2026-02-10 00:37:00 +08:00 · 2014-04-01 11:57:30 +02:00
parent bfe4d4e9dc
commit cbb7bb28c9
4 changed files with 31 additions and 4 deletions
							
							
							
						
@@ -1,7 +1,7 @@
EXTRA_DIST = ca-key.pem ca.pem common.sh server-cert.pem server-key.pem test1.config \
	test1.passwd test2.config user-cert.pem user-key.pem test3.config test-iroute.config \
	test1.passwd test-user-cert.config user-cert.pem user-key.pem test3.config test-iroute.config \
	user-config/test test-pass-script.config test-multi-cookie.config test-pam.config \
	test-stress.config
	test-stress.config user-cert-wrong.pem
dist_check_SCRIPTS = test-pass test-pass-cert test-cert test-iroute test-pass-script \
	test-multi-cookie test-pam test-stress
							
								
							
							
							
						
 
							
							
								
							
							
						
@@ -26,7 +26,7 @@ PORT=4445
echo "Testing local backend with username-password and certificate... "
launch_server -d -f -c test2.config & PID=$!
launch_server -d -f -c test-user-cert.config & PID=$!
wait_server $PID
echo -n "Connecting to obtain cookie (without certificate)... "
							
							
							
								
							
						
@@ -41,6 +41,12 @@ echo -n "Connecting to obtain cookie (with certificate)... "
echo ok
echo -n "Connecting to obtain cookie (with incorrect certificate)... "
( echo "test" | openconnect -q localhost:$PORT --sslkey ./user-key.pem -c ./user-cert-wrong.pem -u test --servercert=d66b507ae074d03b02eafca40d35f87dd81049d3 --cookieonly >/dev/null 2>&1 ) &&
	fail $PID "Should not have connected with wrong certificate!"
echo ok
#echo "Normal connection... "
#( echo "test" | openconnect -q localhost:$PORT -u test --servercert=d66b507ae074d03b02eafca40d35f87dd81049d3 --script=/bin/true ) ||
							
								
							
							
							
						
 
							
							
								
							
							
						
@@ -180,5 +180,5 @@ route = 192.168.1.0/255.255.255.0
# certificate even if they are authenticating via a previously granted
# cookie. Legacy CISCO clients do not do that, and thus this option
# should be set for them.
#always-require-cert = false
cisco-client-compat = true
							
							
							
						
@@ -0,0 +1,21 @@
-----BEGIN CERTIFICATE-----
MIIDhTCCAj2gAwIBAgIEUzqMojANBgkqhkiG9w0BAQsFADAnMQ8wDQYDVQQDEwZB
IHVzZXIxFDASBgoJkiaJk/IsZAEBEwR0ZXN0MCIYDzIwMTQwNDAxMDk1MzM5WhgP
OTk5OTEyMzEyMzU5NTlaMCcxDzANBgNVBAMTBkEgdXNlcjEUMBIGCgmSJomT8ixk
AQETBHRlc3QwggFSMA0GCSqGSIb3DQEBAQUAA4IBPwAwggE6AoIBMQCrVJj8qcYV
lZ2mwZSElJF5HnjbLUhRmWUBAsBAUkld63C8Ju9oOR4EkeLby2+TQEUeIo5xWliJ
KHleGjIlPoudOzR/GfjQLze3YjK3U6VDLMVd7Kz5NfoUKzRm8danodCDmlb0GYO8
vxF0MC2oKFuiq3rGzZxc+FHpqQxI23G7sTR39+7eXXjASAo3DWUeOysUA4ly8lLt
XwDFBmDqgCDQQ+xmvNIm2/ApPmr5YiC+WCZEuteMb3amBSDkmLfEcnpd308NI+wu
nHHsMPkUX8h1C6tn9n37TXZkSqXV+rQIUJ0Tx4/CebC0Pi+J0zMnTZ+L02AkB6uy
cj0ppcRK7DwE0kk+JhvsehA9ykVagItNKpZjTy1jKA87R0fKfCwVQTLV4Mm+pVUs
s2tGKlaxG+0pAgMBAAGjVTBTMAwGA1UdEwEB/wQCMAAwEwYDVR0lBAwwCgYIKwYB
BQUHAwIwDwYDVR0PAQH/BAUDAweAADAdBgNVHQ4EFgQUiwEJSzuR7OMhuR3sjWtM
XZ5AgF4wDQYJKoZIhvcNAQELBQADggExAKQPYC2zh0Hjf9KypFNJkkdLJGbpb3cX
vgaCuDo+PHJJqvdlq3Zg1N4u5oVaEd5IzDXWiAMZobr7V/x8adABumfrMf8Y4vvt
PMjAqhGykwrn5vvf+AUMnnIVLPwwy99Nn7JE6Gxw6LHKi1nJ0KXeuZrVSM4DqWe8
0cwjwfwcajwuNJ76J0B8lDlQ0Q6yWi3QyE2Gg8VLaauVownAp0BUELAxDq7VKEXW
owE1eXpL6Yjyim+6UI/i7ruI8KhqSWTz+QAuCZmwhFvNwPFJCSp/aJnDJJyikPhu
KoV0PFu7o6X5TTwldajlzD5IdH6CyTwMAct1HFT66vedEQ4cf/G90epg/lD6IHZU
U9Gio9QQTX5Cdz0VpeYB3cYZ4qP4bHx2nRnWuBrtZYaEw34xeAvGLK4=
-----END CERTIFICATE-----