13 files changed, 316 insertions, 8 deletions
diff --git a/tests/data/Makefile.inc b/tests/data/Makefile.inc
index 8b89895ca..9a8b64bed 100644
--- a/tests/data/Makefile.inc
+++ b/tests/data/Makefile.inc
@@ -222,15 +222,13 @@ test2000 test2001 test2002 test2003 test2004 \
 \
                                                                test2023 \
 test2024 test2025 test2026 test2027 test2028 test2029 test2030 test2031 \
-test2032          test2034 test2035 test2036 test2037 test2038 test2039 \
+test2032 test2033 test2034 test2035 test2036 test2037 test2038 test2039 \
 test2040 test2041 test2042 test2043 test2044 test2045 test2046 test2047 \
 test2048 test2049 test2050 test2051 test2052 test2053 test2054 test2055 \
 test2056 test2057 test2058 test2059 test2060 test2061 test2062 test2063 \
-test2064 test2065 test2066 test2067 test2068 test2069 \
-test2064 test2065 test2066 test2067 test2068 test2069 test2070 \
-         test2071 test2072 test2073 test2074 test2075 test2076 test2077 \
-test2078 \
-test2080 test2081 test2082 test2083 test2084 test2085 test2086 \
+test2064 test2065 test2066 test2067 test2068 test2069 test2070 test2071 \
+test2072 test2073 test2074 test2075 test2076 test2077 test2078 test2079 \
+test2080 test2081 test2082 test2083 test2084 test2085 test2086 test2087 \
 \
 test2100 \
 \
@@ -238,4 +236,5 @@ test2200 test2201 test2202 test2203 test2204 test2205 \
 \
 test3000 test3001 test3002 test3003 test3004 test3005 test3006 test3007 \
 test3008 test3009 test3010 test3011 test3012 test3013 test3014 test3015 \
-test3016 test3017 test3018 test3019 test3020 test3021 test3022
+test3016 test3017 test3018 test3019 test3020 test3021 test3022 test3023 \
+test3024
diff --git a/tests/data/test2033 b/tests/data/test2033
new file mode 100644
index 000000000..0645932a4
--- /dev/null
+++ b/tests/data/test2033
@@ -0,0 +1,61 @@
+<testcase>
+<info>
+<keywords>
+HTTPS
+HTTP GET
+PEM certificate
+</keywords>
+</info>
+
+#
+# Server-side
+<reply>
+<data>
+HTTP/1.1 200 OK
+Date: Tue, 09 Nov 2010 14:49:00 GMT
+Server: test-server/fake
+Content-Length: 7
+
+MooMoo
+</data>
+</reply>
+
+#
+# Client-side
+<client>
+<features>
+SSL
+SSLpinning
+Schannel
+</features>
+<server>
+https Server-localhost-sv.pem
+</server>
+ <name>
+simple HTTPS GET with DER public key pinning (Schannel variant)
+ </name>
+ <setenv>
+# This test is pointless if we're not using the schannel backend
+CURL_SSL_BACKEND=schannel
+ </setenv>
+ <command>
+--cacert %SRCDIR/certs/EdelCurlRoot-ca.crt --pinnedpubkey %SRCDIR/certs/Server-localhost-sv.pub.der --ssl-revoke-best-effort https://localhost:%HTTPSPORT/%TESTNUMBER
+</command>
+# Ensure that we're running on localhost because we're checking the host name
+<precheck>
+perl -e "print 'Test requires default test server host' if ( '%HOSTIP' ne '127.0.0.1' );"
+</precheck>
+</client>
+
+#
+# Verify data after the test has been "shot"
+<verify>
+<protocol>
+GET /%TESTNUMBER HTTP/1.1
+Host: localhost:%HTTPSPORT
+User-Agent: curl/%VERSION
+Accept: */*
+
+</protocol>
+</verify>
+</testcase>
diff --git a/tests/data/test2034 b/tests/data/test2034
index 3ddd42024..83f984a1d 100644
--- a/tests/data/test2034
+++ b/tests/data/test2034
@@ -26,6 +26,7 @@ MooMoo
 <features>
 SSL
 SSLpinning
+!Schannel
 </features>
 <server>
 https Server-localhost-sv.pem
diff --git a/tests/data/test2037 b/tests/data/test2037
index f43215fef..2b17e5383 100644
--- a/tests/data/test2037
