Changeset be2ad50 in mod_gnutls for test/tests


Ignore:
Timestamp:
Sep 25, 2020, 4:19:27 PM (10 months ago)
Author:
Fiona Klute <fiona.klute@…>
Branches:
asyncio, master
Children:
f363569
Parents:
cbc3477
Message:

Create untrusted, but otherwise good certificate for validation test

The previous "imposter" certificate would've already failed the
hostname check. It's still used in SNI tests, to be replaced with a
better fitting certificate later.

Location:
test/tests/21_TLS_reverse_proxy_wrong_cert
Files:
2 edited

Legend:

Unmodified
Added
Removed
  • test/tests/21_TLS_reverse_proxy_wrong_cert/backend.conf

    rcbc3477 rbe2ad50  
    66 ServerName ${BACKEND_HOST}
    77 GnuTLSEnable On
    8  GnuTLSCertificateFile  authority/imposter/x509.pem
    9  GnuTLSKeyFile          authority/imposter/secret.key
     8 GnuTLSCertificateFile  rogueca/imposter/x509.pem
     9 GnuTLSKeyFile          rogueca/imposter/secret.key
    1010</VirtualHost>
  • test/tests/21_TLS_reverse_proxy_wrong_cert/test.yaml

    rcbc3477 rbe2ad50  
    1818  description: >-
    1919    Check if the proxy itself works correctly and presents the
    20     expected bad certificate
     20    expected untrusted certificate
    2121  host: '${BACKEND_HOST}'
    2222  port: '${BACKEND_PORT}'
    2323  gnutls_params:
    24     - x509cafile=authority/x509.pem
    25     - verify-hostname=imposter.example
     24    - x509cafile=rogueca/x509.pem
    2625  actions:
    2726    - !request
Note: See TracChangeset for help on using the changeset viewer.