Mercurial > hg > nginx-tests
comparison ssl_certificate_chain.t @ 1815:173c9b792c2c
Tests: fixed hostname verification in ssl_certificate_chain.t.
ssl_certificate_chain.t doesn't supply the hostname expected in a tested
certificate, which causes IO::Socket::SSL to fall back to an IP address
given in PeerAddr. As of IO::Socket::SSL 2.078, verification enabled by
default for such hostnames [1] results in "hostname verification failed"
errors.
To keep tests simple, the IP address is now included in subjectAltName.
[1] https://github.com/noxxi/p5-io-socket-ssl/issues/121
author | Sergey Kandaurov <pluknet@nginx.com> |
---|---|
date | Thu, 15 Dec 2022 21:02:18 +0400 |
parents | dbce8fb5f5f8 |
children | cdcd75657e52 |
comparison
equal
deleted
inserted
replaced
1814:1d88487eafbf | 1815:173c9b792c2c |
---|---|
95 [ myca_policy ] | 95 [ myca_policy ] |
96 commonName = supplied | 96 commonName = supplied |
97 | 97 |
98 [ myca_extensions ] | 98 [ myca_extensions ] |
99 basicConstraints = critical,CA:TRUE | 99 basicConstraints = critical,CA:TRUE |
100 subjectAltName = IP:127.0.0.1 | |
100 EOF | 101 EOF |
101 | 102 |
102 foreach my $name ('root') { | 103 foreach my $name ('root') { |
103 system('openssl req -x509 -new ' | 104 system('openssl req -x509 -new ' |
104 . "-config $d/openssl.conf -subj /CN=$name/ " | 105 . "-config $d/openssl.conf -subj /CN=$name/ " |