Skip to content

Tests: iPAddress subjectAltName tests. #44

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Open
jimf5 wants to merge 2 commits into
base: master
Choose a base branch
from
Open

Tests: iPAddress subjectAltName tests. #44

Changes from all commits
Commits
Show all changes
2 commits
Select commit Hold shift + click to select a range
fb8f0ba
Tests: iPAddress subjectAltName tests.
mdounin Aug 21, 2025
5c99404
Merge branch 'nginx:master' into dev/ssl-ip-san-support
jimf5 Apr 17, 2026
File filter

Filter by extension

Filter by extension
Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
44 changes: 42 additions & 2 deletions proxy_ssl_verify.t
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -23,7 +23,7 @@ select STDERR; $| = 1;
select STDOUT; $| = 1;

my $t = Test::Nginx->new()->has(qw/http http_ssl proxy/)
->has_daemon('openssl')->plan(6)
->has_daemon('openssl')->plan(10)
->write_file_expand('nginx.conf', <<'EOF');

%%TEST_GLOBALS%%
Expand Down Expand Up @@ -81,6 +81,33 @@ http {
proxy_ssl_trusted_certificate 1.example.com.crt;
proxy_ssl_session_reuse off;
}

location /ip {
proxy_pass https://127.0.0.1:8081/;
proxy_ssl_verify on;
proxy_ssl_trusted_certificate 1.example.com.crt;
}

location /ip/fail {
proxy_pass https://127.0.0.1:8081/;
proxy_ssl_name 127.0.0.2;
proxy_ssl_verify on;
proxy_ssl_trusted_certificate 1.example.com.crt;
}

location /ip6 {
proxy_pass https://127.0.0.1:8081/;
proxy_ssl_name [::1];
proxy_ssl_verify on;
proxy_ssl_trusted_certificate 1.example.com.crt;
}

location /ip6/fail {
proxy_pass https://127.0.0.1:8081/;
proxy_ssl_name [::2];
proxy_ssl_verify on;
proxy_ssl_trusted_certificate 1.example.com.crt;
}
}

server {
Expand Down Expand Up @@ -118,7 +145,7 @@ x509_extensions = v3_req
commonName=no.match.example.com

[ v3_req ]
subjectAltName = DNS:example.com,DNS:*.example.com
subjectAltName = DNS:example.com,DNS:*.example.com,IP:127.0.0.1,IP:::1
EOF

$t->write_file('openssl.2.example.com.conf', <<EOF);
Expand Down Expand Up @@ -165,4 +192,17 @@ like(http_get('/cn/fail'), qr/502 Bad/ms, 'verify cn fail');

like(http_get('/untrusted'), qr/502 Bad/ms, 'untrusted');

# subjectAltName iPAddress

TODO: {
local $TODO = 'not yet' unless $t->has_version('1.31.0');

like(http_get('/ip'), qr/200 OK/ms, 'verify ipv4');
like(http_get('/ip6'), qr/200 OK/ms, 'verify ipv6');

}

like(http_get('/ip/fail'), qr/502 Bad/ms, 'verify ipv4 fail');
like(http_get('/ip6/fail'), qr/502 Bad/ms, 'verify ipv6 fail');

###############################################################################