Sync eng/common directory with azure-sdk-tools for PR 15515#9931
Closed
Sync eng/common directory with azure-sdk-tools for PR 15515#9931
Conversation
Rust's default HTTP stack - reqwest - does not support a self-signed TLS certificate. Instead, we split the CA out while retaining the old dotnet-devcert.crt public key PEM. dotnet-devcert.pfx is still the key pair for the server TLS certificate, but is signed by the separate CA. This should require no code changes to other languages' test-proxy implementations. Relates to Azure/azure-sdk-for-rust#4345
azure-sdk
added
EngSys
Contributor
There was a problem hiding this comment.
Pull request overview
This PR syncs eng/common/testproxy assets from azure-sdk-tools PR 15515, updating the development certificate material and adding a helper script/configuration to regenerate the test-proxy TLS certificate chain used for local and CI test-proxy runs.
Changes:
- Add
rotate.shplus OpenSSL config files (ca.conf, updatedlocalhost.conf) to regenerate the CA + localhost leaf cert and bundle them into a PFX for the test proxy. - Update the committed CA certificate (
dotnet-devcert.crt) and add a committed leaf certificate (localhost.crt). - Add a
testproxy/.gitignoreto avoid committing generated key/CSR/serial artifacts.
Reviewed changes
Copilot reviewed 6 out of 7 changed files in this pull request and generated 3 comments.
Show a summary per file
| File | Description |
|---|---|
| eng/common/testproxy/rotate.sh | New script to generate CA + localhost cert and export a PFX bundle for test proxy usage. |
| eng/common/testproxy/localhost.crt | Adds a checked-in localhost leaf certificate generated by the rotation flow. |
| eng/common/testproxy/localhost.conf | Updates OpenSSL config for the localhost leaf cert (notably CA:false and key usage adjustments). |
| eng/common/testproxy/dotnet-devcert.crt | Replaces the committed CA certificate used for trust/chain. |
| eng/common/testproxy/ca.conf | Adds OpenSSL config for generating the self-signed CA used to sign the leaf cert. |
| eng/common/testproxy/.gitignore | Ignores generated CSR/key/serial files produced during rotation. |
Member
|
Investigating some potential issues in .NET that may exist elsewhere but don't want to keep these open forever. |
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
Add this suggestion to a batch that can be applied as a single commit.This suggestion is invalid because no changes were made to the code.Suggestions cannot be applied while the pull request is closed.Suggestions cannot be applied while viewing a subset of changes.Only one suggestion per line can be applied in a batch.Add this suggestion to a batch that can be applied as a single commit.Applying suggestions on deleted lines is not supported.You must change the existing code in this line in order to create a valid suggestion.Outdated suggestions cannot be applied.This suggestion has been applied or marked resolved.Suggestions cannot be applied from pending reviews.Suggestions cannot be applied on multi-line comments.Suggestions cannot be applied while the pull request is queued to merge.Suggestion cannot be applied right now. Please check back later.
Sync eng/common directory with azure-sdk-tools for PR Azure/azure-sdk-tools#15515 See eng/common workflow