source: mod_gnutls/test/tests/35_client_reauth/test.yml @ 44188aa

proxy-ticket
Last change on this file since 44188aa was 44188aa, checked in by Fiona Klute <fiona.klute@…>, 10 months ago

Test post-handshake authentication with an untrusted certificate

  • Property mode set to 100644
File size: 2.3 KB
Line 
1- !connection
2  description: >-
3    There's no authentication needed on handshake, but the server will
4    require reauth to serve the second request.
5  gnutls_params:
6    - x509cafile=authority/x509.pem
7    - x509keyfile=authority/client/secret.key
8    - x509certfile=authority/client/x509.pem
9    - post-handshake-auth
10  actions:
11    - !request
12      path: /test.txt
13      expect:
14        status: 200
15        body:
16          exactly: |
17            test
18    - !request
19      method: POST
20      path: /secret/mirror.cgi
21      body: |
22        GNUTLS_E_GOT_APPLICATION_DATA can (randomly, depending on
23        timing) happen with a request containing a body. According to
24        https://tools.ietf.org/html/rfc8446#appendix-E.1.2
25        post-handshake authentication proves that the authenticated
26        party is the one that did the handshake, so caching the data
27        is appropriate.
28      expect:
29        status: 200
30        body:
31          exactly: |
32            GNUTLS_E_GOT_APPLICATION_DATA can (randomly, depending on
33            timing) happen with a request containing a body. According to
34            https://tools.ietf.org/html/rfc8446#appendix-E.1.2
35            post-handshake authentication proves that the authenticated
36            party is the one that did the handshake, so caching the data
37            is appropriate.
38- !connection
39  description: >-
40    This client has no certificate, so the the second request will
41    receive 403 Forbidden.
42  gnutls_params:
43    - x509cafile=authority/x509.pem
44    - post-handshake-auth
45  actions:
46    - !request
47      path: /test.txt
48      expect:
49        status: 200
50        body:
51          exactly: |
52            test
53    - !request
54      method: GET
55      path: /secret/test.txt
56      expect:
57        status: 403
58        body:
59          contains: Forbidden
60- !connection
61  description: >-
62    This client has an untrusted certificate, so the the second
63    request will receive 403 Forbidden.
64  gnutls_params:
65    - x509cafile=authority/x509.pem
66    - x509keyfile=rogueca/rogueclient/secret.key
67    - x509certfile=rogueca/rogueclient/x509.pem
68    - post-handshake-auth
69  actions:
70    - !request
71      path: /test.txt
72      expect:
73        status: 200
74        body:
75          exactly: |
76            test
77    - !request
78      method: GET
79      path: /secret/test.txt
80      expect:
81        status: 403
82        body:
83          contains: Forbidden
Note: See TracBrowser for help on using the repository browser.