asyncioproxy-ticket
Last change
on this file since 44188aa was
44188aa,
checked in by Fiona Klute <fiona.klute@…>, 2 years ago
|
Test post-handshake authentication with an untrusted certificate
|
-
Property mode set to
100644
|
File size:
2.3 KB
|
Line | |
---|
1 | - !connection |
---|
2 | description: >- |
---|
3 | There's no authentication needed on handshake, but the server will |
---|
4 | require reauth to serve the second request. |
---|
5 | gnutls_params: |
---|
6 | - x509cafile=authority/x509.pem |
---|
7 | - x509keyfile=authority/client/secret.key |
---|
8 | - x509certfile=authority/client/x509.pem |
---|
9 | - post-handshake-auth |
---|
10 | actions: |
---|
11 | - !request |
---|
12 | path: /test.txt |
---|
13 | expect: |
---|
14 | status: 200 |
---|
15 | body: |
---|
16 | exactly: | |
---|
17 | test |
---|
18 | - !request |
---|
19 | method: POST |
---|
20 | path: /secret/mirror.cgi |
---|
21 | body: | |
---|
22 | GNUTLS_E_GOT_APPLICATION_DATA can (randomly, depending on |
---|
23 | timing) happen with a request containing a body. According to |
---|
24 | https://tools.ietf.org/html/rfc8446#appendix-E.1.2 |
---|
25 | post-handshake authentication proves that the authenticated |
---|
26 | party is the one that did the handshake, so caching the data |
---|
27 | is appropriate. |
---|
28 | expect: |
---|
29 | status: 200 |
---|
30 | body: |
---|
31 | exactly: | |
---|
32 | GNUTLS_E_GOT_APPLICATION_DATA can (randomly, depending on |
---|
33 | timing) happen with a request containing a body. According to |
---|
34 | https://tools.ietf.org/html/rfc8446#appendix-E.1.2 |
---|
35 | post-handshake authentication proves that the authenticated |
---|
36 | party is the one that did the handshake, so caching the data |
---|
37 | is appropriate. |
---|
38 | - !connection |
---|
39 | description: >- |
---|
40 | This client has no certificate, so the the second request will |
---|
41 | receive 403 Forbidden. |
---|
42 | gnutls_params: |
---|
43 | - x509cafile=authority/x509.pem |
---|
44 | - post-handshake-auth |
---|
45 | actions: |
---|
46 | - !request |
---|
47 | path: /test.txt |
---|
48 | expect: |
---|
49 | status: 200 |
---|
50 | body: |
---|
51 | exactly: | |
---|
52 | test |
---|
53 | - !request |
---|
54 | method: GET |
---|
55 | path: /secret/test.txt |
---|
56 | expect: |
---|
57 | status: 403 |
---|
58 | body: |
---|
59 | contains: Forbidden |
---|
60 | - !connection |
---|
61 | description: >- |
---|
62 | This client has an untrusted certificate, so the the second |
---|
63 | request will receive 403 Forbidden. |
---|
64 | gnutls_params: |
---|
65 | - x509cafile=authority/x509.pem |
---|
66 | - x509keyfile=rogueca/rogueclient/secret.key |
---|
67 | - x509certfile=rogueca/rogueclient/x509.pem |
---|
68 | - post-handshake-auth |
---|
69 | actions: |
---|
70 | - !request |
---|
71 | path: /test.txt |
---|
72 | expect: |
---|
73 | status: 200 |
---|
74 | body: |
---|
75 | exactly: | |
---|
76 | test |
---|
77 | - !request |
---|
78 | method: GET |
---|
79 | path: /secret/test.txt |
---|
80 | expect: |
---|
81 | status: 403 |
---|
82 | body: |
---|
83 | contains: Forbidden |
---|
Note: See
TracBrowser
for help on using the repository browser.