mirror of
https://github.com/curl/curl.git
synced 2024-12-27 06:59:43 +08:00
93e450793c
Option --pinnedpubkey takes a path to a public key in DER format and only connect if it matches (currently only implemented with OpenSSL). Provides CURLOPT_PINNEDPUBLICKEY for curl_easy_setopt(). Extract a public RSA key from a website like so: openssl s_client -connect google.com:443 2>&1 < /dev/null | \ sed -n '/-----BEGIN/,/-----END/p' | openssl x509 -noout -pubkey \ | openssl rsa -pubin -outform DER > google.com.der
44 lines
731 B
Plaintext
44 lines
731 B
Plaintext
<testcase>
|
|
<info>
|
|
<keywords>
|
|
HTTPS
|
|
HTTP GET
|
|
PEM certificate
|
|
</keywords>
|
|
</info>
|
|
|
|
#
|
|
# Server-side
|
|
<reply>
|
|
</reply>
|
|
|
|
#
|
|
# Client-side
|
|
<client>
|
|
<features>
|
|
SSL
|
|
</features>
|
|
<server>
|
|
https Server-localhost-sv.pem
|
|
</server>
|
|
<name>
|
|
HTTPS wrong pinnedpubkey but right CN
|
|
</name>
|
|
<command>
|
|
--cacert %SRCDIR/certs/EdelCurlRoot-ca.crt --pinnedpubkey %SRCDIR/certs/Server-localhost-sv.der https://localhost:%HTTPSPORT/2035
|
|
</command>
|
|
# Ensure that we're running on localhost because we're checking the host name
|
|
<precheck>
|
|
perl -e "print 'Test requires default test server host' if ( '%HOSTIP' ne '127.0.0.1' );"
|
|
</precheck>
|
|
</client>
|
|
|
|
#
|
|
# Verify data after the test has been "shot"
|
|
<verify>
|
|
<errorcode>
|
|
90
|
|
</errorcode>
|
|
</verify>
|
|
</testcase>
|