45 lines
1.3 KiB
Markdown
45 lines
1.3 KiB
Markdown
# [certs-test](https://git.dotya.ml/wanderer/certs-test/)
|
|
|
|
this repo contains a program that tries to connect to a TLS protected endpoint.
|
|
there are two variants of a `Containerfile`:
|
|
* `Containerfile` - here the program should be able to successfully connect
|
|
to a TLS-protected endpoint from a `scratch` container because the **ca-certs**
|
|
bundle has been copied in.
|
|
* `Containerfile.certfail` - here the **ca-certs** bundle is missing,
|
|
therefore the program should fail with the following:
|
|
> 2023/03/08 18:31:00 connecting to https://\<endpoint\>
|
|
> panic: Get "https://\<endpoint\>": tls: failed to verify certificate: x509: certificate signed by unknown authority
|
|
|
|
### build and run
|
|
to build a container in which the app will be able to connect to a TLS
|
|
connected endpoint, run:
|
|
|
|
```
|
|
podman build -tcerts-test:success -f Dockerfile .
|
|
```
|
|
alternatively, run `make` or `make certsuccess`
|
|
|
|
to build a container that will yield a CA cert validation failure (because of
|
|
the missing **ca-cert** bundle), run:
|
|
|
|
```
|
|
podman build -tcerts-test:fail -f Dockerfile .
|
|
```
|
|
alternatively, run `make certfail`
|
|
|
|
to manually build and run the app, run:
|
|
```
|
|
go build -v . && ./certs-test -endpoint=<yoursite.tld>
|
|
```
|
|
|
|
to run the container, do
|
|
```
|
|
podman run localhost/certs-test:success
|
|
```
|
|
or
|
|
|
|
```
|
|
podman run localhost/certs-test:fail
|
|
```
|
|
based on which one you'd like to run.
|