Mercurial > hg > nginx-tests
comparison ssl_certificate_chain.t @ 1815:173c9b792c2c
Tests: fixed hostname verification in ssl_certificate_chain.t.
ssl_certificate_chain.t doesn't supply the hostname expected in a tested
certificate, which causes IO::Socket::SSL to fall back to an IP address
given in PeerAddr. As of IO::Socket::SSL 2.078, verification enabled by
default for such hostnames [1] results in "hostname verification failed"
errors.
To keep tests simple, the IP address is now included in subjectAltName.
[1] https://github.com/noxxi/p5-io-socket-ssl/issues/121
| author | Sergey Kandaurov <pluknet@nginx.com> |
|---|---|
| date | Thu, 15 Dec 2022 21:02:18 +0400 |
| parents | dbce8fb5f5f8 |
| children | cdcd75657e52 |
comparison
equal
deleted
inserted
replaced
| 1814:1d88487eafbf | 1815:173c9b792c2c |
|---|---|
| 95 [ myca_policy ] | 95 [ myca_policy ] |
| 96 commonName = supplied | 96 commonName = supplied |
| 97 | 97 |
| 98 [ myca_extensions ] | 98 [ myca_extensions ] |
| 99 basicConstraints = critical,CA:TRUE | 99 basicConstraints = critical,CA:TRUE |
| 100 subjectAltName = IP:127.0.0.1 | |
| 100 EOF | 101 EOF |
| 101 | 102 |
| 102 foreach my $name ('root') { | 103 foreach my $name ('root') { |
| 103 system('openssl req -x509 -new ' | 104 system('openssl req -x509 -new ' |
| 104 . "-config $d/openssl.conf -subj /CN=$name/ " | 105 . "-config $d/openssl.conf -subj /CN=$name/ " |