Changeset: 203120deebc7 for MonetDB
URL: https://dev.monetdb.org/hg/MonetDB/rev/203120deebc7
Modified Files:
clients/mapilib/Tests/tlssecurity.py
Branch: Dec2023
Log Message:
Test host name verification when cert= is given
diffs (31 lines):
diff --git a/clients/mapilib/Tests/tlssecurity.py
b/clients/mapilib/Tests/tlssecurity.py
--- a/clients/mapilib/Tests/tlssecurity.py
+++ b/clients/mapilib/Tests/tlssecurity.py
@@ -62,10 +62,10 @@ server = tlstester.TLSTester(
server_thread = threading.Thread(target=server.serve_forever, daemon=True)
server_thread.start()
-def attempt(experiment: str, portname: str, expected_error_regex: str,
tls=True, **params):
+def attempt(experiment: str, portname: str, expected_error_regex: str,
tls=True, host='localhost', **params):
port = server.get_port(portname)
scheme = 'monetdbs' if tls else 'monetdb'
- url = f"{scheme}://localhost:{port}/demo"
+ url = f"{scheme}://{host}:{port}/demo"
if params:
# should be percent-escaped
url += '?' + '&'.join(f"{k}={v}" for k, v in params.items())
@@ -129,6 +129,14 @@ attempt('refuse_no_cert', 'server1', "")
attempt('refuse_wrong_cert', 'server1', 'verify failed',
cert=certpath('ca2.crt'))
+# refuse_wrong_host
+#
+# Connect to port 'server1' over TLS, but using an alternative host name.
+# For example, `localhost.localdomain` instead of `localhost`.
+# The client should refuse to let the connection proceed.
+
+attempt('refuse_wrong_host', 'server1', 'verify failed',
host='localhost.localdomain', cert=certpath('ca1.crt'))
+
# refuse_tlsv12
#
# Connect to port 'tls12' over TLS, verifying the connection using ca1.crt. The
_______________________________________________
checkin-list mailing list -- checkin-list@monetdb.org
To unsubscribe send an email to checkin-list-le...@monetdb.org
