From: Tomas Krizek <tomas.krizek@nic.cz>
Date: Fri, 14 Jun 2019 14:58:40 +0000 (+0200)
Subject: http/test_tls: add test for chain certificates
X-Git-Tag: v4.1.0~20^2~1
X-Git-Url: http://git.ipfire.org/cgi-bin/gitweb.cgi?a=commitdiff_plain;h=7d9e7c8fb2fb6e34bdb0393635d756f058308c44;p=thirdparty%2Fknot-resolver.git

http/test_tls: add test for chain certificates
---

diff --git a/modules/http/test_tls/tls.test.lua b/modules/http/test_tls/tls.test.lua
index 5327e193e..ccb6a2498 100644
--- a/modules/http/test_tls/tls.test.lua
+++ b/modules/http/test_tls/tls.test.lua
@@ -148,6 +148,31 @@ else
 			}}, desc)
 	end
 
+	local function test_certificate_chain()
+		local desc = 'config with certificate chain (with intermediate CA cert)'
+		local host, port = setup_module(desc,
+			{
+				tls = true,
+				cert = 'chain.crt',
+				key = 'test.key',
+			})
+		local uri = string.format('https://%s:%d', host, port)
+		local req = request.new_from_uri(uri)
+		req.ctx = openssl_ctx.new()
+
+		if not req.ctx.setCertificateChain then
+			pass(string.format('SKIP (luaossl <= 20181207) - %s', desc))
+		else
+			local store = req.ctx:getStore()
+			store:add('ca.crt')
+			req.ctx:setVerify(openssl_ctx.VERIFY_PEER)
+
+			local headers = assert(req:go())
+			local code = tonumber(headers:get(':status'))
+			same(code, 200, desc)
+		end
+	end
+
 
 	-- plan tests
 	local tests = {
@@ -159,7 +184,8 @@ else
 		test_nonexistent_key,
 		test_missing_key_param,
 		test_broken_cert,
-		test_broken_key
+		test_broken_key,
+		test_certificate_chain,
 	}
 
 	return tests