This repository has been archived by the owner on Feb 4, 2021. It is now read-only.
forked from hyperium/tonic
-
Notifications
You must be signed in to change notification settings - Fork 0
Commit
This commit does not belong to any branch on this repository, and may belong to a fork outside of the repository.
Use
rustls for interop tests (hyperium#125)
* Use rustls for interop tests This commit changes the interop tests to use rustls instead of openssl. Apparently in the past there was some issue with this, but it seems to work OK to me. * Use certificates with larger key sizes for interop This commit switches out the certificates used for testing interop to be based on 4096-bit RSA keys, allowing rustls to be used for the interop testing instead of OpenSSL. The keys are generated using Terraform, although the state file is not committed. A README.md is added to the data directory that explains how to use Terraform to rotate the test certificates if this is ever desirable. This is desirable in order that none of the crates which `cargo build --all` will build have the `openssl` feature, which should allow Tonic to build on Windows with no issues.
- Loading branch information
1 parent
44fc78e
commit 8b0e605
Showing
10 changed files
with
153 additions
and
46 deletions.
There are no files selected for viewing
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| Original file line number | Diff line number | Diff line change |
|---|---|---|
| @@ -0,0 +1,17 @@ | ||
| # Tonic Testing Certificates | ||
|
|
||
| This directory contains certificates used for testing interop between Tonic's | ||
| implementation of gRPC and the Go implementation. Certificates are generated | ||
| using [`terraform`][tf]. | ||
|
|
||
| To regenerate certificates for some reason, do the following: | ||
|
|
||
| 1. Install Terraform 0.12 (or higher) | ||
| 1. From the `cert-generator` directory, run: | ||
| 1. `terraform init` | ||
| 1. `terraform apply` | ||
|
|
||
| This will generate certificates and write them to the filesystem. The effective | ||
| version should be committed to git. | ||
|
|
||
| [tf]: https://terraform.io |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| Original file line number | Diff line number | Diff line change |
|---|---|---|
| @@ -1,15 +1,20 @@ | ||
| -----BEGIN CERTIFICATE----- | ||
| MIICSjCCAbOgAwIBAgIJAJHGGR4dGioHMA0GCSqGSIb3DQEBCwUAMFYxCzAJBgNV | ||
| BAYTAkFVMRMwEQYDVQQIEwpTb21lLVN0YXRlMSEwHwYDVQQKExhJbnRlcm5ldCBX | ||
