mirror of
https://github.com/mirror/wget.git
synced 2025-01-27 12:50:13 +08:00
Added new tests for SSL
* tests/Test-https-badcerts.px : New file * tests/Test-https-clientcert.px : New file * tests/Test-https-crl.px : New file * tests/Test-https-weboftrust.px : New file * tests/certs/interca.conf : New file * tests/certs/rootca.conf : New file * tests/certs/test-ca-key.pem : New file Added all new SSL / HTTPS tests to make check Added Test for SSL Web of Trust, accept only if CA chain of trust is intact. Added a test script for client certificate Added Test for crlfile option of wget Added test to make sure that wget doesn't accept expired or invalid certs Some clean up : 1, Removed cause of warnings from perl & other cosmetic changes 2, Fix make -j 4 check such that it passes all tests
This commit is contained in:
parent
0b41c7543a
commit
2a96249469
@ -46,6 +46,7 @@ sub init
|
||||
|
||||
%ssl_params = %sargs;
|
||||
unless (exists($ssl_params{'lhostname'}) &&
|
||||
exists($ssl_params{'sslport'}) &&
|
||||
exists($ssl_params{'ciphers'}) &&
|
||||
exists($ssl_params{'cafile'}) &&
|
||||
exists($ssl_params{'certfile'}) &&
|
||||
@ -57,7 +58,7 @@ sub init
|
||||
sub ssl_setup_conn
|
||||
{
|
||||
$sslsock = IO::Socket::SSL->new(LocalAddr => $ssl_params{'lhostname'},
|
||||
LocalPort => 55443,
|
||||
LocalPort => $ssl_params{'sslport'},
|
||||
Listen => 10,
|
||||
Timeout => 30,
|
||||
ReuseAddr => 1,
|
||||
|
@ -16,6 +16,7 @@ my %ssl_defaults = (
|
||||
_cafile => "certs/test-ca-cert.pem",
|
||||
_ciphers => 'ALL',
|
||||
_lhostname => 'wgettestingserver',
|
||||
_sslport => 55443,
|
||||
);
|
||||
|
||||
{
|
||||
|
@ -20,10 +20,17 @@ my %urls = (
|
||||
},
|
||||
);
|
||||
|
||||
# Skip the test if openssl is not available
|
||||
my $ossl = `openssl version`;
|
||||
unless ($ossl =~ m/OpenSSL 1/)
|
||||
{
|
||||
exit 77;
|
||||
}
|
||||
|
||||
my $cdir = $ENV{'PWD'};
|
||||
|
||||
# HOSTALIASES env variable allows us to create hosts file alias.
|
||||
my $testhostname = "wgettesterr";
|
||||
my $testhostname = "WgetTestingServer";
|
||||
my $testhostfile = "$cdir/wgethosts";
|
||||
open(my $fh, '>', $testhostfile);
|
||||
print $fh "$testhostname 127.0.0.1\n";
|
||||
@ -52,9 +59,9 @@ my $cacrt = "$cdir/certs/test-ca-cert.pem";
|
||||
my $cakey = "$cdir/certs/test-ca-key.pem";
|
||||
|
||||
# Prepare expired server certificate
|
||||
my $servercrt = "certs/tmpserver.crt";
|
||||
my $serverkey = "certs/tmpserver.key";
|
||||
my $servercsr = "$cdir/certs/tmpserver.csr";
|
||||
my $servercrt = "certs/tmpserver3.crt";
|
||||
my $serverkey = "certs/tmpserver3.key";
|
||||
my $servercsr = "$cdir/certs/tmpserver3.csr";
|
||||
my $enddate = strftime "%y%m%d%H%M%S%z", localtime(time-86400);
|
||||
my $startdate = strftime "%y%m%d%H%M%S%z", localtime(time+86400);
|
||||
my $serversubj = "/C=US/ST=CA/L=Server Mystery Spot/O=Serv/CN=".
|
||||
@ -77,8 +84,9 @@ unless(-e $servercrt && -e $serverkey && $servercheck == 1)
|
||||
}
|
||||
|
||||
# Try Wget using SSL with expired cert. Expect Failure.
|
||||
my $port = 60443;
|
||||
my $cmdline = $WgetTest::WGETPATH . " --ca-certificate=$cacrt".
