Fix expired tls certs for cpp tests #9607
Conversation
sijie
requested review from
315157973,
codelipenghui,
jiazhai,
merlimat,
rdhabalia,
tuteng,
wolfstudy and
zymap
| Issuer: C=US, ST=CA, O=Apache, OU=Pulsar Incubator, CN=localhost | ||
| Validity | ||
| Not Before: Feb 17 01:37:33 2018 GMT | ||
| Not After : Feb 16 01:37:33 2021 GMT |
There was a problem hiding this comment.
I'm not familiar with TLS certificate but just have a question. The original Certificate - Data - Validity block has the Not After field that might lead to the broken CI. After this change, should we also keep the header-like block to record the Not After time?
I think the root cause is #1244 that intended to create certs which will expire after year 2030. However, the cacert.pem still expired after 2021-02-16.
|
btw. Some of the previous test keys/certificates weren't TLS 1.3 compatible. I assume that this problem gets also fixed? |
|
/pulsarbot run-failure-checks |
|
/pulsarbot run-failure-checks |
|
/pulsarbot run-failure-checks |
|
@sijie There are still test failing because clients are validating the "hostname" with the CN of the certificate. The tests expect the certificates to be issued with CN |
|
I've regenerated the certs with "localhost" for broker CN |
|
@merlimat thank you! |
* Fix expired tls certs for cpp tests * Added "admin" role as super user * Fixed common name in certs * Added admin name in one more place * One more place missing "admin" * Fixed PulsarFunctionLocalRunTest * More fixes Co-authored-by: Matteo Merli <mmerli@apache.org>
* Fix expired tls certs for cpp tests * Added "admin" role as super user * Fixed common name in certs * Added admin name in one more place * One more place missing "admin" * Fixed PulsarFunctionLocalRunTest * More fixes Co-authored-by: Matteo Merli <mmerli@apache.org>
* Fix expired tls certs for cpp tests * Added "admin" role as super user * Fixed common name in certs * Added admin name in one more place * One more place missing "admin" * Fixed PulsarFunctionLocalRunTest * More fixes Co-authored-by: Matteo Merli <mmerli@apache.org>
* Fix expired tls certs for cpp tests * Added "admin" role as super user * Fixed common name in certs * Added admin name in one more place * One more place missing "admin" * Fixed PulsarFunctionLocalRunTest * More fixes Co-authored-by: Matteo Merli <mmerli@apache.org> (cherry picked from commit 2e08766)
9 participants
Problem
The current master is broken due to an expired CA cert is used in CPP tests.
Modification
Use the certs we used for integration tests to keep it consistent across the rep.