source: mod_gnutls/test/tests/35_client_reauth/test.yml @ 4f2c988

asyncioproxy-ticket
Last change on this file since 4f2c988 was 4f2c988, checked in by Fiona Klute <fiona.klute@…>, 21 months ago

Send 403 if required client post-handshake authentication fails

This is the (presumed) expected behavior if the initial handshake was
allowed and part of the server is accessible to the client.

  • Property mode set to 100644
File size: 1.8 KB
Line 
1- !connection
2  description: >-
3    There's no authentication needed on handshake, but the server will
4    require reauth to serve the second request.
5  gnutls_params:
6    - x509cafile=authority/x509.pem
7    - x509keyfile=authority/client/secret.key
8    - x509certfile=authority/client/x509.pem
9    - post-handshake-auth
10  actions:
11    - !request
12      path: /test.txt
13      expect:
14        status: 200
15        body:
16          exactly: |
17            test
18    - !request
19      method: POST
20      path: /secret/mirror.cgi
21      body: |
22        GNUTLS_E_GOT_APPLICATION_DATA can (randomly, depending on
23        timing) happen with a request containing a body. According to
24        https://tools.ietf.org/html/rfc8446#appendix-E.1.2
25        post-handshake authentication proves that the authenticated
26        party is the one that did the handshake, so caching the data
27        is appropriate.
28      expect:
29        status: 200
30        body:
31          exactly: |
32            GNUTLS_E_GOT_APPLICATION_DATA can (randomly, depending on
33            timing) happen with a request containing a body. According to
34            https://tools.ietf.org/html/rfc8446#appendix-E.1.2
35            post-handshake authentication proves that the authenticated
36            party is the one that did the handshake, so caching the data
37            is appropriate.
38- !connection
39  description: >-
40    This client has no certificate, so the the second request will
41    receive 403 Forbidden.
42  gnutls_params:
43    - x509cafile=authority/x509.pem
44    - post-handshake-auth
45  actions:
46    - !request
47      path: /test.txt
48      expect:
49        status: 200
50        body:
51          exactly: |
52            test
53    - !request
54      method: GET
55      path: /secret/test.txt
56      expect:
57        status: 403
58        body:
59          contains: Forbidden
Note: See TracBrowser for help on using the repository browser.