|
||||
" https://$testhostname:55443/somefile.txt";
|
||||
" https://$testhostname:$port/somefile.txt";
|
||||
my $expected_error_code = 5;
|
||||
my %existing_files = (
|
||||
);
|
||||
@ -96,7 +104,8 @@ my $sslsock = SSLTest->new(cmdline => $cmdline,
|
||||
output => \%expected_downloaded_files,
|
||||
certfile => $servercrt,
|
||||
keyfile => $serverkey,
|
||||
lhostname => $testhostname);
|
||||
lhostname => $testhostname,
|
||||
sslport => $port);
|
||||
if ($sslsock->run() == 0)
|
||||
{
|
||||
exit -1;
|
||||
@ -123,8 +132,9 @@ unless(-e $servercrt && -e $serverkey && $servercheck == 1)
|
||||
|
||||
|
||||
# Retry the test with --no-check-certificate. expect success
|
||||
$port = 50443;
|
||||
$cmdline = $WgetTest::WGETPATH . " --ca-certificate=$cacrt".
|
||||
" https://$testhostname:55443/somefile.txt";
|
||||
" https://$testhostname:$port/somefile.txt";
|
||||
|
||||
$expected_error_code = 5;
|
||||
|
||||
@ -135,7 +145,8 @@ my $retryssl = SSLTest->new(cmdline => $cmdline,
|
||||
output => \%expected_downloaded_files,
|
||||
certfile => $servercrt,
|
||||
keyfile => $serverkey,
|
||||
lhostname => $testhostname);
|
||||
lhostname => $testhostname,
|
||||
sslport => $port);
|
||||
if ($retryssl->run() == 0)
|
||||
{
|
||||
exit 0;
|
||||
|
@ -19,10 +19,17 @@ my %urls = (
|
||||
},
|
||||
);
|
||||
|
||||
# Skip the test if openssl is not available
|
||||
my $ossl = `openssl version`;
|
||||
unless ($ossl =~ m/OpenSSL 1/)
|
||||
{
|
||||
exit 77;
|
||||
}
|
||||
|
||||
my $cdir = $ENV{'PWD'};
|
||||
|
||||
# HOSTALIASES env variable allows us to create hosts file alias.
|
||||
my $testhostname = "wgettesterr";
|
||||
my $testhostname = "WgetTestingServer";
|
||||
my $testhostfile = "$cdir/wgethosts";
|
||||
open(my $fh, '>', $testhostfile);
|
||||
print $fh "$testhostname 127.0.0.1\n";
|
||||
@ -50,8 +57,8 @@ my $cacrt = "$cdir/certs/test-ca-cert.pem";
|
||||
my $cakey = "$cdir/certs/test-ca-key.pem";
|
||||
|
||||
# Prepare server certificate
|
||||
my $servercrt = "certs/tmpserver.crt";
|
||||
my $serverkey = "certs/tmpserver.key";
|
||||
my $servercrt = "certs/tmpserver1.crt";
|
||||
my $serverkey = "certs/tmpserver1.key";
|
||||
my $servercsr = "$cdir/certs/tmpserver.csr";
|
||||
my $serversubj = "/C=US/ST=CA/L=Server Mystery Spot/O=Serv/CN=".
|
||||
"$testhostname/emailAddress=servertester";
|
||||
@ -95,10 +102,11 @@ unless(-e $clientcert && -e $clientkey && $clientcheck == 1)
|
||||
}
|
||||
|
||||
# Try Wget using SSL with mismatched client cert & key . Expect error
|
||||
my $port = 51443;
|
||||
my $cmdline = $WgetTest::WGETPATH . " --certificate=$clientcert ".
|
||||
" --private-key=$serverkey ".
|
||||
" --ca-certificate=$cacrt".
