commit 92a9f41d3d4633cc8afbcef12d2dbd3743ac300d
from: Omar Polo <op@omarpolo.com>
date: Mon Jan 03 13:31:34 2022 UTC

add set_proxy to simplify testing + more checks in test_proxy_with_certs

commit - 7b7def0a8fb95c10840d697aad3f4ad008e46f4b
commit + 92a9f41d3d4633cc8afbcef12d2dbd3743ac300d
blob - b0b6f0e21c8a209bd58b4c5bb4591a3766fb6e4a
blob + 735a96f6d22b912d8947642609935fcd5dac84ac
--- regress/lib.sh
+++ regress/lib.sh
@@ -63,6 +63,24 @@ EOF
 	fi
 }
 
+set_proxy() {
+	cat <<EOF >>reg.conf
+server "localhost.local" {
+	cert "$PWD/cert.pem"
+	key "$PWD/key.pem"
+	proxy {
+		relay-to "localhost:$port"
+		$1
+	}
+}
+EOF
+
+	if ! checkconf; then
+		echo "failed to parse the config" >&2
+		return 1
+	fi
+}
+
 checkconf() {
 	if ! $gmid -n -c reg.conf >/dev/null 2>&1; then
 		$gmid -n -c reg.conf
blob - 564145ef5ebd5f0347128b80a3cc609fb0c7ae1a
blob + 398c4580eaf5ad854d0fbabe9d93bfbbcc621c06
--- regress/tests.sh
+++ regress/tests.sh
@@ -316,14 +316,8 @@ test_174_bugfix() {
 
 test_proxy_relay_to() {
 	gen_config '' ''
-	# append config for second host
-	cat <<EOF >> reg.conf
-server "localhost.local" {
-	cert "$PWD/cert.pem"
-	key  "$PWD/key.pem"
-	proxy { relay-to "localhost:$port" }
-}
-EOF
+	set_proxy ''
+
 	run
 
 	ggflags="-P localhost:$port -H localhost.local"
@@ -333,23 +327,38 @@ EOF
 }
 
 test_proxy_with_certs() {
+	ggflags="-P localhost:$port -H localhost.local"
+
+	# first test using the valid keys
+
 	gen_config '' 'require client ca "'$PWD'/testca.pem"'
-	# append config for second host
-	cat <<EOF >> reg.conf
-server "localhost.local" {
-	cert "$PWD/cert.pem"
-	key  "$PWD/key.pem"
-	proxy {
-		relay-to "localhost:$port"
-		cert "$PWD/valid.crt"
-		key "$PWD/valid.key"
-	}
-}
-EOF
+	set_proxy "
+		cert \"$PWD/valid.crt\"
+		key \"$PWD/valid.key\"
+	"
 	run
 
-	ggflags="-P localhost:$port -H localhost.local"
+	fetch /
+	check_reply "20 text/gemini" "# hello world" || return 1
 
+	# then using some invalid keys
+
+	gen_config '' 'require client ca "'$PWD'/testca.pem"'
+	set_proxy "
+		cert \"$PWD/invalid.cert.pem\"
+		key \"$PWD/invalid.key.pem\"
+	"
+	run
+
 	fetch /
-	check_reply "20 text/gemini" "# hello world"
+	check_reply "61 certificate not authorised" || return 1
+
+	# and finally without keys
+
+	gen_config '' 'require client ca "'$PWD'/testca.pem"'
+	set_proxy ''
+	run
+
+	fetch /
+	check_reply "60 client certificate required" || return 1
 }