caddy-frontend: Prove that empty ssl_proxy_ca_crt is correctly rejected

f99d53ea · Łukasz Nowak · cf57840d · f99d53ea
Commit f99d53ea authored Jul 16, 2020 by Łukasz Nowak
Hide whitespace changes
Inline Side-by-side

Showing with 18 additions and 2 deletions

software/caddy-frontend/test/test.py software/caddy-frontend/test/test.py +18 -2

No files found.
--- a/software/caddy-frontend/test/test.py
+++ b/software/caddy-frontend/test/test.py
@@ -6071,6 +6071,11 @@ class TestSlaveRejectReportUnsafeDamaged(SlaveHttpFrontendTestCase):
        'ssl-proxy-verify': True,
        'ssl_proxy_ca_crt': 'damaged',
      },
+      'ssl-proxy-verify_ssl_proxy_ca_crt_empty': {
+        'url': cls.backend_https_url,
+        'ssl-proxy-verify': True,
+        'ssl_proxy_ca_crt': '',
+      },
      'bad-backend': {
        'url': 'http://1:2:3:4',
        'https-url': 'http://host.domain:badport',
@@ -6147,8 +6152,8 @@ class TestSlaveRejectReportUnsafeDamaged(SlaveHttpFrontendTestCase):
      'backend-client-caucase-url': 'http://[%s]:8990' % self._ipv6_address,
      'domain': 'example.com',
      'accepted-slave-amount': '7',
-      'rejected-slave-amount': '13',
-      'slave-amount': '20',
+      'rejected-slave-amount': '14',
+      'slave-amount': '21',
      'rejected-slave-dict': {
        '_https-url': ['slave https-url "https://[fd46::c2ae]:!py!u\'123123\'"'
                       ' invalid'],
@@ -6156,6 +6161,9 @@ class TestSlaveRejectReportUnsafeDamaged(SlaveHttpFrontendTestCase):
        '_ssl-proxy-verify_ssl_proxy_ca_crt_damaged': [
          'ssl_proxy_ca_crt is invalid'
        ],
+        '_ssl-proxy-verify_ssl_proxy_ca_crt_empty': [
+          'ssl_proxy_ca_crt is invalid'
+        ],
        '_bad-ciphers': [
          "Cipher 'bad' is not supported.",
          "Cipher 'again' is not supported."
@@ -6222,6 +6230,14 @@ class TestSlaveRejectReportUnsafeDamaged(SlaveHttpFrontendTestCase):
      parameter_dict
    )

+  def test_ssl_proxy_verify_ssl_proxy_ca_crt_empty(self):
+    parameter_dict = self.parseSlaveParameterDict(
+      'ssl-proxy-verify_ssl_proxy_ca_crt_empty')
+    self.assertEqual(
+      {'request-error-list': ["ssl_proxy_ca_crt is invalid"]},
+      parameter_dict
+    )
+
  def test_server_alias_same(self):
    parameter_dict = self.parseSlaveParameterDict('server-alias-same')
    self.assertLogAccessUrlWithPop(parameter_dict)