| aWRnaXRzIFB0eSBMdGQxDzANBgNVBAMTBnRlc3RjYTAeFw0xNDExMTEyMjMxMjla | ||
| Fw0yNDExMDgyMjMxMjlaMFYxCzAJBgNVBAYTAkFVMRMwEQYDVQQIEwpTb21lLVN0 | ||
| YXRlMSEwHwYDVQQKExhJbnRlcm5ldCBXaWRnaXRzIFB0eSBMdGQxDzANBgNVBAMT | ||
| BnRlc3RjYTCBnzANBgkqhkiG9w0BAQEFAAOBjQAwgYkCgYEAwEDfBV5MYdlHVHJ7 | ||
| +L4nxrZy7mBfAVXpOc5vMYztssUI7mL2/iYujiIXM+weZYNTEpLdjyJdu7R5gGUu | ||
| g1jSVK/EPHfc74O7AyZU34PNIP4Sh33N+/A5YexrNgJlPY+E3GdVYi4ldWJjgkAd | ||
| Qah2PH5ACLrIIC6tRka9hcaBlIECAwEAAaMgMB4wDAYDVR0TBAUwAwEB/zAOBgNV | ||
| HQ8BAf8EBAMCAgQwDQYJKoZIhvcNAQELBQADgYEAHzC7jdYlzAVmddi/gdAeKPau | ||
| sPBG/C2HCWqHzpCUHcKuvMzDVkY/MP2o6JIW2DBbY64bO/FceExhjcykgaYtCH/m | ||
| oIU63+CFOTtR7otyQAWHqXa7q4SbCDlG7DyRFxqG0txPtGvy12lgldA2+RgcigQG | ||
| Dfcog5wrJytaQ6UA0wE= | ||
| MIIDRzCCAi+gAwIBAgIRAO7dzPqhReVW2U6D1V1DTYAwDQYJKoZIhvcNAQELBQAw | ||
| PTEOMAwGA1UEChMFVG9raW8xEDAOBgNVBAsTB1Rlc3RpbmcxGTAXBgNVBAMTEFRv | ||
| bmljIFRlc3RpbmcgQ0EwHhcNMTkxMTA5MTY0NzU0WhcNMjkxMTA2MTY0NzU0WjA9 | ||
| MQ4wDAYDVQQKEwVUb2tpbzEQMA4GA1UECxMHVGVzdGluZzEZMBcGA1UEAxMQVG9u | ||
| aWMgVGVzdGluZyBDQTCCASIwDQYJKoZIhvcNAQEBBQADggEPADCCAQoCggEBAM+A | ||
| e+Y3wDdOm7yUi6xHINw1QE0k1D51U+DAMOLcUq17FYh3fp+OOaqq4znnEx8WkKVl | ||
| FuoW4xzIrv2ywn0hFADCxaVpjMuCxj313D7LMZExa98TuFF3Jg2GYScBRQKjfyRv | ||
| CV+cSHAvzEstd5ckdiz985Zqnepiy7R9k2CstO45ULG4UoVha+VgmYJ5qXqBXbso | ||
| LbDXzrjjQFSmbw1yh9lQvzsk0UyU5Hvi0Otka4LZJsNaNFWkltl8v37QWG6sH8+f | ||
| Ur7fELIDmbScGSiqvEm0EZLZHqLU669NvUoFtTKNfKghT83DW9kErzdg5EcVFQom | ||
| Ov8cIW9MkBwDJXe6D88CAwEAAaNCMEAwDgYDVR0PAQH/BAQDAgIEMA8GA1UdEwEB | ||
| /wQFMAMBAf8wHQYDVR0OBBYEFE5N36NK1qLWGDxSJP3IF9H2oLO/MA0GCSqGSIb3 | ||
| DQEBCwUAA4IBAQAm27Wdq6+0IxvattJW0j7lnh9AC7aMQEbUQPYM8iO6WVhXshaN | ||
| d7YbLDGwRtATzLeA/0laovEL5pc/1NnMsqG4DspD3glXcASUiu5TrzPvBrAWByQn | ||
| 8C9tGUbyP1yJMo42Mzs0hIDsaUsucynZcdxAErjJjKB9Ps3KeaA6LUr/igN0649S | ||
| qQ6bHZdNEIhjyCY7TDJArjPTgdSYjx13XkVbZ1cN/ssZI7Ag8WByhVEHeoE13fqw | ||
| ue5oTNat0qNFP0Yo8XB0whPhN2wbCbHoc5khXJiBrMEjAAgJUiWRy3ITG88SIak+ | ||
| 1dtqgxS2T0nmdRlXBYNNhYKdgWYJq1PwDp9a | ||
| -----END CERTIFICATE----- |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| Original file line number | Diff line number | Diff line change |
|---|---|---|
| @@ -0,0 +1,3 @@ | ||
| .terraform/ | ||
| *.tfstate | ||
| *.tfstate.backup |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| Original file line number | Diff line number | Diff line change |
|---|---|---|
| @@ -0,0 +1,27 @@ | ||
| resource "tls_private_key" "root" { | ||
| algorithm = "RSA" | ||
| rsa_bits = "2048" | ||
| } | ||
|
|
||
