diff options
| author | Steve Bennett <steveb@workware.net.au> | 2020-05-04 09:55:56 +1000 |
|---|---|---|
| committer | Steve Bennett <steveb@workware.net.au> | 2020-05-06 11:23:03 +1000 |
| commit | 19b84b6891082f4ab7e852beb8f9f7671e19c32a (patch) | |
| tree | df753614cc976a91b96afbe0a7f9e087807bdfbd /tests | |
| parent | 305a61b3d3a69aaea55e15e3fbd47b1c4247cf33 (diff) | |
| download | jimtcl-19b84b6891082f4ab7e852beb8f9f7671e19c32a.zip jimtcl-19b84b6891082f4ab7e852beb8f9f7671e19c32a.tar.gz jimtcl-19b84b6891082f4ab7e852beb8f9f7671e19c32a.tar.bz2 | |
tests: ssl.test: Enable SNI and test verify
Signed-off-by: Steve Bennett <steveb@workware.net.au>
Diffstat (limited to 'tests')
| -rw-r--r-- | tests/ssl.test | 12 |
1 files changed, 8 insertions, 4 deletions
diff --git a/tests/ssl.test b/tests/ssl.test index f07391e..2e23519 100644 --- a/tests/ssl.test +++ b/tests/ssl.test @@ -5,8 +5,9 @@ needs cmd socket needs cmd os.fork testCmdConstraints load_ssl_certs -#load_ssl_certs [file dirname [info script]]/certs -#load_ssl_certs /etc/ssl/certs +# Note that we don't actually need to load certificates with load_ssl_certs +# since the openssl installation should generally automatically load +# root certs # Let's set up a client and a server where the client # simply echos everything back to the server @@ -67,8 +68,11 @@ test ssl-2.1 {https to google.com, gets} -body { join $lines \n } -match glob -result {HTTP/1.0 200 OK*</html>} -test ssl-2.2 {https to google.com, read} -body { - set c [[socket stream www.google.com:443] ssl] +test ssl-2.2 {https to google.com, read with cert verify} -body { + # Note that in order to verify the cert, we need sni + set c [[socket stream www.google.com:443] ssl -sni www.google.com] + # Verify the cert (note that this does not check CN) + $c verify $c puts -nonewline "GET / HTTP/1.0\r\n\r\n" $c close w set buf [$c read] |