summaryrefslogtreecommitdiffstats
path: root/tests/Test-https-crl.px
diff options
context:
space:
mode:
authorDaniel Baumann <daniel.baumann@progress-linux.org>2024-05-06 03:06:57 +0000
committerDaniel Baumann <daniel.baumann@progress-linux.org>2024-05-06 03:06:57 +0000
commita3eed2c248067f0319cb72bcc8b5e2c7054ea6dc (patch)
treefd79d650c7ffee81608955be5f4fd8edd791834e /tests/Test-https-crl.px
parentInitial commit. (diff)
downloadwget-upstream.tar.xz
wget-upstream.zip
Adding upstream version 1.20.1.upstream/1.20.1upstream
Signed-off-by: Daniel Baumann <daniel.baumann@progress-linux.org>
Diffstat (limited to 'tests/Test-https-crl.px')
-rwxr-xr-xtests/Test-https-crl.px101
1 files changed, 101 insertions, 0 deletions
diff --git a/tests/Test-https-crl.px b/tests/Test-https-crl.px
new file mode 100755
index 0000000..329f035
--- /dev/null
+++ b/tests/Test-https-crl.px
@@ -0,0 +1,101 @@
+#!/usr/bin/env -S perl -I .
+
+use strict;
+use warnings;
+use Socket;
+use WgetFeature qw(https);
+use SSLTest;
+
+###############################################################################
+
+# code, msg, headers, content
+my %urls = (
+ '/somefile.txt' => {
+ code => "200",
+ msg => "Dontcare",
+ headers => {
+ "Content-type" => "text/plain",
+ },
+ content => "blabla",
+ },
+);
+
+my $srcdir;
+if (@ARGV) {
+ $srcdir = shift @ARGV;
+} elsif (defined $ENV{srcdir}) {
+ $srcdir = $ENV{srcdir};
+}
+$srcdir = Cwd::abs_path("$srcdir");
+
+# HOSTALIASES env variable allows us to create hosts file alias.
+my $testhostname = "WgetTestingServer";
+$ENV{'HOSTALIASES'} = "$srcdir/certs/wgethosts";
+
+my $addr = gethostbyname($testhostname);
+unless ($addr)
+{
+ warn "Failed to resolve $testhostname, using $srcdir/certs/wgethosts\n";
+ exit 77;
+}
+unless (inet_ntoa($addr) =~ "127.0.0.1")
+{
+ warn "Unexpected IP for localhost: ".inet_ntoa($addr)."\n";
+ exit 77;
+}
+
+my $cacrt = "$srcdir/certs/test-ca-cert.pem";
+
+# Use a revoked certificate
+my $servercrt = "$srcdir/certs/server-cert.pem";
+my $serverkey = "$srcdir/certs/server-key.pem";
+
+# Try Wget using SSL first without --no-check-certificate. Expect Success.
+my $port = 32443;
+my $cmdline = $WgetTest::WGETPATH . " --ca-certificate=$cacrt".
+ " https://$testhostname:$port/somefile.txt";
+my $expected_error_code = 0;
+my %existing_files = (
+);
+
+my %expected_downloaded_files = (
+ 'somefile.txt' => {
+ content => "blabla",
+ },
+);
+
+my $sslsock = SSLTest->new(cmdline => $cmdline,
+ input => \%urls,
+ errcode => $expected_error_code,
+ existing => \%existing_files,
+ output => \%expected_downloaded_files,
+ certfile => $servercrt,
+ keyfile => $serverkey,
+ lhostname => $testhostname,
+ sslport => $port);
+if ($sslsock->run() != 0)
+{
+ exit -1;
+}
+
+# Revoke the certificate
+my $crlfile = "$srcdir/certs/revoked-crl.pem";
+
+# Retry the test with CRL. Expect Failure.
+$port = 23443;
+$cmdline = $WgetTest::WGETPATH . " --crl-file=$crlfile ".
+ " --ca-certificate=$cacrt".
+ " https://$testhostname:$port/somefile.txt";
+
+$expected_error_code = 5;
+
+my $retryssl = SSLTest->new(cmdline => $cmdline,
+ input => \%urls,
+ errcode => $expected_error_code,
+ existing => \%existing_files,
+ certfile => $servercrt,
+ keyfile => $serverkey,
+ lhostname => $testhostname,
+ sslport => $port);
+exit $retryssl->run();
+# vim: et ts=4 sw=4