From 3543fc6cb7540a3c232e5b8d35d3c5593193b779 Mon Sep 17 00:00:00 2001 From: Marc Hoersken Date: Sat, 6 Nov 2021 12:53:25 +0100 Subject: [PATCH] tests: add Schannel-specific tests or disable unsupported ones Adds Schannel variants of SSLpinning tests that include the option --ssl-revoke-best-effort to ignore certificate revocation check failures which is required due to our custom test CA certificate. Disable the original variants if the Schannel backend is enabled. This is a step to simplify test exclusions for Windows and MinGW. --- .azure-pipelines.yml | 20 +++++++------- .cirrus.yml | 8 +++--- tests/data/Makefile.inc | 10 +++---- tests/data/test2033 | 61 +++++++++++++++++++++++++++++++++++++++++ tests/data/test2034 | 1 + tests/data/test2037 | 1 + tests/data/test2041 | 1 + tests/data/test2070 | 2 +- tests/data/test2079 | 57 ++++++++++++++++++++++++++++++++++++++ tests/data/test2087 | 57 ++++++++++++++++++++++++++++++++++++++ tests/data/test310 | 1 + 11 files changed, 198 insertions(+), 21 deletions(-) create mode 100644 tests/data/test2033 create mode 100644 tests/data/test2079 create mode 100644 tests/data/test2087 diff --git a/.azure-pipelines.yml b/.azure-pipelines.yml index 52e69c8d25b864..1ec9433adb43de 100644 --- a/.azure-pipelines.yml +++ b/.azure-pipelines.yml @@ -121,64 +121,64 @@ stages: container_cmd: C:\msys64\usr\bin\sh prepare: pacman -S --needed --noconfirm --noprogressbar libssh2-devel mingw-w64-i686-libssh2 configure: --host=i686-w64-mingw32 --build=i686-w64-mingw32 --prefix=/mingw32 --enable-debug --enable-werror --with-libssh2 --with-openssl - tests: ~571 ~612 ~1056 ~1299 + tests: ~571 ~612 ~1056 msys2_mingw64_debug_openssl: name: 64-bit OpenSSL/libssh2 container_img: ghcr.io/mback2k/curl-docker-winbuildenv/msys2-mingw64:ltsc2019 container_cmd: C:\msys64\usr\bin\sh prepare: pacman -S --needed --noconfirm --noprogressbar libssh2-devel mingw-w64-x86_64-libssh2 configure: --host=x86_64-w64-mingw32 --build=x86_64-w64-mingw32 --prefix=/mingw64 --enable-debug --enable-werror --with-libssh2 --with-openssl - tests: ~571 ~612 ~1056 ~1299 + tests: ~571 ~612 ~1056 msys1_mingw_debug: name: 32-bit (legacy) container_img: ghcr.io/mback2k/curl-docker-winbuildenv/msys1-mingw:ltsc2019 container_cmd: C:\MinGW\msys\1.0\bin\sh configure: --host=i686-pc-mingw32 --build=i686-pc-mingw32 --prefix=/mingw --enable-debug --without-ssl - tests: ~203 ~1056 ~1143 + tests: ~203 ~1056 !1143 msys1_mingw32_debug: name: 32-bit w/o zlib container_img: ghcr.io/mback2k/curl-docker-winbuildenv/msys1-mingw32:ltsc2019 container_cmd: C:\MinGW\msys\1.0\bin\sh configure: --host=i686-w64-mingw32 --build=i686-w64-mingw32 --prefix=/mingw32 --enable-debug --enable-werror --without-zlib --without-ssl - tests: ~203 ~1056 ~1143 ~1299 + tests: ~203 ~1056 !1143 msys1_mingw64_debug: name: 64-bit w/o zlib container_img: ghcr.io/mback2k/curl-docker-winbuildenv/msys1-mingw64:ltsc2019 container_cmd: C:\MinGW\msys\1.0\bin\sh configure: --host=x86_64-w64-mingw32 --build=x86_64-w64-mingw32 --prefix=/mingw64 --enable-debug --enable-werror --without-zlib --without-ssl - tests: ~203 ~1056 ~1143 ~1299 + tests: ~203 ~1056 !1143 msys2_mingw32_debug_schannel: name: 32-bit Schannel/SSPI/WinIDN/libssh2 container_img: ghcr.io/mback2k/curl-docker-winbuildenv/msys2-mingw32:ltsc2019 container_cmd: C:\msys64\usr\bin\sh prepare: pacman -S --needed --noconfirm --noprogressbar libssh2-devel mingw-w64-i686-libssh2 configure: --host=i686-w64-mingw32 --build=i686-w64-mingw32 --prefix=/mingw32 --enable-debug --enable-werror --enable-sspi --with-schannel --with-winidn --with-libssh2 - tests: ~165 ~310 ~571 ~612 ~1056 ~1299 ~1448 ~2034 ~2037 ~2041 ~2046 ~2047 ~3000 ~3001 + tests: ~165 ~571 ~612 ~1056 ~1448 ~2046 ~2047 ~3000 ~3001 msys2_mingw64_debug_schannel: name: 64-bit Schannel/SSPI/WinIDN/libssh2 container_img: ghcr.io/mback2k/curl-docker-winbuildenv/msys2-mingw64:ltsc2019 container_cmd: C:\msys64\usr\bin\sh prepare: pacman -S --needed --noconfirm --noprogressbar libssh2-devel mingw-w64-x86_64-libssh2 configure: --host=x86_64-w64-mingw32 --build=x86_64-w64-mingw32 --prefix=/mingw64 --enable-debug --enable-werror --enable-sspi --with-schannel --with-winidn --with-libssh2 - tests: ~165 ~310 ~571 ~612 ~1056 ~1299 ~1448 ~2034 ~2037 ~2041 ~2046 ~2047 ~3000 ~3001 + tests: ~165 ~571 ~612 ~1056 ~1448 ~2046 ~2047 ~3000 ~3001 msys1_mingw_debug_schannel: name: 32-bit Schannel/SSPI/WinIDN (legacy) container_img: ghcr.io/mback2k/curl-docker-winbuildenv/msys1-mingw:ltsc2019 container_cmd: C:\MinGW\msys\1.0\bin\sh configure: --host=i686-pc-mingw32 --build=i686-pc-mingw32 --prefix=/mingw --enable-debug --enable-sspi --with-schannel --with-winidn - tests: ~203 ~305 ~310 ~311 ~312 ~313 ~404 ~1056 ~1143 ~2034 ~2035 ~2037 ~2038 ~2041 ~2042 ~2048 ~3000 ~3001 + tests: ~203 !305 !311 !312 !313 !404 ~1056 !1143 !2033 !2035 !2038 !2041 !2042 !2048 !2070 !2079 !2087 !3000 !3001 msys1_mingw32_debug_schannel: name: 32-bit Schannel/SSPI/WinIDN w/o zlib container_img: ghcr.io/mback2k/curl-docker-winbuildenv/msys1-mingw32:ltsc2019 container_cmd: C:\MinGW\msys\1.0\bin\sh configure: --host=i686-w64-mingw32 --build=i686-w64-mingw32 --prefix=/mingw32 --enable-debug --enable-werror --enable-sspi --with-schannel --with-winidn --without-zlib - tests: ~203 ~310 ~1056 ~1143 ~1299 ~2034 ~2037 ~2041 ~3000 ~3001 + tests: ~203 ~1056 !1143 ~3000 ~3001 msys1_mingw64_debug_schannel: name: 64-bit Schannel/SSPI/WinIDN w/o zlib container_img: ghcr.io/mback2k/curl-docker-winbuildenv/msys1-mingw64:ltsc2019 container_cmd: C:\MinGW\msys\1.0\bin\sh configure: --host=x86_64-w64-mingw32 --build=x86_64-w64-mingw32 --prefix=/mingw64 --enable-debug --enable-werror --enable-sspi --with-schannel --with-winidn --without-zlib - tests: ~203 ~310 ~1056 ~1143 ~1299 ~2034 ~2037 ~2041 ~3000 ~3001 + tests: ~203 ~1056 !1143 ~3000 ~3001 container: image: $(container_img) env: diff --git a/.cirrus.yml b/.cirrus.yml index 587e0ae948bd8a..bc23bb6605742d 100644 --- a/.cirrus.yml +++ b/.cirrus.yml @@ -85,14 +85,14 @@ windows_task: container_cmd: C:\msys64\usr\bin\sh prepare: pacman -S --needed --noconfirm --noprogressbar libssh2-devel mingw-w64-i686-libssh2 configure: --host=i686-w64-mingw32 --build=i686-w64-mingw32 --prefix=/mingw32 --enable-werror --enable-sspi --with-schannel --with-winidn --with-libssh2 - tests: ~165 ~310 ~571 ~612 ~1056 ~1299 ~1448 ~2034 ~2037 ~2041 ~2046 ~2047 ~3000 ~3001 + tests: ~165 ~571 ~612 ~1056 ~1448 ~2046 ~2047 ~3000 ~3001 - name: Windows 32-bit static/release Schannel/SSPI/WinIDN/libssh2 env: container_img: ghcr.io/mback2k/curl-docker-winbuildenv/msys2-mingw32:ltsc2019 container_cmd: C:\msys64\usr\bin\sh prepare: pacman -S --needed --noconfirm --noprogressbar libssh2-devel mingw-w64-i686-libssh2 configure: --host=i686-w64-mingw32 --build=i686-w64-mingw32 --prefix=/mingw32 --enable-werror --enable-sspi --with-schannel --with-winidn --with-libssh2 --disable-shared --enable-static - tests: ~165 ~310 ~571 ~612 ~1056 ~1299 ~1448 ~2034 ~2037 ~2041 ~2046 ~2047 ~3000 ~3001 + tests: ~165 ~571 ~612 ~1056 ~1448 ~2046 ~2047 ~3000 ~3001 curl_LDFLAGS: -all-static PKG_CONFIG: pkg-config --static - name: Windows 64-bit shared/release Schannel/SSPI/WinIDN/libssh2 @@ -101,14 +101,14 @@ windows_task: container_cmd: C:\msys64\usr\bin\sh prepare: pacman -S --needed --noconfirm --noprogressbar libssh2-devel mingw-w64-x86_64-libssh2 configure: --host=x86_64-w64-mingw32 --build=x86_64-w64-mingw32 --prefix=/mingw64 --enable-werror --enable-sspi --with-schannel --with-winidn --with-libssh2 - tests: ~165 ~310 ~571 ~612 ~1056 ~1299 ~1448 ~2034 ~2037 ~2041 ~2046 ~2047 ~3000 ~3001 + tests: ~165 ~571 ~612 ~1056 ~1448 ~2046 ~2047 ~3000 ~3001 - name: Windows 64-bit static/release Schannel/SSPI/WinIDN/libssh2 env: container_img: ghcr.io/mback2k/curl-docker-winbuildenv/msys2-mingw64:ltsc2019 container_cmd: C:\msys64\usr\bin\sh prepare: pacman -S --needed --noconfirm --noprogressbar libssh2-devel mingw-w64-x86_64-libssh2 configure: --host=x86_64-w64-mingw32 --build=x86_64-w64-mingw32 --prefix=/mingw64 --enable-werror --enable-sspi --with-schannel --with-winidn --with-libssh2 --disable-shared --enable-static - tests: ~165 ~310 ~571 ~612 ~1056 ~1299 ~1448 ~2034 ~2037 ~2041 ~2046 ~2047 ~3000 ~3001 + tests: ~165 ~571 ~612 ~1056 ~1448 ~2046 ~2047 ~3000 ~3001 curl_LDFLAGS: -all-static PKG_CONFIG: pkg-config --static diff --git a/tests/data/Makefile.inc b/tests/data/Makefile.inc index 8b89895caad70a..b327559d3d54ae 100644 --- a/tests/data/Makefile.inc +++ b/tests/data/Makefile.inc @@ -222,15 +222,13 @@ test2000 test2001 test2002 test2003 test2004 \ \ test2023 \ test2024 test2025 test2026 test2027 test2028 test2029 test2030 test2031 \ -test2032 test2034 test2035 test2036 test2037 test2038 test2039 \ +test2032 test2033 test2034 test2035 test2036 test2037 test2038 test2039 \ test2040 test2041 test2042 test2043 test2044 test2045 test2046 test2047 \ test2048 test2049 test2050 test2051 test2052 test2053 test2054 test2055 \ test2056 test2057 test2058 test2059 test2060 test2061 test2062 test2063 \ -test2064 test2065 test2066 test2067 test2068 test2069 \ -test2064 test2065 test2066 test2067 test2068 test2069 test2070 \ - test2071 test2072 test2073 test2074 test2075 test2076 test2077 \ -test2078 \ -test2080 test2081 test2082 test2083 test2084 test2085 test2086 \ +test2064 test2065 test2066 test2067 test2068 test2069 test2070 test2071 \ +test2072 test2073 test2074 test2075 test2076 test2077 test2078 test2079 \ +test2080 test2081 test2082 test2083 test2084 test2085 test2086 test2087 \ \ test2100 \ \ diff --git a/tests/data/test2033 b/tests/data/test2033 new file mode 100644 index 00000000000000..0645932a43ce22 --- /dev/null +++ b/tests/data/test2033 @@ -0,0 +1,61 @@ + + + +HTTPS +HTTP GET +PEM certificate + + + +# +# Server-side + + +HTTP/1.1 200 OK +Date: Tue, 09 Nov 2010 14:49:00 GMT +Server: test-server/fake +Content-Length: 7 + +MooMoo + + + +# +# Client-side + + +SSL +SSLpinning +Schannel + + +https Server-localhost-sv.pem + + +simple HTTPS GET with DER public key pinning (Schannel variant) + + +# This test is pointless if we're not using the schannel backend +CURL_SSL_BACKEND=schannel + + +--cacert %SRCDIR/certs/EdelCurlRoot-ca.crt --pinnedpubkey %SRCDIR/certs/Server-localhost-sv.pub.der --ssl-revoke-best-effort https://localhost:%HTTPSPORT/%TESTNUMBER + +# Ensure that we're running on localhost because we're checking the host