mirror of
https://github.com/curl/curl.git
synced 2024-12-15 06:40:09 +08:00
b3e1ed3160
Adds Schannel variants of SSLpinning tests that include the option --ssl-revoke-best-effort to ignore certificate revocation check failures which is required due to our custom test CA certificate. Disable the original variants if the Schannel backend is enabled. Also skip all IDN tests which are broken while using an msys shell. This is a step to simplify test exclusions for Windows and MinGW. Reviewed-by: Jay Satiro Reviewed-by: Marcel Raad Reviewed-by: Daniel Stenberg Closes #7968
62 lines
1.1 KiB
Plaintext
62 lines
1.1 KiB
Plaintext
<testcase>
|
|
<info>
|
|
<keywords>
|
|
HTTPS
|
|
HTTP GET
|
|
PEM certificate
|
|
</keywords>
|
|
</info>
|
|
|
|
#
|
|
# Server-side
|
|
<reply>
|
|
<data>
|
|
HTTP/1.1 200 OK
|
|
Date: Tue, 09 Nov 2010 14:49:00 GMT
|
|
Server: test-server/fake
|
|
Content-Length: 7
|
|
|
|
MooMoo
|
|
</data>
|
|
</reply>
|
|
|
|
#
|
|
# Client-side
|
|
<client>
|
|
<features>
|
|
SSL
|
|
SSLpinning
|
|
Schannel
|
|
</features>
|
|
<server>
|
|
https Server-localhost-sv.pem
|
|
</server>
|
|
<name>
|
|
simple HTTPS GET with DER public key pinning (Schannel variant)
|
|
</name>
|
|
<setenv>
|
|
# This test is pointless if we're not using the schannel backend
|
|
CURL_SSL_BACKEND=schannel
|
|
</setenv>
|
|
<command>
|
|
--cacert %SRCDIR/certs/EdelCurlRoot-ca.crt --pinnedpubkey %SRCDIR/certs/Server-localhost-sv.pub.der --ssl-revoke-best-effort https://localhost:%HTTPSPORT/%TESTNUMBER
|
|
</command>
|
|
# Ensure that we're running on localhost because we're checking the host name
|
|
<precheck>
|
|
perl -e "print 'Test requires default test server host' if ( '%HOSTIP' ne '127.0.0.1' );"
|
|
</precheck>
|
|
</client>
|
|
|
|
#
|
|
# Verify data after the test has been "shot"
|
|
<verify>
|
|
<protocol>
|
|
GET /%TESTNUMBER HTTP/1.1
|
|
Host: localhost:%HTTPSPORT
|
|
User-Agent: curl/%VERSION
|
|
Accept: */*
|
|
|
|
</protocol>
|
|
</verify>
|
|
</testcase>
|