summaryrefslogtreecommitdiffhomepage
path: root/test
diff options
context:
space:
mode:
authorAndrei Zeliankou <zelenkov@nginx.com>2021-05-12 14:37:25 +0100
committerAndrei Zeliankou <zelenkov@nginx.com>2021-05-12 14:37:25 +0100
commit25603eae9f8d3c2a6af3c5efb12b4a826776e300 (patch)
tree6faeade5a5d955b257f45380d40a6e09180fd979 /test
parenta0c083af208cd9f676bb56762b4e27a3174a773d (diff)
downloadunit-25603eae9f8d3c2a6af3c5efb12b4a826776e300.tar.gz
unit-25603eae9f8d3c2a6af3c5efb12b4a826776e300.tar.bz2
Tests: added test for TLS with IP in SAN.
Diffstat (limited to '')
-rw-r--r--test/test_tls.py23
-rw-r--r--test/unit/applications/tls.py9
2 files changed, 30 insertions, 2 deletions
diff --git a/test/test_tls.py b/test/test_tls.py
index d4d1900c..3ab6f7d7 100644
--- a/test/test_tls.py
+++ b/test/test_tls.py
@@ -423,6 +423,29 @@ basicConstraints = critical,CA:TRUE"""
}, 'subject alt_names'
assert cert['chain'][0]['issuer']['common_name'] == 'root', 'issuer'
+ def test_tls_certificate_empty_cn_san_ip(self):
+ self.certificate('root', False)
+
+ self.openssl_conf(
+ rewrite=True,
+ alt_names=['example.com', 'www.example.net', 'IP|10.0.0.1'],
+ )
+
+ self.req(subject='/')
+
+ self.generate_ca_conf()
+ self.ca()
+
+ self.set_certificate_req_context()
+
+ assert 'success' in self.certificate_load('localhost', 'localhost')
+
+ cert = self.conf_get('/certificates/localhost')
+ assert cert['chain'][0]['subject'] == {
+ 'alt_names': ['example.com', 'www.example.net']
+ }, 'subject alt_names'
+ assert cert['chain'][0]['issuer']['common_name'] == 'root', 'issuer'
+
@pytest.mark.skip('not yet')
def test_tls_reconfigure(self):
self.load('empty')
diff --git a/test/unit/applications/tls.py b/test/unit/applications/tls.py
index 95eeac55..583b618f 100644
--- a/test/unit/applications/tls.py
+++ b/test/unit/applications/tls.py
@@ -76,9 +76,14 @@ class TestApplicationTLS(TestApplicationProto):
# Generates alt_names section with dns names
a_names = "[alt_names]\n"
for i, k in enumerate(alt_names, 1):
- a_names += "DNS.%d = %s\n" % (i, k)
+ k = k.split('|')
- # Generates section for sign request extension
+ if k[0] == 'IP':
+ a_names += "IP.%d = %s\n" % (i, k[1])
+ else:
+ a_names += "DNS.%d = %s\n" % (i, k[0])
+
+ # Generates section for sign request extension
a_sec = """req_extensions = myca_req_extensions
[ myca_req_extensions ]