[trafficserver] branch master updated: Add addreess checks to cert selection test.

Mon, 07 Jan 2019 09:17:20 -0800 

This is an automated email from the ASF dual-hosted git repository.

bcall pushed a commit to branch master
in repository https://gitbox.apache.org/repos/asf/trafficserver.git


The following commit(s) were added to refs/heads/master by this push:
     new bbe91a0  Add addreess checks to cert selection test.
bbe91a0 is described below

commit bbe91a0fe80b23da8369b114ba947c40b0cb8c42
Author: Susan Hinrichs <[email protected]>
AuthorDate: Fri Jan 4 15:05:20 2019 +0000

    Add addreess checks to cert selection test.
---
 .../tls/tls_check_cert_selection.test.py           | 28 +++++++++++++++++++++-
 1 file changed, 27 insertions(+), 1 deletion(-)

diff --git a/tests/gold_tests/tls/tls_check_cert_selection.test.py 
b/tests/gold_tests/tls/tls_check_cert_selection.test.py
index 01684d6..b029af5 100644
--- a/tests/gold_tests/tls/tls_check_cert_selection.test.py
+++ b/tests/gold_tests/tls/tls_check_cert_selection.test.py
@@ -51,7 +51,7 @@ ts.Disk.remap_config.AddLine(
     'map / https://foo.com:{1}'.format(ts.Variables.ssl_port, 
server.Variables.Port))
 
 ts.Disk.ssl_multicert_config.AddLines([
-    'ssl_cert_name=signed-foo.pem ssl_key_name=signed-foo.key',
+    'dest_ip=127.0.0.1 ssl_cert_name=signed-foo.pem 
ssl_key_name=signed-foo.key',
     'ssl_cert_name=signed2-bar.pem ssl_key_name=signed-bar.key',
     'dest_ip=* ssl_cert_name=server.pem ssl_key_name=server.key'
 ])
@@ -104,3 +104,29 @@ tr2.Processes.Default.Streams.All += 
Testers.ExcludesExpression(" CN=bar.com", "
 tr.Processes.Default.Streams.All += Testers.ContainsExpression(" HTTP/2 404", 
"Should make an exchange")
 tr2.TimeOut = 5
 
+# Should receive random.server.com
+tr2 = Test.AddTestRun("random.server.com cert")
+tr2.Processes.Default.Command = "curl -v -k --resolve 
'random.server.com:{0}:127.0.0.1' 
https://random.server.com:{0}".format(ts.Variables.ssl_port)
+tr2.ReturnCode = 0
+tr2.StillRunningAfter = server
+tr2.Processes.Default.TimeOut = 5
+tr2.StillRunningAfter = ts
+tr2.Processes.Default.Streams.All = Testers.ExcludesExpression("Could Not 
Connect", "Curl attempt should have succeeded")
+tr2.Processes.Default.Streams.All += Testers.ContainsExpression(" 
CN=random.server.com", "Cert should contain random.server.com")
+tr2.Processes.Default.Streams.All += Testers.ExcludesExpression(" CN=foo.com", 
"Cert should not contain foo.com")
+tr2.Processes.Default.Streams.All += Testers.ExcludesExpression(" CN=bar.com", 
"Cert should not contain bar.com")
+tr.Processes.Default.Streams.All += Testers.ContainsExpression(" HTTP/2 404", 
"Should make an exchange")
+
+# No SNI match should match specific IP address, foo.com
+# SNI name and returned cert name will not match, so must use -k to avoid cert 
verification
+tr2 = Test.AddTestRun("Bad SNI")
+tr2.Processes.Default.Command = "curl -v -k --cacert signer.pem --resolve 
'bad.sni.com:{0}:127.0.0.1' 
https://bad.sni.com:{0}".format(ts.Variables.ssl_port)
+tr2.ReturnCode = 0
+tr2.StillRunningAfter = server
+tr2.Processes.Default.TimeOut = 5
+tr2.StillRunningAfter = ts
+tr2.Processes.Default.Streams.All = Testers.ExcludesExpression("Could Not 
Connect", "Curl attempt should have succeeded")
+tr2.Processes.Default.Streams.All += Testers.ContainsExpression(" CN=foo.com", 
"Cert should contain foo.com")
+tr2.Processes.Default.Streams.All += Testers.ExcludesExpression(" CN=bar.com", 
"Cert should not contain bar.com")
+tr.Processes.Default.Streams.All += Testers.ContainsExpression(" HTTP/2 404", 
"Should make an exchange")
+

Reply via email to