mirror of
https://github.com/caddyserver/caddy.git
synced 2025-10-24 07:19:17 -04:00
* acme_server: add certificate lifetime configuration option Signed-off-by: Kyle McCullough <kylemcc@gmail.com> * pki: allow intermediate cert lifetime to be configured Signed-off-by: Kyle McCullough <kylemcc@gmail.com> Signed-off-by: Kyle McCullough <kylemcc@gmail.com>
102 lines
2.6 KiB
Go
102 lines
2.6 KiB
Go
package integration
|
|
|
|
import (
|
|
"testing"
|
|
|
|
"github.com/caddyserver/caddy/v2/caddytest"
|
|
)
|
|
|
|
func TestLeafCertLifetimeLessThanIntermediate(t *testing.T) {
|
|
caddytest.AssertLoadError(t, `
|
|
{
|
|
"apps": {
|
|
"http": {
|
|
"servers": {
|
|
"srv0": {
|
|
"listen": [
|
|
":443"
|
|
],
|
|
"routes": [
|
|
{
|
|
"handle": [
|
|
{
|
|
"handler": "subroute",
|
|
"routes": [
|
|
{
|
|
"handle": [
|
|
{
|
|
"ca": "internal",
|
|
"handler": "acme_server",
|
|
"lifetime": 604800000000000
|
|
}
|
|
]
|
|
}
|
|
]
|
|
}
|
|
]
|
|
}
|
|
]
|
|
}
|
|
}
|
|
},
|
|
"pki": {
|
|
"certificate_authorities": {
|
|
"internal": {
|
|
"install_trust": false,
|
|
"intermediate_lifetime": 604800000000000,
|
|
"name": "Internal CA"
|
|
}
|
|
}
|
|
}
|
|
}
|
|
}
|
|
`, "json", "certificate lifetime (168h0m0s) should be less than intermediate certificate lifetime (168h0m0s)")
|
|
}
|
|
|
|
func TestIntermediateLifetimeLessThanRoot(t *testing.T) {
|
|
caddytest.AssertLoadError(t, `
|
|
{
|
|
"apps": {
|
|
"http": {
|
|
"servers": {
|
|
"srv0": {
|
|
"listen": [
|
|
":443"
|
|
],
|
|
"routes": [
|
|
{
|
|
"handle": [
|
|
{
|
|
"handler": "subroute",
|
|
"routes": [
|
|
{
|
|
"handle": [
|
|
{
|
|
"ca": "internal",
|
|
"handler": "acme_server",
|
|
"lifetime": 2592000000000000
|
|
}
|
|
]
|
|
}
|
|
]
|
|
}
|
|
]
|
|
}
|
|
]
|
|
}
|
|
}
|
|
},
|
|
"pki": {
|
|
"certificate_authorities": {
|
|
"internal": {
|
|
"install_trust": false,
|
|
"intermediate_lifetime": 311040000000000000,
|
|
"name": "Internal CA"
|
|
}
|
|
}
|
|
}
|
|
}
|
|
}
|
|
`, "json", "intermediate certificate lifetime must be less than root certificate lifetime (86400h0m0s)")
|
|
}
|