From 17b263c49df682fc45f0e50cceb01db4366ad9a7 Mon Sep 17 00:00:00 2001
From: Guilhem Moulin <guilhem@fripost.org>
Date: Thu, 10 Dec 2020 14:28:29 +0100
Subject: libinterimap: show the matching pinned SPKI in --debug mode.

---
 tests/tls-rsa+ecdsa/t | 7 ++++++-
 1 file changed, 6 insertions(+), 1 deletion(-)

(limited to 'tests/tls-rsa+ecdsa')

diff --git a/tests/tls-rsa+ecdsa/t b/tests/tls-rsa+ecdsa/t
index 29352e9..2adf930 100644
--- a/tests/tls-rsa+ecdsa/t
+++ b/tests/tls-rsa+ecdsa/t
@@ -32,6 +32,9 @@ interimap --debug || error
 grep -Fx -e "remote: Peer certificate fingerprint: sha256\$$X509_SHA256" \
          -e "remote: Peer certificate fingerprint: sha256\$$X509_ALT_SHA256" \
          <"$STDERR" || error
+grep -Fx -e "remote: Peer certificate matches pinned SPKI digest sha256\$$PKEY_SHA256" \
+         -e "remote: Peer certificate matches pinned SPKI digest sha256\$$PKEY_ALT_SHA256" \
+         <"$STDERR" || error
 
 # force RSA (XXX do we really have to force TLSv1.2 here?)
 cat >>"$XDG_CONFIG_HOME/interimap/config" <<-EOF
@@ -40,10 +43,12 @@ cat >>"$XDG_CONFIG_HOME/interimap/config" <<-EOF
 EOF
 interimap --debug || error
 grep -Fx "remote: Peer certificate fingerprint: sha256\$$X509_SHA256" <"$STDERR" || error
+grep -Fx "remote: Peer certificate matches pinned SPKI digest sha256\$$PKEY_SHA256" <"$STDERR" || error
 
 # force ECDSA
-sed -i "s/^SSL_cipherlist\\s*=.*/SSL_cipherlist = EECDH+AESGCM+aECDSA/" "$XDG_CONFIG_HOME/interimap/config"
+sed -i "s/^SSL_cipherlist\\s*=.*/SSL_cipherlist = EECDH+AESGCM+aECDSA/" -- "$XDG_CONFIG_HOME/interimap/config"
 interimap --debug || error
 grep -Fx "remote: Peer certificate fingerprint: sha256\$$X509_ALT_SHA256" <"$STDERR" || error
+grep -Fx "remote: Peer certificate matches pinned SPKI digest sha256\$$PKEY_ALT_SHA256" <"$STDERR" || error
 
 # vim: set filetype=sh :
-- 
cgit v1.2.3