tests: use '-4' where needed

Our test servers run either on ipv4 *or* on ipv6, as requested.
A test case using 'localhost' or '*.local' in the url needs to
run with the specific vers

tests: use '-4' where needed

Our test servers run either on ipv4 *or* on ipv6, as requested.
A test case using 'localhost' or '*.local' in the url needs to
run with the specific version of the server started.

Otherwise, curl's "happy eyeball"ing will connect to another
server that may be running due to parallel testing or for some
other reasons.

Note that port reuse here depends on the OS strategy and it
seems netbsd is especially likely to hit this.

Closes #15060

show more ...

tests: make precheck for HTTP on 127.0.0.1 into a feature

It can now be required easily in <features> instead of having perl code
in a <precheck>.

Closes #15039

GHA/macos: enable HTTPS tests with stunnel

- Install stunnel.

- Regenerate certificates (as SecureTransport requires a validity period
less than 398 days).

- Restart

GHA/macos: enable HTTPS tests with stunnel

- Install stunnel.

- Regenerate certificates (as SecureTransport requires a validity period
less than 398 days).

- Restart server if it is unresponsive.

- Do not hardcode the SHA-256 base64 public pinned key.

- Ignore test 313 as SecureTransport does not support crl file.

- Ignore tests 1631 and 1632 as SecureTransport is not yet able to shut
down FTP over HTTPS gracefully.

- Add a CMake target for generating certificates.

Closes #14486

show more ...

tests: remove leading spaces from some tags

The threee tags `<name>`, `</name>` and `<command>` were frequently used
with a leading space that this removes. The reason this habbit is so

tests: remove leading spaces from some tags

The threee tags `<name>`, `</name>` and `<command>` were frequently used
with a leading space that this removes. The reason this habbit is so
widespread in testcases is probably that they have been copy and pasted.

Hence, fixing them all now might curb this practice from now on.

Closes #12028

show more ...

tests: avoid use of sha1 in certificates

The SHA-1 algorithm is deprecated (particularly for security-sensitive
applications) in a variety of OS environments. This already affects
RH

tests: avoid use of sha1 in certificates

The SHA-1 algorithm is deprecated (particularly for security-sensitive
applications) in a variety of OS environments. This already affects
RHEL-9 and derivatives, which are not willing to use certificates using
that algorithm. The fix is to use sha256 instead, which is already used
for most of the other certificates in the test suite.

Fixes #10135

This gets rid of issues related to sha1 signatures.

Manual steps after "make clean-certs" and "make build-certs":

- Copy tests/certs/stunnel-sv.pem to tests/stunnel.pem
(make clean-certs does not remove the original tests/stunnel.pem)

- Copy tests/certs/Server-localhost-sv.pubkey-pinned into --pinnedpubkey
options of tests/data/test2041 and tests/data/test2087

Closes #10153

show more ...

tests: add authorityInfoAccess to generated certs

Generate stunnel.pem as well

Closes #9980

tests: add Schannel-specific tests and disable unsupported ones

Adds Schannel variants of SSLpinning tests that include the option
--ssl-revoke-best-effort to ignore certificate revocati

tests: add Schannel-specific tests and disable unsupported ones

Adds Schannel variants of SSLpinning tests that include the option
--ssl-revoke-best-effort to ignore certificate revocation check
failures which is required due to our custom test CA certificate.

Disable the original variants if the Schannel backend is enabled.

Also skip all IDN tests which are broken while using an msys shell.

This is a step to simplify test exclusions for Windows and MinGW.

Reviewed-by: Jay Satiro
Reviewed-by: Marcel Raad
Reviewed-by: Daniel Stenberg
Closes #7968

show more ...

tests: use %TESTNUMBER instead of fixed number

This makes the tests easier to copy and relocate to other test numbers
without having to update content.

Closes #6738

tests: fixup several tests

missing CRs and modified %hostip

lib556/test556: use a real HTTP version to make test reuse more convenient

make sure the weekday in Date headers

tests: fixup several tests

missing CRs and modified %hostip

lib556/test556: use a real HTTP version to make test reuse more convenient

make sure the weekday in Date headers matches the date

test61: replace stray "^M" (5e 4d) at the end of a cookie with a '^M' (0d)

Gets the test working with external proxies like Privoxy again.

Closes #6463

show more ...

runtests: provide curl's version string as %VERSION for tests

... so that we can check HTTP requests for User-Agent: curl/%VERSION

Update 600+ test cases accordingly.

Close

runtests: provide curl's version string as %VERSION for tests

... so that we can check HTTP requests for User-Agent: curl/%VERSION

Update 600+ test cases accordingly.

Closes #6037

show more ...

certs: generate tests certs with sha256 digest algorithm

As OpenSSL 1.1.1 starts to complain and fail on sha1 CAs:

"SSL certificate problem: CA signature digest algorithm too weak"

certs: generate tests certs with sha256 digest algorithm

As OpenSSL 1.1.1 starts to complain and fail on sha1 CAs:

"SSL certificate problem: CA signature digest algorithm too weak"

Closes #3014

show more ...

tests/certs: rebuild certs with 2048-bit RSA keys

The previous test certificates contained RSA keys of only 1024 bits.
However, RSA claims that 1024-bit RSA keys are likely to become

tests/certs: rebuild certs with 2048-bit RSA keys

The previous test certificates contained RSA keys of only 1024 bits.
However, RSA claims that 1024-bit RSA keys are likely to become
crackable some time before 2010. The NIST recommends at least 2048-bit
keys for RSA for now.

Better use full 2048 also for testing.

Closes #2973

show more ...

test2041: fixed line endings in protocol part

SSL: Pinned public key hash support