Home Explore Help
Sign In
ded
/
cpp-httplib
mirror of https://github.com/yhirose/cpp-httplib.git
1
0
Fork 0
Files Issues 0 Wiki
Browse Source

Add a test for the previous change

yhirose 2 weeks ago
parent
125272f34b
commit
188035fb6d
3 changed files with 51 additions and 0 deletions
Split View Show Diff Stats
  1. 1 0
      test/proxy/basic_squid.conf
  2. 1 0
      test/proxy/digest_squid.conf
  3. 49 0
      test/test_proxy.cc

+ 1 - 0
test/proxy/basic_squid.conf
View File 

@@ -15,6 +15,7 @@ acl localnet src fc00::/7       	# RFC 4193 local private network range
 
 acl localnet src fe80::/10      	# RFC 4291 link-local (directly plugged) machines
 
 
 acl SSL_ports port 443
 
+acl SSL_ports port 1025-65535
 
 acl Safe_ports port 80		# http
 
 acl Safe_ports port 21		# ftp
 
 acl Safe_ports port 443		# https

+ 1 - 0
test/proxy/digest_squid.conf
View File 

@@ -15,6 +15,7 @@ acl localnet src fc00::/7       	# RFC 4193 local private network range
 
 acl localnet src fe80::/10      	# RFC 4291 link-local (directly plugged) machines
 
 
 acl SSL_ports port 443
 
+acl SSL_ports port 1025-65535
 
 acl Safe_ports port 80		# http
 
 acl Safe_ports port 21		# ftp
 
 acl Safe_ports port 443		# https

+ 49 - 0
test/test_proxy.cc
View File 

@@ -109,6 +109,55 @@ TEST(RedirectTest, YouTubeSSLDigest) {
 
 
 // ----------------------------------------------------------------------------
 
 
+#ifdef CPPHTTPLIB_SSL_ENABLED
 
+TEST(RedirectTest, TLSVerificationOnProxyRedirect) {
 
+  // Untrusted HTTPS server with self-signed cert
 
+  SSLServer untrusted_svr("cert.pem", "key.pem");
 
+  untrusted_svr.Get("/", [](const Request &, Response &res) {
 
+    res.set_content("MITM'd", "text/plain");
 
+  });
 
+
 
+  auto untrusted_port = untrusted_svr.bind_to_any_port("0.0.0.0");
 
+  auto t1 = thread([&]() { untrusted_svr.listen_after_bind(); });
 
+  auto se1 = detail::scope_exit([&] {
 
+    untrusted_svr.stop();
 
+    t1.join();
 
+  });
 
+
 
+  // HTTP server that redirects to the untrusted HTTPS server
 
+  // Use host.docker.internal so the proxy container can reach the host
 
+  Server redirect_svr;
 
+  redirect_svr.Get("/", [&](const Request &, Response &res) {
 
+    res.set_redirect(
 
+        "https://host.docker.internal:" + to_string(untrusted_port) + "/");
 
+  });
 
+
 
+  auto redirect_port = redirect_svr.bind_to_any_port("0.0.0.0");
 
+  auto t2 = thread([&]() { redirect_svr.listen_after_bind(); });
 
+  auto se2 = detail::scope_exit([&] {
 
+    redirect_svr.stop();
 
+    t2.join();
 
+  });
 
+
 
+  // Wait until servers are up
 
+  untrusted_svr.wait_until_ready();
 
+  redirect_svr.wait_until_ready();
 
+
 
+  // Client with proxy + follow_location, verification ON (default)
 
+  Client cli("host.docker.internal", redirect_port);
 
+  cli.set_proxy("localhost", 3128);
 
+  cli.set_proxy_basic_auth("hello", "world");
 
+  cli.set_follow_location(true);
 
+
 
+  auto res = cli.Get("/");
 
+
 
+  // Self-signed cert must be rejected
 
+  ASSERT_TRUE(res == nullptr);
 
+}
 
+#endif
 
+
 
+// ----------------------------------------------------------------------------
 
+
 
 template <typename T> void BaseAuthTestFromHTTPWatch(T &cli) {
 
   cli.set_proxy("localhost", 3128);
 
   cli.set_proxy_basic_auth("hello", "world");