Add tests for add-server-certs-to-client-chain feature

This commit is contained in:
ikoz 2016-03-15 14:58:38 +00:00
parent 9b970b0303
commit 776e625413
2 changed files with 62 additions and 0 deletions

View File

@ -999,3 +999,63 @@ class TestProxyChainingSSLReconnect(tservers.HTTPUpstreamProxyTest):
# (both terminated) # (both terminated)
# nothing happened here # nothing happened here
assert self.chain[1].tmaster.state.flow_count() == 2 assert self.chain[1].tmaster.state.flow_count() == 2
class TestHTTPSAddServerCertsToClientChainTrue(tservers.HTTPProxyTest):
ssl = True
add_server_certs_to_client_chain = True
servercert = tutils.test_data.path("data/trusted-server.crt")
ssloptions = pathod.SSLOptions(
cn="trusted-cert",
certs=[
("trusted-cert", servercert)
]
)
def test_add_server_certs_to_client_chain_true(self):
"""
If --add-server-certs-to-client-chain is True, then the client should receive the server's certificates
"""
with open(self.servercert, "rb") as f:
d = f.read()
c1 = SSLCert.from_pem(d)
p = self.pathoc()
print("digest of p.cert[1]: %s"%p.server_certs[1].digest('sha256'))
print("digest of c1.cert[1]: %s"%c1.digest('sha256'))
server_cert_found_in_client_chain = False
for cert in p.server_certs:
if cert.digest('sha256') == c1.digest('sha256'):
server_cert_found_in_client_chain = True
break
assert(server_cert_found_in_client_chain == True)
class TestHTTPSAddServerCertsToClientChainFalse(tservers.HTTPProxyTest):
ssl = True
add_server_certs_to_client_chain = False
servercert = tutils.test_data.path("data/trusted-server.crt")
ssloptions = pathod.SSLOptions(
cn="trusted-cert",
certs=[
("trusted-cert", servercert)
]
)
def test_add_server_certs_to_client_chain_false(self):
"""
If --add-server-certs-to-client-chain is False, then the client should not receive the server's certificates
"""
with open(self.servercert, "rb") as f:
d = f.read()
c1 = SSLCert.from_pem(d)
p = self.pathoc()
server_cert_found_in_client_chain = False
for cert in p.server_certs:
if cert.digest('sha256') == c1.digest('sha256'):
server_cert_found_in_client_chain = True
break
assert(server_cert_found_in_client_chain == False)

View File

@ -86,6 +86,7 @@ class ProxyTestBase(object):
no_upstream_cert = False no_upstream_cert = False
authenticator = None authenticator = None
masterclass = TestMaster masterclass = TestMaster
add_server_certs_to_client_chain = False
@classmethod @classmethod
def setup_class(cls): def setup_class(cls):
@ -129,6 +130,7 @@ class ProxyTestBase(object):
no_upstream_cert = cls.no_upstream_cert, no_upstream_cert = cls.no_upstream_cert,
cadir = cls.cadir, cadir = cls.cadir,
authenticator = cls.authenticator, authenticator = cls.authenticator,
add_server_certs_to_client_chain = cls.add_server_certs_to_client_chain,
) )