New test containers with static test certificates.

Test certificates were generated dynamically but there are advantages to using static certificates.  For example, it possible to use the same certificate between container versions.  Mostly, it is easier to document the certificates if they are not buried deep in the container code.

The new test certificates are initially intended to be used with the C unit tests but they will eventually be used for integration tests as well.

Two new certificates have been defined. See test/certificate/README.md for details.

The old dynamic certificates will be retained until they are replaced.

doc/xml/release.xml

@@ -43,6 +43,10 @@
 
             <release-test-list>
                 <release-development-list>
+                    <release-item>
+                        <p>New test containers with static test certificates.</p>
+                    </release-item>
+
                     <release-item>
                         <p>Add <code>testRepoPath()</code> to let C unit tests know where the code repository is located.</p>
                     </release-item>

test/certificate/.gitignore

@@ -0,0 +1,2 @@
+*.csr
+*.srl

test/certificate/README.md

@@ -0,0 +1,48 @@
+# pgBackRest Test Certificates
+
+The certificates in this directory are used for testing purposes only and are not used for actual services.  They are used only by the unit and integration tests and there should be no reason to modify them unless new tests are required.
+
+## Generating the Test CA (pgbackrest-test-ca.crt/key)
+
+This is a self-signed CA that is used to sign all server certificates.  No intermediate CAs will be generated since they are not needed for testing.
+
+```
+cd [pgbackrest-root]/test/certificate
+openssl genrsa -out pgbackrest-test-ca.key 4096
+openssl req -new -x509 -extensions v3_ca -key pgbackrest-test-ca.key -out pgbackrest-test-ca.crt -days 99999 \
+    -subj "/C=US/ST=All/L=All/O=pgBackRest/CN=test.pgbackrest.org"
+openssl x509 -in pgbackrest-test-ca.crt -text -noout
+```
+
+## Generating the Test Key (pgbackrest-test.key)
+
+This key will be used for all server certificates to keep things simple.
+
+```
+cd [pgbackrest-root]/test/certificate
+openssl genrsa -out pgbackrest-test.key 4096
+```
+
+## Generating the Alt Name Test Certificate (pgbackrest-test-alt-name.crt)
+
+This certificate will include alternate names and will only be used in unit tests to check alternate name verification functionality.
+
+```
+cd [pgbackrest-root]/test/certificate
+openssl req -new -sha256 -nodes -out pgbackrest-test-alt-name.csr -key pgbackrest-test.key -config pgbackrest-test-alt-name.cnf
+openssl x509 -req -in pgbackrest-test-alt-name.csr -CA pgbackrest-test-ca.crt -CAkey pgbackrest-test-ca.key -CAcreateserial \
+    -out pgbackrest-test-alt-name.crt -days 99999 -extensions v3_req -extfile pgbackrest-test-alt-name.cnf
+openssl x509 -in pgbackrest-test-alt-name.crt -text -noout
+```
+
+## Generating the Test Certificate (pgbackrest-test.crt)
+
+This certificate will be used in unit and integration tests.  It is expected to pass verification but won't be subjected to extensive testing.
+
+```
+cd [pgbackrest-root]/test/certificate
+openssl req -new -sha256 -nodes -out pgbackrest-test.csr -key pgbackrest-test.key -config pgbackrest-test.cnf
+openssl x509 -req -in pgbackrest-test.csr -CA pgbackrest-test-ca.crt -CAkey pgbackrest-test-ca.key -CAcreateserial \
+    -out pgbackrest-test.crt -days 99999 -extensions v3_req -extfile pgbackrest-test.cnf
+openssl x509 -in pgbackrest-test.crt -text -noout
+```

test/certificate/pgbackrest-test-alt-name.cnf

@@ -0,0 +1,26 @@
+[req]
+default_bits = 4096
+prompt = no
+default_md = sha256
+req_extensions = v3_req
+distinguished_name = dn
+
+[ dn ]
+C=US
+ST=All
+L=All
+O=pgBackRest
+OU=Unit Testing Domain
+CN = test.pgbackrest.org
+
+[ v3_req ]
+basicConstraints = CA:FALSE
+keyUsage = nonRepudiation, digitalSignature, keyEncipherment
+subjectAltName = @alt_names
+
+[ alt_names ]
+DNS.1 = test.pgbackrest.org
+DNS.2 = *.test.pgbackrest.org
+IP.1 = 127.0.0.1
+DNS.3 = test2.pgbackrest.org
+DNS.4 = *.test2.pgbackrest.org

