httpd-cvs mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From jor...@apache.org
Subject svn commit: r946347 - in /httpd/test/framework/trunk/t: conf/ssl/ssl.conf.in ssl/extlookup.t ssl/require.t
Date Wed, 19 May 2010 19:20:11 GMT
Author: jorton
Date: Wed May 19 19:20:11 2010
New Revision: 946347

URL: http://svn.apache.org/viewvc?rev=946347&view=rev
Log:
- add test for SSLRequire PeerExtList()
- test for the string-rendering hack in ssl_ext_lookup()
- uses an OID stolen from the ASF OID branch; "official" assignment 
  has been requested for the httpd project from akarasulu@

Modified:
    httpd/test/framework/trunk/t/conf/ssl/ssl.conf.in
    httpd/test/framework/trunk/t/ssl/extlookup.t
    httpd/test/framework/trunk/t/ssl/require.t

Modified: httpd/test/framework/trunk/t/conf/ssl/ssl.conf.in
URL: http://svn.apache.org/viewvc/httpd/test/framework/trunk/t/conf/ssl/ssl.conf.in?rev=946347&r1=946346&r2=946347&view=diff
==============================================================================
--- httpd/test/framework/trunk/t/conf/ssl/ssl.conf.in (original)
+++ httpd/test/framework/trunk/t/conf/ssl/ssl.conf.in Wed May 19 19:20:11 2010
@@ -85,6 +85,7 @@
         #t/ssl/require.t
         Alias /require/asf        @DocumentRoot@
         Alias /require/snakeoil   @DocumentRoot@
+        Alias /require/certext    @DocumentRoot@
         Alias /ssl-fakebasicauth  @DocumentRoot@
         Alias /ssl-fakebasicauth2 @DocumentRoot@
         Alias /ssl-cgi            @DocumentRoot@/modules/cgi
@@ -111,6 +112,16 @@
                              {"Staff", "CA", "Dev"} )
         </Location>
 
+        <Location /require/certext>
+            SSLVerifyClient require
+            <IfVersion > 2.3.0>
+               SSLRequire "Lemons" in PeerExtList("1.3.6.1.4.1.18060.12.0")
+            </IfVersion>
+            <IfVersion < 2.3.0>
+               SSLRequire "Lemons" in OID("1.3.6.1.4.1.18060.12.0")
+            </IfVersion>
+        </Location>
+
         <Location /ssl-cgi>
             SSLOptions +StdEnvVars
         </Location>

Modified: httpd/test/framework/trunk/t/ssl/extlookup.t
URL: http://svn.apache.org/viewvc/httpd/test/framework/trunk/t/ssl/extlookup.t?rev=946347&r1=946346&r2=946347&view=diff
==============================================================================
--- httpd/test/framework/trunk/t/ssl/extlookup.t (original)
+++ httpd/test/framework/trunk/t/ssl/extlookup.t Wed May 19 19:20:11 2010
@@ -5,19 +5,25 @@ use Apache::Test;
 use Apache::TestRequest;
 use Apache::TestUtil;
 
-plan tests => 2, need 'test_ssl', need_min_apache_version(2.1);
-
 Apache::TestRequest::scheme("https");
 
-my $oid = "2.16.840.1.113730.1.13"; # Netscape certificate comment
+my %exts = (
+   "2.16.840.1.113730.1.13" => "This Is A Comment",
+   "1.3.6.1.4.1.18060.12.0" => "Lemons",
+);
 
-my $r = GET("/test_ssl_ext_lookup?$oid", cert => 'client_ok');
+plan tests => 2 * (keys %exts), need 'test_ssl', need_min_apache_version(2.1);
 
-ok t_cmp($r->code, 200, "ssl_ext_lookup works");
+my ($actual, $expected, $r, $c);
 
-my $c = $r->content;
+foreach (sort keys %exts) {
+    $r = GET("/test_ssl_ext_lookup?$_", cert => 'client_ok');
+    
+    ok t_cmp($r->code, 200, "ssl_ext_lookup works for $_");
 
-chomp $c;
+    $c = $r->content;
+    chomp $c;
 
-ok t_cmp($c, "This Is A Comment", "Retrieve nsComment extension");
+    ok t_cmp($c, $exts{$_}, "Extension value match for $_");
+}
 

Modified: httpd/test/framework/trunk/t/ssl/require.t
URL: http://svn.apache.org/viewvc/httpd/test/framework/trunk/t/ssl/require.t?rev=946347&r1=946346&r2=946347&view=diff
==============================================================================
--- httpd/test/framework/trunk/t/ssl/require.t (original)
+++ httpd/test/framework/trunk/t/ssl/require.t Wed May 19 19:20:11 2010
@@ -10,7 +10,7 @@ use Apache::TestRequest;
 #happen in real-life, so just disable keepalives here.
 Apache::TestRequest::user_agent_keepalive(0);
 
-plan tests => 5, need_lwp;
+plan tests => 8, need_lwp;
 
 Apache::TestRequest::scheme('https');
 
@@ -28,3 +28,11 @@ ok GET_RC($url, cert => 'client_ok') != 
 
 ok GET_RC($url, cert => 'client_snakeoil') == 200;
 
+$url = '/require/certext/index.html';
+
+ok GET_RC($url, cert => undef) != 200;
+
+ok GET_RC($url, cert => 'client_ok') == 200;
+
+ok GET_RC($url, cert => 'client_snakeoil') != 200;
+



Mime
View raw message