Select single-name SSL certificate for test servers using host network

On Windows and macOS, the containers are deployed into a virtual
machine using the host network. All the containers share the same
hostname (qt-test-server), and they are connected to the same network
domain (local).

When running test in such platforms, use the single-name SSL certificate
(qt-test-server.local) for SSL related tests.

Change-Id: Idf33e01e8dd8814510d848b87b59b5fc0edc903e
Reviewed-by: Jędrzej Nowacki <jedrzej.nowacki@qt.io>

7 files changed, 56 insertions, 6 deletions

diff --git a/tests/auto/network/access/qnetworkreply/certs/qt-test-server-host-network-cacert.pem b/tests/auto/network/access/qnetworkreply/certs/qt-test-server-host-network-cacert.pem
new file mode 100644
index 0000000000..5bdce3a3f9
--- /dev/null
+++ b/tests/auto/network/access/qnetworkreply/certs/qt-test-server-host-network-cacert.pem
@@ -0,0 +1,16 @@
+-----BEGIN CERTIFICATE-----
+MIIClzCCAgACCQDeuuUc2HkfKDANBgkqhkiG9w0BAQQFADCBjzELMAkGA1UEChMC
+UXQxGTAXBgNVBAsTEENvcmUgQW5kIE5ldHdvcmsxGzAZBgkqhkiG9w0BCQEWDG5v
+Ym9keS5xdC5pbzENMAsGA1UEBxMET3NsbzENMAsGA1UECBMET3NsbzELMAkGA1UE
+BhMCTk8xHTAbBgNVBAMTFHF0LXRlc3Qtc2VydmVyLmxvY2FsMB4XDTE5MDEyNTE1
+NDE0N1oXDTQ5MDExNzE1NDE0N1owgY8xCzAJBgNVBAoTAlF0MRkwFwYDVQQLExBD
+b3JlIEFuZCBOZXR3b3JrMRswGQYJKoZIhvcNAQkBFgxub2JvZHkucXQuaW8xDTAL
+BgNVBAcTBE9zbG8xDTALBgNVBAgTBE9zbG8xCzAJBgNVBAYTAk5PMR0wGwYDVQQD
+ExRxdC10ZXN0LXNlcnZlci5sb2NhbDCBnzANBgkqhkiG9w0BAQEFAAOBjQAwgYkC
+gYEAzarbb9Y0yafxwL7kQRgZ4gLJIuan1boDLp4oevRfGndfd6kRO49+8C7Gnus6
+2RLXwQxR6CRSPyPDQgwRxvIcoUL+tMJpg633cLEYFcwgKGIw8CwV5jMZr8PrHMCR
+9xFolFD4STcIMtc+dd+jvGkAFd7Nhw9cAmuCyAF9avAd3HMCAwEAATANBgkqhkiG
+9w0BAQQFAAOBgQB1dxK3Ia4sCpvSikKLaf1ZXu+9GKaNWKJe9bWex9/RmNOla9N2
+FIh6/CfaPFDy/OXCkyEiGg78iyg/DgqVoa9JJGV3diI6berisHMPJpv1syyz9YEU
+G3RQUClPcPV6EcedyqCdpbnIFtiSZbtJ0ZBGef4KzBN3rTmPucKb+bhMPg==
+-----END CERTIFICATE-----
diff --git a/tests/auto/network/access/qnetworkreply/tst_qnetworkreply.cpp b/tests/auto/network/access/qnetworkreply/tst_qnetworkreply.cpp
index 61f0f70ea7..0d6828797a 100644
--- a/tests/auto/network/access/qnetworkreply/tst_qnetworkreply.cpp
+++ b/tests/auto/network/access/qnetworkreply/tst_qnetworkreply.cpp
@@ -550,8 +550,15 @@ static void setupSslServer(QSslSocket* serverSocket)
 }
 
