diff options
| author | Rob Crittenden <rcritten@redhat.com> | 2014-02-26 16:37:51 -0500 |
|---|---|---|
| committer | Rob Crittenden <rcritten@redhat.com> | 2014-02-26 16:50:55 -0500 |
| commit | 07c27296c2c940cb119386304ebffb4ab41f0fb9 (patch) | |
| tree | 201d87fb7f87d734bcec06aef66d8f20d8fb4706 /README | |
| parent | c2ac0d128e776f3edb8aeb8920bf41b99742e74c (diff) | |
| download | mod_nss-07c27296c2c940cb119386304ebffb4ab41f0fb9.tar.gz mod_nss-07c27296c2c940cb119386304ebffb4ab41f0fb9.tar.xz mod_nss-07c27296c2c940cb119386304ebffb4ab41f0fb9.zip | |
Add some basic functional tests.
This tests in an in-tree Apache instance using the local libmodnss.so
shared library, so no pre-installation is necessary.
The tests use python-nose and a hacked python-requests library. It is
hacked so I can obtain the negotiated cipher and protocol as well as
pass a few other things into it.
Tests right now are limited to GET requests.
A new user certificate for 'beta' was added to gencert to do pass/fail
access control testing.
The basic process of the tests are:
- run setup.sh which sets up a new instance with createinstance.sh
and does some variable substitution.
- nosetests -v
I picture multiple test "suites" of different configurations. Right now
there is only one. A template file is provided for each suite.
Tested only on Fedora 20 right now.
Diffstat (limited to 'README')
| -rw-r--r-- | README | 22 |
1 files changed, 17 insertions, 5 deletions
@@ -1,7 +1,7 @@ SYNOPSIS - This Apache module provides strong cryptography for the Apache 2.0 webserver - via the Secure Sockets Layer (SSL v2/v3) and Transport Layer Security (TLS + This Apache module provides strong cryptography for the Apache 2.4 webserver + via the Secure Sockets Layer (v3) and Transport Layer Security (TLS v1) protocols by the help of the SSL/TLS implementation library NSS This module is based heavily on the mod_ssl package. In fact, it's more @@ -9,7 +9,7 @@ SYNOPSIS BUILDING - To build this you'll need NSPR 4.4.1 and NSS 3.9.3. It may work with earlier + To build this you'll need NSPR 4.9.+ and NSS 3.14.+. It may work with earlier versions but these are recommended (or tested). These can be retrieved from http://www.mozilla.org/. The --with-nspr and --with-nss tags require that the package be installed in the same parent directory (e.g. /opt/nspr, @@ -22,6 +22,7 @@ BUILDING Build and install those packages somewhere then configure the module with something like: + % autoreconf -ivf % ./configure --with-apxs[=/path/to/apxs/] --with-nspr=/path/to/nspr/ --with-nss=/path/to/nss/ % gmake all install @@ -79,11 +80,13 @@ DOCUMENTATION REQUESTING A CERTIFICATE - The NSS command-line tools may be used to generate a certificate request + You can use the provided gencert utility as a template for generating a + CA and a sample user and server certificate. Alterntaively, the NSS + command-line tools may be used to generate a certificate request suitable for submission to a local CA or a commerical CA like Verisign, and install the issued certificate into your local database. A sample request may look something like this. This assumes that your certificate - database directory (NSSCertificateDatabase) is set to /opt/fortitude/alias + database directory (NSSCertificateDatabase) is set to /etc/httpd/alias Step 1 Create the database. This assumes you want your certificate database in /etc/httpd/alias @@ -111,3 +114,12 @@ REQUESTING A CERTIFICATE % certutil -V -u V -d . -n Server-Cert +TESTING + + A few simple scripts are provided to stand up an in-tree Apache instance + against which some basic tests can be run to validate that the in-tree + library works. + + From the source tree run: + + % make test |