Stop saving test certificates in your code repos. Start generating them in your tests.
func TestFunc(t *testing.T) {
// Create and write self-signed Certificate and Key to temporary files
cert, key, err := testcerts.GenerateToTempFile("/tmp/")
if err != nil {
// do something
}
defer os.Remove(key)
defer os.Remove(cert)
// Start HTTP Listener with test certificates
err = http.ListenAndServeTLS("127.0.0.1:443", cert, key, someHandler)
if err != nil {
// do something
}
}
For more complex tests, you can also use this package to create a Certificate Authority and a key pair signed by that Certificate Authority for any test domain you want.
func TestFunc(t *testing.T) {
// Generate Certificate Authority
ca := testcerts.NewCA()
go func() {
// Create a signed Certificate and Key for "localhost"
certs, err := ca.NewKeyPair("localhost")
if err != nil {
// do something
}
// Write certificates to a file
err = certs.ToFile("/tmp/cert", "/tmp/key")
if err {
// do something
}
// Start HTTP Listener
err = http.ListenAndServeTLS("localhost:443", "/tmp/cert", "/tmp/key", someHandler)
if err != nil {
// do something
}
}()
// Create a client with the self-signed CA
client := &http.Client{
Transport: &http.Transport{
TLSClientConfig: &tls.Config{
RootCAs: ca.CertPool(),
},
},
}
// Make an HTTPS request
r, _ := client.Get("https://localhost")
}
Simplify your testing, and don't hassle with certificates anymore.
If you find a bug or have an idea for a feature, please open an issue or a pull request.
testcerts is released under the MIT License. See LICENSE for details.