diff options
| author | Federico Ceratto <federico.ceratto@gmail.com> | 2020-03-20 16:11:39 +0000 |
|---|---|---|
| committer | GitHub <noreply@github.com> | 2020-03-20 17:11:39 +0100 |
| commit | 5b854442448af96d57135ba7328b0c21f1f80f40 (patch) | |
| tree | b4e0e0cf66b15fb9f040e4ee1a11f0ffd3b68ee2 /tests/untestable/thttpclient_ssl_env_var.nim | |
| parent | 1d665adecde3b3bf16e64068e83c0b3cb0171856 (diff) | |
| download | Nim-5b854442448af96d57135ba7328b0c21f1f80f40.tar.gz | |
SSL certificate verify GitHub action (#13697)
* Implement SSL/TLS certificate checking #782 * SSL: Add nimDisableCertificateValidation Remove NIM_SSL_CERT_VALIDATION env var tests/untestable/thttpclient_ssl.nim ran successfully on Linux with libssl 1.1.1d * SSL: update integ test to skip flapping tests * Revert .travis.yml change * nimDisableCertificateValidation disable imports Prevent loading symbols that are not defined on older SSL libs * SSL: disable verification in net.nim ..when nimDisableCertificateValidation is set * Update changelog * Fix peername type * Add define check for windows * Disable test on windows * Add exprimental GitHub action CI for SSL * Test nimDisableCertificateValidation
Diffstat (limited to 'tests/untestable/thttpclient_ssl_env_var.nim')
| -rw-r--r-- | tests/untestable/thttpclient_ssl_env_var.nim | 74 |
1 files changed, 74 insertions, 0 deletions
diff --git a/tests/untestable/thttpclient_ssl_env_var.nim b/tests/untestable/thttpclient_ssl_env_var.nim new file mode 100644 index 000000000..32af43579 --- /dev/null +++ b/tests/untestable/thttpclient_ssl_env_var.nim @@ -0,0 +1,74 @@ +# +# Nim - SSL integration tests +# (c) Copyright 2017 Nim contributors +# +# See the file "copying.txt", included in this +# distribution, for details about the copyright. +# +## Warning: this test performs external networking. +## Compile with: +## ./bin/nim c -d:ssl -p:. tests/untestable/thttpclient_ssl_env_var.nim +## +## Test with: +## SSL_CERT_FILE=BogusInexistentFileName tests/untestable/thttpclient_ssl_env_var +## SSL_CERT_DIR=BogusInexistentDirName tests/untestable/thttpclient_ssl_env_var + +import httpclient, unittest, ospaths +from net import newSocket, newContext, wrapSocket, connect, close, Port, + CVerifyPeerUseEnvVars +from strutils import contains + +const + expired = "https://expired.badssl.com/" + good = "https://google.com/" + + +suite "SSL certificate check": + + test "httpclient with inexistent file": + if existsEnv("SSL_CERT_FILE"): + var ctx = newContext(verifyMode=CVerifyPeerUseEnvVars) + var client = newHttpClient(sslContext=ctx) + checkpoint("Client created") + check client.getContent("https://google.com").contains("doctype") + checkpoint("Google ok") + try: + let a = $client.getContent(good) + echo "Connection should have failed" + fail() + except: + echo getCurrentExceptionMsg() + check getCurrentExceptionMsg().contains("certificate verify failed") + + elif existsEnv("SSL_CERT_DIR"): + try: + var ctx = newContext(verifyMode=CVerifyPeerUseEnvVars) + var client = newHttpClient(sslContext=ctx) + echo "Should have raised 'No SSL/TLS CA certificates found.'" + fail() + except: + check getCurrentExceptionMsg() == + "No SSL/TLS CA certificates found." + + test "net socket with inexistent file": + if existsEnv("SSL_CERT_FILE"): + var sock = newSocket() + var ctx = newContext(verifyMode=CVerifyPeerUseEnvVars) + ctx.wrapSocket(sock) + checkpoint("Socket created") + try: + sock.connect("expired.badssl.com", 443.Port) + fail() + except: + sock.close + check getCurrentExceptionMsg().contains("certificate verify failed") + + elif existsEnv("SSL_CERT_DIR"): + var sock = newSocket() + checkpoint("Socket created") + try: + var ctx = newContext(verifyMode=CVerifyPeerUseEnvVars) # raises here + fail() + except: + check getCurrentExceptionMsg() == + "No SSL/TLS CA certificates found." |