 #ifdef QT_TEST_SERVER
+#ifdef QT_TEST_SERVER_NAME
+// In this case, each server is assigned a unique hostname. Use the wildcard SSL
+// certificate (*.test-net.qt.local).
 const QString tst_QNetworkReply::certsFilePath = "/certs/qt-test-net-cacert.pem";
 #else
+// Otherwise, select the single-name SSL certificate (qt-test-server.local) instead.
+const QString tst_QNetworkReply::certsFilePath = "/certs/qt-test-server-host-network-cacert.pem";
+#endif // QT_TEST_SERVER_NAME
+#else
 const QString tst_QNetworkReply::certsFilePath = "/certs/qt-test-server-cacert.pem";
 #endif
 
diff --git a/tests/auto/testserver.pri b/tests/auto/testserver.pri
index 0042571115..54c8b51d49 100644
--- a/tests/auto/testserver.pri
+++ b/tests/auto/testserver.pri
@@ -62,7 +62,19 @@ isEmpty(TESTSERVER_VERSION) {
     # Make check with server "qt-test-server.qt-test-net" as a fallback
 } else {
     # Make check with docker test servers
-    DNSDOMAIN = test-net.qt.local
+    equals(QMAKE_HOST.os, Linux) {
+        # For the platform supporting docker bridge network, each container is
+        # assigned a unique hostname and connected to the same network domain
+        # to communicate with the others.
+        DEFINES += QT_TEST_SERVER_NAME
+        DNSDOMAIN = test-net.qt.local
+    } else {
+        # For the others, the containers are deployed into a virtual machine
+        # using the host network. All the containers share the same hostname of
+        # the virtual machine, and they are connected to the same network domain.
+        # NOTE: In Windows, Apple Bonjour only works within a single local domain.
+        DNSDOMAIN = local
+    }
 
     equals(QMAKE_HOST.os, Darwin) {
         # There is no docker bridge on macOS. It is impossible to ping a container.
@@ -86,9 +98,6 @@ isEmpty(TESTSERVER_VERSION) {
         TESTSERVER_COMPOSE_FILE = \
             $$dirname(_QMAKE_CONF_)/tests/testserver/docker-compose-for-windows.yml
 
-        # Bonjour only works within a single broadcast domain.
-        DNSDOMAIN = local
-
         # The connection configuration for the target machine
         MACHINE_CONFIG = (docker-machine config qt-test-server)
 
@@ -104,7 +113,6 @@ isEmpty(TESTSERVER_VERSION) {
         CONFIG += PowerShell
     } else {
         TESTSERVER_COMPOSE_FILE = $$dirname(_QMAKE_CONF_)/tests/testserver/docker-compose.yml
-        DEFINES += QT_TEST_SERVER_NAME
 
         # The environment variables passed to the docker-compose file
         TEST_ENV = 'TEST_DOMAIN=$$DNSDOMAIN'
diff --git a/tests/testserver/common/ssl.sh b/tests/testserver/common/ssl.sh
index 8a4728ad4d..2593a22979 100755
--- a/tests/testserver/common/ssl.sh
+++ b/tests/testserver/common/ssl.sh
@@ -35,5 +35,6 @@ set -ex
 