test/certificate/pgbackrest-test-alt-name.crt

@@ -0,0 +1,34 @@
+-----BEGIN CERTIFICATE-----
+MIIF4jCCA8qgAwIBAgIJAN+gSjwW7yR+MA0GCSqGSIb3DQEBCwUAMFwxCzAJBgNV
+BAYTAlVTMQwwCgYDVQQIDANBbGwxDDAKBgNVBAcMA0FsbDETMBEGA1UECgwKcGdC
+YWNrUmVzdDEcMBoGA1UEAwwTdGVzdC5wZ2JhY2tyZXN0Lm9yZzAgFw0xODExMjAx
+MzU2MjlaGA8yMjkyMDkwMzEzNTYyOVowejELMAkGA1UEBhMCVVMxDDAKBgNVBAgM
+A0FsbDEMMAoGA1UEBwwDQWxsMRMwEQYDVQQKDApwZ0JhY2tSZXN0MRwwGgYDVQQL
+DBNVbml0IFRlc3RpbmcgRG9tYWluMRwwGgYDVQQDDBN0ZXN0LnBnYmFja3Jlc3Qu
+b3JnMIICIjANBgkqhkiG9w0BAQEFAAOCAg8AMIICCgKCAgEAwzNZDX/VhTA6lALX
+DZ4AOHv4OQH5wTZipa97XdTrI2TIfMGEffLmv5wzN85pku5HXBuHGJUaUENXt1Ss
+GwdfBx/gZZEA8oONqkrxOoJTrABWIAs5k6TTUd+f3Y39rlsyQj076f1sw6Mw9qoC
+h+JKXDDqw8kGwQHifXdtCrxL9OfV4eq+gYKrqdlyFM08WfKxe0Js8bB5cZ4Bt/GC
+2JhQzQ9bMjYJlxSXIXivP/FFunVT5hZ8gsUVAH+/sm8xlQ4sedW7mIBKkjT3tgL0
+FvchB3XyoZ6Sr0JKVaMOcQjIsTzOqdgawgArO541ZwUWHdJH+DODr/gBWXSnnzhH
+ED5DAvRMPdO/t353qS/ihpacTqQ91B4UKxK1pVNC84ch3spCLnQncl7kn7RhcdCc
+b5g4ZfahRmq79QSoMDvN4+7MtyERLXtSttSWiBzQVVj/jcFNDeGeDjKp6Z55xoso
+tMZ3yVajl4IbuQS1pfTLjp7WdJ58y5hQ+8O/ebjUYIxOo5kZhRZV/jxqoR7Ga9MG
+bAQ7BPcTuItpfGqiWcdYU+ZdyyFwvpXov6qNoCYt58nj7s+FAbed7EzRHa2Z3RVG
+kcqv2iX5EddydHmqKip+QUUR4cPLUXn+kvOHtJEOgAWDURh0DVfhrMD5dX1d+9de
+BUwZ89gYvxkkErPL1o8OPRxyiucCAwEAAaOBhjCBgzAJBgNVHRMEAjAAMAsGA1Ud
+DwQEAwIF4DBpBgNVHREEYjBgghN0ZXN0LnBnYmFja3Jlc3Qub3JnghUqLnRlc3Qu
+cGdiYWNrcmVzdC5vcmeHBH8AAAGCFHRlc3QyLnBnYmFja3Jlc3Qub3JnghYqLnRl
+c3QyLnBnYmFja3Jlc3Qub3JnMA0GCSqGSIb3DQEBCwUAA4ICAQABqorGy+U2CBBl
+ei2Q0zTccJVPqz3xL6UpZVh0X/SoZFisZNyLPskxAh070q8C11g4uqyPoXPp2eJt
+smwop2pY6glzO+7b9kEUo2527s8BJejlIzAe9bQ8eZ1Hbqlh52B+wzEE7Ci22KDC
+O3RZCya6WiMHXxFCjPR7m4qaoodU4XtRefepg/bs0qUq5rrsHDRfvaitISUOeXnj
+NSsLyiVLbwkCW3mL7bEFAG1Th8GWa809zpw8fJiUkhavtDe35UesHM5fOZ8oqY28
+BIcSc5yVgOxDAHDQI9lf9umAN5ZakT9lo5WdndG9eUZGOK72s8Vy1ReiKH+vX2qw
+3cI69akD+UBLqvO9NFMJPurDLdM82B453EaBqDhm1oPPwHsXc8wiNG6jYmIAHlvN
+qX1qXcdJjp54PSv6RFm/ZxcS6CCRRzPv46Zi86cynY32qmEYU5Et3tGVwx6KywRx
+HKF206NUzyHYW8cuDywTpQZSYuAHrjcWGzS/Fg1aTIGULRffFLTvmt6URHjpfFwJ
+bRkMcw+k1xdV01rTA2jnDbFAC5f6V7QOGwcqSzc25cz1PDHWweCw4oDwpAxRFx14
+X98jbWjo6YYsc9wWpcQt5NICO5wHoaJfhawf7suJmuluQTzOsH2ZS6O0zVJmbsVs
+KveXMVBWdJoaJjUqEBy6tJHB5uRxJg==
+-----END CERTIFICATE-----

