source: mod_gnutls/test/tests/35_client_reauth/test.yml @ 9db4dcd

proxy-ticket
Last change on this file since 9db4dcd was 9db4dcd, checked in by Fiona Klute <fiona.klute@…>, 10 months ago

Handle GNUTLS_E_GOT_APPLICATION_DATA on gnutls_reauth()

Pending application data is cached in the connection input buffer, so
repeated attempts won't cause more memory allocations. If the buffer
is too small HTTP_REQUEST_ENTITY_TOO_LARGE is sent to the client.

The reauthentication test now contains a POST request so this code
path may (!) be taken during the test suite run.

  • Property mode set to 100644
File size: 1.4 KB
Line 
1!connection
2description: >-
3  There's no authentication needed on handshake, but the server will
4  require reauth to serve the second request.
5gnutls_params:
6  - x509cafile=authority/x509.pem
7  - x509keyfile=authority/client/secret.key
8  - x509certfile=authority/client/x509.pem
9  - post-handshake-auth
10actions:
11  - !request
12    path: /test.txt
13    expect:
14      status: 200
15      body:
16        exactly: |
17          test
18  - !request
19    method: POST
20    path: /secret/mirror.cgi
21    body: |
22      GNUTLS_E_GOT_APPLICATION_DATA can (randomly, depending on
23      timing) happen with a request containing a body. According to
24      https://tools.ietf.org/html/rfc8446#appendix-E.1.2
25      post-handshake authentication proves that the authenticated
26      party is the one that did the handshake, so caching the data
27      is appropriate.
28    expect:
29      status: 200
30      body:
31        exactly: |
32          GNUTLS_E_GOT_APPLICATION_DATA can (randomly, depending on
33          timing) happen with a request containing a body. According to
34          https://tools.ietf.org/html/rfc8446#appendix-E.1.2
35          post-handshake authentication proves that the authenticated
36          party is the one that did the handshake, so caching the data
37          is appropriate.
38  - !request
39    method: GET
40    path: /secret/test.txt
41    expect:
42      status: 200
43      body:
44        exactly: |
45          top secret
Note: See TracBrowser for help on using the repository browser.