mirror of
https://github.com/NixOS/nix
synced 2025-07-07 18:31:49 +02:00
fixup! Add a test for builtin:fetchurl cert verification
This commit is contained in:
parent
211c80608f
commit
bdc4e60199
1 changed files with 6 additions and 0 deletions
|
@ -67,6 +67,9 @@ in
|
||||||
out = machine.succeed("curl https://good/index.html")
|
out = machine.succeed("curl https://good/index.html")
|
||||||
assert out == "hello world\n"
|
assert out == "hello world\n"
|
||||||
|
|
||||||
|
out = machine.succeed("cat ${badCert}/cert.pem > /tmp/cafile.pem; curl --cacert /tmp/cafile.pem https://bad/index.html")
|
||||||
|
assert out == "foobar\n"
|
||||||
|
|
||||||
# Fetching from a server with a trusted cert should work.
|
# Fetching from a server with a trusted cert should work.
|
||||||
machine.succeed("nix build --no-substitute --expr 'import <nix/fetchurl.nix> { url = \"https://good/index.html\"; hash = \"sha256-qUiQTy8PR5uPgZdpSzAYSw0u0cHNKh7A+4XSmaGSpEc=\"; }'")
|
machine.succeed("nix build --no-substitute --expr 'import <nix/fetchurl.nix> { url = \"https://good/index.html\"; hash = \"sha256-qUiQTy8PR5uPgZdpSzAYSw0u0cHNKh7A+4XSmaGSpEc=\"; }'")
|
||||||
|
|
||||||
|
@ -74,5 +77,8 @@ in
|
||||||
err = machine.fail("nix build --no-substitute --expr 'import <nix/fetchurl.nix> { url = \"https://bad/index.html\"; hash = \"sha256-rsBwZF/lPuOzdjBZN2E08FjMM3JHyXit0Xi2zN+wAZ8=\"; }' 2>&1")
|
err = machine.fail("nix build --no-substitute --expr 'import <nix/fetchurl.nix> { url = \"https://bad/index.html\"; hash = \"sha256-rsBwZF/lPuOzdjBZN2E08FjMM3JHyXit0Xi2zN+wAZ8=\"; }' 2>&1")
|
||||||
print(err)
|
print(err)
|
||||||
assert "SSL certificate problem: self-signed certificate" in err
|
assert "SSL certificate problem: self-signed certificate" in err
|
||||||
|
|
||||||
|
# Fetching from a server with a trusted cert should work via environment variable override.
|
||||||
|
machine.succeed("NIX_SSL_CERT_FILE=/tmp/cafile.pem nix build --no-substitute --expr 'import <nix/fetchurl.nix> { url = \"https://bad/index.html\"; hash = \"sha256-rsBwZF/lPuOzdjBZN2E08FjMM3JHyXit0Xi2zN+wAZ8=\"; }'")
|
||||||
'';
|
'';
|
||||||
}
|
}
|
||||||
|
|
Loading…
Add table
Add a link
Reference in a new issue