Adds a regression test for the tls client authentication diff from my last post.
Index: tests/Client.pm =================================================================== RCS file: /cvs/src/regress/usr.sbin/httpd/tests/Client.pm,v retrieving revision 1.1 diff -u -p -r1.1 Client.pm --- tests/Client.pm 16 Jul 2015 16:35:57 -0000 1.1 +++ tests/Client.pm 16 May 2018 08:04:54 -0000 @@ -59,6 +59,11 @@ sub child { PeerAddr => $self->{connectaddr}, PeerPort => $self->{connectport}, SSL_verify_mode => SSL_VERIFY_NONE, + SSL_use_cert => $self->{offertlscert} ? 1 : 0, + SSL_cert_file => $self->{offertlscert} ? + $self->{chroot}."/client.crt" : "", + SSL_key_file => $self->{offertlscert} ? + $self->{chroot}."/client.key" : "", ) or die ref($self), " $iosocket socket connect failed: $!,$SSL_ERROR"; print STDERR "connect sock: ",$cs->sockhost()," ",$cs->sockport(),"\n"; print STDERR "connect peer: ",$cs->peerhost()," ",$cs->peerport(),"\n"; Index: tests/Httpd.pm =================================================================== RCS file: /cvs/src/regress/usr.sbin/httpd/tests/Httpd.pm,v retrieving revision 1.2 diff -u -p -r1.2 Httpd.pm --- tests/Httpd.pm 30 Jan 2017 21:18:24 -0000 1.2 +++ tests/Httpd.pm 16 May 2018 08:04:54 -0000 @@ -72,6 +72,8 @@ sub new { print $fh "\n"; print $fh "\ttls certificate \"".$args{chroot}."/server.crt\"\n"; print $fh "\ttls key \"".$args{chroot}."/server.key\""; + $self->{verifytls} + and print $fh "\n\ttls client ca \"".$args{chroot}."/ca.crt\""; } print $fh "\n\troot \"/\""; print $fh "\n\tlog style combined"; Index: tests/Makefile =================================================================== RCS file: /cvs/src/regress/usr.sbin/httpd/tests/Makefile,v retrieving revision 1.9 diff -u -p -r1.9 Makefile --- tests/Makefile 10 Nov 2017 23:29:09 -0000 1.9 +++ tests/Makefile 16 May 2018 08:04:54 -0000 @@ -77,10 +77,16 @@ ca.crt: server.req: openssl req -batch -new -subj /L=OpenBSD/O=httpd-regress/OU=server/CN=localhost/ -nodes -newkey rsa -keyout server.key -out server.req +client.req: + openssl req -batch -new -subj /L=OpenBSD/O=httpd-regress/OU=client/CN=localhost/ -nodes -newkey rsa -keyout client.key -out $@ + server.crt: ca.crt server.req openssl x509 -CAcreateserial -CAkey ca.key -CA ca.crt -req -in server.req -out server.crt -${REGRESS_TARGETS:M*tls*} ${REGRESS_TARGETS:M*https*}: server.crt +client.crt: ca.crt client.req + openssl x509 -CAcreateserial -CAkey ca.key -CA ca.crt -req -in client.req -out $@ + +${REGRESS_TARGETS:M*tls*} ${REGRESS_TARGETS:M*https*}: server.crt client.crt # make perl syntax check for all args files Index: tests/args-tls-verify.pl =================================================================== RCS file: tests/args-tls-verify.pl diff -N tests/args-tls-verify.pl --- /dev/null 1 Jan 1970 00:00:00 -0000 +++ tests/args-tls-verify.pl 16 May 2018 08:04:54 -0000 @@ -0,0 +1,20 @@ +# test https connection, verifying client cert + +use strict; +use warnings; + +our %args = ( + client => { + tls => 1, + offertlscert => 1, + loggrep => 'Issuer.*/OU=ca/', + }, + httpd => { + listentls => 1, + verifytls => 1, + }, + len => 512, + md5 => path_md5("512") +); + +1;