@@ -2587,6 +2587,7 @@ sub host_install_postboot_complete ($) {
my ($ho) = @_;
target_core_dump_setup($ho);
target_cmd_root($ho, "update-rc.d osstest-confirm-booted start 99 2 .");
+ target_https_mitm_proxy_setup($ho);
}
sub target_core_dump_setup ($) {
@@ -2607,4 +2608,13 @@ END
'/etc/security/limits.d/coredumps.conf');
}
+sub target_https_mitm_proxy_setup ($) {
+ my ($ho) = @_;
+ my $cert = $c{HttpsProxyMITMCert};
+ return unless length $cert;
+ target_putfilecontents_root_stash($ho,30,$cert,
+ '/usr/local/share/ca-certificates/osstest.crt');
+ target_cmd_root($ho, 'update-ca-certificates', 300);
+}
+
1;
We want things like build jobs to be able to download things via https. But we want them to be cached. To this end, we are having our squid treat CONNECT as a request to MITM the TLS connection. But this means that clients will see squid's cert, not the real one. So placate them by installing the cert on each test box. (The squid becomes part of the TCB for our coverity upload password, but that is fine.) Signed-off-by: Ian Jackson <ian.jackson@eu.citrix.com> --- Osstest/TestSupport.pm | 10 ++++++++++ 1 file changed, 10 insertions(+)