 # install ssl_certs and test data
 su $USER -c "mkdir -p -m 700 ~/ssl-certs/private"
-su $USER -c "cp $CONFIG/ssl/qt-test-server-cert.pem ~/ssl-certs/"
+su $USER -c \
+    "cp $CONFIG/ssl/${test_cert:-qt-test-server-cert.pem} ~/ssl-certs/qt-test-server-cert.pem"
 su $USER -c "cp $CONFIG/ssl/private/qt-test-server-key.pem ~/ssl-certs/private/"
diff --git a/tests/testserver/common/testdata/ssl/qt-test-server-host-network-cacert.pem b/tests/testserver/common/testdata/ssl/qt-test-server-host-network-cacert.pem
new file mode 100644
index 0000000000..5bdce3a3f9
--- /dev/null
+++ b/tests/testserver/common/testdata/ssl/qt-test-server-host-network-cacert.pem
@@ -0,0 +1,16 @@
+-----BEGIN CERTIFICATE-----
+MIIClzCCAgACCQDeuuUc2HkfKDANBgkqhkiG9w0BAQQFADCBjzELMAkGA1UEChMC
+UXQxGTAXBgNVBAsTEENvcmUgQW5kIE5ldHdvcmsxGzAZBgkqhkiG9w0BCQEWDG5v
+Ym9keS5xdC5pbzENMAsGA1UEBxMET3NsbzENMAsGA1UECBMET3NsbzELMAkGA1UE
+BhMCTk8xHTAbBgNVBAMTFHF0LXRlc3Qtc2VydmVyLmxvY2FsMB4XDTE5MDEyNTE1
+NDE0N1oXDTQ5MDExNzE1NDE0N1owgY8xCzAJBgNVBAoTAlF0MRkwFwYDVQQLExBD
+b3JlIEFuZCBOZXR3b3JrMRswGQYJKoZIhvcNAQkBFgxub2JvZHkucXQuaW8xDTAL
+BgNVBAcTBE9zbG8xDTALBgNVBAgTBE9zbG8xCzAJBgNVBAYTAk5PMR0wGwYDVQQD
+ExRxdC10ZXN0LXNlcnZlci5sb2NhbDCBnzANBgkqhkiG9w0BAQEFAAOBjQAwgYkC
+gYEAzarbb9Y0yafxwL7kQRgZ4gLJIuan1boDLp4oevRfGndfd6kRO49+8C7Gnus6
+2RLXwQxR6CRSPyPDQgwRxvIcoUL+tMJpg633cLEYFcwgKGIw8CwV5jMZr8PrHMCR
+9xFolFD4STcIMtc+dd+jvGkAFd7Nhw9cAmuCyAF9avAd3HMCAwEAATANBgkqhkiG
+9w0BAQQFAAOBgQB1dxK3Ia4sCpvSikKLaf1ZXu+9GKaNWKJe9bWex9/RmNOla9N2
+FIh6/CfaPFDy/OXCkyEiGg78iyg/DgqVoa9JJGV3diI6berisHMPJpv1syyz9YEU
+G3RQUClPcPV6EcedyqCdpbnIFtiSZbtJ0ZBGef4KzBN3rTmPucKb+bhMPg==
+-----END CERTIFICATE-----
diff --git a/tests/testserver/docker-compose-for-macOS.yml b/tests/testserver/docker-compose-for-macOS.yml
index bbd1f71a62..aa610dfb88 100644
--- a/tests/testserver/docker-compose-for-macOS.yml
+++ b/tests/testserver/docker-compose-for-macOS.yml
@@ -25,6 +25,7 @@ services:
             - "qt-test-server.${TEST_DOMAIN}:${MACHINE_IP}"
         environment:
             - test_domain=${TEST_DOMAIN}
+            - test_cert="qt-test-server-host-network-cacert.pem"
 
     squid:
         image: qt-test-server-squid:9c32f41b19aca3d778733c4d8fb0ecc5955e893c
diff --git a/tests/testserver/docker-compose-for-windows.yml b/tests/testserver/docker-compose-for-windows.yml
index bbd1f71a62..aa610dfb88 100644
--- a/tests/testserver/docker-compose-for-windows.yml
+++ b/tests/testserver/docker-compose-for-windows.yml
@@ -25,6 +25,7 @@ services:
             - "qt-test-server.${TEST_DOMAIN}:${MACHINE_IP}"
         environment:
             - test_domain=${TEST_DOMAIN}
+            - test_cert="qt-test-server-host-network-cacert.pem"
 
     squid:
         image: qt-test-server-squid:9c32f41b19aca3d778733c4d8fb0ecc5955e893c