thttpclient_ssl_env_var.nim 2.4 KB

123456789101112131415161718192021222324252627282930313233343536373839404142434445464748495051525354555657585960616263646566676869707172737475
  1. #
  2. # Nim - SSL integration tests
  3. # (c) Copyright 2017 Nim contributors
  4. #
  5. # See the file "copying.txt", included in this
  6. # distribution, for details about the copyright.
  7. #
  8. ## Warning: this test performs external networking.
  9. ## Compile with:
  10. ## ./bin/nim c -d:ssl -p:. tests/untestable/thttpclient_ssl_env_var.nim
  11. ##
  12. ## Test with:
  13. ## SSL_CERT_FILE=BogusInexistentFileName tests/untestable/thttpclient_ssl_env_var
  14. ## SSL_CERT_DIR=BogusInexistentDirName tests/untestable/thttpclient_ssl_env_var
  15. import httpclient, unittest, os
  16. from net import newSocket, newContext, wrapSocket, connect, close, Port,
  17. CVerifyPeerUseEnvVars
  18. from strutils import contains
  19. const
  20. good = "https://google.com/"
  21. suite "SSL certificate check":
  22. test "httpclient with inexistent file":
  23. if existsEnv("SSL_CERT_FILE"):
  24. var ctx = newContext(verifyMode=CVerifyPeerUseEnvVars)
  25. var client = newHttpClient(sslContext=ctx)
  26. checkpoint("Client created")
  27. check client.getContent("https://google.com").contains("doctype")
  28. checkpoint("Google ok")
  29. try:
  30. let a = $client.getContent(good)
  31. echo "Connection should have failed"
  32. fail()
  33. except:
  34. echo getCurrentExceptionMsg()
  35. check getCurrentExceptionMsg().contains("certificate verify failed")
  36. elif existsEnv("SSL_CERT_DIR"):
  37. try:
  38. var ctx = newContext(verifyMode=CVerifyPeerUseEnvVars)
  39. var client = newHttpClient(sslContext=ctx)
  40. echo "Should have raised 'No SSL/TLS CA certificates found.'"
  41. fail()
  42. except:
  43. check getCurrentExceptionMsg() ==
  44. "No SSL/TLS CA certificates found."
  45. test "net socket with inexistent file":
  46. if existsEnv("SSL_CERT_FILE"):
  47. var sock = newSocket()
  48. var ctx = newContext(verifyMode=CVerifyPeerUseEnvVars)
  49. ctx.wrapSocket(sock)
  50. checkpoint("Socket created")
  51. when false: # badssl tests disabled indefinitely
  52. try:
  53. sock.connect("expired.badssl.com", 443.Port)
  54. fail()
  55. except:
  56. sock.close
  57. check getCurrentExceptionMsg().contains("certificate verify failed")
  58. elif existsEnv("SSL_CERT_DIR"):
  59. var sock = newSocket()
  60. checkpoint("Socket created")
  61. try:
  62. var ctx = newContext(verifyMode=CVerifyPeerUseEnvVars) # raises here
  63. fail()
  64. except:
  65. check getCurrentExceptionMsg() ==
  66. "No SSL/TLS CA certificates found."