Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Create New TLS Certificates for Testing #76

Open
DMickens opened this issue Aug 9, 2022 · 2 comments
Open

Create New TLS Certificates for Testing #76

DMickens opened this issue Aug 9, 2022 · 2 comments
Assignees
Labels
testing Improvements or additions to tests/test infrastructure

Comments

@DMickens
Copy link
Collaborator

DMickens commented Aug 9, 2022

We have a tls folder that contains certificates and keys needed for testing tls in the driver. Some were added since forking from node-postgres and some are still old. We need to be able to test mutual TLS in the driver, but right now we don't have the correct certificates for it. We ought to have everything needed for someone to get configured without having to make any new certificates or keys on their own, so this would be CA keys and certificates for signing client and server certificates (maybe this could just be one CA that signs both). We need client key/certificate and server key/certificate. They should all be in PEM format. When creating we need to keep in mind the subjects needed for certificate verification in both server and mutual mode.

@DMickens DMickens added the testing Improvements or additions to tests/test infrastructure label Aug 9, 2022
@DMickens DMickens added this to the Improve Testing milestone Aug 9, 2022
@DMickens DMickens self-assigned this Aug 9, 2022
@DMickens DMickens moved this to Todo in Vertica-nodejs 1.1.0 Aug 9, 2022
@blackeyepanda
Copy link
Collaborator

ideally we should dynamically create these certifiactes/CA instead of storing them in the repo unless there are some specially needs.

sql-go client has some examples on how to create all these certificates you might be interested in.
https://github.com/vertica/vertica-sql-go/blob/master/resources/tests/genCerts.sh

@DMickens
Copy link
Collaborator Author

ideally we should dynamically create these certifiactes/CA instead of storing them in the repo unless there are some specially needs.

sql-go client has some examples on how to create all these certificates you might be interested in. https://github.com/vertica/vertica-sql-go/blob/master/resources/tests/genCerts.sh

I like that. I would prefer that approach. I'll look into modifying that genCerts script for vertica-nodejs to cover this issue. I'm not sure if what is being generated right now would support mTLS

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Labels
testing Improvements or additions to tests/test infrastructure
Projects
None yet
Development

No branches or pull requests

2 participants