tests/data/test1922 - third_party/curl - Git at Google

 <?xml version="1.0" encoding="US-ASCII"?>
 <testcase>
 <info>
 <keywords>
 HTTP
 HTTP proxy
 HSTS
 curl_easy_duphandle
 </keywords>
 </info>

 <reply>
 <!-- Response to the original handle's direct HTTP request.
      Strict-Transport-Security header populates the live HSTS cache. -->
 <data nocheck="yes" crlf="headers">
 HTTP/1.1 200 OK
 Date: Tue, 09 Nov 2010 14:49:00 GMT
 Server: test-server/fake
 Content-Type: text/plain
 Content-Length: 5
 Strict-Transport-Security: max-age=31536000

 Hello
 </data>

 <!-- Response to the dup handle's proxy CONNECT attempt.
      The CONNECT to port 443 proves the copied
      HSTS cache upgraded the dup's HTTP URL to HTTPS. -->
 <connect crlf="headers">
 HTTP/1.1 403 Forbidden
 Content-Length: 0
 Connection: close

 </connect>
 </reply>

 <client>
 <features>
 HSTS
 https
 Debug
 proxy
 </features>
 <server>
 http
 http-proxy
 </server>
 <setenv>
 CURL_HSTS_HTTP=yes
 </setenv>
 <name>
 curl_easy_duphandle copies HSTS cache, auto upgrading HTTP to HTTPS.
 </name>
 <tool>
 lib%TESTNUMBER
 </tool>
 <command>
 - %HOSTIP %HTTPPORT %PROXYPORT
 </command>
 </client>

 <verify>
 # First request: original handle GETs from the http server; the response
 # carries Strict-Transport-Security, populating the live HSTS cache that
 # the dup inherits.
 <protocol crlf="headers">
 GET /%TESTNUMBER HTTP/1.1
 Host: hsts.example.com:%HTTPPORT
 Accept: */*

 </protocol>
 # Second request: dup handle upgraded HTTP to HTTPS by copied HSTS cache,
 # proxy receives CONNECT to port 443 proving the upgrade happened
 <proxy crlf="headers">
 CONNECT hsts.example.com:443 HTTP/1.1
 Host: hsts.example.com:443
 Proxy-Connection: Keep-Alive

 </proxy>
 <stdout>
 First request: HSTS cache populated
 Dup effective URL: https://hsts.example.com/%TESTNUMBER
 </stdout>
 # CURLE_COULDNT_CONNECT (7) is intentional: The proxy rejects the CONNECT
 # to port 443, collapsing the tunnel. All that is being validated is the
 # CONNECT to port 443 itself.
 <errorcode>
 7
 </errorcode>
 </verify>
 </testcase>
	<?xml version="1.0" encoding="US-ASCII"?>
	<testcase>
	<info>
	<keywords>
	HTTP
	HTTP proxy
	HSTS
	curl_easy_duphandle
	</keywords>
	</info>

	<reply>
	<!-- Response to the original handle's direct HTTP request.
	Strict-Transport-Security header populates the live HSTS cache. -->
	<data nocheck="yes" crlf="headers">
	HTTP/1.1 200 OK
	Date: Tue, 09 Nov 2010 14:49:00 GMT
	Server: test-server/fake
	Content-Type: text/plain
	Content-Length: 5
	Strict-Transport-Security: max-age=31536000

	Hello
	</data>

	<!-- Response to the dup handle's proxy CONNECT attempt.
	The CONNECT to port 443 proves the copied
	HSTS cache upgraded the dup's HTTP URL to HTTPS. -->
	<connect crlf="headers">
	HTTP/1.1 403 Forbidden
	Content-Length: 0
	Connection: close

	</connect>
	</reply>

	<client>
	<features>
	HSTS
	https
	Debug
	proxy
	</features>
	<server>
	http
	http-proxy
	</server>
	<setenv>
	CURL_HSTS_HTTP=yes
	</setenv>
	<name>
	curl_easy_duphandle copies HSTS cache, auto upgrading HTTP to HTTPS.
	</name>
	<tool>
	lib%TESTNUMBER
	</tool>
	<command>
	- %HOSTIP %HTTPPORT %PROXYPORT
	</command>
	</client>

	<verify>
	# First request: original handle GETs from the http server; the response
	# carries Strict-Transport-Security, populating the live HSTS cache that
	# the dup inherits.
	<protocol crlf="headers">
	GET /%TESTNUMBER HTTP/1.1
	Host: hsts.example.com:%HTTPPORT
	Accept: /

	</protocol>
	# Second request: dup handle upgraded HTTP to HTTPS by copied HSTS cache,
	# proxy receives CONNECT to port 443 proving the upgrade happened
	<proxy crlf="headers">
	CONNECT hsts.example.com:443 HTTP/1.1
	Host: hsts.example.com:443
	Proxy-Connection: Keep-Alive

	</proxy>
	<stdout>
	First request: HSTS cache populated
	Dup effective URL: https://hsts.example.com/%TESTNUMBER
	</stdout>
	# CURLE_COULDNT_CONNECT (7) is intentional: The proxy rejects the CONNECT
	# to port 443, collapsing the tunnel. All that is being validated is the
	# CONNECT to port 443 itself.
	<errorcode>
	7
	</errorcode>
	</verify>
	</testcase>