[nginx-tests] Tests: iPAddress subjectAltName tests.

[Maxim Dounin]

details:   http://freenginx.org/hg/nginx-tests/rev/1bf186036193
branches:  
changeset: 2021:1bf186036193
user:      Maxim Dounin <mdounin at mdounin.ru>
date:      Thu Aug 21 04:46:24 2025 +0300
description:
Tests: iPAddress subjectAltName tests.

diffstat:

 proxy_ssl_verify.t |  44 ++++++++++++++++++++++++++++++++++++++++++--
 1 files changed, 42 insertions(+), 2 deletions(-)

diffs (73 lines):

diff --git a/proxy_ssl_verify.t b/proxy_ssl_verify.t
--- a/proxy_ssl_verify.t
+++ b/proxy_ssl_verify.t
@@ -23,7 +23,7 @@ select STDERR; $| = 1;
 select STDOUT; $| = 1;
 
 my $t = Test::Nginx->new()->has(qw/http http_ssl proxy/)
-	->has_daemon('openssl')->plan(6)
+	->has_daemon('openssl')->plan(10)
 	->write_file_expand('nginx.conf', <<'EOF');
 
 %%TEST_GLOBALS%%
@@ -81,6 +81,33 @@ http {
             proxy_ssl_trusted_certificate 1.example.com.crt;
             proxy_ssl_session_reuse off;
         }
+
+        location /ip {
+            proxy_pass https://127.0.0.1:8081/;
+            proxy_ssl_verify on;
+            proxy_ssl_trusted_certificate 1.example.com.crt;
+        }
+
+        location /ip/fail {
+            proxy_pass https://127.0.0.1:8081/;
+            proxy_ssl_name 127.0.0.2;
+            proxy_ssl_verify on;
+            proxy_ssl_trusted_certificate 1.example.com.crt;
+        }
+
+        location /ip6 {
+            proxy_pass https://127.0.0.1:8081/;
+            proxy_ssl_name [::1];
+            proxy_ssl_verify on;
+            proxy_ssl_trusted_certificate 1.example.com.crt;
+        }
+
+        location /ip6/fail {
+            proxy_pass https://127.0.0.1:8081/;
+            proxy_ssl_name [::2];
+            proxy_ssl_verify on;
+            proxy_ssl_trusted_certificate 1.example.com.crt;
+        }
     }
 
     server {
@@ -118,7 +145,7 @@ x509_extensions = v3_req
 commonName=no.match.example.com
 
 [ v3_req ]
-subjectAltName = DNS:example.com,DNS:*.example.com
+subjectAltName = DNS:example.com,DNS:*.example.com,IP:127.0.0.1,IP:::1
 EOF
 
 $t->write_file('openssl.2.example.com.conf', <<EOF);
@@ -165,4 +192,17 @@ like(http_get('/cn/fail'), qr/502 Bad/ms
 
 like(http_get('/untrusted'), qr/502 Bad/ms, 'untrusted');
 
+# subjectAltName iPAddress
+
+TODO: {
+local $TODO = 'not yet' unless $t->has_version('1.29.1');
+
+like(http_get('/ip'), qr/200 OK/ms, 'verify ipv4');
+like(http_get('/ip6'), qr/200 OK/ms, 'verify ipv6');
+
+}
+
+like(http_get('/ip/fail'), qr/502 Bad/ms, 'verify ipv4 fail');
+like(http_get('/ip6/fail'), qr/502 Bad/ms, 'verify ipv6 fail');
+
 ###############################################################################