From 25603eae9f8d3c2a6af3c5efb12b4a826776e300 Mon Sep 17 00:00:00 2001
From: Andrei Zeliankou <zelenkov@nginx.com>
Date: Wed, 12 May 2021 14:37:25 +0100
Subject: Tests: added test for TLS with IP in SAN.

---
 test/test_tls.py | 23 +++++++++++++++++++++++
 1 file changed, 23 insertions(+)

(limited to 'test/test_tls.py')

diff --git a/test/test_tls.py b/test/test_tls.py
index d4d1900c..3ab6f7d7 100644
--- a/test/test_tls.py
+++ b/test/test_tls.py
@@ -423,6 +423,29 @@ basicConstraints = critical,CA:TRUE"""
         }, 'subject alt_names'
         assert cert['chain'][0]['issuer']['common_name'] == 'root', 'issuer'
 
+    def test_tls_certificate_empty_cn_san_ip(self):
+        self.certificate('root', False)
+
+        self.openssl_conf(
+            rewrite=True,
+            alt_names=['example.com', 'www.example.net', 'IP|10.0.0.1'],
+        )
+
+        self.req(subject='/')
+
+        self.generate_ca_conf()
+        self.ca()
+
+        self.set_certificate_req_context()
+
+        assert 'success' in self.certificate_load('localhost', 'localhost')
+
+        cert = self.conf_get('/certificates/localhost')
+        assert cert['chain'][0]['subject'] == {
+            'alt_names': ['example.com', 'www.example.net']
+        }, 'subject alt_names'
+        assert cert['chain'][0]['issuer']['common_name'] == 'root', 'issuer'
+
     @pytest.mark.skip('not yet')
     def test_tls_reconfigure(self):
         self.load('empty')
-- 
cgit