Skip to content

Commit 7b8a1e5

Browse files
mdouninjimf5
mdounin
authored and
jimf5
committed
Tests: iPAddress subjectAltName tests.
Origin: <https://freenginx.org/hg/nginx-tests/rev/1bf186036193> Signed-off-by: Eugene Grebenshchikov <e.grebenshchikov@f5.com>
1 parent 4d1de3f commit 7b8a1e5

1 file changed

Lines changed: 42 additions & 2 deletions

File tree

proxy_ssl_verify.t

Lines changed: 42 additions & 2 deletions
Original file line numberDiff line numberDiff line change
@@ -23,7 +23,7 @@ select STDERR; $| = 1;
2323
select STDOUT; $| = 1;
2424

2525
my $t = Test::Nginx->new()->has(qw/http http_ssl proxy/)
26-
->has_daemon('openssl')->plan(6)
26+
->has_daemon('openssl')->plan(10)
2727
->write_file_expand('nginx.conf', <<'EOF');
2828
2929
%%TEST_GLOBALS%%
@@ -81,6 +81,33 @@ http {
8181
proxy_ssl_trusted_certificate 1.example.com.crt;
8282
proxy_ssl_session_reuse off;
8383
}
84+
85+
location /ip {
86+
proxy_pass https://127.0.0.1:8081/;
87+
proxy_ssl_verify on;
88+
proxy_ssl_trusted_certificate 1.example.com.crt;
89+
}
90+
91+
location /ip/fail {
92+
proxy_pass https://127.0.0.1:8081/;
93+
proxy_ssl_name 127.0.0.2;
94+
proxy_ssl_verify on;
95+
proxy_ssl_trusted_certificate 1.example.com.crt;
96+
}
97+
98+
location /ip6 {
99+
proxy_pass https://127.0.0.1:8081/;
100+
proxy_ssl_name [::1];
101+
proxy_ssl_verify on;
102+
proxy_ssl_trusted_certificate 1.example.com.crt;
103+
}
104+
105+
location /ip6/fail {
106+
proxy_pass https://127.0.0.1:8081/;
107+
proxy_ssl_name [::2];
108+
proxy_ssl_verify on;
109+
proxy_ssl_trusted_certificate 1.example.com.crt;
110+
}
84111
}
85112
86113
server {
@@ -118,7 +145,7 @@ x509_extensions = v3_req
118145
commonName=no.match.example.com
119146
120147
[ v3_req ]
121-
subjectAltName = DNS:example.com,DNS:*.example.com
148+
subjectAltName = DNS:example.com,DNS:*.example.com,IP:127.0.0.1,IP:::1
122149
EOF
123150

124151
$t->write_file('openssl.2.example.com.conf', <<EOF);
@@ -165,4 +192,17 @@ like(http_get('/cn/fail'), qr/502 Bad/ms, 'verify cn fail');
165192

166193
like(http_get('/untrusted'), qr/502 Bad/ms, 'untrusted');
167194

195+
# subjectAltName iPAddress
196+
197+
TODO: {
198+
local $TODO = 'not yet' unless $t->has_version('1.31.0');
199+
200+
like(http_get('/ip'), qr/200 OK/ms, 'verify ipv4');
201+
like(http_get('/ip6'), qr/200 OK/ms, 'verify ipv6');
202+
203+
}
204+
205+
like(http_get('/ip/fail'), qr/502 Bad/ms, 'verify ipv4 fail');
206+
like(http_get('/ip6/fail'), qr/502 Bad/ms, 'verify ipv6 fail');
207+
168208
###############################################################################

0 commit comments

Comments
 (0)