ded/cpp-httplib
1
0
Fork 0
mirror of https://github.com/yhirose/cpp-httplib.git synced 2026-04-11 19:28:30 +00:00
Code Issues Packages Projects Releases Wiki Activity

Add a test for the previous change

Browse Source
This commit is contained in:
yhirose
2026-03-12 22:57:11 -04:00
parent 125272f34b
commit 188035fb6d
3 changed files with 51 additions and 0 deletions
Download Patch File Download Diff File Expand all files Collapse all files

1
test/proxy/basic_squid.conf
View File

@@ -15,6 +15,7 @@ acl localnet src fc00::/7 # RFC 4193 local private network range
acl localnet src fe80::/10 # RFC 4291 link-local (directly plugged) machines acl localnet src fe80::/10 # RFC 4291 link-local (directly plugged) machines
acl SSL_ports port 443 acl SSL_ports port 443
acl SSL_ports port 1025-65535
acl Safe_ports port 80 # http acl Safe_ports port 80 # http
acl Safe_ports port 21 # ftp acl Safe_ports port 21 # ftp
acl Safe_ports port 443 # https acl Safe_ports port 443 # https

1
test/proxy/digest_squid.conf
View File

@@ -15,6 +15,7 @@ acl localnet src fc00::/7 # RFC 4193 local private network range
acl localnet src fe80::/10 # RFC 4291 link-local (directly plugged) machines acl localnet src fe80::/10 # RFC 4291 link-local (directly plugged) machines
acl SSL_ports port 443 acl SSL_ports port 443
acl SSL_ports port 1025-65535
acl Safe_ports port 80 # http acl Safe_ports port 80 # http
acl Safe_ports port 21 # ftp acl Safe_ports port 21 # ftp
acl Safe_ports port 443 # https acl Safe_ports port 443 # https

49
test/test_proxy.cc
View File

@@ -109,6 +109,55 @@ TEST(RedirectTest, YouTubeSSLDigest) {
// ---------------------------------------------------------------------------- // ----------------------------------------------------------------------------
#ifdef CPPHTTPLIB_SSL_ENABLED
TEST(RedirectTest, TLSVerificationOnProxyRedirect) {
// Untrusted HTTPS server with self-signed cert
SSLServer untrusted_svr("cert.pem", "key.pem");
untrusted_svr.Get("/", [](const Request &, Response &res) {
res.set_content("MITM'd", "text/plain");
});
auto untrusted_port = untrusted_svr.bind_to_any_port("0.0.0.0");
auto t1 = thread([&]() { untrusted_svr.listen_after_bind(); });
auto se1 = detail::scope_exit([&] {
untrusted_svr.stop();
t1.join();
});
// HTTP server that redirects to the untrusted HTTPS server
// Use host.docker.internal so the proxy container can reach the host
Server redirect_svr;
redirect_svr.Get("/", [&](const Request &, Response &res) {
res.set_redirect(
"https://host.docker.internal:" + to_string(untrusted_port) + "/");
});
auto redirect_port = redirect_svr.bind_to_any_port("0.0.0.0");
auto t2 = thread([&]() { redirect_svr.listen_after_bind(); });
auto se2 = detail::scope_exit([&] {
redirect_svr.stop();
t2.join();
});
// Wait until servers are up
untrusted_svr.wait_until_ready();
redirect_svr.wait_until_ready();
// Client with proxy + follow_location, verification ON (default)
Client cli("host.docker.internal", redirect_port);
cli.set_proxy("localhost", 3128);
cli.set_proxy_basic_auth("hello", "world");
cli.set_follow_location(true);
auto res = cli.Get("/");
// Self-signed cert must be rejected
ASSERT_TRUE(res == nullptr);
}
#endif
// ----------------------------------------------------------------------------
template <typename T> void BaseAuthTestFromHTTPWatch(T &cli) { template <typename T> void BaseAuthTestFromHTTPWatch(T &cli) {
cli.set_proxy("localhost", 3128); cli.set_proxy("localhost", 3128);
cli.set_proxy_basic_auth("hello", "world"); cli.set_proxy_basic_auth("hello", "world");