From db4e0e08a4962e898537e01bca65d544708eb0e2 Mon Sep 17 00:00:00 2001
From: Adam Wick <awick@fastly.com>
Date: Wed, 9 Aug 2023 07:49:49 -0700
Subject: [PATCH] =?UTF-8?q?=F0=9F=8F=9E=20Use=20an=20environment=20variabl?=
 =?UTF-8?q?e=20to=20muck=20with=20the=20root=20certs=20in=20tests=20(#302)?=
MIME-Version: 1.0
Content-Type: text/plain; charset=UTF-8
Content-Transfer-Encoding: 8bit

---
 cli/tests/integration/client_certs.rs |  4 ++++
 lib/src/upstream.rs                   | 15 ---------------
 2 files changed, 4 insertions(+), 15 deletions(-)

diff --git a/cli/tests/integration/client_certs.rs b/cli/tests/integration/client_certs.rs
index 8704f8eb..440d312d 100644
--- a/cli/tests/integration/client_certs.rs
+++ b/cli/tests/integration/client_certs.rs
@@ -130,6 +130,10 @@ fn build_server_tls_config() -> ServerConfig {
 #[tokio::test(flavor = "multi_thread")]
 async fn client_certs_work() -> TestResult {
     // Set up the test harness
+    std::env::set_var(
+        "SSL_CERT_FILE",
+        concat!(env!("CARGO_MANIFEST_DIR"), "/../test-fixtures/data/ca.pem"),
+    );
     let test = Test::using_fixture("mutual-tls.wasm");
     let server_addr: SocketAddr = "127.0.0.1:0".parse().expect("localhost parses");
     let incoming = AddrIncoming::bind(&server_addr).expect("bind");
diff --git a/lib/src/upstream.rs b/lib/src/upstream.rs
index 353d7a90..58e5404f 100644
--- a/lib/src/upstream.rs
+++ b/lib/src/upstream.rs
@@ -56,21 +56,6 @@ impl TlsConfig {
             warn!("no CA certificates available");
         }
 
-        static TEST_CA_PEM: &[u8] = include_bytes!(concat!(
-            env!("CARGO_MANIFEST_DIR"),
-            "/../test-fixtures/data/ca.pem"
-        ));
-        let mut test_ca_cursor = std::io::Cursor::new(TEST_CA_PEM);
-        // we're OK with all of the rest of this failing, because it could just be an odd build
-        // and this is only used in testing. obviously, if this doesn't work during a testing
-        // run, then the test will fail (with an invalid peer certificate), so we're covered on
-        // that side.
-        if let Ok(certs) = rustls_pemfile::certs(&mut test_ca_cursor) {
-            for cert in certs {
-                let _ = roots.add(&rustls::Certificate(cert));
-            }
-        }
-
         let partial_config = rustls::ClientConfig::builder()
             .with_safe_defaults()
             .with_root_certificates(roots);