Mercurial > hg > nginx-tests
comparison ssl_verify_client.t @ 1572:f5a3b70c0f2f
Tests: fixed ssl_verify_client.t with LibreSSL.
LibreSSL started validating SNI hostnames since 3.2.0:
https://github.com/openbsd/src/commit/19d7242.
author | Sergey Kandaurov <pluknet@nginx.com> |
---|---|
date | Mon, 01 Jun 2020 14:36:44 +0300 |
parents | dbce8fb5f5f8 |
children | f55d25e08b3e |
comparison
equal
deleted
inserted
replaced
1571:1b4ceab9cb1c | 1572:f5a3b70c0f2f |
---|---|
93 ssl_trusted_certificate 3.example.com.crt; | 93 ssl_trusted_certificate 3.example.com.crt; |
94 } | 94 } |
95 | 95 |
96 server { | 96 server { |
97 listen 127.0.0.1:8081 ssl; | 97 listen 127.0.0.1:8081 ssl; |
98 server_name optional_no_ca; | 98 server_name optional.no.ca; |
99 | 99 |
100 ssl_certificate_key 1.example.com.key; | 100 ssl_certificate_key 1.example.com.key; |
101 ssl_certificate 1.example.com.crt; | 101 ssl_certificate 1.example.com.crt; |
102 | 102 |
103 ssl_verify_client optional_no_ca; | 103 ssl_verify_client optional_no_ca; |
104 ssl_client_certificate 2.example.com.crt; | 104 ssl_client_certificate 2.example.com.crt; |
105 } | 105 } |
106 | 106 |
107 server { | 107 server { |
108 listen 127.0.0.1:8081; | 108 listen 127.0.0.1:8081; |
109 server_name no_context; | 109 server_name no.context; |
110 | 110 |
111 ssl_verify_client on; | 111 ssl_verify_client on; |
112 } | 112 } |
113 } | 113 } |
114 | 114 |
140 | 140 |
141 ############################################################################### | 141 ############################################################################### |
142 | 142 |
143 like(http_get('/t'), qr/x:x/, 'plain connection'); | 143 like(http_get('/t'), qr/x:x/, 'plain connection'); |
144 like(get('on'), qr/400 Bad Request/, 'no cert'); | 144 like(get('on'), qr/400 Bad Request/, 'no cert'); |
145 like(get('no_context'), qr/400 Bad Request/, 'no server cert'); | 145 like(get('no.context'), qr/400 Bad Request/, 'no server cert'); |
146 like(get('optional'), qr/NONE:x/, 'no optional cert'); | 146 like(get('optional'), qr/NONE:x/, 'no optional cert'); |
147 like(get('optional', '1.example.com'), qr/400 Bad/, 'bad optional cert'); | 147 like(get('optional', '1.example.com'), qr/400 Bad/, 'bad optional cert'); |
148 like(get('optional_no_ca', '1.example.com'), qr/FAILED.*BEGIN/, | 148 like(get('optional.no.ca', '1.example.com'), qr/FAILED.*BEGIN/, |
149 'bad optional_no_ca cert'); | 149 'bad optional_no_ca cert'); |
150 | 150 |
151 like(get('localhost', '2.example.com'), qr/SUCCESS.*BEGIN/, 'good cert'); | 151 like(get('localhost', '2.example.com'), qr/SUCCESS.*BEGIN/, 'good cert'); |
152 like(get('optional', '2.example.com'), qr/SUCCESS.*BEGI/, 'good cert optional'); | 152 like(get('optional', '2.example.com'), qr/SUCCESS.*BEGI/, 'good cert optional'); |
153 like(get('optional', '3.example.com'), qr/SUCCESS.*BEGIN/, 'good cert trusted'); | 153 like(get('optional', '3.example.com'), qr/SUCCESS.*BEGIN/, 'good cert trusted'); |