Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Tls client test #760

Merged
merged 6 commits into from
Feb 8, 2021
Merged

Tls client test #760

Show file tree
Hide file tree
Changes from all commits
Commits
Show all changes
6 commits
Select commit Hold shift + click to select a range
57c2a63
Add nginx to gateway
jhughesbiot Jan 29, 2021
be8841e
make gateway resolving dynamic
jhughesbiot Jan 29, 2021
aab9462
Decode server certs from TLS 1.2 traffic and add validation for clien…
jhughesbiot Feb 2, 2021
2c94711
update test output
jhughesbiot Feb 2, 2021
e9e1027
merge from upstream
jhughesbiot Feb 2, 2021
08212ab
update test output messaging
jhughesbiot Feb 2, 2021
File filter

Filter by extension

Filter by extension
Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
5 changes: 3 additions & 2 deletions docker/include/bin/start_faux
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -227,8 +227,9 @@ elif [ -n "${options[expiredtls]}" ]; then
echo Starting expired tls server on port 443 https.
mv /root/nginx/nginxfail.conf /etc/nginx/nginx.conf
service nginx start
python tlsfaux/client.py 1.2 google.com &
python tlsfaux/client.py 1.3 google.com &
DEFAULT_ROUTE=$(ip route show default | awk '/default/ {print $3}')
python tlsfaux/client.py 1.2 $DEFAULT_ROUTE &
python tlsfaux/client.py 1.3 $DEFAULT_ROUTE &
fi

if [ -n "${options[pubber]}" ]; then
Expand Down
5 changes: 5 additions & 0 deletions docker/include/network/scripts/start_networking
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -68,5 +68,10 @@ if [ -f $GCP_CRED_FILE ]; then
) &
fi

# Setup a bad SSL Server for TLS client tests
echo Starting expired tls server on port 443 https.
mv /root/nginx/nginxfail.conf /etc/nginx/nginx.conf
service nginx start

echo Blocking for all eternity.
./autorestart_dnsmasq
10 changes: 9 additions & 1 deletion docker/modules/Dockerfile.networking
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -5,7 +5,10 @@

FROM daqf/aardvark:latest

RUN $AG update && $AG install apt-transport-https ca-certificates curl gnupg2
RUN $AG update && $AG install apt-transport-https ca-certificates curl gnupg2

RUN $AG update && $AG install -y nginx

RUN echo "deb [signed-by=/usr/share/keyrings/cloud.google.gpg] https://packages.cloud.google.com/apt cloud-sdk main" \
| tee -a /etc/apt/sources.list.d/google-cloud-sdk.list
RUN curl https://packages.cloud.google.com/apt/doc/apt-key.gpg \
Expand All @@ -25,4 +28,9 @@ COPY udmi/ udmi/
# Weird workaround for problem running tcdump in a privlidged container.
RUN mv /usr/sbin/tcpdump /usr/bin/tcpdump

#HTTPS Bad Server depdnency
COPY docker/include/security/nginxfail.conf /root/nginx/
COPY docker/include/security/nginx-site /var/www/nginx-site
COPY docker/include/security/tlsfaux tlsfaux/

ENTRYPOINT ["./start_networking"]
Loading