"Fossies" - the Fresh Open Source Software Archive

Member "hitch-1.7.2/src/tests/test13-r82.sh" (29 Nov 2021, 2337 Bytes) of package /linux/www/hitch-1.7.2.tar.gz:


As a special service "Fossies" has tried to format the requested source page into HTML format using (guessed) Bash source code syntax highlighting (style: standard) with prefixed line numbers and code folding option. Alternatively you can here view or download the uninterpreted source code file. See also the latest Fossies "Diffs" side-by-side code changes report for "test13-r82.sh": 1.7.0_vs_1.7.2.

A hint: This file contains one or more very long lines, so maybe it is better readable using the pure text view mode that shows the contents as wrapped lines within the browser window.


    1 #!/bin/sh
    2 #
    3 # gh issue #82, per-frontend wildcard certificates
    4 
    5 . hitch_test.sh
    6 
    7 PORT1=$(expr $LISTENPORT + 1301)
    8 PORT2=$(expr $LISTENPORT + 1302)
    9 PORT3=$(expr $LISTENPORT + 1303)
   10 
   11 cat >hitch.cfg <<EOF
   12 backend = "[hitch-tls.org]:80"
   13 
   14 tls = on
   15 ciphers = "ECDHE-RSA-AES128-GCM-SHA256:ECDHE-RSA-AES256-GCM-SHA384:DHE-RSA-AES128-GCM-SHA256:DHE-RSA-AES256-GCM-SHA384:ECDHE-RSA-AES128-SHA256:ECDHE-RSA-AES256-SHA384:ECDHE-RSA-AES128-SHA:ECDHE-RSA-AES256-SHA:DHE-RSA-AES128-SHA256:DHE-RSA-AES256-SHA256:DHE-RSA-AES128-SHA:DHE-RSA-AES256-SHA:DHE-RSA-CAMELLIA128-SHA:DHE-RSA-CAMELLIA256-SHA:AES128-GCM-SHA256:AES256-GCM-SHA384:AES128-SHA:AES256-SHA:CAMELLIA128-SHA:CAMELLIA256-SHA:ECDHE-RSA-DES-CBC3-SHA:DES-CBC3-SHA:!LOW:!MEDIUM"
   16 prefer-server-ciphers = on
   17 ssl-engine = ""
   18 sni-nomatch-abort = on
   19 
   20 workers = 2
   21 backlog = 100
   22 keepalive = 3600
   23 #chroot = "/etc/hitch"
   24 #user = "hitch"
   25 #group = "hitch"
   26 quiet = off
   27 syslog = on
   28 syslog-facility = "daemon"
   29 daemon = on
   30 
   31 write-ip = off
   32 write-proxy-v1 = off
   33 # write-proxy-v2 = on
   34 proxy-proxy = off
   35 
   36 frontend = {
   37   host = "localhost"
   38   port = "$PORT1"
   39   pem-file = "$CERTSDIR/wildcard.example.com"
   40   sni-nomatch-abort = off
   41 }
   42 
   43 frontend = {
   44   host = "localhost"
   45   port = "$PORT2"
   46   pem-file = "$CERTSDIR/wildcard.example.com"
   47   pem-file = "$CERTSDIR/site1.example.com"
   48 }
   49 
   50 frontend = {
   51   host = "localhost"
   52   port = "$PORT3"
   53   pem-file = "$CERTSDIR/site2.example.com"
   54 }
   55 EOF
   56 
   57 start_hitch --config=hitch.cfg
   58 
   59 # Wildcard cert on frontend #1
   60 s_client -servername foo.example.com \
   61     -connect localhost:$PORT1 \
   62     >wildcard1.dump
   63 subject_field_eq CN "*.example.com" wildcard1.dump
   64 
   65 # Wildcard cert on frontend #2
   66 s_client -servername bar.example.com \
   67     -connect localhost:$PORT2 \
   68     >wildcard2.dump
   69 subject_field_eq CN "*.example.com" wildcard2.dump
   70 
   71 # Exact match on frontend #2
   72 s_client -servername site1.example.com \
   73     -connect localhost:$PORT2 \
   74     >exact2.dump
   75 subject_field_eq CN "site1.example.com" exact2.dump
   76 
   77 # Verify that sni-nomatch-abort = off is respected for frontend #1
   78 s_client -servername "asdf" \
   79     -connect localhost:$PORT1 \
   80     >abort1.dump
   81 subject_field_eq CN "*.example.com" abort1.dump
   82 
   83 # And also verify that global setting sni-nomatch-abort = on is respected
   84 # for other frontend
   85 ! s_client -servername "asdf" \
   86     -connect localhost:$PORT3 \
   87     >abort3.dump
   88 run_cmd grep -q 'unrecognize' abort3.dump