aboutsummaryrefslogtreecommitdiff
path: root/tests/data/test2035
diff options
context:
space:
mode:
authormoparisthebest <admin@moparisthebest.com>2014-09-30 22:31:17 -0400
committerDaniel Stenberg <daniel@haxx.se>2014-10-07 14:44:19 +0200
commit93e450793ce289925dfd1d5e3b2d14e781f8dfd4 (patch)
tree3ceea898922e067a4a692204f6388ab633deebef /tests/data/test2035
parentd1b56d00439ab26d7fc43e37ab18ae331ddc400d (diff)
SSL: implement public key pinning
Option --pinnedpubkey takes a path to a public key in DER format and only connect if it matches (currently only implemented with OpenSSL). Provides CURLOPT_PINNEDPUBLICKEY for curl_easy_setopt(). Extract a public RSA key from a website like so: openssl s_client -connect google.com:443 2>&1 < /dev/null | \ sed -n '/-----BEGIN/,/-----END/p' | openssl x509 -noout -pubkey \ | openssl rsa -pubin -outform DER > google.com.der
Diffstat (limited to 'tests/data/test2035')
-rw-r--r--tests/data/test203543
1 files changed, 43 insertions, 0 deletions
diff --git a/tests/data/test2035 b/tests/data/test2035
new file mode 100644
index 000000000..8591be271
--- /dev/null
+++ b/tests/data/test2035
@@ -0,0 +1,43 @@
+<testcase>
+<info>
+<keywords>
+HTTPS
+HTTP GET
+PEM certificate
+</keywords>
+</info>
+
+#
+# Server-side
+<reply>
+</reply>
+
+#
+# Client-side
+<client>
+<features>
+SSL
+</features>
+<server>
+https Server-localhost-sv.pem
+</server>
+ <name>
+HTTPS wrong pinnedpubkey but right CN
+ </name>
+ <command>
+--cacert %SRCDIR/certs/EdelCurlRoot-ca.crt --pinnedpubkey %SRCDIR/certs/Server-localhost-sv.der https://localhost:%HTTPSPORT/2035
+</command>
+# Ensure that we're running on localhost because we're checking the host name
+<precheck>
+perl -e "print 'Test requires default test server host' if ( '%HOSTIP' ne '127.0.0.1' );"
+</precheck>
+</client>
+
+#
+# Verify data after the test has been "shot"
+<verify>
+<errorcode>
+90
+</errorcode>
+</verify>
+</testcase>