Mercurial > hg > nginx-tests

comparison ssl_verify_client.t @ 1572:f5a3b70c0f2f

Find changesets by keywords (author, files, the commit message), revision number or hash, or revset expression.
Tests: fixed ssl_verify_client.t with LibreSSL. LibreSSL started validating SNI hostnames since 3.2.0: https://github.com/openbsd/src/commit/19d7242.
author Sergey Kandaurov <pluknet@nginx.com>
date Mon, 01 Jun 2020 14:36:44 +0300
parents dbce8fb5f5f8
children f55d25e08b3e
comparison
equal deleted inserted replaced
1571:1b4ceab9cb1c 1572:f5a3b70c0f2f
93 ssl_trusted_certificate 3.example.com.crt; 93 ssl_trusted_certificate 3.example.com.crt;
94 } 94 }
95 95
96 server { 96 server {
97 listen 127.0.0.1:8081 ssl; 97 listen 127.0.0.1:8081 ssl;
98 server_name optional_no_ca; 98 server_name optional.no.ca;
99 99
100 ssl_certificate_key 1.example.com.key; 100 ssl_certificate_key 1.example.com.key;
101 ssl_certificate 1.example.com.crt; 101 ssl_certificate 1.example.com.crt;
102 102
103 ssl_verify_client optional_no_ca; 103 ssl_verify_client optional_no_ca;
104 ssl_client_certificate 2.example.com.crt; 104 ssl_client_certificate 2.example.com.crt;
105 } 105 }
106 106
107 server { 107 server {
108 listen 127.0.0.1:8081; 108 listen 127.0.0.1:8081;
109 server_name no_context; 109 server_name no.context;
110 110
111 ssl_verify_client on; 111 ssl_verify_client on;
112 } 112 }
113 } 113 }
114 114
140 140
141 ############################################################################### 141 ###############################################################################
142 142
143 like(http_get('/t'), qr/x:x/, 'plain connection'); 143 like(http_get('/t'), qr/x:x/, 'plain connection');
144 like(get('on'), qr/400 Bad Request/, 'no cert'); 144 like(get('on'), qr/400 Bad Request/, 'no cert');
145 like(get('no_context'), qr/400 Bad Request/, 'no server cert'); 145 like(get('no.context'), qr/400 Bad Request/, 'no server cert');
146 like(get('optional'), qr/NONE:x/, 'no optional cert'); 146 like(get('optional'), qr/NONE:x/, 'no optional cert');
147 like(get('optional', '1.example.com'), qr/400 Bad/, 'bad optional cert'); 147 like(get('optional', '1.example.com'), qr/400 Bad/, 'bad optional cert');
148 like(get('optional_no_ca', '1.example.com'), qr/FAILED.*BEGIN/, 148 like(get('optional.no.ca', '1.example.com'), qr/FAILED.*BEGIN/,
149 'bad optional_no_ca cert'); 149 'bad optional_no_ca cert');
150 150
151 like(get('localhost', '2.example.com'), qr/SUCCESS.*BEGIN/, 'good cert'); 151 like(get('localhost', '2.example.com'), qr/SUCCESS.*BEGIN/, 'good cert');
152 like(get('optional', '2.example.com'), qr/SUCCESS.*BEGI/, 'good cert optional'); 152 like(get('optional', '2.example.com'), qr/SUCCESS.*BEGI/, 'good cert optional');
153 like(get('optional', '3.example.com'), qr/SUCCESS.*BEGIN/, 'good cert trusted'); 153 like(get('optional', '3.example.com'), qr/SUCCESS.*BEGIN/, 'good cert trusted');