test/certificate/pgbackrest-test-ca.crt

@@ -0,0 +1,32 @@
+-----BEGIN CERTIFICATE-----
+MIIFkDCCA3igAwIBAgIJAKfL57w5QrmFMA0GCSqGSIb3DQEBCwUAMFwxCzAJBgNV
+BAYTAlVTMQwwCgYDVQQIDANBbGwxDDAKBgNVBAcMA0FsbDETMBEGA1UECgwKcGdC
+YWNrUmVzdDEcMBoGA1UEAwwTdGVzdC5wZ2JhY2tyZXN0Lm9yZzAgFw0xODExMTky
+MjI2MjNaGA8yMjkyMDkwMjIyMjYyM1owXDELMAkGA1UEBhMCVVMxDDAKBgNVBAgM
+A0FsbDEMMAoGA1UEBwwDQWxsMRMwEQYDVQQKDApwZ0JhY2tSZXN0MRwwGgYDVQQD
+DBN0ZXN0LnBnYmFja3Jlc3Qub3JnMIICIjANBgkqhkiG9w0BAQEFAAOCAg8AMIIC
+CgKCAgEA363DCLQblcgOjA3qZAJfxameJrRZFvs2xxGNX6IhpLv1uWSr5V6t47lG
+IUORf/Jol/lj/Y8jN3BuW3eSnsAjeMTVC1t9kE3fmZ5Rvnyugkl+t1hV2Vgxhuc5
+wrn3W2YTjW06miWkuSgyfFC1zxfcCa13Lj/WVfVh/VM17z/TgPCsH+UbAzheRVK7
+CLE5P4SdSVmmEeUB6CQaFuKxQ4tuEgR2YBsaI9LblgTsr28nIJLmJugxMcy7KVQm
+dVhMPb8oX4VgWxUDHUn2oCQakBOgOXio3gcVyUrcz1oA8S6QxOJO5s2R0ArGZRSW
+BPN5c9rAY5+gE6CJwH5oTU8GgtykQn34F4EpXS6CR+tlFMVNPdYmocV7ybn5zJ3b
+6k1DpUF2prEbycImPwsDmvGjSoaO6UfELZuGQt9dh8B/zgzbdWMM6MSyaPSKV4VN
+yUeM6OI1KwJrTqGK8mJ+fOxgwY2yjsjPE3ZJQ3m2V38I8BdiudfFrFFOQc2en3Na
+cI2B7VRiC0ldjQG8y6YfikcCeJCRXa7pKdNqRX8OkcfT83NXUn2HvdjGpQyHI0c3
+VgV3cm5exULatz6liUjskBbTAzer/39j8xjNkTctNzel7X6eHdFLWgR1qWjx9vAi
+gYFXErzDO9aQ0MTLHGH81rIzpch8fO5rB5sCM9F2lw352+8CgKsCAwEAAaNTMFEw
+HQYDVR0OBBYEFGo+OwmNN1QFNDAOYpuySZSYdNZ2MB8GA1UdIwQYMBaAFGo+OwmN
+N1QFNDAOYpuySZSYdNZ2MA8GA1UdEwEB/wQFMAMBAf8wDQYJKoZIhvcNAQELBQAD
+ggIBAL/q0d9FFFWRD6ldCVUcarcZX/mWcchtGGO1xHIesvdAZHd7dZx2ZlJ2OmpN
+KwC+9+jXv7h6EqeVuxqPYFlXUdHSXNqrZecFmmXwqa8hqn08ZCZqYJ5CVFjhw+jE
+IMvclt5NpessLVKn6Xs75OogbtN69pJdxYnh28l/yoG1gu+41DtDXZjVeIFXCPo3
+oLm+ARwG33z1QD66YBnpRmW57M8j+fHiPFtONqCMSk2dt/PEOYDCPhimA5G1lJzw
+qyrEiMX9+oyYkfpxmQrGjOVswQvvN/XhSgaMrIoa/cZZwUTe+EtY+jQMXWqk7/F2
+ufalTU9x1uZElh94YOsOREq34Ef4lJC/9K0ayfoQY+2qyBPKwGISUUJUY/dPGVd+
+cz91fCmy12X3jsw1vmyJ9UU/hC2Nr4LGxDlcRq88/ev7eGAvsOHwgRYJzLfwaJF6
+XMeKZfxq1uvFlJyAyYszu9BL5n26eDunBsQbH9R2avE7deVOwxWMUkX2nX7QEENp
+dGL3q/3ar/uaMFrAkk5JGUpfozsiXs4BLYKcXRKGy9oBoRuR3lGk+t163qBHh/Rw
+M8+tsCo6j4ReSgq2ew+sHfxj4rQ4Bly+965RRPjZPu20QMlbWzD6kEB+F2II537e
+R1KzQRet3Mqf+IY98aAWRfRW9sefkeYrD9BP9jhbSaoh7E0n
+-----END CERTIFICATE-----

