tests: Add a test for pinnedpubkey fail even when insecure

Because disabling the peer verification (--insecure) must not disable the public key pinning check (--pinnedpubkey).
2016-01-18 03:10:10 -05:00 · 2016-01-18 03:10:10 -05:00 · d566371130
parent 1074cca8cd
commit d566371130
2 changed files with 42 additions and 1 deletions
--- a/tests/data/Makefile.inc
+++ b/tests/data/Makefile.inc
@ -168,4 +168,5 @@ test2008 test2009 test2010 test2011 test2012 test2013 test2014 test2015 \
 test2016 test2017 test2018 test2019 test2020 test2021 test2022 test2023 \
 test2024 test2025 test2026 test2027 test2028 test2029 test2030 test2031 \
 test2032 test2033 test2034 test2035 test2036 test2037 test2038 test2039 \
-test2040 test2041 test2042 test2043 test2044 test2045 test2046 test2047
+test2040 test2041 test2042 test2043 test2044 test2045 test2046 test2047 \
+test2048
--- a/tests/data/test2048
+++ b/tests/data/test2048
@ -0,0 +1,40 @@
+<testcase>
+<info>
+<keywords>
+HTTPS
+HTTP GET
+PEM certificate
+</keywords>
+</info>
+
+#
+# Server-side
+<reply>
+</reply>
+
+#
+# Client-side
+<client>
+<features>
+SSL
+SSLpinning
+</features>
+<server>
+https Server-localhost-sv.pem
+</server>
+<name>
+pinnedpubkey no-match must fail even when insecure
+</name>
+<command>
+--insecure --cacert %SRCDIR/certs/EdelCurlRoot-ca.crt --pinnedpubkey %SRCDIR/certs/Server-localhost.nn-sv.pub.der https://localhost:%HTTPSPORT/2034
+</command>
+</client>
+
+#
+# Verify data after the test has been "shot"
+<verify>
+<errorcode>
+90
+</errorcode>
+</verify>
+</testcase>