blob: 8ec850507e6b9db81fbf7a9e006a7e57bb40adb4 (
plain)
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
|
use strict;
use warnings FATAL => 'all';
use Apache::Test;
use Apache::TestSSLCA;
use Apache::TestRequest;
use Apache::TestConfig ();
#if keepalives are on, renegotiation not happen again once
#a client cert is presented. so on test #3, the cert from #2
#will be used. this test scenerio would never
#happen in real-life, so just disable keepalives here.
Apache::TestRequest::user_agent_keepalive(0);
my $url = '/index.html';
Apache::TestRequest::scheme('https');
Apache::TestRequest::module('ssl_ocsp');
my $openssl = Apache::TestSSLCA::openssl();
if (!have_min_apache_version('2.4.26')
or `$openssl list -commands 2>&1` !~ /ocsp/) {
print "1..0 # skip: No OpenSSL or mod_ssl OCSP support";
exit 0;
}
plan tests => 3, need_lwp;
my $r;
sok {
$r = GET $url, cert => undef;
my $message = $r->content() || '';
my $warning = $r->header('Client-Warning') || '';
print "warning: $warning\n";
print "message: $message";
print "response:\n";
print $r->as_string;
$r->code == 500 && $warning =~ 'Internal response' &&
$message =~ /alert handshake failure|read failed|closed connection without sending any data/;
};
sok {
$r = GET $url, cert => 'client_ok';
my $warning = $r->header('Client-Warning') || '';
my $message = $r->content() || '';
print "warning: $warning\n";
print "message: $message";
print "response:\n";
print $r->as_string;
$r->code == 200;
};
sok {
$r = GET $url, cert => 'client_revoked';
my $message = $r->content() || '';
my $warning = $r->header('Client-Warning') || '';
print "warning: $warning\n";
print "message: $message";
print "response:\n";
print $r->as_string;
$r->code == 500 && $warning =~ 'Internal response' &&
$message =~ /alert certificate revoked|read failed|closed connection without sending any data/;
};
|
