diff options
Diffstat (limited to 'tests/conf/test-srv-verify.cfg')
-rw-r--r-- | tests/conf/test-srv-verify.cfg | 57 |
1 files changed, 57 insertions, 0 deletions
diff --git a/tests/conf/test-srv-verify.cfg b/tests/conf/test-srv-verify.cfg new file mode 100644 index 0000000..e3ccc83 --- /dev/null +++ b/tests/conf/test-srv-verify.cfg @@ -0,0 +1,57 @@ +global + maxconn 490 + stats socket /tmp/sock1 mode 666 level admin + stats timeout 10m + ssl-server-verify none + tune.ssl.default-dh-param 1024 + log /dev/log local0 debug info + +defaults + mode http + log global + option httplog + option dontlognull + timeout connect 5s + timeout http-keep-alive 15s + timeout http-request 15s + timeout queue 30s + timeout tarpit 1m + timeout tunnel 300s + timeout client 30s + timeout server 60s + +listen 1 + bind :8001 + + # passes checks and traffic (no hostname check) + # server ssl 127.0.0.1:8443 ssl verify required check inter 500 ca-file rsa2048.pem + + # passes checks and traffic (localhost is what the server presents) + # server ssl 127.0.0.1:8443 ssl verify required check inter 500 ca-file rsa2048.pem verifyhost localhost + + # fails checks and traffic (foo not matched on the server) + # server ssl 127.0.0.1:8443 ssl verify required check inter 500 ca-file rsa2048.pem verifyhost foo + + # passes checks and traffic (verify none ignores the host) + # server ssl 127.0.0.1:8443 ssl verify none check inter 500 ca-file rsa2048.pem verifyhost foo + + # passes checks and traffic (localhost is fine) + # server ssl 127.0.0.1:8443 ssl verify required check inter 500 ca-file rsa2048.pem sni str(localhost) verifyhost localhost + + # passes checks and traffic (verifyhost overrides sni) + # server ssl 127.0.0.1:8443 ssl verify required check inter 500 ca-file rsa2048.pem sni str(foo) verifyhost localhost + + # passes checks and traffic (localhost always valid) + # server ssl 127.0.0.1:8443 ssl verify required check inter 500 ca-file rsa2048.pem sni str(localhost) + + # passes checks, and traffic without host or with "host: localhost" and fails other hosts. + server ssl 127.0.0.1:8443 ssl verify required check inter 500 ca-file rsa2048.pem sni req.hdr(host) + + # just for tests + #server clear 127.0.0.1:8480 + +listen 2 + bind :8480 + bind :8443 ssl crt rsa2048.pem + stats uri / + |