Update all SSL tests to use client certs

lukebakken · lukebakken · commit c58f6e2e680a · 2025-11-05T11:26:50.000-08:00
diff --git a/.ci/ubuntu/gha-setup.sh b/.ci/ubuntu/gha-setup.sh
@@ -144,8 +144,8 @@ function install_ca_certificate
 
     openssl s_client -connect localhost:5671 \
         -CAfile "$GITHUB_WORKSPACE/.ci/certs/ca_certificate.pem" \
-        -cert "$GITHUB_WORKSPACE/.ci/certs/client_localhost_certificate.pem" \
-        -key "$GITHUB_WORKSPACE/.ci/certs/client_localhost_key.pem" \
+        -cert "$GITHUB_WORKSPACE/.ci/certs/client_direct_certificate.pem" \
+        -key "$GITHUB_WORKSPACE/.ci/certs/client_direct_key.pem" \
         -pass pass:grapefruit < /dev/null
 }
 
diff --git a/.ci/ubuntu/rabbitmq.conf b/.ci/ubuntu/rabbitmq.conf
@@ -11,6 +11,6 @@ loopback_users.guest = true
 ssl_options.verify = verify_peer
 ssl_options.fail_if_no_peer_cert = true
 ssl_options.cacertfile = /etc/rabbitmq/certs/ca_certificate.pem
-ssl_options.certfile = /etc/rabbitmq/certs/server_localhost_certificate.pem
-ssl_options.keyfile = /etc/rabbitmq/certs/server_localhost_key.pem
+ssl_options.certfile = /etc/rabbitmq/certs/server_direct_certificate.pem
+ssl_options.keyfile = /etc/rabbitmq/certs/server_direct_key.pem
 ssl_options.password = grapefruit
diff --git a/.ci/windows/gha-setup.ps1 b/.ci/windows/gha-setup.ps1
@@ -240,7 +240,11 @@ $ErrorActionPreference = 'Continue'
 Write-Host '[INFO] Enabling plugins...'
 & $rabbitmq_plugins_path enable rabbitmq_management rabbitmq_stream rabbitmq_stream_management rabbitmq_amqp1_0
 
-echo Q | openssl s_client -connect localhost:5671 -CAfile "$certs_dir/ca_certificate.pem" -cert "$certs_dir/client_localhost_certificate.pem" -key "$certs_dir/client_localhost_key.pem" -pass pass:grapefruit
+echo Q | openssl s_client -connect localhost:5671 `
+    -CAfile "$certs_dir/ca_certificate.pem" `
+    -cert "$certs_dir/client_direct_certificate.pem" `
+    -key "$certs_dir/client_direct_key.pem" `
+    -pass pass:grapefruit
 if ($LASTEXITCODE -ne 0)
 {
     throw "[ERROR] 'openssl s_client' returned error: $LASTEXITCODE"
diff --git a/.ci/windows/rabbitmq.conf.in b/.ci/windows/rabbitmq.conf.in
@@ -10,6 +10,6 @@ loopback_users.guest = true
 ssl_options.verify = verify_peer
 ssl_options.fail_if_no_peer_cert = true
 ssl_options.cacertfile = @@CERTS_DIR@@/ca_certificate.pem
-ssl_options.certfile = @@CERTS_DIR@@/server_localhost_certificate.pem
-ssl_options.keyfile = @@CERTS_DIR@@/server_localhost_key.pem
+ssl_options.certfile = @@CERTS_DIR@@/server_direct_certificate.pem
+ssl_options.keyfile = @@CERTS_DIR@@/server_direct_key.pem
 ssl_options.password = grapefruit
diff --git a/projects/Test/Common/SslEnv.cs b/projects/Test/Common/SslEnv.cs
@@ -52,7 +52,7 @@ public SslEnv()
 
             if (_isSslConfigured)
             {
-                _certPath = Path.Combine(_sslDir, $"client_{_hostname}.p12");
+                _certPath = Path.Combine(_sslDir, $"client.p12");
             }
         }
 
diff --git a/projects/Test/Integration/TestSsl.cs b/projects/Test/Integration/TestSsl.cs
@@ -64,6 +64,7 @@ public async Task TestServerVerifiedIgnoringNameMismatch()
             ConnectionFactory cf = CreateConnectionFactory();
             cf.Port = 5671;
             cf.Ssl.ServerName = "*";
+            cf.Ssl.CertPath = certPath;
             cf.Ssl.AcceptablePolicyErrors = SslPolicyErrors.RemoteCertificateNameMismatch;
             cf.Ssl.Enabled = true;
 
@@ -78,6 +79,7 @@ public async Task TestServerVerified()
             ConnectionFactory cf = CreateConnectionFactory();
             cf.Port = 5671;
             cf.Ssl.ServerName = _sslEnv.Hostname;
+            cf.Ssl.CertPath = certPath;
             cf.Ssl.Enabled = true;
 
             await SendReceiveAsync(cf);
@@ -101,17 +103,19 @@ public async Task TestClientAndServerVerified()
             await SendReceiveAsync(cf);
         }
 
-        // rabbitmq/rabbitmq-dotnet-client#46, also #44 and #45
         [SkippableFact]
-        public async Task TestNoClientCertificate()
+        public async Task TestWithClientCertificate()
         {
             Skip.IfNot(_sslEnv.IsSslConfigured, "SSL_CERTS_DIR and/or PASSWORD are not configured, skipping test");
 
+            string certPath = _sslEnv.CertPath;
+            Assert.True(File.Exists(certPath));
+
             ConnectionFactory cf = CreateConnectionFactory();
             cf.Port = 5671;
             cf.Ssl = new SslOption()
             {
-                CertPath = null,
+                CertPath = certPath,
                 Enabled = true,
                 ServerName = _sslEnv.Hostname,
                 Version = SslProtocols.None,

Original file line number	Diff line number	Diff line change
`@@ -144,8 +144,8 @@ function install_ca_certificate`
`144`	`144`
`145`	`145`	`openssl s_client -connect localhost:5671 \`
`146`	`146`	`-CAfile "$GITHUB_WORKSPACE/.ci/certs/ca_certificate.pem" \`
`147`		`- -cert "$GITHUB_WORKSPACE/.ci/certs/client_localhost_certificate.pem" \`
`148`		`- -key "$GITHUB_WORKSPACE/.ci/certs/client_localhost_key.pem" \`
	`147`	`+ -cert "$GITHUB_WORKSPACE/.ci/certs/client_direct_certificate.pem" \`
	`148`	`+ -key "$GITHUB_WORKSPACE/.ci/certs/client_direct_key.pem" \`
`149`	`149`	`-pass pass:grapefruit < /dev/null`
`150`	`150`	`}`
`151`	`151`
Original file line number	Diff line number	Diff line change
`@@ -52,7 +52,7 @@ public SslEnv()`
`52`	`52`
`53`	`53`	`if (_isSslConfigured)`
`54`	`54`	`{`
`55`		`- _certPath = Path.Combine(_sslDir, $"client_{_hostname}.p12");`
	`55`	`+ _certPath = Path.Combine(_sslDir, $"client.p12");`
`56`	`56`	`}`
`57`	`57`	`}`
`58`	`58`