test/certificate/pgbackrest-test-ca.key

@@ -0,0 +1,51 @@
+-----BEGIN RSA PRIVATE KEY-----
+MIIJKgIBAAKCAgEA363DCLQblcgOjA3qZAJfxameJrRZFvs2xxGNX6IhpLv1uWSr
+5V6t47lGIUORf/Jol/lj/Y8jN3BuW3eSnsAjeMTVC1t9kE3fmZ5Rvnyugkl+t1hV
+2Vgxhuc5wrn3W2YTjW06miWkuSgyfFC1zxfcCa13Lj/WVfVh/VM17z/TgPCsH+Ub
+AzheRVK7CLE5P4SdSVmmEeUB6CQaFuKxQ4tuEgR2YBsaI9LblgTsr28nIJLmJugx
+Mcy7KVQmdVhMPb8oX4VgWxUDHUn2oCQakBOgOXio3gcVyUrcz1oA8S6QxOJO5s2R
+0ArGZRSWBPN5c9rAY5+gE6CJwH5oTU8GgtykQn34F4EpXS6CR+tlFMVNPdYmocV7
+ybn5zJ3b6k1DpUF2prEbycImPwsDmvGjSoaO6UfELZuGQt9dh8B/zgzbdWMM6MSy
+aPSKV4VNyUeM6OI1KwJrTqGK8mJ+fOxgwY2yjsjPE3ZJQ3m2V38I8BdiudfFrFFO
+Qc2en3NacI2B7VRiC0ldjQG8y6YfikcCeJCRXa7pKdNqRX8OkcfT83NXUn2HvdjG
+pQyHI0c3VgV3cm5exULatz6liUjskBbTAzer/39j8xjNkTctNzel7X6eHdFLWgR1
+qWjx9vAigYFXErzDO9aQ0MTLHGH81rIzpch8fO5rB5sCM9F2lw352+8CgKsCAwEA
+AQKCAgEAsZ3glqO2l+zBqHNQYdQEywgSvrdNW1NmvxLwCTXMs2xSBsKrQTs6p+8y
+gi2Od2Q9rBhsTyd/loFgEJ/VvNvkDv12E0u2XIWJ/gla7gFB7dGAnwS1Px6qTW6F
+Tlyv0FMxSYeoFkm4EROba14H0QgoQUMOtZoZkC6Hfkq6NF6hi+0RMU6Tca4sJa45
+OQDJ7edXoqxelC0eo4EvembOzk0EvafvfAdpbXL9zZXhgLmp/1LHEbQlhF8HbB0X
+YO0ZtZp668cUqZ741yQphCbHNQtwmtJ2fcBwi2Q4DStyPhJ1APKYJuysUeCMhC2h
+pxLTqazWQwW5bnx3hnSaTHFpQTcF8w7brT3YTxMAe6Eo2efFDILZYQlTTMz7zM7+
+QUlg8utQNB+p5T1qaXk5hcyRVdfUrfx1+ionEL9M/hisNKrQlIsC7AzX+90y1Cng
+idjwgOTcFRC7CutHFBj6+OpDAizm2eVSpklTDn16hMzwQe5QrMxV2y0SVrQ9+mUI
+98VqvUZaE4bm6CMsR4xJpxTDAfN4uck5wNSZ++9vMMcZysfC+pAuD3hOzNCtPKrG
+v/n5+nDC606oBJ3vY2XKDm1tVmxPiY/QXBvyNbiul8ZR75B1OdnOFpUTGg6rrwbs
+fAHRrYTjsRlTcVbx4t+HJnJINFj8udJM6f3xk8vOUqBYgOB9TJkCggEBAPBbpyUJ
+dSY+AOj8124CeEbchuo4EDdHaUaOcW//YHvHGe9o3AyV/AHGGop4w/0Js5X3LGDw
+AjEsX2TiZi/m4X1H0wltCjlOAbLBEa6BpJ29EcC+S1qkJwTUGlQCahPXBqI3XUXj
