summaryrefslogtreecommitdiffstats
path: root/tests/Test-https-badcerts.px
diff options
context:
space:
mode:
authorDaniel Baumann <daniel.baumann@progress-linux.org>2024-05-05 17:38:31 +0000
committerDaniel Baumann <daniel.baumann@progress-linux.org>2024-05-05 17:38:31 +0000
commit252601302d45036817546c533743e5918b6b86e8 (patch)
treebfad3f5be123f000fdb03e26400050dece33d72f /tests/Test-https-badcerts.px
parentInitial commit. (diff)
downloadwget-252601302d45036817546c533743e5918b6b86e8.tar.xz
wget-252601302d45036817546c533743e5918b6b86e8.zip
Adding upstream version 1.21.3.upstream/1.21.3upstream
Signed-off-by: Daniel Baumann <daniel.baumann@progress-linux.org>
Diffstat (limited to 'tests/Test-https-badcerts.px')
-rw-r--r--tests/Test-https-badcerts.px103
1 files changed, 103 insertions, 0 deletions
diff --git a/tests/Test-https-badcerts.px b/tests/Test-https-badcerts.px
new file mode 100644
index 0000000..4ea91d7
--- /dev/null
+++ b/tests/Test-https-badcerts.px
@@ -0,0 +1,103 @@
+#!/usr/bin/env perl
+
+use strict;
+use warnings;
+use POSIX;
+use Socket;
+use WgetFeature qw(https);
+use SSLTest;
+
+###############################################################################
+
+# code, msg, headers, content
+my %urls = (
+ '/somefile.txt' => {
+ code => "200",
+ msg => "Dontcare",
+ headers => {
+ "Content-type" => "text/plain",
+ },
+ content => "blabla",
+ },
+);
+
+my $srcdir;
+if (@ARGV) {
+ $srcdir = shift @ARGV;
+} elsif (defined $ENV{srcdir}) {
+ $srcdir = $ENV{srcdir};
+}
+$srcdir = Cwd::abs_path("$srcdir");
+
+# HOSTALIASES env variable allows us to create hosts file alias.
+my $testhostname = "WgetTestingServer";
+$ENV{'HOSTALIASES'} = "$srcdir/certs/wgethosts";
+
+my $addr = gethostbyname($testhostname);
+unless ($addr)
+{
+ warn "Failed to resolve $testhostname, using $srcdir/certs/wgethosts\n";
+ exit 77;
+}
+unless (inet_ntoa($addr) =~ "127.0.0.1")
+{
+ warn "Unexpected IP for localhost: ".inet_ntoa($addr)."\n";
+ exit 77;
+}
+
+my $cacrt = "$srcdir/certs/test-ca-cert.pem";
+
+# Use expired server certificate
+my $servercrt = "$srcdir/certs/expired.pem";
+my $serverkey = "$srcdir/certs/server-key.pem";
+
+# Try Wget using SSL with expired cert. Expect Failure.
+my $port = 30443;
+my $cmdline = $WgetTest::WGETPATH . " --ca-certificate=$cacrt".
+ " https://$testhostname:$port/somefile.txt";
+my $expected_error_code = 5;
+my %existing_files = (
+);
+
+my %expected_downloaded_files = (
+ 'somefile.txt' => {
+ content => "blabla",
+ },
+);
+
+my $sslsock = SSLTest->new(cmdline => $cmdline,
+ input => \%urls,
+ errcode => $expected_error_code,
+ existing => \%existing_files,
+ output => \%expected_downloaded_files,
+ certfile => $servercrt,
+ keyfile => $serverkey,
+ lhostname => $testhostname,
+ sslport => $port);
+if ($sslsock->run() == 0)
+{
+ exit -1;
+}
+print "Test successful.\n";
+
+# Use certificate that is not yet valid
+$servercrt = "$srcdir/certs/invalid.pem";
+$serverkey = "$srcdir/certs/server-key.pem";
+
+# Retry the test with --no-check-certificate. expect success
+$port = 20443;
+$cmdline = $WgetTest::WGETPATH . " --ca-certificate=$cacrt".
+ " https://$testhostname:$port/somefile.txt";
+
+$expected_error_code = 5;
+
+my $retryssl = SSLTest->new(cmdline => $cmdline,
+ input => \%urls,
+ errcode => $expected_error_code,
+ existing => \%existing_files,
+ certfile => $servercrt,
+ keyfile => $serverkey,
+ lhostname => $testhostname,
+ sslport => $port);
+exit $retryssl->run();
+# vim: et ts=4 sw=4