git » kxd » commit 4e49703

tests: Add test for a server certificate mismatch

author Alberto Bertogli
2014-04-25 00:39:36 UTC
committer Alberto Bertogli
2014-04-25 01:05:56 UTC
parent dde0d38b2ba68c510dc2ed28dd23448e57a317b9
tests: Add test for a server certificate mismatch

This patch adds a test for when the server certificate does not match the one
the client expects.

Signed-off-by: Alberto Bertogli <albertito@blitiri.com.ar>
tests/run_tests +15 -2 
diff --git a/tests/run_tests b/tests/run_tests
index 8d7a98b..1071f0c 100755
--- a/tests/run_tests
+++ b/tests/run_tests
@@ -163,12 +163,14 @@ class TestCase(unittest.TestCase):
         self.daemon.kill()
 
     # pylint: disable=invalid-name
-    def assertClientFails(self, url, regexp, client=None):
+    def assertClientFails(self, url, regexp, client=None, cert_path=None):
         if client is None:
             client = self.client
+        if cert_path is None:
+            cert_path = self.server.cert_path()
 
         try:
-            client.call(self.server.cert_path(), url)
+            client.call(cert_path, url)
         except subprocess.CalledProcessError as err:
             self.assertRegexpMatches(err.output, regexp)
         else:
@@ -211,6 +213,17 @@ class Simple(TestCase):
         # first.
         self.assertClientFails("kxd://localhost/k1", "403 Forbidden")
 
+    def test_wrong_server(self):
+        self.server.new_key("k1",
+                allowed_clients=[self.client.cert()],
+                allowed_hosts=["localhost"])
+
+        # We tell the client to expect the server certificate to be the client
+        # one, which is never going to work.
+        self.assertClientFails("kxd://localhost/k1",
+                "No server certificate matches",
+                cert_path=self.client.cert_path())
+
 
 class Multiples(TestCase):
     """Tests for multiple clients and keys."""