Test PerfdataWriterConnection TLS connections as localhost

Also add a test case that tests host name verification fails with
a different host name than on the certificate (here "127.0.0.1"
instead of "localhost").

Author: jschmidt-icinga

test/perfdata-perfdatatargetfixture.hpp

@@ -82,7 +82,7 @@ class PerfdataWriterTargetFixture
 	void ResetStream()
 	{
 		if (std::holds_alternative<Shared<AsioTlsStream>::Ptr>(m_Stream)) {
-			m_Stream = Shared<AsioTlsStream>::Make(IoEngine::Get().GetIoContext(), *m_SslContext);
+			m_Stream = Shared<AsioTlsStream>::Make(IoEngine::Get().GetIoContext(), *m_SslContext, "localhost");
 		} else {
 			m_Stream = Shared<AsioTcpStream>::Make(IoEngine::Get().GetIoContext());
 		}

test/perfdata-perfdatawriterconnection.cpp

@@ -2,6 +2,7 @@
 // SPDX-License-Identifier: GPL-3.0-or-later
 
 #include "perfdata/perfdatawriterconnection.hpp"
+#include "test/base-testloggerfixture.hpp"
 #include "test/perfdata-perfdatatargetfixture.hpp"
 #include "test/remote-certificate-fixture.hpp"
 #include "test/test-ctest.hpp"
@@ -10,17 +11,21 @@
 
 using namespace icinga;
 
-class TlsPerfdataWriterFixture : public CertificateFixture, public PerfdataWriterTargetFixture
+class TlsPerfdataWriterFixture : public CertificateFixture, public PerfdataWriterTargetFixture, public TestLoggerFixture
 {
 public:
 	TlsPerfdataWriterFixture() : PerfdataWriterTargetFixture(MakeContext("server"))
 	{
 		m_PdwSslContext = MakeContext("client");
 
-		m_Conn = new PerfdataWriterConnection{"Test", "test", "127.0.0.1", std::to_string(GetPort()), m_PdwSslContext};
+		ResetConnection();
 	}
 
 	auto& GetConnection() { return *m_Conn; }
+	void ResetConnection(String host = "localhost")
+	{
+		m_Conn = new PerfdataWriterConnection{"Test", "test", std::move(host), std::to_string(GetPort()), m_PdwSslContext};
+	}
 
 	static inline const std::vector<String> RequiredCerts{"client", "server"};
 
@@ -66,6 +71,34 @@ BOOST_AUTO_TEST_CASE(connection_refused)
 	REQUIRE_JOINS_WITHIN(timeoutThread, 1s);
 }
 
+/* This tests that the connection attempt fails when the host can not be verified correctly.
+ */
+BOOST_AUTO_TEST_CASE(tls_verify_host)
+{
+	/* The certificates are created with CN=localhost, so 127.0.0.1 should still connect
+	 * correctly, but fail the host name verification of the certificate.
+	 */
+	ResetConnection("127.0.0.1");
+
+	std::promise<void> p;
+	TestThread timeoutThread{[&]() {
+		Accept();
+		Handshake();
+		auto f = p.get_future();
+		GetConnection().CancelAfterTimeout(f, 200ms);
+	}};
+
+	BOOST_REQUIRE_EXCEPTION(
+		GetConnection().Send(boost::asio::const_buffer{"foobar", 7}), std::exception, [](const std::exception& ex) {
+			std::cout << "exception raised: " << ex.what() << std::endl;
+			return true;
+		}
+	);
+
+	REQUIRE_JOINS_WITHIN(timeoutThread, 10s);
+	REQUIRE_LOG_MESSAGE("Error while connecting .*?: [hH]ostname mismatch", 10s);
+}
+
 /* The PerfdataWriterConnection connects automatically when sending the first data.
  * In case of http we also need to support disconnecting and reconnecting.
  */