test_caless: fix http.p12 is not valid

In "test_invalid_ds_cn" test case an old invalid http.p12 cert is used as a leftover after previous "test_invalid_http_cn" test. Get new valid http.p12 cert using create_pkcs12(). Also use server-badname cert instead of cert for replica. This explicitly ensures a non-matching hostname/SAN rather than implicitly by using a certificate for the replica. https://pagure.io/freeipa/issue/7254 Reviewed-By: Rob Crittenden <rcritten@redhat.com>
2025-02-25 18:55:28 -06:00 · 2017-11-09 19:59:34 +01:00
parent 495b85793c
commit cedd52d7f9
1 changed files with 2 additions and 1 deletions
--- a/ipatests/test_integration/test_caless.py
+++ b/ipatests/test_integration/test_caless.py
@@ -526,7 +526,8 @@ class TestServerInstall(CALessBase):
    def test_invalid_ds_cn(self):
        "IPA server install with DS certificate with invalid CN"

-        self.create_pkcs12('ca1/replica', filename='dirsrv.p12')
+        self.create_pkcs12('ca1/server', filename='http.p12')
+        self.create_pkcs12('ca1/server-badname', filename='dirsrv.p12')
        self.prepare_cacert('ca1')

        result = self.install_server(http_pkcs12='http.p12',