add SNI tests for ip address and localhost

curl · Apr 22, 2024 · 6306a76 · 6306a76
1 parent 8d8b99d
commit 6306a76
Show file tree

Hide file tree

Showing 2 changed files with 34 additions and 1 deletion.
diff --git a/tests/http/test_17_ssl_use.py b/tests/http/test_17_ssl_use.py
@@ -142,3 +142,36 @@ def test_17_04_double_dot(self, env: Env, httpd, nghttpx, repeat, proto):
  # 60 - peer name matching failed against certificate
  assert r.exit_code in [7, 35, 60], f'{r}'
 
+ # use ip address for connect
+ @pytest.mark.parametrize("proto", ['http/1.1', 'h2', 'h3'])
+ def test_17_05_ip_addr(self, env: Env, httpd, nghttpx, repeat, proto):
+ if env.curl_uses_lib('gnutls'):
+ pytest.skip("gnutls does not match hostnames with trailing dot")
+ if proto == 'h3' and not env.have_h3():
+ pytest.skip("h3 not supported")
+ curl = CurlClient(env=env)
+ domain = f'127.0.0.1'
+ url = f'https://{env.authority_for(domain, proto)}/curltest/sslinfo'
+ r = curl.http_get(url=url, alpn_proto=proto)
+ assert r.exit_code == 0, f'{r}'
+ assert r.json, f'{r}'
+ if proto != 'h3': # we proxy h3
+ # the SNI should not have been used
+ assert 'SSL_TLS_SNI' not in r.json, f'{r.json}'
+
+ # use localhost for connect
+ @pytest.mark.parametrize("proto", ['http/1.1', 'h2', 'h3'])
+ def test_17_06_localhost(self, env: Env, httpd, nghttpx, repeat, proto):
+ if env.curl_uses_lib('gnutls'):
+ pytest.skip("gnutls does not match hostnames with trailing dot")
+ if proto == 'h3' and not env.have_h3():
+ pytest.skip("h3 not supported")
+ curl = CurlClient(env=env)
+ domain = f'localhost'
+ url = f'https://{env.authority_for(domain, proto)}/curltest/sslinfo'
+ r = curl.http_get(url=url, alpn_proto=proto)
+ assert r.exit_code == 0, f'{r}'
+ assert r.json, f'{r}'
+ if proto != 'h3': # we proxy h3
+ assert r.json['SSL_TLS_SNI'] == domain, f'{r.json}'
+
diff --git a/tests/http/testenv/env.py b/tests/http/testenv/env.py
@@ -133,7 +133,7 @@ def __init__(self):
  self.domain2 = f"two.{self.tld}"
  self.proxy_domain = f"proxy.{self.tld}"
  self.cert_specs = [
- CertificateSpec(domains=[self.domain1, self.domain1brotli, 'localhost'], key_type='rsa2048'),
+ CertificateSpec(domains=[self.domain1, self.domain1brotli, 'localhost', '127.0.0.1'], key_type='rsa2048'),
  CertificateSpec(domains=[self.domain2], key_type='rsa2048'),
  CertificateSpec(domains=[self.proxy_domain, '127.0.0.1'], key_type='rsa2048'),
  CertificateSpec(name="clientsX", sub_specs=[