|
||||
" https://$testhostname:55443/somefile.txt";
|
||||
" https://$testhostname:$port/somefile.txt";
|
||||
my $expected_error_code = 5;
|
||||
my %existing_files = (
|
||||
);
|
||||
@ -116,17 +124,19 @@ my $sslsock = SSLTest->new(cmdline => $cmdline,
|
||||
output => \%expected_downloaded_files,
|
||||
certfile => $servercrt,
|
||||
keyfile => $serverkey,
|
||||
lhostname => $testhostname);
|
||||
lhostname => $testhostname,
|
||||
sslport => $port);
|
||||
if ($sslsock->run() == 0)
|
||||
{
|
||||
exit 0;
|
||||
}
|
||||
|
||||
# Retry wget using SSL with client certificate. Expect success
|
||||
$port = 52443;
|
||||
$cmdline = $WgetTest::WGETPATH . " --certificate=$clientcert".
|
||||
" --private-key=$clientkey ".
|
||||
" --ca-certificate=$cacrt".
|
||||
" https://$testhostname:55443/somefile.txt";
|
||||
" https://$testhostname:$port/somefile.txt";
|
||||
|
||||
$expected_error_code = 0;
|
||||
|
||||
@ -137,6 +147,7 @@ my $retryssl = SSLTest->new(cmdline => $cmdline,
|
||||
output => \%expected_downloaded_files,
|
||||
certfile => $servercrt,
|
||||
keyfile => $serverkey,
|
||||
lhostname => $testhostname);
|
||||
lhostname => $testhostname,
|
||||
sslport => $port);
|
||||
exit $retryssl->run();
|
||||
# vim: et ts=4 sw=4
|
||||
|
@ -19,10 +19,17 @@ my %urls = (
|
||||
},
|
||||
);
|
||||
|
||||
# Skip the test if openssl is not available
|
||||
my $ossl = `openssl version`;
|
||||
unless ($ossl =~ m/OpenSSL 1/)
|
||||
{
|
||||
exit 77;
|
||||
}
|
||||
|
||||
my $cdir = $ENV{'PWD'};
|
||||
|
||||
# HOSTALIASES env variable allows us to create hosts file alias.
|
||||
my $testhostname = "wgettesterr";
|
||||
my $testhostname = "WgetTestingServer";
|
||||
my $testhostfile = "$cdir/wgethosts";
|
||||
open(my $fh, '>', $testhostfile);
|
||||
print $fh "$testhostname 127.0.0.1\n";
|
||||
@ -51,8 +58,8 @@ my $cacrt = "$cdir/certs/test-ca-cert.pem";
|
||||
my $cakey = "$cdir/certs/test-ca-key.pem";
|
||||
|
||||
# Prepare server certificate
|
||||
my $servercrt = "certs/tmpserver.crt";
|
||||
my $serverkey = "certs/tmpserver.key";
|
||||
my $servercrt = "certs/tmpserver2.crt";
|
||||
my $serverkey = "certs/tmpserver2.key";
|
||||
my $servercsr = "$cdir/certs/tmpserver.csr";
|
||||
my $serversubj = "/C=US/ST=CA/L=Server Mystery Spot/O=Serv/CN=".
|
||||
"$testhostname/emailAddress=servertester";
|
||||
@ -74,8 +81,9 @@ unless(-e $servercrt && -e $serverkey && $servercheck == 1)
|
||||
}
|
||||
|
||||
# Try Wget using SSL first without --no-check-certificate. Expect Success.
|
||||
my $port = 62443;
|
||||
my $cmdline = $WgetTest::WGETPATH . " --ca-certificate=$cacrt".
|
||||
" https://$testhostname:55443/somefile.txt";
|
||||
" https://$testhostname:$port/somefile.txt";
|
||||
my $expected_error_code = 0;
|
||||
my %existing_files = (
|
||||
);
|
||||
@ -93,7 +101,8 @@ my $sslsock = SSLTest->new(cmdline => $cmdline,
|
||||
output => \%expected_downloaded_files,
|
||||
certfile => $servercrt,
|
||||
keyfile => $serverkey,
|
||||
lhostname => $testhostname);
|
||||
lhostname => $testhostname,
|
||||
sslport => $port);
|
||||
if ($sslsock->run() != 0)
|
||||
{
|
||||
exit -1;
|
||||
@ -101,7 +110,7 @@ if ($sslsock->run() != 0)
|
||||
|
||||
# Revoke the certificate
|
||||
my $crlfile = "$cdir/certs/servercrl.pem";
|
||||
my $revokecmd = "openssl ca -config $caconf -revoke $servercrt &&
|
||||
my $revokecmd = "openssl ca -config $caconf -revoke $servercrt &&
|
||||
openssl ca -config $caconf -gencrl -keyfile $cakey ".
