Commit
This commit does not belong to any branch on this repository, and may belong to a fork outside of the repository.
tests: add Schannel-specific tests or disable unsupported ones
Adds Schannel variants of SSLpinning tests that include the option --ssl-revoke-best-effort to ignore certificate revocation check failures which is required due to our custom test CA certificate. Disable the original variants if the Schannel backend is enabled. This is a step to simplify test exclusions for Windows and MinGW.
- Loading branch information
Showing
11 changed files
with
198 additions
and
21 deletions.
There are no files selected for viewing
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -0,0 +1,61 @@ | ||
<testcase> | ||
<info> | ||
<keywords> | ||
HTTPS | ||
HTTP GET | ||
PEM certificate | ||
</keywords> | ||
</info> | ||
|
||
# | ||
# Server-side | ||
<reply> | ||
<data> | ||
HTTP/1.1 200 OK | ||
Date: Tue, 09 Nov 2010 14:49:00 GMT | ||
Server: test-server/fake | ||
Content-Length: 7 | ||
|
||
MooMoo | ||
</data> | ||
</reply> | ||
|
||
# | ||
# Client-side | ||
<client> | ||
<features> | ||
SSL | ||
SSLpinning | ||
Schannel | ||
</features> | ||
<server> | ||
https Server-localhost-sv.pem | ||
</server> | ||
<name> | ||
simple HTTPS GET with DER public key pinning (Schannel variant) | ||
</name> | ||
<setenv> | ||
# This test is pointless if we're not using the schannel backend | ||
CURL_SSL_BACKEND=schannel | ||
</setenv> | ||
<command> | ||
--cacert %SRCDIR/certs/EdelCurlRoot-ca.crt --pinnedpubkey %SRCDIR/certs/Server-localhost-sv.pub.der --ssl-revoke-best-effort https://localhost:%HTTPSPORT/%TESTNUMBER | ||
</command> | ||
# Ensure that we're running on localhost because we're checking the host name | ||
<precheck> | ||
perl -e "print 'Test requires default test server host' if ( '%HOSTIP' ne '127.0.0.1' );" | ||
</precheck> | ||
</client> | ||
|
||
# | ||
# Verify data after the test has been "shot" | ||
<verify> | ||
<protocol> | ||
GET /%TESTNUMBER HTTP/1.1 | ||
Host: localhost:%HTTPSPORT | ||
User-Agent: curl/%VERSION | ||
Accept: */* | ||
|
||
</protocol> | ||
</verify> | ||
</testcase> |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
|
@@ -26,6 +26,7 @@ MooMoo | |
<features> | ||
SSL | ||
SSLpinning | ||
!Schannel | ||
</features> | ||
<server> | ||
https Server-localhost-sv.pem | ||
|
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
|
@@ -26,6 +26,7 @@ MooMoo | |
<features> | ||
SSL | ||
SSLpinning | ||
!Schannel | ||
</features> | ||
<server> | ||
https Server-localhost-sv.pem | ||
|
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
|
@@ -26,6 +26,7 @@ MooMoo | |
<features> | ||
SSL | ||
SSLpinning | ||
!Schannel | ||
</features> | ||
<server> | ||
https Server-localhost-sv.pem | ||
|
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -0,0 +1,57 @@ | ||
<testcase> | ||
<info> | ||
<keywords> | ||
HTTPS | ||
HTTP GET | ||
PEM certificate | ||
</keywords> | ||
</info> | ||
|
||
# | ||
# Server-side | ||
<reply> | ||
<data> | ||
HTTP/1.1 200 OK | ||
Date: Tue, 09 Nov 2010 14:49:00 GMT | ||
Server: test-server/fake | ||
Content-Length: 7 | ||
|
||
MooMoo | ||
</data> | ||
</reply> | ||
|
||
# | ||
# Client-side | ||
<client> | ||
<features> | ||
SSL | ||
SSLpinning | ||
Schannel | ||
</features> | ||
<server> | ||
https Server-localhost-sv.pem | ||
</server> | ||
<name> | ||
simple HTTPS GET with PEM public key pinning (Schannel variant) | ||
</name> | ||
<command> | ||
--cacert %SRCDIR/certs/EdelCurlRoot-ca.crt --pinnedpubkey %SRCDIR/certs/Server-localhost-sv.pub.pem --ssl-revoke-best-effort https://localhost:%HTTPSPORT/%TESTNUMBER | ||
</command> | ||
# Ensure that we're running on localhost because we're checking the host name | ||
<precheck> | ||
perl -e "print 'Test requires default test server host' if ( '%HOSTIP' ne '127.0.0.1' );" | ||
</precheck> | ||
</client> | ||
|
||
# | ||
# Verify data after the test has been "shot" | ||
<verify> | ||
<protocol> | ||
GET /%TESTNUMBER HTTP/1.1 | ||
Host: localhost:%HTTPSPORT | ||
User-Agent: curl/%VERSION | ||
Accept: */* | ||
|
||
</protocol> | ||
</verify> | ||
</testcase> |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -0,0 +1,57 @@ | ||
<testcase> | ||
<info> | ||
<keywords> | ||
HTTPS | ||
HTTP GET | ||
PEM certificate | ||
</keywords> | ||
</info> | ||
|
||
# | ||
# Server-side | ||
<reply> | ||
<data> | ||
HTTP/1.1 200 OK | ||
Date: Tue, 09 Nov 2010 14:49:00 GMT | ||
Server: test-server/fake | ||
Content-Length: 7 | ||
|
||
MooMoo | ||
</data> | ||
</reply> | ||
|
||
# | ||
# Client-side | ||
<client> | ||
<features> | ||
SSL | ||
SSLpinning | ||
Schannel | ||
</features> | ||
<server> | ||
https Server-localhost-sv.pem | ||
</server> | ||
<name> | ||
simple HTTPS GET with base64-sha256 public key pinning (Schannel variant) | ||
</name> | ||
<command> | ||
--cacert %SRCDIR/certs/EdelCurlRoot-ca.crt --pinnedpubkey sha256//+JYNkp2GTGRgrvZMUkOxbFJQQqYpwNE6toGmBjz00D8= --ssl-revoke-best-effort https://localhost:%HTTPSPORT/%TESTNUMBER | ||
</command> | ||
# Ensure that we're running on localhost because we're checking the host name | ||
<precheck> | ||
perl -e "print 'Test requires default test server host' if ( '%HOSTIP' ne '127.0.0.1' );" | ||
</precheck> | ||
</client> | ||
|
||
# | ||
# Verify data after the test has been "shot" | ||
<verify> | ||
<protocol> | ||
GET /%TESTNUMBER HTTP/1.1 | ||
Host: localhost:%HTTPSPORT | ||
User-Agent: curl/%VERSION | ||
Accept: */* | ||
|
||
</protocol> | ||
</verify> | ||
</testcase> |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
|
@@ -25,6 +25,7 @@ MooMoo | |
<client> | ||
<features> | ||
SSL | ||
!Schannel | ||
</features> | ||
<server> | ||
https Server-localhost-sv.pem | ||
|