PropertyDamage.Nemesis.CertificateExpiry (PropertyDamage v0.2.0)
View SourceSimulate TLS/SSL certificate expiry and validation failures.
Tests how your system handles certificate-related failures, useful for verifying certificate rotation, expiry handling, and TLS error recovery.
Configuration
:failure_type- Type of certificate failure to simulate::expired- Certificate has expired:not_yet_valid- Certificate not yet valid (future start date):wrong_host- Certificate hostname mismatch:self_signed- Untrusted self-signed certificate:revoked- Certificate has been revoked
:duration_ms- How long the failure persists (default: 5000ms):target- Specific service/endpoint to affect (default::all)
Usage
This nemesis sets a flag that your adapter should check when making TLS connections:
defmodule MyAdapter do
alias PropertyDamage.Nemesis.CertificateExpiry
def connect(host, port) do
if CertificateExpiry.should_fail?() do
{:error, CertificateExpiry.get_failure()}
else
:ssl.connect(host, port, opts)
end
end
endExample
def commands do
[
{SecureAPICall, weight: 5},
{PropertyDamage.Nemesis.CertificateExpiry, weight: 1}
]
endTesting Behavior
With certificate failures, your system should:
- Detect and report the specific certificate error
- Not proceed with insecure connections
- Retry with backoff for transient issues
- Alert operators for persistent failures
Summary
Functions
Check if certificate failure simulation is currently active.
Get a human-readable description of the current failure.
Get the current certificate failure configuration.
Get the SSL/TLS error tuple for the current failure type.
Check if certificate failure should be simulated.
Functions
@spec active?() :: boolean()
Check if certificate failure simulation is currently active.
@spec failure_description() :: String.t() | nil
Get a human-readable description of the current failure.
@spec get_failure() :: map() | nil
Get the current certificate failure configuration.
Returns a map with :failure_type and :error that can be used
to simulate the appropriate TLS error.
@spec get_ssl_error() :: {:error, term()} | nil
Get the SSL/TLS error tuple for the current failure type.
Useful for returning realistic error tuples from mocked connections.
Check if certificate failure should be simulated.