| resource "tls_self_signed_cert" "root" { | ||
| key_algorithm = tls_private_key.root.algorithm | ||
| private_key_pem = tls_private_key.root.private_key_pem | ||
|
|
||
| validity_period_hours = 87600 | ||
| early_renewal_hours = 8760 | ||
|
|
||
| is_ca_certificate = true | ||
|
|
||
| allowed_uses = ["cert_signing"] | ||
|
|
||
| subject { | ||
| common_name = "Tonic Testing CA" | ||
| organization = "Tokio" | ||
| organizational_unit = "Testing" | ||
| } | ||
| } | ||
|
|
||
| resource "local_file" "ca_cert" { | ||
| filename = "../ca.pem" | ||
| content = tls_self_signed_cert.root.cert_pem | ||
| } |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| Original file line number | Diff line number | Diff line change |
|---|---|---|
| @@ -0,0 +1,40 @@ | ||
| resource "tls_private_key" "server" { | ||
| algorithm = "RSA" | ||
| rsa_bits = "2048" | ||
| } | ||
|
|
||
| resource "tls_cert_request" "server" { | ||
| key_algorithm = tls_private_key.server.algorithm | ||
| private_key_pem = tls_private_key.server.private_key_pem | ||
|
|
||
| subject { | ||
| common_name = "Tonic Test Server Cert" | ||
| } | ||
|
|
||
| dns_names = [ | ||
| "*.test.google.fr", | ||
| ] | ||
| } | ||
|
|
||
| resource "tls_locally_signed_cert" "server" { | ||
| cert_request_pem = tls_cert_request.server.cert_request_pem | ||
|
|
||
| ca_key_algorithm = tls_private_key.root.algorithm | ||
| ca_private_key_pem = tls_private_key.root.private_key_pem | ||
| ca_cert_pem = tls_self_signed_cert.root.cert_pem | ||
|
|
||
| validity_period_hours = 43800 | ||
| early_renewal_hours = 8760 | ||
|
|
||
| allowed_uses = ["server_auth"] | ||
| } | ||
|
|
||
| resource "local_file" "server_cert" { | ||
| filename = "../server1.pem" | ||
| content = tls_locally_signed_cert.server.cert_pem | ||
| } | ||
|
|
||
| resource "local_file" "server_key" { | ||
| filename = "../server1.key" | ||
| content = tls_private_key.server.private_key_pem | ||
| } |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| Original file line number | Diff line number | Diff line change |
|---|---|---|
| @@ -1,16 +1,27 @@ | ||
| -----BEGIN PRIVATE KEY----- | ||
| MIICdQIBADANBgkqhkiG9w0BAQEFAASCAl8wggJbAgEAAoGBAOHDFScoLCVJpYDD | ||
| M4HYtIdV6Ake/sMNaaKdODjDMsux/4tDydlumN+fm+AjPEK5GHhGn1BgzkWF+slf | ||
| 3BxhrA/8dNsnunstVA7ZBgA/5qQxMfGAq4wHNVX77fBZOgp9VlSMVfyd9N8YwbBY | ||
| AckOeUQadTi2X1S6OgJXgQ0m3MWhAgMBAAECgYAn7qGnM2vbjJNBm0VZCkOkTIWm | ||
| V10okw7EPJrdL2mkre9NasghNXbE1y5zDshx5Nt3KsazKOxTT8d0Jwh/3KbaN+YY | ||
