Sync eng/common directory with azure-sdk-tools for PR 15515#4354
Closed
Sync eng/common directory with azure-sdk-tools for PR 15515#4354
Conversation
Rust's default HTTP stack - reqwest - does not support a self-signed TLS certificate. Instead, we split the CA out while retaining the old dotnet-devcert.crt public key PEM. dotnet-devcert.pfx is still the key pair for the server TLS certificate, but is signed by the separate CA. This should require no code changes to other languages' test-proxy implementations. Relates to #4345
azure-sdk
added
EngSys
Contributor
There was a problem hiding this comment.
Pull request overview
Syncs eng/common/testproxy certificate artifacts and tooling with azure-sdk-tools PR 15515 by introducing an OpenSSL-based certificate rotation flow (CA + leaf cert) for the test proxy’s HTTPS setup.
Changes:
- Added
rotate.shto regenerate a self-signed CA, a localhost leaf cert, and a bundled PFX for Kestrel/test-proxy usage. - Updated certificate/config files to use a CA (
dotnet-devcert.crt) and a non-CA localhost leaf (localhost.crt/localhost.conf). - Added a local
.gitignoreto prevent generated key/CSR/serial artifacts from being committed.
Reviewed changes
Copilot reviewed 6 out of 7 changed files in this pull request and generated 3 comments.
Show a summary per file
| File | Description |
|---|---|
| eng/common/testproxy/rotate.sh | Adds a rotation script to regenerate CA/leaf certs and the PFX bundle for the test proxy. |
| eng/common/testproxy/localhost.crt | Adds the committed localhost leaf certificate. |
| eng/common/testproxy/localhost.conf | Updates OpenSSL config to produce a proper leaf certificate (CA:false) for localhost. |
| eng/common/testproxy/dotnet-devcert.crt | Replaces the committed CA certificate used for trust installation and chaining. |
| eng/common/testproxy/ca.conf | Adds OpenSSL config for generating the self-signed CA cert. |
| eng/common/testproxy/.gitignore | Ignores generated .key, .csr, and .srl artifacts in the testproxy folder. |
Member
|
Investigating some potential issues in .NET that may exist elsewhere but don't want to keep these open forever. |
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
Add this suggestion to a batch that can be applied as a single commit.This suggestion is invalid because no changes were made to the code.Suggestions cannot be applied while the pull request is closed.Suggestions cannot be applied while viewing a subset of changes.Only one suggestion per line can be applied in a batch.Add this suggestion to a batch that can be applied as a single commit.Applying suggestions on deleted lines is not supported.You must change the existing code in this line in order to create a valid suggestion.Outdated suggestions cannot be applied.This suggestion has been applied or marked resolved.Suggestions cannot be applied from pending reviews.Suggestions cannot be applied on multi-line comments.Suggestions cannot be applied while the pull request is queued to merge.Suggestion cannot be applied right now. Please check back later.
Sync eng/common directory with azure-sdk-tools for PR Azure/azure-sdk-tools#15515 See eng/common workflow