Tests: loading certificate bundles.

jimf5 · pluknet · commit 9af0601ea223 · 2024-10-03T15:25:47.000+04:00
diff --git a/ssl_verify_client.t b/ssl_verify_client.t
@@ -25,7 +25,7 @@ select STDERR; $| = 1;
 select STDOUT; $| = 1;
 
 my $t = Test::Nginx->new()->has(qw/http http_ssl sni socket_ssl_sni/)
-	->has_daemon('openssl')->plan(13);
+	->has_daemon('openssl')->plan(14);
 
 $t->write_file_expand('nginx.conf', <<'EOF');
 
@@ -108,6 +108,17 @@ http {
 
         ssl_verify_client on;
     }
+
+    server {
+        listen       127.0.0.1:8443 ssl;
+        server_name  dup;
+
+        ssl_certificate_key 1.example.com.key;
+        ssl_certificate 1.example.com.crt;
+
+        ssl_verify_client optional;
+        ssl_client_certificate dup.2.example.com.crt;
+    }
 }
 
 EOF
@@ -130,6 +141,8 @@ foreach my $name ('1.example.com', '2.example.com', '3.example.com') {
 		or die "Can't create certificate for $name: $!\n";
 }
 
+$t->write_file('dup.2.example.com.crt', $t->read_file('2.example.com.crt') x 2);
+
 sleep 1 if $^O eq 'MSWin32';
 
 $t->write_file('t', 'SEE-THIS');
@@ -159,6 +172,9 @@ local $TODO = 'broken TLSv1.3 CA list in LibreSSL'
 my $ca = join ' ', get('optional', '3.example.com');
 is($ca, '/CN=2.example.com', 'no trusted sent');
 
+$ca = join ' ', get('dup');
+is($ca, '/CN=2.example.com', 'no duplicates sent');
+
 }
 
 like(get('optional', undef, 'localhost'), qr/421 Misdirected/, 'misdirected');
