Skip to content

slapos
slapos
Commit f99d53ea authored by Łukasz Nowak's avatar Łukasz Nowak
Browse files
Options

caddy-frontend: Prove that empty ssl_proxy_ca_crt is correctly rejected

parent cf57840d
Hide whitespace changes
Inline Side-by-side
Showing with 18 additions and 2 deletions
software/caddy-frontend/test/test.py
View file @ f99d53ea
...@@ -6071,6 +6071,11 @@ class TestSlaveRejectReportUnsafeDamaged(SlaveHttpFrontendTestCase): ...@@ -6071,6 +6071,11 @@ class TestSlaveRejectReportUnsafeDamaged(SlaveHttpFrontendTestCase):
'ssl-proxy-verify': True, 'ssl-proxy-verify': True,
'ssl_proxy_ca_crt': 'damaged', 'ssl_proxy_ca_crt': 'damaged',
}, },
'ssl-proxy-verify_ssl_proxy_ca_crt_empty': {
'url': cls.backend_https_url,
'ssl-proxy-verify': True,
'ssl_proxy_ca_crt': '',
},
'bad-backend': { 'bad-backend': {
'url': 'http://1:2:3:4', 'url': 'http://1:2:3:4',
'https-url': 'http://host.domain:badport', 'https-url': 'http://host.domain:badport',
...@@ -6147,8 +6152,8 @@ class TestSlaveRejectReportUnsafeDamaged(SlaveHttpFrontendTestCase): ...@@ -6147,8 +6152,8 @@ class TestSlaveRejectReportUnsafeDamaged(SlaveHttpFrontendTestCase):
'backend-client-caucase-url': 'http://[%s]:8990' % self._ipv6_address, 'backend-client-caucase-url': 'http://[%s]:8990' % self._ipv6_address,
'domain': 'example.com', 'domain': 'example.com',
'accepted-slave-amount': '7', 'accepted-slave-amount': '7',
'rejected-slave-amount': '13', 'rejected-slave-amount': '14',
'slave-amount': '20', 'slave-amount': '21',
'rejected-slave-dict': { 'rejected-slave-dict': {
'_https-url': ['slave https-url "https://[fd46::c2ae]:!py!u\'123123\'"' '_https-url': ['slave https-url "https://[fd46::c2ae]:!py!u\'123123\'"'
' invalid'], ' invalid'],
...@@ -6156,6 +6161,9 @@ class TestSlaveRejectReportUnsafeDamaged(SlaveHttpFrontendTestCase): ...@@ -6156,6 +6161,9 @@ class TestSlaveRejectReportUnsafeDamaged(SlaveHttpFrontendTestCase):
'_ssl-proxy-verify_ssl_proxy_ca_crt_damaged': [ '_ssl-proxy-verify_ssl_proxy_ca_crt_damaged': [
'ssl_proxy_ca_crt is invalid' 'ssl_proxy_ca_crt is invalid'
], ],
'_ssl-proxy-verify_ssl_proxy_ca_crt_empty': [
'ssl_proxy_ca_crt is invalid'
],
'_bad-ciphers': [ '_bad-ciphers': [
"Cipher 'bad' is not supported.", "Cipher 'bad' is not supported.",
"Cipher 'again' is not supported." "Cipher 'again' is not supported."
...@@ -6222,6 +6230,14 @@ class TestSlaveRejectReportUnsafeDamaged(SlaveHttpFrontendTestCase): ...@@ -6222,6 +6230,14 @@ class TestSlaveRejectReportUnsafeDamaged(SlaveHttpFrontendTestCase):
parameter_dict parameter_dict
) )
def test_ssl_proxy_verify_ssl_proxy_ca_crt_empty(self):
parameter_dict = self.parseSlaveParameterDict(
'ssl-proxy-verify_ssl_proxy_ca_crt_empty')
self.assertEqual(
{'request-error-list': ["ssl_proxy_ca_crt is invalid"]},
parameter_dict
)
def test_server_alias_same(self): def test_server_alias_same(self):
parameter_dict = self.parseSlaveParameterDict('server-alias-same') parameter_dict = self.parseSlaveParameterDict('server-alias-same')
self.assertLogAccessUrlWithPop(parameter_dict) self.assertLogAccessUrlWithPop(parameter_dict)
......
Markdown is supported
0% or
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment
GitLab Nexedi Edition | About GitLab | About Nexedi | 沪ICP备2021021310号-2 | 沪ICP备2021021310号-7