name + +perl -e "print 'Test requires default test server host' if ( '%HOSTIP' ne '127.0.0.1' );" + + + +# +# Verify data after the test has been "shot" + + +GET /%TESTNUMBER HTTP/1.1 +Host: localhost:%HTTPSPORT +User-Agent: curl/%VERSION +Accept: */* + + + + diff --git a/tests/data/test2034 b/tests/data/test2034 index 3ddd42024f9af8..83f984a1d18c51 100644 --- a/tests/data/test2034 +++ b/tests/data/test2034 @@ -26,6 +26,7 @@ MooMoo SSL SSLpinning +!Schannel https Server-localhost-sv.pem diff --git a/tests/data/test2037 b/tests/data/test2037 index f43215fefa7321..2b17e538375276 100644 --- a/tests/data/test2037 +++ b/tests/data/test2037 @@ -26,6 +26,7 @@ MooMoo SSL SSLpinning +!Schannel https Server-localhost-sv.pem diff --git a/tests/data/test2041 b/tests/data/test2041 index e4a2391e81ea8b..1958bb7fd0c397 100644 --- a/tests/data/test2041 +++ b/tests/data/test2041 @@ -26,6 +26,7 @@ MooMoo SSL SSLpinning +!Schannel https Server-localhost-sv.pem diff --git a/tests/data/test2070 b/tests/data/test2070 index 7258638f7dc0b2..74cdd7d8c43ad9 100644 --- a/tests/data/test2070 +++ b/tests/data/test2070 @@ -24,8 +24,8 @@ MooMoo # Client-side +SSL Schannel -!MinGW https Server-localhost-sv.pem diff --git a/tests/data/test2079 b/tests/data/test2079 new file mode 100644 index 00000000000000..1e1582fd19b8ec --- /dev/null +++ b/tests/data/test2079 @@ -0,0 +1,57 @@ + + + +HTTPS +HTTP GET +PEM certificate + + + +# +# Server-side + + +HTTP/1.1 200 OK +Date: Tue, 09 Nov 2010 14:49:00 GMT +Server: test-server/fake +Content-Length: 7 + +MooMoo + + + +# +# Client-side + + +SSL +SSLpinning +Schannel + + +https Server-localhost-sv.pem + + +simple HTTPS GET with PEM public key pinning (Schannel variant) + + +--cacert %SRCDIR/certs/EdelCurlRoot-ca.crt --pinnedpubkey %SRCDIR/certs/Server-localhost-sv.pub.pem --ssl-revoke-best-effort https://localhost:%HTTPSPORT/%TESTNUMBER + +# Ensure that we're running on localhost because we're checking the host name + +perl -e "print 'Test requires default test server host' if ( '%HOSTIP' ne '127.0.0.1' );" + + + +# +# Verify data after the test has been "shot" + + +GET /%TESTNUMBER HTTP/1.1 +Host: localhost:%HTTPSPORT +User-Agent: curl/%VERSION +Accept: */* + + + + diff --git a/tests/data/test2087 b/tests/data/test2087 new file mode 100644 index 00000000000000..8884337a97641e --- /dev/null +++ b/tests/data/test2087 @@ -0,0 +1,57 @@ + + + +HTTPS +HTTP GET +PEM certificate + + + +# +# Server-side + + +HTTP/1.1 200 OK +Date: Tue, 09 Nov 2010 14:49:00 GMT +Server: test-server/fake +Content-Length: 7 + +MooMoo + + + +# +# Client-side + + +SSL +SSLpinning +Schannel + + +https Server-localhost-sv.pem + + +simple HTTPS GET with base64-sha256 public key pinning (Schannel variant) + + +--cacert %SRCDIR/certs/EdelCurlRoot-ca.crt --pinnedpubkey sha256//+JYNkp2GTGRgrvZMUkOxbFJQQqYpwNE6toGmBjz00D8= --ssl-revoke-best-effort https://localhost:%HTTPSPORT/%TESTNUMBER + +# Ensure that we're running on localhost because we're checking the host name + +perl -e "print 'Test requires default test server host' if ( '%HOSTIP' ne '127.0.0.1' );" + + + +# +# Verify data after the test has been "shot" + + +GET /%TESTNUMBER HTTP/1.1 +Host: localhost:%HTTPSPORT +User-Agent: curl/%VERSION +Accept: */* + + + + diff --git a/tests/data/test310 b/tests/data/test310 index c31085b87761d1..6b6f63a66802fd 100644 --- a/tests/data/test310 +++ b/tests/data/test310 @@ -25,6 +25,7 @@ MooMoo SSL +!Schannel https Server-localhost-sv.pem