RepoMirrors/haproxy
1
0
Fork 0
mirror of http://git.haproxy.org/git/haproxy.git/ synced 2025-01-03 02:32:03 +00:00
Code Issues Packages Projects Releases Wiki Activity

REGTESTS: ssl: simplify X509_V code check in ssl_client_auth.vtc

Browse Source 
simplify the X509_V code check in ssl_client_auth.vtc
This commit is contained in:
William Lallemand 2023-05-03 15:54:49 +02:00
parent 117c7fde06
commit a415e895a9
1 changed files with 4 additions and 11 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

15
reg-tests/ssl/ssl_client_auth.vtc
View File

@ -50,14 +50,7 @@ haproxy h1 -conf {
# crl-file: revocation list for client auth: the client1 certificate is revoked
bind "${tmpdir}/ssl.sock" ssl crt ${testdir}/common.pem ca-file ${testdir}/ca-auth.crt verify optional crt-ignore-err X509_V_ERR_CERT_REVOKED,X509_V_ERR_CERT_HAS_EXPIRED crl-file ${testdir}/crl-auth.pem
acl cert_expired ssl_c_verify,x509_v_err_str -m str X509_V_ERR_CERT_HAS_EXPIRED
acl cert_revoked ssl_c_verify,x509_v_err_str -m str X509_V_ERR_CERT_REVOKED
acl cert_ok ssl_c_verify,x509_v_err_str -m str X509_V_OK
http-response add-header X-SSL Ok if cert_ok
http-response add-header X-SSL Expired if cert_expired
http-response add-header X-SSL Revoked if cert_revoked
http-response add-header X-SSL %[ssl_c_verify,x509_v_err_str]
server s1 ${s1_addr}:${s1_port}
} -start
@ -65,19 +58,19 @@ client c1 -connect ${h1_clearlst_sock} {
txreq
rxresp
expect resp.status == 200
expect resp.http.x-ssl == "Ok"
expect resp.http.x-ssl == "X509_V_OK"
} -run
client c1 -connect ${h1_clearlst_sock} {
txreq
rxresp
expect resp.status == 200
expect resp.http.x-ssl == "Expired"
expect resp.http.x-ssl == "X509_V_ERR_CERT_HAS_EXPIRED"
} -run
client c1 -connect ${h1_clearlst_sock} {
txreq
rxresp
expect resp.status == 200
expect resp.http.x-ssl == "Revoked"
expect resp.http.x-ssl == "X509_V_ERR_CERT_REVOKED"
} -run