+7mXjcCZBIFKPWCjKZEs19gtQa3YAG2+eIU17QVTlQNzD5sIXbHIKMTr4Pn6btAvr
+B2gqsKbXkn3ix/9pR+MKCIdOMOvjecIR+nMEwtMVRCFc76iI7QyEIAPfJzXygH43
+nuZAFP1G+CxO2yblfOqnAm9szIeBxiDTqX8YWSt6Z9hQt+6TSCkiBmunkDdFtdaJ
+mSIJMbPazpmZ8j8CggEBAO48O9C6ArAaIuyGM77YqiP/VCginOdsnr3J9LtGG2F7
+Jz6lf+a/VEyiHmW5YIVTnYN2TkcSGpMUJGtTRtIcvH4mSvkhNeBllfrnQF+weU3x
+kZxOffwa6pe4uuODuvohY+9MU66meSg5RVXumF71/NH6e17p1dA+Pfh8aeTANog1
+9EKatQBs63C5ho4ACGBIwrK6QLbSZiEvd34X+Jrp5Y5arGnjNjVkuJDhfsPx8HMJ
+8b4xCT5evqSCXvdNMO1qnnM8r0pd5hovFUk5MbUpdHFdcezpSL0dGz6nnT7UBTTJ
+joK1Raf2XzCu7CpSZnxkmIDnMEDwVDdCtHlbiZZy/pUCggEBALLARr7ZmMEXDZA4
+MXLD7XUtnjxj81NZDWcGmkBjmPqUqKoOvs+xX1hmXuiqRX9SjrcxulRhShAN4ufh
+I4PuXbXRC5aP/DF/3O12flLcYXNZ3/EK1HmVaNtDbk0Z+o/Es09Cg2Bt0ab+jTI1
+7vbXWgYD9rCkcdYaOcDo9X5+CGBaEM01LZbBLkUcLG9nOxOS+M8ptq3CXaDPVs7N
+tUlftcMyJd8oYA1YTjOv2aZFvo95c/aNczyopCcfpcNQI4sdk0igj4TOkqLD95gh
+BoHVJ1B3DP5ps/rv2+/OyG0zXHODxRT7lG0gIpoP+HN2tXWsiSlB86iYbkUMt2T9
+jfZXsfsCggEBAIpcNSkePt1j8JCJyJe4YegSLCA7KgFGFlOHbTkumExfKAW8PLIY
+wK7ZIOpXZXVJgJuPJBsmqoRtGFG0xdbVlat2NejGnvG6TgawM7TfWzQnbjfnZkf6
+ofCH+xKTuQ34QoACRj+Ss57m1Bv6PEg6eSDCZtBS4jjVTUx5hU6zS3iETV45V5Ht
+sDeBqGHkJvk0iM8gWOFVBLeVR8LVzS67VPT+OFAvA5ay7nZGYEcQxmMpjVq2Q/YT
+NIl6pgjereHVID0xK2T3b+IZIjWqn/HlJ5mHedjsC7C5rM8QrcSFgpiLztaezNul
+vNcbYFGcFaV9Dw0eN+ofKeoGNaadwSS9mJkCggEAZz41LQSJYxF8nMc1Cx+ROC59
+7InZLZBpYFgvkJBMgpabRW3P33SjrF1vOOb8QKHEawmGVICg6y6fDWdUJkuL9PJK
+KUhM6f6+RrOAmTLEX0nBc/Qu7vn5xWdfU4IaGYyon+J290GlzZv+C31wQyhAfMc4
+LffXr9aXDNXF9C6RJiDP07pcgzu295B00KqiRaim8ZG1Ab+FOg+ZrFbvYxE1DdNC
+UX5iVgVo1T8sOy/An1ACNy5xzCkiEUk3stCKMMCnUiw3Y0fHvxFc9se786JVwejY
+Pecz4yaqRJDn97WrFvqI/Nwi1W/pOtaOJfsLnsO6S/uZTAW+vXwi9l82ETNjbw==
+-----END RSA PRIVATE KEY-----

