diff options
| author | Tomas Krizek <tomas.krizek@nic.cz> | 2019-06-14 16:58:40 +0200 |
|---|---|---|
| committer | Tomas Krizek <tomas.krizek@nic.cz> | 2019-06-18 10:02:07 +0200 |
| commit | 7d9e7c8fb2fb6e34bdb0393635d756f058308c44 (patch) | |
| tree | edc754b8da41983752a4f528474ceaf4d8da4ad7 /modules/http | |
| parent | http/test_tls: add new certificates issued by custom CA (diff) | |
| download | knot-resolver-7d9e7c8fb2fb6e34bdb0393635d756f058308c44.tar.xz knot-resolver-7d9e7c8fb2fb6e34bdb0393635d756f058308c44.zip | |
http/test_tls: add test for chain certificates
Diffstat (limited to 'modules/http')
| -rw-r--r-- | modules/http/test_tls/tls.test.lua | 28 |
1 files changed, 27 insertions, 1 deletions
diff --git a/modules/http/test_tls/tls.test.lua b/modules/http/test_tls/tls.test.lua index 5327e193..ccb6a249 100644 --- a/modules/http/test_tls/tls.test.lua +++ b/modules/http/test_tls/tls.test.lua @@ -148,6 +148,31 @@ else }}, desc) end + local function test_certificate_chain() + local desc = 'config with certificate chain (with intermediate CA cert)' + local host, port = setup_module(desc, + { + tls = true, + cert = 'chain.crt', + key = 'test.key', + }) + local uri = string.format('https://%s:%d', host, port) + local req = request.new_from_uri(uri) + req.ctx = openssl_ctx.new() + + if not req.ctx.setCertificateChain then + pass(string.format('SKIP (luaossl <= 20181207) - %s', desc)) + else + local store = req.ctx:getStore() + store:add('ca.crt') + req.ctx:setVerify(openssl_ctx.VERIFY_PEER) + + local headers = assert(req:go()) + local code = tonumber(headers:get(':status')) + same(code, 200, desc) + end + end + -- plan tests local tests = { @@ -159,7 +184,8 @@ else test_nonexistent_key, test_missing_key_param, test_broken_cert, - test_broken_key + test_broken_key, + test_certificate_chain, } return tests |