|
||||
"-cert $cacrt -out $crlfile";
|
||||
|
||||
@ -116,9 +125,10 @@ unless(-e $crlfile)
|
||||
# openssl crl -text -in certs/root.crl.pem
|
||||
|
||||
# Retry the test with CRL. Expect Failure.
|
||||
$port = 53443;
|
||||
$cmdline = $WgetTest::WGETPATH . " --crl-file=$crlfile ".
|
||||
" --ca-certificate=$cacrt".
|
||||
" https://$testhostname:55443/somefile.txt";
|
||||
" https://$testhostname:$port/somefile.txt";
|
||||
|
||||
$expected_error_code = 5;
|
||||
|
||||
@ -129,7 +139,8 @@ my $retryssl = SSLTest->new(cmdline => $cmdline,
|
||||
output => \%expected_downloaded_files,
|
||||
certfile => $servercrt,
|
||||
keyfile => $serverkey,
|
||||
lhostname => $testhostname);
|
||||
lhostname => $testhostname,
|
||||
sslport => $port);
|
||||
if ($retryssl->run() == 0)
|
||||
{
|
||||
exit -1;
|
||||
|
@ -19,6 +19,13 @@ my %urls = (
|
||||
},
|
||||
);
|
||||
|
||||
# Skip the test if openssl is not available
|
||||
my $ossl = `openssl version`;
|
||||
unless ($ossl =~ m/OpenSSL 1/)
|
||||
{
|
||||
exit 77;
|
||||
}
|
||||
|
||||
my $cdir = $ENV{'PWD'};
|
||||
# HOSTALIASES env variable allows us to create hosts file alias.
|
||||
my $testhostname = "WgetTestingServer";
|
||||
@ -27,7 +34,11 @@ open(my $fh, '>', $testhostfile);
|
||||
print $fh "$testhostname 127.0.0.1\n";
|
||||
close $fh;
|
||||
$ENV{'HOSTALIASES'} = "$cdir/wgethosts";
|
||||
my $cmdline = $WgetTest::WGETPATH . " --secure-protocol=PFS --ca-certificate=$cdir/certs/test-ca-cert.pem https://$testhostname:55443/somefile.txt";
|
||||
|
||||
my $port = 54443;
|
||||
my $cmdline = $WgetTest::WGETPATH . " --secure-protocol=PFS".
|
||||
" --ca-certificate=$cdir/certs/test-ca-cert.pem".
|
||||
" https://$testhostname:$port/somefile.txt";
|
||||
|
||||
my $expected_error_code = 0;
|
||||
|
||||
@ -44,7 +55,8 @@ my $sslsock = SSLTest->new(cmdline => $cmdline,
|
||||
input => \%urls,
|
||||
errcode => $expected_error_code,
|
||||
existing => \%existing_files,
|
||||
output => \%expected_downloaded_files);
|
||||
output => \%expected_downloaded_files,
|
||||
sslport => $port);
|
||||
exit $sslsock->run();
|
||||
|
||||
# vim: et ts=4 sw=4
|
||||
|
@ -19,10 +19,17 @@ my %urls = (
|
||||
},
|
||||
);
|
||||
|
||||
# Skip the test if openssl is not available
|
||||
my $ossl = `openssl version`;
|
||||
unless ($ossl =~ m/OpenSSL 1/)
|
||||
{
|
||||
exit 77;
|
||||
}
|
||||
|
||||
my $cdir = $ENV{'PWD'};