test/certificate/pgbackrest-test.cnf

@@ -0,0 +1,18 @@
+[req]
+default_bits = 4096
+prompt = no
+default_md = sha256
+req_extensions = v3_req
+distinguished_name = dn
+
+[ dn ]
+C=US
+ST=All
+L=All
+O=pgBackRest
+OU=Unit Testing Domain
+CN = *.test.pgbackrest.org
+
+[ v3_req ]
+basicConstraints = CA:FALSE
+keyUsage = nonRepudiation, digitalSignature, keyEncipherment

test/certificate/pgbackrest-test.crt

@@ -0,0 +1,32 @@
+-----BEGIN CERTIFICATE-----
+MIIFdzCCA1+gAwIBAgIJAN+gSjwW7yR/MA0GCSqGSIb3DQEBCwUAMFwxCzAJBgNV
+BAYTAlVTMQwwCgYDVQQIDANBbGwxDDAKBgNVBAcMA0FsbDETMBEGA1UECgwKcGdC
+YWNrUmVzdDEcMBoGA1UEAwwTdGVzdC5wZ2JhY2tyZXN0Lm9yZzAgFw0xODExMjAx
+MzU2NDJaGA8yMjkyMDkwMzEzNTY0MlowfDELMAkGA1UEBhMCVVMxDDAKBgNVBAgM
+A0FsbDEMMAoGA1UEBwwDQWxsMRMwEQYDVQQKDApwZ0JhY2tSZXN0MRwwGgYDVQQL
+DBNVbml0IFRlc3RpbmcgRG9tYWluMR4wHAYDVQQDDBUqLnRlc3QucGdiYWNrcmVz
+dC5vcmcwggIiMA0GCSqGSIb3DQEBAQUAA4ICDwAwggIKAoICAQDDM1kNf9WFMDqU
+AtcNngA4e/g5AfnBNmKlr3td1OsjZMh8wYR98ua/nDM3zmmS7kdcG4cYlRpQQ1e3
+VKwbB18HH+BlkQDyg42qSvE6glOsAFYgCzmTpNNR35/djf2uWzJCPTvp/WzDozD2
+qgKH4kpcMOrDyQbBAeJ9d20KvEv059Xh6r6Bgqup2XIUzTxZ8rF7QmzxsHlxngG3
+8YLYmFDND1syNgmXFJcheK8/8UW6dVPmFnyCxRUAf7+ybzGVDix51buYgEqSNPe2
+AvQW9yEHdfKhnpKvQkpVow5xCMixPM6p2BrCACs7njVnBRYd0kf4M4Ov+AFZdKef
+OEcQPkMC9Ew907+3fnepL+KGlpxOpD3UHhQrErWlU0LzhyHeykIudCdyXuSftGFx
+0JxvmDhl9qFGarv1BKgwO83j7sy3IREte1K21JaIHNBVWP+NwU0N4Z4OMqnpnnnG
+iyi0xnfJVqOXghu5BLWl9MuOntZ0nnzLmFD7w795uNRgjE6jmRmFFlX+PGqhHsZr
+0wZsBDsE9xO4i2l8aqJZx1hT5l3LIXC+lei/qo2gJi3nyePuz4UBt53sTNEdrZnd
+FUaRyq/aJfkR13J0eaoqKn5BRRHhw8tRef6S84e0kQ6ABYNRGHQNV+GswPl1fV37
+114FTBnz2Bi/GSQSs8vWjw49HHKK5wIDAQABoxowGDAJBgNVHRMEAjAAMAsGA1Ud
+DwQEAwIF4DANBgkqhkiG9w0BAQsFAAOCAgEAsjmEXx1dc2bbQHUOZTqfTNZ38/ux
+O4V8uXGcKER7bR7TKP6NYwYmgUqcwA50FJkBQ8wULF2C/tLsp1AyAu3wlhn+yVsP
+zeZL+p/fOzXDhTyz0Ggx19tyol4o2q+bxyd+KS8rrcSvzC9Jz7Wjuhs9/M5r2gWr
+WJydwYbGo4MbAcdPWWJdYRf93vlUqG3Qh3oBnwDntGr0xrBPRBbfcIg+f1c/fnAb
+S94rkrmRCtCGqf09IKjVgnlNhXERM2YLoiLcMIwJCLPU8TWoar+paDBgevqIzMvD
+k+WYc/NuHpwkDv2e7iVuWarB5r7BAB0olu4qOC8jyGeD8vrJgLah8qyW1slOAH9h
+7h0vGQ6+Gjp14ZVWQUwjvnINyX2xUc3gkkQvaons+Ny7xtyu3tOy6v4Ukl/ryT87
+IbgkoCj8T+9whp4PqHBDNUmEicJs18q/VRYa4yTE5hh2ecKaveb++YtdZxwJxZR4
+Le1+GHj4wQJzQR+Hv42G7C444FIx0G266RIMRoNgbroRPN5mNwdiAg2oejB6qWlX
+IOi4+eWbpQk2AM0tvB+eSY/JxHn+5XiVyXiN4hO7ndsAwT7Jj3VNKEjRZyZhTwM9
+YO7FOaKbDLnn4IswCgw2iz916fghgBfKLLcjpe/Y9kJvY1g/Fd77zXMHMPs1Zbv3
+4MleZ146f1S0En0=
+-----END CERTIFICATE-----

