mirror of
				https://github.com/caddyserver/caddy.git
				synced 2025-10-25 15:52:45 -04:00 
			
		
		
		
	* acme_server: add certificate lifetime configuration option Signed-off-by: Kyle McCullough <kylemcc@gmail.com> * pki: allow intermediate cert lifetime to be configured Signed-off-by: Kyle McCullough <kylemcc@gmail.com> Signed-off-by: Kyle McCullough <kylemcc@gmail.com>
		
			
				
	
	
		
			102 lines
		
	
	
		
			2.6 KiB
		
	
	
	
		
			Go
		
	
	
	
	
	
			
		
		
	
	
			102 lines
		
	
	
		
			2.6 KiB
		
	
	
	
		
			Go
		
	
	
	
	
	
| package integration
 | |
| 
 | |
| import (
 | |
| 	"testing"
 | |
| 
 | |
| 	"github.com/caddyserver/caddy/v2/caddytest"
 | |
| )
 | |
| 
 | |
| func TestLeafCertLifetimeLessThanIntermediate(t *testing.T) {
 | |
| 	caddytest.AssertLoadError(t, `
 | |
|     {
 | |
|       "apps": {
 | |
|         "http": {
 | |
|           "servers": {
 | |
|             "srv0": {
 | |
|               "listen": [
 | |
|                 ":443"
 | |
|               ],
 | |
|               "routes": [
 | |
|                 {
 | |
|                   "handle": [
 | |
|                     {
 | |
|                       "handler": "subroute",
 | |
|                       "routes": [
 | |
|                         {
 | |
|                           "handle": [
 | |
|                             {
 | |
|                               "ca": "internal",
 | |
|                               "handler": "acme_server",
 | |
|                               "lifetime": 604800000000000
 | |
|                             }
 | |
|                           ]
 | |
|                         }
 | |
|                       ]
 | |
|                     }
 | |
|                   ]
 | |
|                 }
 | |
|               ]
 | |
|             }
 | |
|           }
 | |
|         },
 | |
|         "pki": {
 | |
|           "certificate_authorities": {
 | |
|             "internal": {
 | |
|               "install_trust": false,
 | |
|               "intermediate_lifetime": 604800000000000,
 | |
|               "name": "Internal CA"
 | |
|             }
 | |
|           }
 | |
|         }
 | |
|       }
 | |
|     }
 | |
| 	`, "json", "certificate lifetime (168h0m0s) should be less than intermediate certificate lifetime (168h0m0s)")
 | |
| }
 | |
| 
 | |
| func TestIntermediateLifetimeLessThanRoot(t *testing.T) {
 | |
| 	caddytest.AssertLoadError(t, `
 | |
|     {
 | |
|       "apps": {
 | |
|         "http": {
 | |
|           "servers": {
 | |
|             "srv0": {
 | |
|               "listen": [
 | |
|                 ":443"
 | |
|               ],
 | |
|               "routes": [
 | |
|                 {
 | |
|                   "handle": [
 | |
|                     {
 | |
|                       "handler": "subroute",
 | |
|                       "routes": [
 | |
|                         {
 | |
|                           "handle": [
 | |
|                             {
 | |
|                               "ca": "internal",
 | |
|                               "handler": "acme_server",
 | |
|                               "lifetime": 2592000000000000
 | |
|                             }
 | |
|                           ]
 | |
|                         }
 | |
|                       ]
 | |
|                     }
 | |
|                   ]
 | |
|                 }
 | |
|               ]
 | |
|             }
 | |
|           }
 | |
|         },
 | |
|         "pki": {
 | |
|           "certificate_authorities": {
 | |
|             "internal": {
 | |
|               "install_trust": false,
 | |
|               "intermediate_lifetime": 311040000000000000,
 | |
|               "name": "Internal CA"
 | |
|             }
 | |
|           }
 | |
|         }
 | |
|       }
 | |
|     }
 | |
| 	`, "json", "intermediate certificate lifetime must be less than root certificate lifetime (86400h0m0s)")
 | |
| }
 |