primal/traefik
1
0
Fork 0
mirror of https://github.com/traefik/traefik synced 2026-02-05 23:00:50 +00:00
Code Issues Packages Projects Releases Wiki Activity

Backport Go 1.13 integration test fixes

Browse Source
This commit is contained in:
Ingo Gottwald
2019-10-07 10:46:04 +02:00
committed by Traefiker Bot
parent 590a0d67bb
commit 29ef007917
2 changed files with 57 additions and 27 deletions
Download Patch File Download Diff File Expand all files Collapse all files
integration/https_test.go
+55 -22
View File
@@ -341,24 +341,32 @@ func (s *HTTPSSuite) TestWithClientCertificateAuthenticationMultipeCAs(c *check.
err = try.GetRequest("http://127.0.0.1:8080/api/providers", 500*time.Millisecond, try.BodyContains("Host:snitest.org"))
c.Assert(err, checker.IsNil)
req, err := http.NewRequest(http.MethodGet, "https://127.0.0.1:4443", nil)
c.Assert(err, checker.IsNil)
req.Host = "snitest.com"
tlsConfig := &tls.Config{
InsecureSkipVerify: true,
ServerName: "snitest.com",
Certificates: []tls.Certificate{},
}
client := http.Client{
Transport: &http.Transport{TLSClientConfig: tlsConfig},
Timeout: 1 * time.Second,
}
// Connection without client certificate should fail
_, err = tls.Dial("tcp", "127.0.0.1:4443", tlsConfig)
c.Assert(err, checker.NotNil, check.Commentf("should not be allowed to connect to server"))
_, err = client.Do(req)
c.Assert(err, checker.NotNil)
// Connect with client signed by ca1
cert, err := tls.LoadX509KeyPair("fixtures/https/clientca/client1.crt", "fixtures/https/clientca/client1.key")
c.Assert(err, checker.IsNil, check.Commentf("unable to load client certificate and key"))
tlsConfig.Certificates = append(tlsConfig.Certificates, cert)
conn, err := tls.Dial("tcp", "127.0.0.1:4443", tlsConfig)
c.Assert(err, checker.IsNil, check.Commentf("failed to connect to server"))
conn.Close()
_, err = client.Do(req)
c.Assert(err, checker.IsNil)
// Connect with client signed by ca2
tlsConfig = &tls.Config{
@@ -370,10 +378,13 @@ func (s *HTTPSSuite) TestWithClientCertificateAuthenticationMultipeCAs(c *check.
c.Assert(err, checker.IsNil, check.Commentf("unable to load client certificate and key"))
tlsConfig.Certificates = append(tlsConfig.Certificates, cert)
conn, err = tls.Dial("tcp", "127.0.0.1:4443", tlsConfig)
c.Assert(err, checker.IsNil, check.Commentf("failed to connect to server"))
client = http.Client{
Transport: &http.Transport{TLSClientConfig: tlsConfig},
Timeout: 1 * time.Second,
}
conn.Close()
_, err = client.Do(req)
c.Assert(err, checker.IsNil)
// Connect with client signed by ca3 should fail
tlsConfig = &tls.Config{
@@ -385,8 +396,13 @@ func (s *HTTPSSuite) TestWithClientCertificateAuthenticationMultipeCAs(c *check.
c.Assert(err, checker.IsNil, check.Commentf("unable to load client certificate and key"))
tlsConfig.Certificates = append(tlsConfig.Certificates, cert)
_, err = tls.Dial("tcp", "127.0.0.1:4443", tlsConfig)
c.Assert(err, checker.NotNil, check.Commentf("should not be allowed to connect to server"))
client = http.Client{
Transport: &http.Transport{TLSClientConfig: tlsConfig},
Timeout: 1 * time.Second,
}
_, err = client.Do(req)
c.Assert(err, checker.NotNil)
}
// TestWithClientCertificateAuthentication
@@ -402,24 +418,32 @@ func (s *HTTPSSuite) TestWithClientCertificateAuthenticationMultipeCAsMultipleFi
err = try.GetRequest("http://127.0.0.1:8080/api/providers", 1000*time.Millisecond, try.BodyContains("Host:snitest.org"))
c.Assert(err, checker.IsNil)
req, err := http.NewRequest(http.MethodGet, "https://127.0.0.1:4443", nil)
c.Assert(err, checker.IsNil)
req.Host = "snitest.com"
tlsConfig := &tls.Config{
InsecureSkipVerify: true,
ServerName: "snitest.com",
Certificates: []tls.Certificate{},
}
client := http.Client{
Transport: &http.Transport{TLSClientConfig: tlsConfig},
Timeout: 1 * time.Second,
}
// Connection without client certificate should fail
_, err = tls.Dial("tcp", "127.0.0.1:4443", tlsConfig)
c.Assert(err, checker.NotNil, check.Commentf("should not be allowed to connect to server"))
_, err = client.Do(req)
c.Assert(err, checker.NotNil)
// Connect with client signed by ca1
cert, err := tls.LoadX509KeyPair("fixtures/https/clientca/client1.crt", "fixtures/https/clientca/client1.key")
c.Assert(err, checker.IsNil, check.Commentf("unable to load client certificate and key"))
tlsConfig.Certificates = append(tlsConfig.Certificates, cert)
conn, err := tls.Dial("tcp", "127.0.0.1:4443", tlsConfig)
c.Assert(err, checker.IsNil, check.Commentf("failed to connect to server"))
conn.Close()
_, err = client.Do(req)
c.Assert(err, checker.IsNil)
// Connect with client signed by ca2
tlsConfig = &tls.Config{
@@ -431,9 +455,13 @@ func (s *HTTPSSuite) TestWithClientCertificateAuthenticationMultipeCAsMultipleFi
c.Assert(err, checker.IsNil, check.Commentf("unable to load client certificate and key"))
tlsConfig.Certificates = append(tlsConfig.Certificates, cert)
conn, err = tls.Dial("tcp", "127.0.0.1:4443", tlsConfig)
c.Assert(err, checker.IsNil, check.Commentf("failed to connect to server"))
conn.Close()
client = http.Client{
Transport: &http.Transport{TLSClientConfig: tlsConfig},
Timeout: 1 * time.Second,
}
_, err = client.Do(req)
c.Assert(err, checker.IsNil)
// Connect with client signed by ca3 should fail
tlsConfig = &tls.Config{
@@ -445,8 +473,13 @@ func (s *HTTPSSuite) TestWithClientCertificateAuthenticationMultipeCAsMultipleFi
c.Assert(err, checker.IsNil, check.Commentf("unable to load client certificate and key"))
tlsConfig.Certificates = append(tlsConfig.Certificates, cert)
_, err = tls.Dial("tcp", "127.0.0.1:4443", tlsConfig)
c.Assert(err, checker.NotNil, check.Commentf("should not be allowed to connect to server"))
client = http.Client{
Transport: &http.Transport{TLSClientConfig: tlsConfig},
Timeout: 1 * time.Second,
}
_, err = client.Do(req)
c.Assert(err, checker.NotNil)
}
func (s *HTTPSSuite) TestWithRootCAsContentForHTTPSOnBackend(c *check.C) {