+++ b/tests/data/test2037
@@ -26,6 +26,7 @@ MooMoo
 <features>
 SSL
 SSLpinning
+!Schannel
 </features>
 <server>
 https Server-localhost-sv.pem
diff --git a/tests/data/test2041 b/tests/data/test2041
index e4a2391e8..1958bb7fd 100644
--- a/tests/data/test2041
+++ b/tests/data/test2041
@@ -26,6 +26,7 @@ MooMoo
 <features>
 SSL
 SSLpinning
+!Schannel
 </features>
 <server>
 https Server-localhost-sv.pem
diff --git a/tests/data/test2070 b/tests/data/test2070
index 7258638f7..74cdd7d8c 100644
--- a/tests/data/test2070
+++ b/tests/data/test2070
@@ -24,8 +24,8 @@ MooMoo
 # Client-side
 <client>
 <features>
+SSL
 Schannel
-!MinGW
 </features>
 <server>
 https Server-localhost-sv.pem
diff --git a/tests/data/test2079 b/tests/data/test2079
new file mode 100644
index 000000000..67ffa1656
--- /dev/null
+++ b/tests/data/test2079
@@ -0,0 +1,61 @@
+<testcase>
+<info>
+<keywords>
+HTTPS
+HTTP GET
+PEM certificate
+</keywords>
+</info>
+
+#
+# Server-side
+<reply>
+<data>
+HTTP/1.1 200 OK
+Date: Tue, 09 Nov 2010 14:49:00 GMT
+Server: test-server/fake
+Content-Length: 7
+
+MooMoo
+</data>
+</reply>
+
+#
+# Client-side
+<client>
+<features>
+SSL
+SSLpinning
+Schannel
+</features>
+<server>
+https Server-localhost-sv.pem
+</server>
+ <name>
+simple HTTPS GET with PEM public key pinning (Schannel variant)
+ </name>
+ <setenv>
+# This test is pointless if we're not using the schannel backend
+CURL_SSL_BACKEND=schannel
+ </setenv>
+ <command>
+--cacert %SRCDIR/certs/EdelCurlRoot-ca.crt --pinnedpubkey %SRCDIR/certs/Server-localhost-sv.pub.pem --ssl-revoke-best-effort https://localhost:%HTTPSPORT/%TESTNUMBER
+</command>
+# Ensure that we're running on localhost because we're checking the host name
+<precheck>
+perl -e "print 'Test requires default test server host' if ( '%HOSTIP' ne '127.0.0.1' );"
+</precheck>
+</client>
+
+#
+# Verify data after the test has been "shot"
+<verify>
+<protocol>
+GET /%TESTNUMBER HTTP/1.1
+Host: localhost:%HTTPSPORT
+User-Agent: curl/%VERSION
+Accept: */*
+
+</protocol>
+</verify>
+</testcase>
diff --git a/tests/data/test2087 b/tests/data/test2087
new file mode 100644
index 000000000..78751ea62
--- /dev/null
+++ b/tests/data/test2087
@@ -0,0 +1,61 @@
+<testcase>
+<info>
+<keywords>
+HTTPS
+HTTP GET
+PEM certificate
+</keywords>
+</info>
+
+#
+# Server-side
+<reply>
+<data>
+HTTP/1.1 200 OK
+Date: Tue, 09 Nov 2010 14:49:00 GMT
+Server: test-server/fake
+Content-Length: 7
+
+MooMoo
+</data>
+</reply>
+
+#
+# Client-side
+<client>
+<features>
+SSL
+SSLpinning
+Schannel
+</features>
+<server>
+https Server-localhost-sv.pem
+</server>
+ <name>
+simple HTTPS GET with base64-sha256 public key pinning (Schannel variant)
+ </name>
+ <setenv>
+# This test is pointless if we're not using the schannel backend
+CURL_SSL_BACKEND=schannel
+ </setenv>
+ <command>
+--cacert %SRCDIR/certs/EdelCurlRoot-ca.crt --pinnedpubkey sha256//+JYNkp2GTGRgrvZMUkOxbFJQQqYpwNE6toGmBjz00D8= --ssl-revoke-best-effort https://localhost:%HTTPSPORT/%TESTNUMBER
+</command>
+# Ensure that we're running on localhost because we're checking the host name
+<precheck>
+perl -e "print 'Test requires default test server host' if ( '%HOSTIP' ne '127.0.0.1' );"
+</precheck>
+</client>
+
+#
+# Verify data after the test has been "shot"
+<verify>
+<protocol>
+GET /%TESTNUMBER HTTP/1.1
+Host: localhost:%HTTPSPORT
+User-Agent: curl/%VERSION
+Accept: */*
+
+</protocol>
+</verify>
+</testcase>