test/certificate/pgbackrest-test.key

@@ -0,0 +1,51 @@
+-----BEGIN RSA PRIVATE KEY-----
+MIIJKAIBAAKCAgEAwzNZDX/VhTA6lALXDZ4AOHv4OQH5wTZipa97XdTrI2TIfMGE
+ffLmv5wzN85pku5HXBuHGJUaUENXt1SsGwdfBx/gZZEA8oONqkrxOoJTrABWIAs5
+k6TTUd+f3Y39rlsyQj076f1sw6Mw9qoCh+JKXDDqw8kGwQHifXdtCrxL9OfV4eq+
+gYKrqdlyFM08WfKxe0Js8bB5cZ4Bt/GC2JhQzQ9bMjYJlxSXIXivP/FFunVT5hZ8
+gsUVAH+/sm8xlQ4sedW7mIBKkjT3tgL0FvchB3XyoZ6Sr0JKVaMOcQjIsTzOqdga
+wgArO541ZwUWHdJH+DODr/gBWXSnnzhHED5DAvRMPdO/t353qS/ihpacTqQ91B4U
+KxK1pVNC84ch3spCLnQncl7kn7RhcdCcb5g4ZfahRmq79QSoMDvN4+7MtyERLXtS
+ttSWiBzQVVj/jcFNDeGeDjKp6Z55xosotMZ3yVajl4IbuQS1pfTLjp7WdJ58y5hQ
++8O/ebjUYIxOo5kZhRZV/jxqoR7Ga9MGbAQ7BPcTuItpfGqiWcdYU+ZdyyFwvpXo
+v6qNoCYt58nj7s+FAbed7EzRHa2Z3RVGkcqv2iX5EddydHmqKip+QUUR4cPLUXn+
+kvOHtJEOgAWDURh0DVfhrMD5dX1d+9deBUwZ89gYvxkkErPL1o8OPRxyiucCAwEA
+AQKCAgA5JquIHElzuW8tLrewMPZ3kzRV3JI3U6kGQZ6pFlHSBwv8Gtyj055js2P7
+jt+yOTmDajvfoqgVn+Hqt0u8jifwehDFK/NPDd1IYrDGJKpCzcZpk1/ELpoAeqzf
+vVbs2Z6ZbjxAggZ6MSmAzr328vY6j8fsksr7b4XUnka6we6rQcWJY6VrXcrM6/FO
+zdhBraDxKb2j9btY3J48MOXSbKYbo8dbqB6esVSeZCtLWWTE9t0dnK/PycwgXUbP
+A2dM8N1svnsyZz1uGTv9elfk8W4mNQ5Y64ie75W8BQWRarT3z4niiHctHceKqQOR
+qheTm6GetdZ0ivQ6MMFzCJMl2lTb4LKPAAP0lsTK+tjbw29D+LKcDY71SYY18gQW
+AygQhlId5Ms7M9vgp6FPKF8fROvPGtOoMPLv+bnHHf3P8fVHT/n6pywtklC0heY6
+2jkYatvihy5WU7OIvfKdQ7dZeD/Y+eYRsXpcTgzVe3DDDVgDB6Wjhk5b+q9KtHsN
+XToXH8MtV4YLwCxcYI6TRXjqq6ma72AvTEpYomDo3WcvkoyOF431WGtwl/Gqu61F
+KEQ1QMVwQAPlg9BGSkCAVWf9Ii4PK1V9p9RS50oj9xzKeDqW/2lVLneRElM+UXUV
++q/gw0Uo6zATr2fJa6J70MqjYpAvcmbSwbp3tmaN7l3MduQ54QKCAQEA/JEmuH9N
+8M16ea/wt/ZbKOflaS8KJfVAmPGJT2JFRzPph7q52Sg2ekDBkKkL3dj/kjjXynk+
+NGNWRSfgUwZjQ7Bz3NfTFAW38AmYCommwZPALFM6mXXtTfZeWkkpptHRWJr6uSoR
+fQlWHqraz7WZrKB2O9o9lN8Lsp5oqYzJ3CvFnImfjn7mR0acG8QIlbbLv5UydAup
+tGd50Je4JTv2BOxKDhF7k6u6luPb9x3Bofjqr5lPZGA8YAwK+8A0JQGkz70k3/2a
+iEmlIYX35qWctYv/Yu9kMIkvGqpUt/+kwgb+HnH960l6olESZhs1j32xnl0uMQcB
+/dKPEudUIIALYwKCAQEAxdqUpNhJLUQfPXv7sH+/nB8rD+X/dRww9YcnoFHGd93q
+iO8mJlQgLLTZvyWBc+M3IKYVcTPrUUlFBSbeajvuSoyBCPZRHuM6ErJX51tYB7mN
+R8W1vUEN9YgdIFJEGREPLvvPVEieSsQ589KzTPq/F4dU1AiQRhnVc7IgwsxAmrCg
+3FJGy3wGqeJ9GoTT+W0iaoZHl7ECaXfUZ+OanE60jma3y1baKivGG9tn6erECFCS
+jklh1b0c7uXJshiOgIxNcKRMNWOGKY7nvydVvH6IDrkmHlxNvhSNnkOffC93yGRA
+XtVBOfhw22zfXaSGBXYucgEWXpI9QqvkozhSv2uTrQKCAQEAz1yhDNNAe5dImgYQ
+vgke+SvDl6NOUrHUUn3kfW+yb244qv5svdUdPSxTf+C65G7YDgZrbUoz/zEb0HWX
+4LKa5yVFSylLnOHBDevij6xKZB5ZpkrDDuHabqr69mehMdyMY5ICjenzJ9R1h4JB
+Wk3AGRI5YJSjAMpLwV/7kFEOHp01hnsbrBOWHyji3I0Le1f0Wpw1Kz+0GnDme5NF
+VhSvvYT+nCRQcIKLFH2JyI7+vmwuyvM1UrUMfNMGZYF9jnCWDxU85EZEDOdiE275
+hL2uNwP1LxZbDNpk+SClo9fZPpAdLYPrtLTEYeXsFDb8t428OchJN2mIggvQ+fVB
+hdl6/wKCAQABn8u8lrHzFy4SeSQVzNar122pEcBJG9QjD9r5a/JvJXk5ao0rn2Es
+PMfU09/+LY1UTUi7xytVXX6djjYhNSC9p+2fPzZnRIJDiQdDtPJCDfnk7vCQ/ym4
+LEfg7gv1ELjJL/QBwx7ZikbXg5FJPn23GbtOikt0591it8GhF8AoBO8tH9fI79m2
+J0/TmeeLkqPHsBaCXkegygUKXUn1oofE637ywmHEGtvjeqedufml/9NUK7IL6SOF
+qok/VwhEceJo3FBr18dQLAYnAZGonHlNdaOkeCmDN/P5qqByiok3Met9W87PRQTY
+KEqlICahgNjcwrmGSTkLhRG5bUrwm1d5AoIBAAxE6SBTn9gmqJhJWRD+8eQGvnAu
+CSgg/YTF3Hp2HTFCTa1tRa/b+ZXsj7hjhl6txB0FpulqXo+LSq2cKqzgKguz8XVQ
+rdDLsFdMWZHoN3qLXR6gKGosV0QGCCbiBpSpcrgvtm5sV6MyyExtbVb8a86QC0Gd
+HIDUfQfyaymM35OoVXRvZtnCb6MDwZryoK6F4HfB9Gme9CvdKvdzAOSjGhvnCKHU
+O31qnBui9odatFyoFc1/9xDOe2vgPsPLd929xFCz9vA7j1tf7TzLmhY38ynhWaor
+MyjIeM1oEZzhIdMSxt3kCp8vDykUP1caXc92g7jyyVwC1l03HzvXNHkTFSQ=
+-----END RSA PRIVATE KEY-----

