From: Daniel Stenberg <daniel@haxx.se>
Date: Mon, 9 May 2022 06:13:54 +0000 (+0200)
Subject: test440/441: verify HSTS with trailing dots
X-Git-Tag: curl-7_83_1~13
X-Git-Url: http://git.ipfire.org/gitweb.cgi?a=commitdiff_plain;h=ff3ee510c328db03bf171cae6179bb9463fb054f;p=thirdparty%2Fcurl.git

test440/441: verify HSTS with trailing dots
---

diff --git a/tests/data/Makefile.inc b/tests/data/Makefile.inc
index c032c14ed5..7fe1d54c24 100644
--- a/tests/data/Makefile.inc
+++ b/tests/data/Makefile.inc
@@ -72,6 +72,8 @@ test409 test410 test411 test412 test413 \
 \
 test430 test431 test432 test433 test434 test435 test436 \
 \
+test440 test441 \
+\
 test490 test491 test492 test493 test494 \
 \
 test500 test501 test502 test503 test504 test505 test506 test507 test508 \
diff --git a/tests/data/test440 b/tests/data/test440
new file mode 100644
index 0000000000..c640b0231f
--- /dev/null
+++ b/tests/data/test440
@@ -0,0 +1,72 @@
+<testcase>
+<info>
+<keywords>
+HTTP
+HSTS
+trailing-dot
+</keywords>
+</info>
+
+<reply>
+
+# we use this as response to a CONNECT
+<connect nocheck="yes">
+HTTP/1.1 403 not OK at all
+Date: Tue, 09 Nov 2010 14:49:00 GMT
+Server: test-server/fake
+Content-Length: 6
+Connection: close
+Funny-head: yesyes
+
+-foo-
+</connect>
+</reply>
+
+<client>
+<server>
+http
+</server>
+<features>
+HSTS
+proxy
+https
+</features>
+
+# no trailing dot in the file only in the URL
+<file name="log/input%TESTNUMBER">
+this.hsts.example "99991001 04:47:41"
+</file>
+
+<name>
+HSTS with trailing-dot host name in URL but none in hsts file
+</name>
+<command>
+-x http://%HOSTIP:%HTTPPORT http://this.hsts.example./%TESTNUMBER --hsts log/input%TESTNUMBER -w '%{url_effective}\n'
+</command>
+</client>
+
+<verify>
+# we let it CONNECT to the server to confirm HSTS but deny from there
+<protocol>
+CONNECT this.hsts.example.:443 HTTP/1.1
+Host: this.hsts.example.:443
+User-Agent: curl/%VERSION
+Proxy-Connection: Keep-Alive
+
+</protocol>
+<stdout>
+HTTP/1.1 403 not OK at all
+Date: Tue, 09 Nov 2010 14:49:00 GMT
+Server: test-server/fake
+Content-Length: 6
+Connection: close
+Funny-head: yesyes
+
+https://this.hsts.example./%TESTNUMBER
+</stdout>
+# Proxy CONNECT aborted
+<errorcode>
+56
+</errorcode>
+</verify>
+</testcase>
diff --git a/tests/data/test441 b/tests/data/test441
new file mode 100644
index 0000000000..7f5245b612
--- /dev/null
+++ b/tests/data/test441
@@ -0,0 +1,72 @@
+<testcase>
+<info>
+<keywords>
+HTTP
+HSTS
+trailing-dot
+</keywords>
+</info>
+
+<reply>
+
+# we use this as response to a CONNECT
+<connect nocheck="yes">
+HTTP/1.1 403 not OK at all
+Date: Tue, 09 Nov 2010 14:49:00 GMT
+Server: test-server/fake
+Content-Length: 6
+Connection: close
+Funny-head: yesyes
+
+-foo-
+</connect>
+</reply>
+
+<client>
+<server>
+http
+</server>
+<features>
+HSTS
+proxy
+https
+</features>
+
+# no trailing dot in the file only in the URL
+<file name="log/input%TESTNUMBER">
+this.hsts.example. "99991001 04:47:41"
+</file>
+
+<name>
+HSTS with no t-dot host name in URL but t-dot in file
+</name>
+<command>
+-x http://%HOSTIP:%HTTPPORT http://this.hsts.example/%TESTNUMBER --hsts log/input%TESTNUMBER -w '%{url_effective}\n'
+</command>
+</client>
+
+<verify>
+# we let it CONNECT to the server to confirm HSTS but deny from there
+<protocol>
+CONNECT this.hsts.example:443 HTTP/1.1
+Host: this.hsts.example:443
+User-Agent: curl/%VERSION
+Proxy-Connection: Keep-Alive
+
+</protocol>
+<stdout>
+HTTP/1.1 403 not OK at all
+Date: Tue, 09 Nov 2010 14:49:00 GMT
+Server: test-server/fake
+Content-Length: 6
+Connection: close
+Funny-head: yesyes
+
+https://this.hsts.example/%TESTNUMBER
+</stdout>
+# Proxy CONNECT aborted
+<errorcode>
+56
+</errorcode>
+</verify>
+</testcase>