tests: Add a test for pinnedpubkey fail even when insecure

Because disabling the peer verification (--insecure) must not disable
the public key pinning check (--pinnedpubkey).

diff --git a/tests/data/Makefile.inc b/tests/data/Makefile.inc
index 4e01bdfcb5460e44954a001f7113ef73a068b9e2..36940621308ca4cedfb105427465f96116ba7f9c 100644 (file)
--- a/tests/data/Makefile.inc
+++ b/tests/data/Makefile.inc
@@ -168,4 +168,5 @@ test2008 test2009 test2010 test2011 test2012 test2013 test2014 test2015 \
 test2016 test2017 test2018 test2019 test2020 test2021 test2022 test2023 \
 test2024 test2025 test2026 test2027 test2028 test2029 test2030 test2031 \
 test2032 test2033 test2034 test2035 test2036 test2037 test2038 test2039 \
-test2040 test2041 test2042 test2043 test2044 test2045 test2046 test2047
+test2040 test2041 test2042 test2043 test2044 test2045 test2046 test2047 \
+test2048

diff --git a/tests/data/test2048 b/tests/data/test2048
new file mode 100644 (file)
index 0000000..eb2b1df
--- /dev/null
+++ b/tests/data/test2048
@@ -0,0 +1,40 @@
+<testcase>
+<info>
+<keywords>
+HTTPS
+HTTP GET
+PEM certificate
+</keywords>
+</info>
+
+#
+# Server-side
+<reply>
+</reply>
+
+#
+# Client-side
+<client>
+<features>
+SSL
+SSLpinning
+</features>
+<server>
+https Server-localhost-sv.pem
+</server>
+<name>
+pinnedpubkey no-match must fail even when insecure
+</name>
+<command>
+--insecure --cacert %SRCDIR/certs/EdelCurlRoot-ca.crt --pinnedpubkey %SRCDIR/certs/Server-localhost.nn-sv.pub.der https://localhost:%HTTPSPORT/2034
+</command>
+</client>
+
+#
+# Verify data after the test has been "shot"
+<verify>
+<errorcode>
+90
+</errorcode>
+</verify>
+</testcase>