Fix SSL test

4 files changed, 25 insertions, 14 deletions

diff --git a/server_test.go b/server_test.go
index 9cde9d7..5df97a2 100644
--- a/server_test.go
+++ b/server_test.go
@@ -522,7 +522,6 @@ func TestBindSimpleFailBadDn(t *testing.T) {
 
 /////////////////////////
 func TestBindSSL(t *testing.T) {
-	t.Skip("unclear how to configure ldapsearch command to trust or skip verification of a custom SSL cert")
 	longerTimeout := 300 * time.Millisecond
 	done := make(chan bool)
 	s := NewServer()
@@ -550,10 +549,11 @@ func TestBindSSL(t *testing.T) {
 
 	go func() {
 		time.Sleep(longerTimeout)
-		cmd := exec.Command("ldapsearch", "-H", ldapURLSSL, "-x", "-b", "o=testers,c=test")
+		cmd := exec.Command("ldapsearch", "-H", ldapURLSSL, "-d", "1", "-x", "-b", "o=testers,c=test")
+		cmd.Env = append(cmd.Env, "LDAPRC=tests/ldaprc")
 		out, err := cmd.CombinedOutput()
 		if err != nil {
-			t.Error(err)
+			t.Errorf("Command output:\n%v\nError:\n%s", string(out), err.Error())
 			return
 		}
 		if !strings.Contains(string(out), "result: 0 Success") {
diff --git a/tests/cert_DONOTUSE.pem b/tests/cert_DONOTUSE.pem
index ee14324..b10993c 100644
--- a/tests/cert_DONOTUSE.pem
+++ b/tests/cert_DONOTUSE.pem
@@ -1,18 +1,17 @@
 -----BEGIN CERTIFICATE-----
-MIIC9jCCAeCgAwIBAgIRAOG6xrSjAWQvJl9xFTIte/owCwYJKoZIhvcNAQELMBIx
-EDAOBgNVBAoTB0FjbWUgQ28wHhcNMTQwODIwMTY1MjQ4WhcNMTUwODIwMTY1MjQ4
-WjASMRAwDgYDVQQKEwdBY21lIENvMIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIB
+MIICqzCCAZMCFH7sEoXvPXnGCSHQiZjy8opgs3DnMA0GCSqGSIb3DQEBCwUAMBIx
+EDAOBgNVBAoMB0FjbWUgQ28wHhcNMTkwMTMwMTUzODA3WhcNMjkwMTMwMTUzODA3
+WjASMRAwDgYDVQQKDAdBY21lIENvMIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIB
 CgKCAQEA30gcjawL7RXQ5B5IfAcCPsJkG3GBbfhkbBRI22VxktBoNvqh2TWyECG3
 WsB/N1WMmATnLxamBZ5mfouNbd120gbO1M06Ti57NP1YTmMp8AU18Dm4OjZ6IeQf
 ip1xYSSSb6UyucFN6zIt+5PY2o4DoGb6fSNKb1ybgu91LmC1O/TDlyYUWn2TtF73
 FOUwSt+A6t3/Jhjhlp4n5Oobw1rrAgf7DPhWFg0Thj1yknPzWALY2LPREOMWob0D
 EgR5C3WS2eYPyHkeMZWoSY6BiWTIU+hFqQUkdOvrWhflFoiZIsOl6iXmQpo2EQlg
-j3Oy2zyZk1ndAfHlFoAgPIIbnBc+2QIDAQABo0swSTAOBgNVHQ8BAf8EBAMCAKAw
-EwYDVR0lBAwwCgYIKwYBBQUHAwEwDAYDVR0TAQH/BAIwADAUBgNVHREEDTALggls
-b2NhbGhvc3QwCwYJKoZIhvcNAQELA4IBAQBB9xNt3rDrBA9tCLCjdlnIQuUu9Uf0
-tHsSH6keBkhEoAylzHjmkNlerhTaLkRgB0D8qjE5+1APz42TuRpHRunYHSTNN0aF
-N6zKlpXS0g+J/ViCh/Zw7xQI4mpSFqYzTgn4T733FqwLrmtKsj0IOOkDYSZc7qfh
-qwXp/SB1J0Kp8G8S3G73dCZZYuW8y/eYMEoSkjNwNLAXzEAmFkGd8f1xhWTvnOxz
-ZBbOOjggdRLxr7cMZ8GaVWFgEG93y3AYMhFxZYRwWTcWJvSTNP3xC/CWqxXkiKdO
-2BROqmTw8zdqjXCIbgX4B5G5njMq9fk0gc4SiTAQkCOF6Xo0wQUvBAbN
+j3Oy2zyZk1ndAfHlFoAgPIIbnBc+2QIDAQABMA0GCSqGSIb3DQEBCwUAA4IBAQBv
+i60uFxOdm/RROIMkySEqp7XTOBxRFc0nwY4tbdQd1m4obqhS3em62U50Ff5RXtZp
+SPznKdWMmnw0Tf3H5xEJVErvmO3Iz22NuSjQ7EXDzWHxGaWejdvL5tAygMkT/uc4
++OZox3xy+BOsP0rCGxixzQ8TqFk2qI/ME4w3im0wiknjpqrobzduViCkkeRLMNoN
+rILIeEhP6UWseNoUdR8LIu6HBAWTGV/EPvBLohvef4jsWgDAkuxOe7jc/Sw6AyUm
+aA1JDOnGDrcIhrGWFmR3vlhtfXa523HBmja3XrEO0Z7fmlYTG+NAH+3IR9a+RAm7
+xhUV2P5xRb7DIfnBWVFo
 -----END CERTIFICATE-----
diff --git a/tests/ldaprc b/tests/ldaprc
new file mode 100644
index 0000000..3aa8bae
--- /dev/null
+++ b/tests/ldaprc
@@ -0,0 +1 @@
+TLS_REQCERT allow
diff --git a/tests/ssl-extensions-x509.cnf b/tests/ssl-extensions-x509.cnf
new file mode 100644
index 0000000..8d7e96d
--- /dev/null
+++ b/tests/ssl-extensions-x509.cnf
@@ -0,0 +1,11 @@
+[req]
+extensions = v3_req
+distinguished_name = req_distinguished_name
+
+[req_distinguished_name]
+
+[v3_req]
+basicConstraints = critical,CA:FALSE
+keyUsage = critical,digitalSignature, keyEncipherment
+extendedKeyUsage = serverAuth
+subjectAltName = DNS:localhost