| tTCbKGW0pXDRBhwUHRcuRzScjli8Rih5UOCiZkhefUTcRb6xIhZJuQy71tjaSy0p | ||
| dHZRmYyBYO2YEQ8xoQJBAPrJPhMBkzmEYFtyIEqAxQ/o/A6E+E4w8i+KM7nQCK7q | ||
| K4JXzyXVAjLfyBZWHGM2uro/fjqPggGD6QH1qXCkI4MCQQDmdKeb2TrKRh5BY1LR | ||
| 81aJGKcJ2XbcDu6wMZK4oqWbTX2KiYn9GB0woM6nSr/Y6iy1u145YzYxEV/iMwff | ||
| DJULAkB8B2MnyzOg0pNFJqBJuH29bKCcHa8gHJzqXhNO5lAlEbMK95p/P2Wi+4Hd | ||
| aiEIAF1BF326QJcvYKmwSmrORp85AkAlSNxRJ50OWrfMZnBgzVjDx3xG6KsFQVk2 | ||
| ol6VhqL6dFgKUORFUWBvnKSyhjJxurlPEahV6oo6+A+mPhFY8eUvAkAZQyTdupP3 | ||
| XEFQKctGz+9+gKkemDp7LBBMEMBXrGTLPhpEfcjv/7KPdnFHYmhYeBTBnuVmTVWe | ||
| F98XJ7tIFfJq | ||
| -----END PRIVATE KEY----- | ||
| -----BEGIN RSA PRIVATE KEY----- | ||
| MIIEpAIBAAKCAQEAvSo8ttodDg4wwjwSPURcTgVPh7Iv9E+PsCTHW7b1Dov/tjxs | ||
| nhgLZkySicSLIhHv+/17DYHaMd7alx5AYb+Bxk/KvSuR/sqg0QJcuQ4prpzccQHY | ||
| mqJTeMWFCOvAUSSOZXwOxKHFNoLCVQsZMMs1JmUwAoun9ocyuoXuNFa/2GmNO+cN | ||
| tBSa1ZnEyhuW9R8lFdp41e9OG1c6dgdh3Gq6NEqDaRN/FbaBAQJO6u8jDClcqeB5 | ||
| uPfXKEENk8ed71zRRJ7u4Pjn+qCgy9daz6hRuP7MGKnrXt1j5f73JnZF5bFuM+Bg | ||
| 6MqG6XVvrIVDdvod2qWpMTjCpINp45i0lkZpAQIDAQABAoIBAQCu50LD/uAmgtBq | ||
| h4iFxZNjQF3MpeDZEEdXImqCTqQ/EwsYwL3dX3YK3HoRj/zlP5iZckI4tvu8aMXM | ||
| PFhjCONBLb3TM1oGL+yJ1JlPMd0wajEY/A/+ymBLprXfDbwASsCu7QnqnXjvce+l | ||
| GmHsT7eRDLZbZC2lMFSjSfp5wkwYF8lBfg2tDswgBX2mT4lZ/nUIjpr1x1y34BQL | ||
| yPYHSsSnoTSC6dqWkpuiQyyTraeknCsE4lw03C2XWcpCFaNt6ZrzAmSeX7/MK+Xp | ||
| blQ4bQmeydCwfsXFBdE/lOWUIjc8mkBN0c9wbiBJwyAH09QzUVcXlgjH7IBwKSMc | ||
| mFpLvt3BAoGBAOGNHc1URPiSJaIc86nkWvmNiISxqHUVOrZPwOLJMciJz75XSmVs | ||
| QlydXIepunU5WZJJiIV2fL6FyZ7RnCGLCvFEymewobexAjL3ffN4oN5s2g2e8fs+ | ||
| vhu3xLxo3fmhcRLbxub0qOJUu//2lcBYRXHVu+lb4qvisnn4BDMxbAFNAoGBANaz | ||
| o5Zo6uL5WHcNjwKa4YtWA4/pzAzsXwNqPPUyWL9uvAP3YS7ikQvzLJXDUTCtopZ5 | ||
| xTvuShRPfvrIUkvK9XOok3PNeyPeBoRQ8W9sP6n/5gSULy7sHALJxZscMf7GD81+ | ||
| yfH+R+67vwW1etwP3LHuC1NirCcpvLZfWyfUcqyFAoGBAKeqzXKrqDHYAp3GQ+QR | ||
| WweUDN4HayDOTTzlgI+V3KokuAfYv/cxSQur9vLqWy91GH7EpvX/pK/EqKKlUxkk | ||
| UVgVORlnlnAE54uXq0toar2t0VK6y0tn0s6sB1W/5vMA7huEwRFC4qCNOMwIND4t | ||
| 4EHFDtFketYnyWEd25Fqtc0pAoGATpvJClnxnhbDMBuzv7VrXPOqLDfisNyeUQbF | ||
| uNStL7HgfudFGsBzcNeg/Fhd0p/QRp3g+/dcAiG1ESblEsEFq0oOarjSHCi/ZBSq | ||
| wSv2B00dL5H90IU8ID0173ucRnbH9Go2kDaUqbDt2K5AhG/+UtsgJHCdLV2XrYIu | ||
| QuAC+G0CgYBW2O4FjDLG16kivtEziCW+Z/iLeUM3r8lDzf8iz1Dg+72AnlmAFSzz | ||
| QaY2GxdatZHBCMeZ0eaMxxFyuT2IPKOiyIHQ6diJBX+CFNHxgPfCAQ8DTVi6aJtS | ||
| NiY/yUYTsQbh6Mey8QAC5wdoyuVUKQO2SwyNiHFWP+i9aFXr/rv98w== | ||
| -----END RSA PRIVATE KEY----- |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| Original file line number | Diff line number | Diff line change |
