From: William Lallemand Date: Wed, 3 May 2023 13:54:49 +0000 (+0200) Subject: REGTESTS: ssl: simplify X509_V code check in ssl_client_auth.vtc X-Git-Tag: v2.8-dev10~70 X-Git-Url: http://git.ipfire.org/?a=commitdiff_plain;h=a415e895a93d2ca33abcc32d028e5e065fb38f7a;p=thirdparty%2Fhaproxy.git REGTESTS: ssl: simplify X509_V code check in ssl_client_auth.vtc simplify the X509_V code check in ssl_client_auth.vtc --- diff --git a/reg-tests/ssl/ssl_client_auth.vtc b/reg-tests/ssl/ssl_client_auth.vtc index d806141528..ab8ba18fc3 100644 --- a/reg-tests/ssl/ssl_client_auth.vtc +++ b/reg-tests/ssl/ssl_client_auth.vtc @@ -50,14 +50,7 @@ haproxy h1 -conf { # crl-file: revocation list for client auth: the client1 certificate is revoked bind "${tmpdir}/ssl.sock" ssl crt ${testdir}/common.pem ca-file ${testdir}/ca-auth.crt verify optional crt-ignore-err X509_V_ERR_CERT_REVOKED,X509_V_ERR_CERT_HAS_EXPIRED crl-file ${testdir}/crl-auth.pem - acl cert_expired ssl_c_verify,x509_v_err_str -m str X509_V_ERR_CERT_HAS_EXPIRED - acl cert_revoked ssl_c_verify,x509_v_err_str -m str X509_V_ERR_CERT_REVOKED - acl cert_ok ssl_c_verify,x509_v_err_str -m str X509_V_OK - - http-response add-header X-SSL Ok if cert_ok - http-response add-header X-SSL Expired if cert_expired - http-response add-header X-SSL Revoked if cert_revoked - + http-response add-header X-SSL %[ssl_c_verify,x509_v_err_str] server s1 ${s1_addr}:${s1_port} } -start @@ -65,19 +58,19 @@ client c1 -connect ${h1_clearlst_sock} { txreq rxresp expect resp.status == 200 - expect resp.http.x-ssl == "Ok" + expect resp.http.x-ssl == "X509_V_OK" } -run client c1 -connect ${h1_clearlst_sock} { txreq rxresp expect resp.status == 200 - expect resp.http.x-ssl == "Expired" + expect resp.http.x-ssl == "X509_V_ERR_CERT_HAS_EXPIRED" } -run client c1 -connect ${h1_clearlst_sock} { txreq rxresp expect resp.status == 200 - expect resp.http.x-ssl == "Revoked" + expect resp.http.x-ssl == "X509_V_ERR_CERT_REVOKED" } -run