test/container.yaml

@@ -13,8 +13,8 @@
 # - docker tag pgbackrest/test:{vm}-base pgbackrest/test:{vm}-base-YYYYMMDDA
 # - docker push pgbackrest/test:{vm}-base-YYYYMMDDA
 # **********************************************************************************************************************************
-20181108A:
-  u18: 06d378758d6e2f797457578039201a27c9344979
-  co6: ea59b548f8590edf6873f6c1b32d6a232bf7e1ee
-  co7: 7ce2337eeddd433b6ca9400a9c99ce444981c938
-  u12: 60f8591b9dd33a25720d3eefe3e9f39bf2884bc4
+20181121A:
+  u18: e62cd73d8e20f0bc25a1b3c4fd2bd3520ee196b3
+  co6: a7836f34b8053bc7656676c0b188b1893bc41186
+  co7: 72b99963f7bdf7b1b9d617239149d9c583819887
+  u12: d36f0ea1ff557524bc80e02d2a25daf287ebce64

test/lib/pgBackRestTest/Common/ContainerTest.pm

@@ -130,7 +130,7 @@ sub containerWrite
     $strScript =
         "# ${strTitle} Container\n" .
         "FROM ${strImageParent}" .
-        (defined($strCopy) ? "\n\n${strCopy}\n\n" : '') .
+        (defined($strCopy) ? "\n\n${strCopy}" : '') .
         (defined($strScript) && $strScript ne ''?
             "\n\nRUN echo '" . (CONTAINER_DEBUG ? 'DEBUG' : 'OPTIMIZED') . " BUILD'" . $strScript : '');
 
@@ -259,7 +259,9 @@ sub sshSetup
 ####################################################################################################################################
 sub certSetup
 {
-    return
+    my $strOS = shift;
+
+    my $strScript =
         sectionHeader() .
         "# Generate fake certs\n" .
         "    mkdir -p -m 755 /etc/fake-cert && \\\n" .
@@ -272,7 +274,34 @@ sub certSetup
         "        -subj \"/C=US/ST=Country/L=City/O=Organization/CN=*.pgbackrest.org\" && \\\n" .
         "    openssl x509 -req -in server.csr -CA ca.crt -CAkey ca.key -CAcreateserial -out server.crt -days 99999 \\\n" .
         "        -sha256 && \\\n" .
-        "    chmod 644 /etc/fake-cert/*";
+        "    chmod 644 /etc/fake-cert/* && \\\n";
+
+    my $rhVm = vmGet();
+
+    if ($rhVm->{$strOS}{&VM_OS_BASE} eq VM_OS_BASE_RHEL)
+    {
+        if ($strOS eq VM_CO6)
+        {
+            $strScript .=
+                "    update-ca-trust enable && \\\n";
+        }
+
+        $strScript .=
+            "    cp /etc/fake-cert/pgbackrest-test-ca.crt /etc/pki/ca-trust/source/anchors && \\\n" .
+            "    update-ca-trust extract";
+    }
+    elsif ($rhVm->{$strOS}{&VM_OS_BASE} eq VM_OS_BASE_DEBIAN)
+    {
+        $strScript .=
+            "    cp /etc/fake-cert/pgbackrest-test-ca.crt /usr/local/share/ca-certificates && \\\n" .
+            "    update-ca-certificates";
+    }
+    else
+    {
+        confess &log(ERROR, "unable to install certificate for $rhVm->{$strOS}{&VM_OS_BASE}");
+    }
+
+    return $strScript;
 }
 
 ####################################################################################################################################
@@ -478,7 +507,18 @@ sub containerBuild
         }
 
         #---------------------------------------------------------------------------------------------------------------------------
-        $strScript .= certSetup();
+        my $strCertPath = 'test/certificate';
+        my $strCertName = 'pgbackrest-test';
+
+        $strCopy = '# Copy Test Certificates';
+
+        foreach my $strFile ('-ca.crt', '.crt', '.key')
+        {
+            $oStorageDocker->copy("${strCertPath}/${strCertName}${strFile}", "${strTempPath}/${strCertName}${strFile}");
+            $strCopy .= "\nCOPY ${strCertName}${strFile} " . CERT_FAKE_PATH . "/${strCertName}${strFile}";
+        }
+
+        $strScript .= certSetup($strOS);
 
         #---------------------------------------------------------------------------------------------------------------------------
         if (!$bDeprecated)
@@ -629,7 +669,7 @@ sub containerBuild
 
         $strScript .= entryPointSetup($strOS);
 
-        containerWrite($oStorageDocker, $strTempPath, $strOS, 'Build', $strImageParent, $strImage, $strCopy,$strScript, $bVmForce);
+        containerWrite($oStorageDocker, $strTempPath, $strOS, 'Build', $strImageParent, $strImage, $strCopy, $strScript, $bVmForce);
 
         # Copy Devel::Cover to host so it can be installed in other containers (if it doesn't already exist)
         if ($bPkgDevelCoverBuild)