|---|---|---|
| @@ -1,16 +1,20 @@ | ||
| -----BEGIN CERTIFICATE----- | ||
| MIICnDCCAgWgAwIBAgIBBzANBgkqhkiG9w0BAQsFADBWMQswCQYDVQQGEwJBVTET | ||
| MBEGA1UECBMKU29tZS1TdGF0ZTEhMB8GA1UEChMYSW50ZXJuZXQgV2lkZ2l0cyBQ | ||
| dHkgTHRkMQ8wDQYDVQQDEwZ0ZXN0Y2EwHhcNMTUxMTA0MDIyMDI0WhcNMjUxMTAx | ||
| MDIyMDI0WjBlMQswCQYDVQQGEwJVUzERMA8GA1UECBMISWxsaW5vaXMxEDAOBgNV | ||
| BAcTB0NoaWNhZ28xFTATBgNVBAoTDEV4YW1wbGUsIENvLjEaMBgGA1UEAxQRKi50 | ||
| ZXN0Lmdvb2dsZS5jb20wgZ8wDQYJKoZIhvcNAQEBBQADgY0AMIGJAoGBAOHDFSco | ||
| LCVJpYDDM4HYtIdV6Ake/sMNaaKdODjDMsux/4tDydlumN+fm+AjPEK5GHhGn1Bg | ||
| zkWF+slf3BxhrA/8dNsnunstVA7ZBgA/5qQxMfGAq4wHNVX77fBZOgp9VlSMVfyd | ||
| 9N8YwbBYAckOeUQadTi2X1S6OgJXgQ0m3MWhAgMBAAGjazBpMAkGA1UdEwQCMAAw | ||
| CwYDVR0PBAQDAgXgME8GA1UdEQRIMEaCECoudGVzdC5nb29nbGUuZnKCGHdhdGVy | ||
| em9vaS50ZXN0Lmdvb2dsZS5iZYISKi50ZXN0LnlvdXR1YmUuY29thwTAqAEDMA0G | ||
| CSqGSIb3DQEBCwUAA4GBAJFXVifQNub1LUP4JlnX5lXNlo8FxZ2a12AFQs+bzoJ6 | ||
| hM044EDjqyxUqSbVePK0ni3w1fHQB5rY9yYC5f8G7aqqTY1QOhoUk8ZTSTRpnkTh | ||
| y4jjdvTZeLDVBlueZUTDRmy2feY5aZIU18vFDK08dTG0A87pppuv1LNIR3loveU8 | ||
| MIIDSzCCAjOgAwIBAgIQQY5jNBnC4CbgToZB9CzLYzANBgkqhkiG9w0BAQsFADA9 | ||
| MQ4wDAYDVQQKEwVUb2tpbzEQMA4GA1UECxMHVGVzdGluZzEZMBcGA1UEAxMQVG9u | ||
| aWMgVGVzdGluZyBDQTAeFw0xOTExMDkxNjQ3NTRaFw0yNDExMDcxNjQ3NTRaMCEx | ||
| HzAdBgNVBAMTFlRvbmljIFRlc3QgU2VydmVyIENlcnQwggEiMA0GCSqGSIb3DQEB | ||
| AQUAA4IBDwAwggEKAoIBAQC9Kjy22h0ODjDCPBI9RFxOBU+Hsi/0T4+wJMdbtvUO | ||
| i/+2PGyeGAtmTJKJxIsiEe/7/XsNgdox3tqXHkBhv4HGT8q9K5H+yqDRAly5Dimu | ||
| nNxxAdiaolN4xYUI68BRJI5lfA7EocU2gsJVCxkwyzUmZTACi6f2hzK6he40Vr/Y | ||
| aY075w20FJrVmcTKG5b1HyUV2njV704bVzp2B2Hcaro0SoNpE38VtoEBAk7q7yMM | ||
| KVyp4Hm499coQQ2Tx53vXNFEnu7g+Of6oKDL11rPqFG4/swYqete3WPl/vcmdkXl | ||
| sW4z4GDoyobpdW+shUN2+h3apakxOMKkg2njmLSWRmkBAgMBAAGjYzBhMBMGA1Ud | ||
| JQQMMAoGCCsGAQUFBwMBMAwGA1UdEwEB/wQCMAAwHwYDVR0jBBgwFoAUTk3fo0rW | ||
| otYYPFIk/cgX0fags78wGwYDVR0RBBQwEoIQKi50ZXN0Lmdvb2dsZS5mcjANBgkq | ||
| hkiG9w0BAQsFAAOCAQEATypihaP3RfHar9DZGeKwPz25BQBhGJE2lEwlehUuNBkG | ||
| M1+yQw0p3Yj2n5tR87Qp+G5rDN51e2OCWbEMTo0iAiGdic4N4FXnmA7R9QDcBcKw | ||
| YmKIXd48F+Ceh5XYGFuR14dTshu2Zajwcw4OW3dhvEbv9h5pMCJXplhAPHvhTKTM | ||
| TTl0fjDkBcOdKWswdQCtt2xOqcQhpYdVYClYym22WYDcMDr7CqiC/y3jLl6eVpsA | ||
| hPDAVZqpZSpnV6isihoUyDeSVT830/E/n8e756l7gBNxpsYF+PqDBVPiAU7Gjp99 | ||
| EegYn7LiB+s4tgHeSMdNclffWQJ3PameoaLHdikGLA== | ||
| -----END CERTIFICATE----- |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters