mirror/curl
2
0
Fork 0
mirror of https://github.com/curl/curl.git synced 2024-12-15 06:40:09 +08:00
Code Issues Packages Projects Releases Wiki Activity
c6d97bcea6
curl/tests/data/test2087
Paul Howarth ef07452a5c
tests: avoid use of sha1 in certificates 
The SHA-1 algorithm is deprecated (particularly for security-sensitive
applications) in a variety of OS environments. This already affects
RHEL-9 and derivatives, which are not willing to use certificates using
that algorithm. The fix is to use sha256 instead, which is already used
for most of the other certificates in the test suite.

Fixes #10135

This gets rid of issues related to sha1 signatures.

Manual steps after "make clean-certs" and "make build-certs":

- Copy tests/certs/stunnel-sv.pem to tests/stunnel.pem
  (make clean-certs does not remove the original tests/stunnel.pem)

- Copy tests/certs/Server-localhost-sv.pubkey-pinned into --pinnedpubkey
  options of tests/data/test2041 and tests/data/test2087

Closes #10153
2022-12-26 09:47:43 +01:00

62 lines
1.1 KiB
Plaintext
Raw Blame History

<testcase>
<info>
<keywords>
HTTPS
HTTP GET
PEM certificate
</keywords>
</info>
#
# Server-side
<reply>
<data>
HTTP/1.1 200 OK
Date: Tue, 09 Nov 2010 14:49:00 GMT
Server: test-server/fake
Content-Length: 7
MooMoo
</data>
</reply>
#
# Client-side
<client>
<features>
SSL
SSLpinning
Schannel
</features>
<server>
https Server-localhost-sv.pem
</server>
<name>
simple HTTPS GET with base64-sha256 public key pinning (Schannel variant)
</name>
<setenv>
# This test is pointless if we're not using the schannel backend
CURL_SSL_BACKEND=schannel
</setenv>
<command>
--cacert %SRCDIR/certs/EdelCurlRoot-ca.crt --pinnedpubkey sha256//AAUDLk4c98xcFUDvA9i/MnA9HuO03IPi15r+Cx9OXnc= --ssl-revoke-best-effort https://localhost:%HTTPSPORT/%TESTNUMBER
</command>
# Ensure that we're running on localhost because we're checking the host name
<precheck>
perl -e "print 'Test requires default test server host' if ( '%HOSTIP' ne '127.0.0.1' );"
</precheck>
</client>
#
# Verify data after the test has been "shot"
<verify>
<protocol>
GET /%TESTNUMBER HTTP/1.1
Host: localhost:%HTTPSPORT
User-Agent: curl/%VERSION
Accept: */*
</protocol>
</verify>
</testcase>
Reference in New Issue View Git Blame Copy Permalink