Documentation
¶
Overview ¶
Package certtest provides throwaway self-signed certificate material for tests. It is the test-support companion to httpx's CA-pinning surface (CATransport and the caCertPool builder it wraps): a consumer that pins a private or self-signed CA needs a valid CA certificate to exercise its wiring, and hand-rolling the crypto/x509 dance in every such test is error-prone boilerplate.
The generated certificate is a minimal ECDSA CA valid for one hour. It is meant to be parsed and loaded into a pool (or fed to CATransport), never to secure a real production connection.
This lives in its own package rather than in httpx so the certificate-generation code is never linked into a consumer's production binary: it is reachable only from the _test.go files that import it, the same way the standard library ships net/http/httptest alongside net/http.
Index ¶
Constants ¶
This section is empty.
Variables ¶
This section is empty.
Functions ¶
func SelfSignedCA ¶
SelfSignedCA generates a throwaway self-signed CA certificate and returns it PEM-encoded. Use it to build an x509.CertPool or an httpx.CATransport in tests without touching disk or the system trust store. A fresh key is generated on every call, so certificates from separate calls are distinct and mutually untrusted (handy for asserting that a pin is actually enforced). It fails the test via tb.Fatalf on any crypto error.
func WriteSelfSignedCA ¶
WriteSelfSignedCA generates a throwaway self-signed CA certificate (see SelfSignedCA), writes it PEM-encoded to a "ca.pem" file under tb.TempDir(), and returns the path. Use it for code under test that reads a CA from a file path (for example a PLEX_CA_CERT_PATH-style setting) rather than from bytes. The file is created mode 0o600 and is removed with the test's temp dir.
Types ¶
This section is empty.