|
||||
|
||||
# HOSTALIASES env variable allows us to create hosts file alias.
|
||||
my $testhostname = "wgettesterr";
|
||||
my $testhostname = "WgetTestingServer";
|
||||
my $testhostfile = "$cdir/wgethosts";
|
||||
open(my $fh, '>', $testhostfile);
|
||||
print $fh "$testhostname 127.0.0.1\n";
|
||||
@ -33,10 +40,13 @@ $ENV{'HOSTALIASES'} = "$cdir/wgethosts";
|
||||
my $certfile="tmpsscert.pem";
|
||||
my $keyfile="tmpsskey.pem";
|
||||
my $certsubj="/C=US/ST=CA/L=Mystery Spot/O=Dis/CN=$testhostname/emailAddress=tester";
|
||||
my $sscertcmd="openssl req -x509 -nodes -newkey rsa:4096 -keyout $keyfile -out $certfile -days 365 -subj \"$certsubj\"";
|
||||
my $sscertcmd="openssl req -x509 -nodes -newkey rsa:4096 -keyout $keyfile ".
|
||||
" -out $certfile -days 365 -subj \"$certsubj\"";
|
||||
|
||||
system($sscertcmd);
|
||||
my $sscheck=`(openssl x509 -noout -modulus -in $certfile | openssl md5 ; openssl rsa -noout -modulus -in $keyfile | openssl md5) | uniq|wc -l`;
|
||||
my $sscheck=`(openssl x509 -noout -modulus -in $certfile | openssl md5 ;
|
||||
openssl rsa -noout -modulus -in $keyfile | openssl md5) |
|
||||
uniq|wc -l`;
|
||||
|
||||
# Check if Self signed certificate and key are made correctly.
|
||||
unless(-e $certfile && -e $keyfile && $sscheck == 1)
|
||||
@ -45,7 +55,9 @@ unless(-e $certfile && -e $keyfile && $sscheck == 1)
|
||||
}
|
||||
|
||||
# Try Wget using SSL first without --no-check-certificate. expect error
|
||||
my $cmdline = $WgetTest::WGETPATH . " --ca-certificate=$cdir/certs/test-ca-cert.pem https://$testhostname:55443/somefile.txt";
|
||||
my $port = 56443;
|
||||
my $cmdline = $WgetTest::WGETPATH . " --ca-certificate=$cdir/certs/test-ca-cert.pem".
|
||||
" https://$testhostname:$port/somefile.txt";
|
||||
my $expected_error_code = 5;
|
||||
my %existing_files = (
|
||||
);
|
||||
@ -63,14 +75,18 @@ my $sslsock = SSLTest->new(cmdline => $cmdline,
|
||||
output => \%expected_downloaded_files,
|
||||
certfile => $certfile,
|
||||
keyfile => $keyfile,
|
||||
lhostname => $testhostname);
|
||||
lhostname => $testhostname,
|
||||
sslport => $port);
|
||||
if ($sslsock->run() == 0)
|
||||
{
|
||||
exit 0;
|
||||
}
|
||||
|
||||
# Retry the test with --no-check-certificate. expect success
|
||||
$cmdline = $WgetTest::WGETPATH . " --no-check-certificate --ca-certificate=$cdir/certs/test-ca-cert.pem https://$testhostname:55443/somefile.txt";
|
||||
$port = 57443;
|
||||
$cmdline = $WgetTest::WGETPATH . " --no-check-certificate ".
|
||||
" --ca-certificate=$cdir/certs/test-ca-cert.pem".
|
||||
" https://$testhostname:$port/somefile.txt";
|
||||
|
||||
$expected_error_code = 0;
|
||||
|
||||
@ -81,6 +97,7 @@ my $retryssl = SSLTest->new(cmdline => $cmdline,
|
||||
output => \%expected_downloaded_files,
|
||||
certfile => $certfile,
|
||||
keyfile => $keyfile,
|
||||
lhostname => $testhostname);
|
||||
lhostname => $testhostname,
|
||||
sslport => $port);
|
||||
exit $retryssl->run();
|
||||
# vim: et ts=4 sw=4
|
||||
|
@ -19,6 +19,13 @@ my %urls = (
|
||||
},
|
||||
);
|
||||
|
||||
# Skip the test if openssl is not available
|
||||
my $ossl = `openssl version`;
|
||||
unless ($ossl =~ m/OpenSSL 1/)
|
||||
{
|
||||
exit 77;
|
||||
}
|
||||
|
||||
my $cdir = $ENV{'PWD'};
