diff options
author | Andrei Zeliankou <zelenkov@nginx.com> | 2021-05-12 14:37:25 +0100 |
---|---|---|
committer | Andrei Zeliankou <zelenkov@nginx.com> | 2021-05-12 14:37:25 +0100 |
commit | 25603eae9f8d3c2a6af3c5efb12b4a826776e300 (patch) | |
tree | 6faeade5a5d955b257f45380d40a6e09180fd979 /test | |
parent | a0c083af208cd9f676bb56762b4e27a3174a773d (diff) | |
download | unit-25603eae9f8d3c2a6af3c5efb12b4a826776e300.tar.gz unit-25603eae9f8d3c2a6af3c5efb12b4a826776e300.tar.bz2 |
Tests: added test for TLS with IP in SAN.
Diffstat (limited to 'test')
-rw-r--r-- | test/test_tls.py | 23 | ||||
-rw-r--r-- | test/unit/applications/tls.py | 9 |
2 files changed, 30 insertions, 2 deletions
diff --git a/test/test_tls.py b/test/test_tls.py index d4d1900c..3ab6f7d7 100644 --- a/test/test_tls.py +++ b/test/test_tls.py @@ -423,6 +423,29 @@ basicConstraints = critical,CA:TRUE""" }, 'subject alt_names' assert cert['chain'][0]['issuer']['common_name'] == 'root', 'issuer' + def test_tls_certificate_empty_cn_san_ip(self): + self.certificate('root', False) + + self.openssl_conf( + rewrite=True, + alt_names=['example.com', 'www.example.net', 'IP|10.0.0.1'], + ) + + self.req(subject='/') + + self.generate_ca_conf() + self.ca() + + self.set_certificate_req_context() + + assert 'success' in self.certificate_load('localhost', 'localhost') + + cert = self.conf_get('/certificates/localhost') + assert cert['chain'][0]['subject'] == { + 'alt_names': ['example.com', 'www.example.net'] + }, 'subject alt_names' + assert cert['chain'][0]['issuer']['common_name'] == 'root', 'issuer' + @pytest.mark.skip('not yet') def test_tls_reconfigure(self): self.load('empty') diff --git a/test/unit/applications/tls.py b/test/unit/applications/tls.py index 95eeac55..583b618f 100644 --- a/test/unit/applications/tls.py +++ b/test/unit/applications/tls.py @@ -76,9 +76,14 @@ class TestApplicationTLS(TestApplicationProto): # Generates alt_names section with dns names a_names = "[alt_names]\n" for i, k in enumerate(alt_names, 1): - a_names += "DNS.%d = %s\n" % (i, k) + k = k.split('|') - # Generates section for sign request extension + if k[0] == 'IP': + a_names += "IP.%d = %s\n" % (i, k[1]) + else: + a_names += "DNS.%d = %s\n" % (i, k[0]) + + # Generates section for sign request extension a_sec = """req_extensions = myca_req_extensions [ myca_req_extensions ] |