From a415e895a93d2ca33abcc32d028e5e065fb38f7a Mon Sep 17 00:00:00 2001 From: William Lallemand Date: Wed, 3 May 2023 15:54:49 +0200 Subject: [PATCH] REGTESTS: ssl: simplify X509_V code check in ssl_client_auth.vtc simplify the X509_V code check in ssl_client_auth.vtc --- reg-tests/ssl/ssl_client_auth.vtc | 15 ++++----------- 1 file changed, 4 insertions(+), 11 deletions(-) diff --git a/reg-tests/ssl/ssl_client_auth.vtc b/reg-tests/ssl/ssl_client_auth.vtc index d80614152..ab8ba18fc 100644 --- a/reg-tests/ssl/ssl_client_auth.vtc +++ b/reg-tests/ssl/ssl_client_auth.vtc @@ -50,14 +50,7 @@ haproxy h1 -conf { # crl-file: revocation list for client auth: the client1 certificate is revoked bind "${tmpdir}/ssl.sock" ssl crt ${testdir}/common.pem ca-file ${testdir}/ca-auth.crt verify optional crt-ignore-err X509_V_ERR_CERT_REVOKED,X509_V_ERR_CERT_HAS_EXPIRED crl-file ${testdir}/crl-auth.pem - acl cert_expired ssl_c_verify,x509_v_err_str -m str X509_V_ERR_CERT_HAS_EXPIRED - acl cert_revoked ssl_c_verify,x509_v_err_str -m str X509_V_ERR_CERT_REVOKED - acl cert_ok ssl_c_verify,x509_v_err_str -m str X509_V_OK - - http-response add-header X-SSL Ok if cert_ok - http-response add-header X-SSL Expired if cert_expired - http-response add-header X-SSL Revoked if cert_revoked - + http-response add-header X-SSL %[ssl_c_verify,x509_v_err_str] server s1 ${s1_addr}:${s1_port} } -start @@ -65,19 +58,19 @@ client c1 -connect ${h1_clearlst_sock} { txreq rxresp expect resp.status == 200 - expect resp.http.x-ssl == "Ok" + expect resp.http.x-ssl == "X509_V_OK" } -run client c1 -connect ${h1_clearlst_sock} { txreq rxresp expect resp.status == 200 - expect resp.http.x-ssl == "Expired" + expect resp.http.x-ssl == "X509_V_ERR_CERT_HAS_EXPIRED" } -run client c1 -connect ${h1_clearlst_sock} { txreq rxresp expect resp.status == 200 - expect resp.http.x-ssl == "Revoked" + expect resp.http.x-ssl == "X509_V_ERR_CERT_REVOKED" } -run