diff --git a/tests/data/test3000 b/tests/data/test3000
index db5299e5f..05f4a010e 100644
--- a/tests/data/test3000
+++ b/tests/data/test3000
@@ -25,6 +25,7 @@ MooMoo
 <client>
 <features>
 SSL
+!Schannel
 </features>
 <server>
 https Server-localhost-firstSAN-sv.pem
diff --git a/tests/data/test3001 b/tests/data/test3001
index 534a5cded..3a954324b 100644
--- a/tests/data/test3001
+++ b/tests/data/test3001
@@ -25,6 +25,7 @@ MooMoo
 <client>
 <features>
 SSL
+!Schannel
 </features>
 <server>
 https Server-localhost-lastSAN-sv.pem
diff --git a/tests/data/test3023 b/tests/data/test3023
new file mode 100644
index 000000000..fe43c199f
--- /dev/null
+++ b/tests/data/test3023
@@ -0,0 +1,60 @@
+<testcase>
+<info>
+<keywords>
+HTTPS
+HTTP GET
+PEM certificate
+</keywords>
+</info>
+
+#
+# Server-side
+<reply>
+<data>
+HTTP/1.1 200 OK
+Date: Tue, 09 Nov 2010 14:49:00 GMT
+Server: test-server/fake
+Content-Length: 7
+
+MooMoo
+</data>
+</reply>
+
+#
+# Client-side
+<client>
+<features>
+SSL
+Schannel
+</features>
+<server>
+https Server-localhost-firstSAN-sv.pem
+</server>
+<name>
+HTTPS GET to localhost, first subject alt name matches, CN does not match (Schannel variant)
+</name>
+<setenv>
+# This test is pointless if we're not using the schannel backend
+CURL_SSL_BACKEND=schannel
+</setenv>
+<command>
+--cacert %SRCDIR/certs/EdelCurlRoot-ca.crt --ssl-revoke-best-effort https://localhost:%HTTPSPORT/%TESTNUMBER
+</command>
+# Ensure that we're running on localhost because we're checking the host name
+<precheck>
+perl -e "print 'Test requires default test server host' if ( '%HOSTIP' ne '127.0.0.1' );"
+</precheck>
+</client>
+
+#
+# Verify data after the test has been "shot"
+<verify>
+<protocol>
+GET /%TESTNUMBER HTTP/1.1
+Host: localhost:%HTTPSPORT
+User-Agent: curl/%VERSION
+Accept: */*
+
+</protocol>
+</verify>
+</testcase>
diff --git a/tests/data/test3024 b/tests/data/test3024
new file mode 100644
index 000000000..55b26788e
--- /dev/null
+++ b/tests/data/test3024
@@ -0,0 +1,60 @@
+<testcase>
+<info>
+<keywords>
+HTTPS
+HTTP GET
+PEM certificate
+</keywords>
+</info>
+
+#
+# Server-side
+<reply>
+<data>
+HTTP/1.1 200 OK
+Date: Tue, 09 Nov 2010 14:49:00 GMT
+Server: test-server/fake
+Content-Length: 7
+
+MooMoo
+</data>
+</reply>
+
+#
+# Client-side
+<client>
+<features>
+SSL
+Schannel
+</features>
+<server>
+https Server-localhost-lastSAN-sv.pem
+</server>
+<name>
+HTTPS GET to localhost, last subject alt name matches, CN does not match (Schannel variant)
+</name>
+<setenv>
+# This test is pointless if we're not using the schannel backend
+CURL_SSL_BACKEND=schannel
+</setenv>
+<command>
+--cacert %SRCDIR/certs/EdelCurlRoot-ca.crt --ssl-revoke-best-effort https://localhost:%HTTPSPORT/%TESTNUMBER
+</command>
+# Ensure that we're running on localhost because we're checking the host name
+<precheck>
+perl -e "print 'Test requires default test server host' if ( '%HOSTIP' ne '127.0.0.1' );"
+</precheck>
+</client>
+
+#
+# Verify data after the test has been "shot"
+<verify>
+<protocol>
+GET /%TESTNUMBER HTTP/1.1
+Host: localhost:%HTTPSPORT
+User-Agent: curl/%VERSION
+Accept: */*
+
+</protocol>
+</verify>
+</testcase>
diff --git a/tests/data/test310 b/tests/data/test310
index c31085b87..6b6f63a66 100644
--- a/tests/data/test310
+++ b/tests/data/test310
@@ -25,6 +25,7 @@ MooMoo
 <client>
 <features>
 SSL
+!Schannel
 </features>
 <server>
 https Server-localhost-sv.pem