From: Stefan Eissing <stefan@eissing.org>
Date: Mon, 28 Oct 2024 10:59:06 +0000 (+0100)
Subject: tests/http: add --insecure tests
X-Git-Tag: curl-8_11_0~44
X-Git-Url: http://git.ipfire.org/gitweb.cgi?a=commitdiff_plain;h=701813b23f56acb37b8cdcb3afbecb8caa4396c5;p=thirdparty%2Fcurl.git

tests/http: add --insecure tests

Add two test cases that connection using a hostname the server has no
certificate for. First, verify that the peer verification fail, as
expected. Second, provide '--insecure' to test that the connection
succeeded and returned some data.

Closes #15429
---

diff --git a/tests/http/test_17_ssl_use.py b/tests/http/test_17_ssl_use.py
index 197a5b4f92..f129b11018 100644
--- a/tests/http/test_17_ssl_use.py
+++ b/tests/http/test_17_ssl_use.py
@@ -341,3 +341,28 @@ class TestSSLUse:
             if m:
                 reused_session = True
         assert reused_session, f'{r}\n{r.dump_logs()}'
+
+    # use host name server has no certificate for
+    @pytest.mark.parametrize("proto", ['http/1.1', 'h2', 'h3'])
+    def test_17_11_wrong_host(self, env: Env, proto):
+        if proto == 'h3' and not env.have_h3():
+            pytest.skip("h3 not supported")
+        curl = CurlClient(env=env)
+        domain = f'insecure.{env.tld}'
+        url = f'https://{domain}:{env.port_for(proto)}/curltest/sslinfo'
+        r = curl.http_get(url=url, alpn_proto=proto)
+        assert r.exit_code == 60, f'{r}'
+
+    # use host name server has no cert for with --insecure
+    @pytest.mark.parametrize("proto", ['http/1.1', 'h2', 'h3'])
+    def test_17_12_insecure(self, env: Env, proto):
+        if proto == 'h3' and not env.have_h3():
+            pytest.skip("h3 not supported")
+        curl = CurlClient(env=env)
+        domain = f'insecure.{env.tld}'
+        url = f'https://{domain}:{env.port_for(proto)}/curltest/sslinfo'
+        r = curl.http_get(url=url, alpn_proto=proto, extra_args=[
+            '--insecure'
+        ])
+        assert r.exit_code == 0, f'{r}'
+        assert r.json, f'{r}'
diff --git a/tests/http/testenv/env.py b/tests/http/testenv/env.py
index 3998be980f..5d6ec176fa 100644
--- a/tests/http/testenv/env.py
+++ b/tests/http/testenv/env.py
@@ -460,6 +460,10 @@ class Env:
     def htdocs_dir(self) -> str:
         return self.CONFIG.htdocs_dir
 
+    @property
+    def tld(self) -> str:
+        return self.CONFIG.tld
+
     @property
     def domain1(self) -> str:
         return self.CONFIG.domain1