You are viewing a plain text version of this content. The canonical link for it is here.
Posted to cvs@httpd.apache.org by jo...@apache.org on 2010/05/19 21:20:11 UTC
svn commit: r946347 - in /httpd/test/framework/trunk/t: conf/ssl/ssl.conf.in
ssl/extlookup.t ssl/require.t
Author: jorton
Date: Wed May 19 19:20:11 2010
New Revision: 946347
URL: http://svn.apache.org/viewvc?rev=946347&view=rev
Log:
- add test for SSLRequire PeerExtList()
- test for the string-rendering hack in ssl_ext_lookup()
- uses an OID stolen from the ASF OID branch; "official" assignment
has been requested for the httpd project from akarasulu@
Modified:
httpd/test/framework/trunk/t/conf/ssl/ssl.conf.in
httpd/test/framework/trunk/t/ssl/extlookup.t
httpd/test/framework/trunk/t/ssl/require.t
Modified: httpd/test/framework/trunk/t/conf/ssl/ssl.conf.in
URL: http://svn.apache.org/viewvc/httpd/test/framework/trunk/t/conf/ssl/ssl.conf.in?rev=946347&r1=946346&r2=946347&view=diff
==============================================================================
--- httpd/test/framework/trunk/t/conf/ssl/ssl.conf.in (original)
+++ httpd/test/framework/trunk/t/conf/ssl/ssl.conf.in Wed May 19 19:20:11 2010
@@ -85,6 +85,7 @@
#t/ssl/require.t
Alias /require/asf @DocumentRoot@
Alias /require/snakeoil @DocumentRoot@
+ Alias /require/certext @DocumentRoot@
Alias /ssl-fakebasicauth @DocumentRoot@
Alias /ssl-fakebasicauth2 @DocumentRoot@
Alias /ssl-cgi @DocumentRoot@/modules/cgi
@@ -111,6 +112,16 @@
{"Staff", "CA", "Dev"} )
</Location>
+ <Location /require/certext>
+ SSLVerifyClient require
+ <IfVersion > 2.3.0>
+ SSLRequire "Lemons" in PeerExtList("1.3.6.1.4.1.18060.12.0")
+ </IfVersion>
+ <IfVersion < 2.3.0>
+ SSLRequire "Lemons" in OID("1.3.6.1.4.1.18060.12.0")
+ </IfVersion>
+ </Location>
+
<Location /ssl-cgi>
SSLOptions +StdEnvVars
</Location>
Modified: httpd/test/framework/trunk/t/ssl/extlookup.t
URL: http://svn.apache.org/viewvc/httpd/test/framework/trunk/t/ssl/extlookup.t?rev=946347&r1=946346&r2=946347&view=diff
==============================================================================
--- httpd/test/framework/trunk/t/ssl/extlookup.t (original)
+++ httpd/test/framework/trunk/t/ssl/extlookup.t Wed May 19 19:20:11 2010
@@ -5,19 +5,25 @@ use Apache::Test;
use Apache::TestRequest;
use Apache::TestUtil;
-plan tests => 2, need 'test_ssl', need_min_apache_version(2.1);
-
Apache::TestRequest::scheme("https");
-my $oid = "2.16.840.1.113730.1.13"; # Netscape certificate comment
+my %exts = (
+ "2.16.840.1.113730.1.13" => "This Is A Comment",
+ "1.3.6.1.4.1.18060.12.0" => "Lemons",
+);
-my $r = GET("/test_ssl_ext_lookup?$oid", cert => 'client_ok');
+plan tests => 2 * (keys %exts), need 'test_ssl', need_min_apache_version(2.1);
-ok t_cmp($r->code, 200, "ssl_ext_lookup works");
+my ($actual, $expected, $r, $c);
-my $c = $r->content;
+foreach (sort keys %exts) {
+ $r = GET("/test_ssl_ext_lookup?$_", cert => 'client_ok');
+
+ ok t_cmp($r->code, 200, "ssl_ext_lookup works for $_");
-chomp $c;
+ $c = $r->content;
+ chomp $c;
-ok t_cmp($c, "This Is A Comment", "Retrieve nsComment extension");
+ ok t_cmp($c, $exts{$_}, "Extension value match for $_");
+}
Modified: httpd/test/framework/trunk/t/ssl/require.t
URL: http://svn.apache.org/viewvc/httpd/test/framework/trunk/t/ssl/require.t?rev=946347&r1=946346&r2=946347&view=diff
==============================================================================
--- httpd/test/framework/trunk/t/ssl/require.t (original)
+++ httpd/test/framework/trunk/t/ssl/require.t Wed May 19 19:20:11 2010
@@ -10,7 +10,7 @@ use Apache::TestRequest;
#happen in real-life, so just disable keepalives here.
Apache::TestRequest::user_agent_keepalive(0);
-plan tests => 5, need_lwp;
+plan tests => 8, need_lwp;
Apache::TestRequest::scheme('https');
@@ -28,3 +28,11 @@ ok GET_RC($url, cert => 'client_ok') !=
ok GET_RC($url, cert => 'client_snakeoil') == 200;
+$url = '/require/certext/index.html';
+
+ok GET_RC($url, cert => undef) != 200;
+
+ok GET_RC($url, cert => 'client_ok') == 200;
+
+ok GET_RC($url, cert => 'client_snakeoil') != 200;
+