You are viewing a plain text version of this content. The canonical link for it is here.
Posted to cvs@httpd.apache.org by jo...@apache.org on 2019/11/21 15:32:10 UTC

svn commit: r1870092 - in /httpd/test/framework/trunk/t: conf/ssl/ssl.conf.in ssl/pha.t

Author: jorton
Date: Thu Nov 21 15:32:10 2019
New Revision: 1870092

URL: http://svn.apache.org/viewvc?rev=1870092&view=rev
Log:
Update comments for PHA test and also test SSLRenegBufferSize
is applied properly.

Modified:
    httpd/test/framework/trunk/t/conf/ssl/ssl.conf.in
    httpd/test/framework/trunk/t/ssl/pha.t

Modified: httpd/test/framework/trunk/t/conf/ssl/ssl.conf.in
URL: http://svn.apache.org/viewvc/httpd/test/framework/trunk/t/conf/ssl/ssl.conf.in?rev=1870092&r1=1870091&r2=1870092&view=diff
==============================================================================
--- httpd/test/framework/trunk/t/conf/ssl/ssl.conf.in (original)
+++ httpd/test/framework/trunk/t/conf/ssl/ssl.conf.in Thu Nov 21 15:32:10 2019
@@ -87,6 +87,15 @@
             SSLVerifyDepth  10
         </Location>
 
+        # t/ssl/pha.t
+        <Location /require/small>
+            SSLVerifyClient require
+            SSLVerifyDepth  10
+
+            SSLRenegBufferSize 10
+        </Location>
+        Alias /require/small      @DocumentRoot@/modules/cgi
+
         #t/ssl/require.t
         Alias /require/asf        @DocumentRoot@
         Alias /require/snakeoil   @DocumentRoot@

Modified: httpd/test/framework/trunk/t/ssl/pha.t
URL: http://svn.apache.org/viewvc/httpd/test/framework/trunk/t/ssl/pha.t?rev=1870092&r1=1870091&r2=1870092&view=diff
==============================================================================
--- httpd/test/framework/trunk/t/ssl/pha.t (original)
+++ httpd/test/framework/trunk/t/ssl/pha.t Thu Nov 21 15:32:10 2019
@@ -27,16 +27,21 @@ if (!$has_pha) {
     exit 0;
 }
 
-plan tests => 3;
+plan tests => 4;
 
 $r = GET("/verify/", cert => undef);
 ok t_cmp($r->code, 403, "access must be denied without client certificate");
 
-# Send a series of POST requests with varying size request bodies.
-# Alternate between the location which requires a AES128-SHA ciphersuite
-# and one which requires AES256-SHA; mod_ssl will attempt to perform the
-# renegotiation between each request, and hence needs to perform the
-# buffering of request body data.
+# SSLRenegBufferSize 10 for this location which should mean a 413
+# error.
+$r = POST("/require/small/perl_echo.pl", content => 'y'x101,
+          cert => 'client_ok');
+ok t_cmp($r->code, 413, "PHA reneg body buffer size restriction works");
+
+# Reset to use a new connection.
+Apache::TestRequest::user_agent(reset => 1);
+Apache::TestRequest::user_agent(ssl_opts => {SSL_version => 'TLSv13'});
+Apache::TestRequest::scheme('https');
 
 $r = POST("/verify/modules/cgi/perl_echo.pl", content => 'x'x10000,
           cert => 'client_ok');