.crt"),
51-
include_bytes!("1password_com_valid_3.crt"),
52-
// XXX: This certificate is included for testing in environments that might need
53-
// a cross-signed root certificate instead of the just the server-provided one.
54-
include_bytes!("1password_com_valid_4.crt"),
55-
];
56-
5749
// This is the certificate chain presented by one server for
5850
// my.1password.com when this test was updated 2022-09-22. It is
5951
// valid for *.1password.com and 1password.com from
@@ -67,22 +59,22 @@ const SHARED_CHAIN: &[&[u8]] = &[
6759
// You can update the cert file with `update_valid_1_cert.bash`
6860
const VALID_1PASSWORD_COM_CHAIN: &[&[u8]] = &[
6961
include_bytes!("1password_com_valid_1.crt"),
70-
SHARED_CHAIN[0],
71-
SHARED_CHAIN[1],
72-
SHARED_CHAIN[2],
62+
include_bytes!("1password_com_valid_2.crt"),
63+
include_bytes!("1password_com_valid_3.crt"),
64+
// XXX: This certificate is included for testing in environments that might need
65+
// a cross-signed root certificate instead of the just the server-provided one.
66+
include_bytes!("1password_com_valid_4.crt"),
7367
];
7468

7569
const MY_1PASSWORD_COM: &str = "my.1password.com";
7670

7771
// A domain name for which `VALID_1PASSWORD_COM_CHAIN` isn't valid.
7872
const VALID_UNRELATED_DOMAIN: &str = "agilebits.com";
79-
// The chain is the same as `VALID_1PASSWORD_COM_CHAIN` except the
80-
// end-entity certificate is different.
8173
const VALID_UNRELATED_CHAIN: &[&[u8]] = &[
8274
include_bytes!("agilebits_com_valid_1.crt"),
83-
SHARED_CHAIN[0],
84-
SHARED_CHAIN[1],
85-
SHARED_CHAIN[2],
75+
include_bytes!("agilebits_com_valid_2.crt"),
76+
include_bytes!("agilebits_com_valid_3.crt"),
77+
include_bytes!("agilebits_com_valid_4.crt"),
8678
];
8779

8880
macro_rules! real_world_test_cases {

0 commit comments

Comments
 (0)