[PATCH] Tests: iPAddress subjectAltName tests

[Maxim Dounin]

# HG changeset patch
# User Maxim Dounin <mdounin at mdounin.ru>
# Date 1755186657 -10800
#      Thu Aug 14 18:50:57 2025 +0300
# Node ID 9d83bf92a409a4430af9419845d8bcd5461b9c5f
# Parent  393cb49bff677e001e47141089d0c7df7f5eb6e1
Tests: iPAddress subjectAltName tests.

diff --git a/proxy_ssl_verify.t b/proxy_ssl_verify.t
--- a/proxy_ssl_verify.t
+++ b/proxy_ssl_verify.t
@@ -23,7 +23,7 @@ select STDERR; $| = 1;
 select STDOUT; $| = 1;
 
 my $t = Test::Nginx->new()->has(qw/http http_ssl proxy/)
-	->has_daemon('openssl')->plan(6)
+	->has_daemon('openssl')->plan(10)
 	->write_file_expand('nginx.conf', <<'EOF');
 
 %%TEST_GLOBALS%%
@@ -81,6 +81,33 @@ http {
             proxy_ssl_trusted_certificate 1.example.com.crt;
             proxy_ssl_session_reuse off;
         }
+
+        location /ip {
+            proxy_pass https://127.0.0.1:8081/;
+            proxy_ssl_verify on;
+            proxy_ssl_trusted_certificate 1.example.com.crt;
+        }
+
+        location /ip/fail {
+            proxy_pass https://127.0.0.1:8081/;
+            proxy_ssl_name 127.0.0.2;
+            proxy_ssl_verify on;
+            proxy_ssl_trusted_certificate 1.example.com.crt;
+        }
+
+        location /ip6 {
+            proxy_pass https://127.0.0.1:8081/;
+            proxy_ssl_name [::1];
+            proxy_ssl_verify on;
+            proxy_ssl_trusted_certificate 1.example.com.crt;
+        }
+
+        location /ip6/fail {
+            proxy_pass https://127.0.0.1:8081/;
+            proxy_ssl_name [::2];
+            proxy_ssl_verify on;
+            proxy_ssl_trusted_certificate 1.example.com.crt;
+        }
     }
 
     server {
@@ -118,7 +145,7 @@ x509_extensions = v3_req
 commonName=no.match.example.com
 
 [ v3_req ]
-subjectAltName = DNS:example.com,DNS:*.example.com
+subjectAltName = DNS:example.com,DNS:*.example.com,IP:127.0.0.1,IP:::1
 EOF
 
 $t->write_file('openssl.2.example.com.conf', <<EOF);
@@ -165,4 +192,17 @@ like(http_get('/cn/fail'), qr/502 Bad/ms
 
 like(http_get('/untrusted'), qr/502 Bad/ms, 'untrusted');
 
+# subjectAltName iPAddress
+
+TODO: {
+local $TODO = 'not yet' unless $t->has_version('1.29.1');
+
+like(http_get('/ip'), qr/200 OK/ms, 'verify ipv4');
+like(http_get('/ip6'), qr/200 OK/ms, 'verify ipv6');
+
+}
+
+like(http_get('/ip/fail'), qr/502 Bad/ms, 'verify ipv4 fail');
+like(http_get('/ip6/fail'), qr/502 Bad/ms, 'verify ipv6 fail');
+
 ###############################################################################