|
||||
# HOSTALIASES env variable allows us to create hosts file alias.
|
||||
my $testhostname = "WgetTestingServer";
|
||||
@ -27,7 +34,11 @@ open(my $fh, '>', $testhostfile);
|
||||
print $fh "$testhostname 127.0.0.1\n";
|
||||
close $fh;
|
||||
$ENV{'HOSTALIASES'} = "$cdir/wgethosts";
|
||||
my $cmdline = $WgetTest::WGETPATH . " --secure-protocol=TLSv1 --ca-certificate=$cdir/certs/test-ca-cert.pem https://$testhostname:55443/somefile.txt";
|
||||
|
||||
my $port = 58443;
|
||||
my $cmdline = $WgetTest::WGETPATH . " --secure-protocol=TLSv1".
|
||||
" --ca-certificate=$cdir/certs/test-ca-cert.pem".
|
||||
" https://$testhostname:$port/somefile.txt";
|
||||
|
||||
my $expected_error_code = 0;
|
||||
|
||||
@ -44,7 +55,8 @@ my $sslsock = SSLTest->new(cmdline => $cmdline,
|
||||
input => \%urls,
|
||||
errcode => $expected_error_code,
|
||||
existing => \%existing_files,
|
||||
output => \%expected_downloaded_files);
|
||||
output => \%expected_downloaded_files,
|
||||
sslport => $port);
|
||||
exit $sslsock->run();
|
||||
|
||||
# vim: et ts=4 sw=4
|
||||
|
@ -19,6 +19,13 @@ my %urls = (
|
||||
},
|
||||
);
|
||||
|
||||
# Skip the test if openssl is not available
|
||||
my $ossl = `openssl version`;
|
||||
unless ($ossl =~ m/OpenSSL 1/)
|
||||
{
|
||||
exit 77;
|
||||
}
|
||||
|
||||
my $cdir = $ENV{'PWD'};
|
||||
# HOSTALIASES env variable allows us to create hosts file alias.
|
||||
my $testhostname = "WgetTestingServer";
|
||||
@ -27,7 +34,11 @@ open(my $fh, '>', $testhostfile);
|
||||
print $fh "$testhostname 127.0.0.1\n";
|
||||
close $fh;
|
||||
$ENV{'HOSTALIASES'} = "$cdir/wgethosts";
|
||||
my $cmdline = $WgetTest::WGETPATH . " --secure-protocol=TLSv1_1 --ca-certificate=$cdir/certs/test-ca-cert.pem https://$testhostname:55443/somefile.txt";
|
||||
|
||||
my $port = 59443;
|
||||
my $cmdline = $WgetTest::WGETPATH . " --secure-protocol=TLSv1_1".
|
||||
" --ca-certificate=$cdir/certs/test-ca-cert.pem".
|
||||
" https://$testhostname:$port/somefile.txt";
|
||||
|
||||
my $expected_error_code = 0;
|
||||
|
||||
@ -44,7 +55,8 @@ my $sslsock = SSLTest->new(cmdline => $cmdline,
|
||||
input => \%urls,
|
||||
errcode => $expected_error_code,
|
||||
existing => \%existing_files,
|
||||
output => \%expected_downloaded_files);
|
||||
output => \%expected_downloaded_files,
|
||||
sslport => $port);
|
||||
exit $sslsock->run();
|
||||
|
||||
# vim: et ts=4 sw=4
|
||||
|
@ -19,10 +19,17 @@ my %urls = (
|
||||
},
|
||||
);
|
||||
|
||||
# Skip the test if openssl is not available
|
||||
my $ossl = `openssl version`;
|
||||
unless ($ossl =~ m/OpenSSL 1/)
|
||||
{
|
||||
exit 77;
|
||||
}
|
||||
|
||||
my $cdir = $ENV{'PWD'};
|
||||
|
||||
# HOSTALIASES env variable allows us to create hosts file alias.
|
||||
my $testhostname = "wgettesterr";
|
||||
my $testhostname = "WgetTestingServer";
|
||||
my $testhostfile = "$cdir/wgethosts";
|
||||
open(my $fh, '>', $testhostfile);
|
||||
print $fh "$testhostname 127.0.0.1\n";
|
||||
@ -112,8 +119,9 @@ unless(-e $usrcrt && -e $ikeyfile && $usrcheck == 1)
|
||||
}
|
||||
|
||||
# Try Wget using SSL using certificate signed by intermediate CA. Expect error.
|
||||
my $port = 60443;
|
||||
my $cmdline = $WgetTest::WGETPATH . " --ca-certificate=$cdir/certs/".
