src/verify.c: Better handle a missing proxy certificate.

[tlsproxy/tlsproxy.git] / tests / tests-passthrough.sh

diff --git a/tests/tests-passthrough.sh b/tests/tests-passthrough.sh
index 0407d411c9e41852a1360b7e93cac74cf02ca03a..a25d9236a9464d04ebb10f1131fdf4c33408a892 100755 (executable)
--- a/tests/tests-passthrough.sh
+++ b/tests/tests-passthrough.sh
@@ -56,6 +56,15 @@ mv .pem certificate-localhost-server.pem
 test_proxy_successful
 test_invalid_certificate
 
+echo missing proxy certificate
+mv certificate-localhost-proxy.pem .pem
+# "invalid" to prevent user error if the proxy certificate gets deleted (but
+# the server certificate is still readable).
+client localhost 4712 invalid || abort
+mv .pem certificate-localhost-proxy.pem
+test_proxy_successful
+test_invalid_certificate
+
 echo normal connection
 # 'localhost' is the CN of tlsproxy's certificate.
 client localhost 4712 localhost || abort
@@ -93,6 +102,15 @@ mv .pem certificate-localhost-server.pem
 test_proxy_successful
 test_invalid_certificate
 
+echo mitm missing proxy certificate
+mv certificate-localhost-proxy.pem .pem
+# "invalid" to prevent user error if the proxy certificate gets deleted (but
+# the server certificate is still readable).
+client localhost 4712 invalid || abort
+mv .pem certificate-localhost-proxy.pem
+test_proxy_successful
+test_invalid_certificate
+
 echo mitm normal connection
 client localhost 4712 invalid || abort
 test_proxy_successful