You are viewing a plain text version of this content. The canonical link for it is here.
Posted to cvs@httpd.apache.org by jo...@apache.org on 2019/11/21 15:32:10 UTC
svn commit: r1870092 - in /httpd/test/framework/trunk/t:
conf/ssl/ssl.conf.in ssl/pha.t
Author: jorton
Date: Thu Nov 21 15:32:10 2019
New Revision: 1870092
URL: http://svn.apache.org/viewvc?rev=1870092&view=rev
Log:
Update comments for PHA test and also test SSLRenegBufferSize
is applied properly.
Modified:
httpd/test/framework/trunk/t/conf/ssl/ssl.conf.in
httpd/test/framework/trunk/t/ssl/pha.t
Modified: httpd/test/framework/trunk/t/conf/ssl/ssl.conf.in
URL: http://svn.apache.org/viewvc/httpd/test/framework/trunk/t/conf/ssl/ssl.conf.in?rev=1870092&r1=1870091&r2=1870092&view=diff
==============================================================================
--- httpd/test/framework/trunk/t/conf/ssl/ssl.conf.in (original)
+++ httpd/test/framework/trunk/t/conf/ssl/ssl.conf.in Thu Nov 21 15:32:10 2019
@@ -87,6 +87,15 @@
SSLVerifyDepth 10
</Location>
+ # t/ssl/pha.t
+ <Location /require/small>
+ SSLVerifyClient require
+ SSLVerifyDepth 10
+
+ SSLRenegBufferSize 10
+ </Location>
+ Alias /require/small @DocumentRoot@/modules/cgi
+
#t/ssl/require.t
Alias /require/asf @DocumentRoot@
Alias /require/snakeoil @DocumentRoot@
Modified: httpd/test/framework/trunk/t/ssl/pha.t
URL: http://svn.apache.org/viewvc/httpd/test/framework/trunk/t/ssl/pha.t?rev=1870092&r1=1870091&r2=1870092&view=diff
==============================================================================
--- httpd/test/framework/trunk/t/ssl/pha.t (original)
+++ httpd/test/framework/trunk/t/ssl/pha.t Thu Nov 21 15:32:10 2019
@@ -27,16 +27,21 @@ if (!$has_pha) {
exit 0;
}
-plan tests => 3;
+plan tests => 4;
$r = GET("/verify/", cert => undef);
ok t_cmp($r->code, 403, "access must be denied without client certificate");
-# Send a series of POST requests with varying size request bodies.
-# Alternate between the location which requires a AES128-SHA ciphersuite
-# and one which requires AES256-SHA; mod_ssl will attempt to perform the
-# renegotiation between each request, and hence needs to perform the
-# buffering of request body data.
+# SSLRenegBufferSize 10 for this location which should mean a 413
+# error.
+$r = POST("/require/small/perl_echo.pl", content => 'y'x101,
+ cert => 'client_ok');
+ok t_cmp($r->code, 413, "PHA reneg body buffer size restriction works");
+
+# Reset to use a new connection.
+Apache::TestRequest::user_agent(reset => 1);
+Apache::TestRequest::user_agent(ssl_opts => {SSL_version => 'TLSv13'});
+Apache::TestRequest::scheme('https');
$r = POST("/verify/modules/cgi/perl_echo.pl", content => 'x'x10000,
cert => 'client_ok');