|
||||
"test-ca-cert.pem https://$testhostname:55443/somefile.txt";
|
||||
"test-ca-cert.pem https://$testhostname:$port/somefile.txt";
|
||||
my $expected_error_code = 5;
|
||||
my %existing_files = (
|
||||
);
|
||||
@ -138,8 +146,9 @@ if ($sslsock->run() == 0)
|
||||
}
|
||||
|
||||
# Retry the test with --no-check-certificate. expect success
|
||||
$port = 61443;
|
||||
$cmdline = $WgetTest::WGETPATH . " --ca-certificate=$cdir/certs/wotca.pem".
|
||||
" https://$testhostname:55443/somefile.txt";
|
||||
" https://$testhostname:$port/somefile.txt";
|
||||
|
||||
$expected_error_code = 0;
|
||||
|
||||
@ -150,6 +159,7 @@ my $retryssl = SSLTest->new(cmdline => $cmdline,
|
||||
output => \%expected_downloaded_files,
|
||||
certfile => $usrcrt,
|
||||
keyfile => $usrkey,
|
||||
lhostname => $testhostname);
|
||||
lhostname => $testhostname,
|
||||
sslport => $port);
|
||||
exit $retryssl->run();
|
||||
# vim: et ts=4 sw=4
|
||||
|
@ -2,14 +2,14 @@
|
||||
default_ca = myca
|
||||
|
||||
[ crl_ext ]
|
||||
issuerAltName=issuer:copy
|
||||
issuerAltName=issuer:copy
|
||||
authorityKeyIdentifier=keyid:always
|
||||
|
||||
[ myca ]
|
||||
dir = ./certs/
|
||||
new_certs_dir = $dir
|
||||
unique_subject = no
|
||||
certificate = $dir/interca.crt
|
||||
certificate = $dir/interca.crt
|
||||
database = $dir/certindex
|
||||
private_key = $dir/interca.key
|
||||
serial = $dir/certserial
|
||||
@ -51,7 +51,7 @@ authorityKeyIdentifier=keyid:always
|
||||
authorityInfoAccess = @ocsp_section
|
||||
|
||||
[alt_names]
|
||||
DNS.0 = wgettesterr
|
||||
DNS.0 = WgetTestingServer
|
||||
|
||||
[crl_section]
|
||||
URI.0 = http://intertest.wgettest.org/Bogus.crl
|
||||
|
@ -2,14 +2,14 @@
|
||||
default_ca = myca
|
||||
|
||||
[ crl_ext ]
|
||||
issuerAltName=issuer:copy
|
||||
issuerAltName=issuer:copy
|
||||
authorityKeyIdentifier=keyid:always
|
||||
|
||||
[ myca ]
|
||||
dir = ./certs/
|
||||
new_certs_dir = $dir
|
||||
unique_subject = no
|
||||
certificate = $dir/test-ca-cert.pem
|
||||
certificate = $dir/test-ca-cert.pem
|
||||
database = $dir/certindex
|
||||
private_key = $dir/test-ca-key.pem
|
||||
serial = $dir/certserial
|
||||
@ -51,7 +51,7 @@ authorityKeyIdentifier=keyid:always
|
||||
authorityInfoAccess = @ocsp_section
|
||||
|
||||
[alt_names]
|
||||
DNS.0 = wgettesterr
|
||||
DNS.0 = WgetTestingServer
|
||||
|
||||
[crl_section]
|
||||
URI.0 = http://test.wgettest.org/Bogus.crl
|
||||
|
Loading…
Reference in New Issue
Block a user