diff options
author | Lars Wirzenius <liw@liw.fi> | 2021-02-06 09:54:26 +0200 |
---|---|---|
committer | Lars Wirzenius <liw@liw.fi> | 2021-02-06 10:40:07 +0200 |
commit | 520fc35ce0269df2963a5b53112f614257b08bc6 (patch) | |
tree | 794b7405db1fcd33d5f708b7de697e3bcf403944 /obnam.md | |
parent | b426e6e89e077fce0b74c79c13751cf4db5af75e (diff) | |
download | obnam2-520fc35ce0269df2963a5b53112f614257b08bc6.tar.gz |
feat: client verifies server's TLS certificate by default
Configuration setting can disable it.
Diffstat (limited to 'obnam.md')
-rw-r--r-- | obnam.md | 26 |
1 files changed, 26 insertions, 0 deletions
@@ -998,6 +998,7 @@ then stdout, as JSON, matches file config.json ~~~{#config.yaml .file .yaml .numberLines} root: live server_url: https://backup.example.com +verify_tls_cert: true ~~~ @@ -1018,8 +1019,31 @@ then stderr contains "https:" ~~~{#http.yaml .file .yaml .numberLines} root: live server_url: http://backup.example.com +verify_tls_cert: true ~~~ +## Client refuses a self-signed certificate + +This scenario verifies that the client refuses to connect to a server +if the server's TLS certificate is self-signed. The test server set up +by the scenario uses self-signed certificates. + +~~~scenario +given an installed obnam +and a running chunk server +and a client config based on ca-required.yaml +and a file live/data.dat containing some random data +when I try to run obnam --config ca-required.yaml backup +then command fails +then stderr contains "self signed certificate" +~~~ + +~~~{#ca-required.yaml .file .yaml .numberLines} +verify_tls_cert: true +root: live +~~~ + + # Acceptance criteria for Obnam as a whole The scenarios in this chapter apply to Obnam as a whole: the client @@ -1048,6 +1072,7 @@ then files live.yaml and rest.yaml match ~~~ ~~~{#smoke.yaml .file .yaml .numberLines} +verify_tls_cert: false root: live ~~~ @@ -1062,6 +1087,7 @@ anything. All these scenarios use the following configuration file. ~~~{#metadata.yaml .file .yaml .numberLines} +verify_tls_cert: false root: live ~~~ |