From daf32ac2a72cbdd2242a6a11886c46bc853ddeb7 Mon Sep 17 00:00:00 2001
From: letty <letty.ll@alibaba-inc.com>
Date: Thu, 12 Apr 2018 12:01:00 +0800
Subject: [PATCH] test: add tls test

Signed-off-by: letty <letty.ll@alibaba-inc.com>
---
 hack/make.sh                   |  3 +++
 test/daemon/daemon.go          | 17 ++++++++++++--
 test/tls/a_client/a_client.csr | 17 ++++++++++++++
 test/tls/a_client/ca.pem       | 22 +++++++++++++++++
 test/tls/a_client/ca_wrong.pem | 22 +++++++++++++++++
 test/tls/a_client/cert.pem     | 21 +++++++++++++++++
 test/tls/a_client/key.pem      | 27 +++++++++++++++++++++
 test/tls/ca-key.pem            | 28 ++++++++++++++++++++++
 test/tls/ca.pem                | 22 +++++++++++++++++
 test/tls/ca.srl                |  1 +
 test/tls/extfile.out           |  1 +
 test/tls/generate_tls.sh       | 35 +++++++++++++++++++++++++++
 test/tls/server/ca.pem         | 22 +++++++++++++++++
 test/tls/server/cert.pem       | 21 +++++++++++++++++
 test/tls/server/key.pem        | 27 +++++++++++++++++++++
 test/tls/server/server.csr     | 17 ++++++++++++++
 test/utils.go                  | 34 +++++++++++++++++++++++++++
 test/z_cli_daemon_test.go      | 43 ++++++++++++++++++++++++++++++++++
 18 files changed, 378 insertions(+), 2 deletions(-)
 create mode 100644 test/tls/a_client/a_client.csr
 create mode 100644 test/tls/a_client/ca.pem
 create mode 100644 test/tls/a_client/ca_wrong.pem
 create mode 100644 test/tls/a_client/cert.pem
 create mode 100644 test/tls/a_client/key.pem
 create mode 100644 test/tls/ca-key.pem
 create mode 100644 test/tls/ca.pem
 create mode 100644 test/tls/ca.srl
 create mode 100644 test/tls/extfile.out
 create mode 100644 test/tls/generate_tls.sh
 create mode 100644 test/tls/server/ca.pem
 create mode 100644 test/tls/server/cert.pem
 create mode 100644 test/tls/server/key.pem
 create mode 100644 test/tls/server/server.csr

diff --git a/hack/make.sh b/hack/make.sh
index 0065e7553..766e2f286 100755
--- a/hack/make.sh
+++ b/hack/make.sh
@@ -124,6 +124,9 @@ function target()
 		echo "verify pouch version"
 		pouch version
 
+        # copy tls file
+        cp -rf $DIR/test/tls /tmp/
+
 		# If test is failed, print pouch daemon log.
 		$DIR/test/integration-test -test.v -check.v || { echo "pouch daemon log:"; cat $TMP/log; return 1; } 
 		;;
diff --git a/test/daemon/daemon.go b/test/daemon/daemon.go
index 51876f677..de22320a2 100644
--- a/test/daemon/daemon.go
+++ b/test/daemon/daemon.go
@@ -98,21 +98,34 @@ func (d *Config) NewArgs(args ...string) {
 // IsDaemonUp checks if the pouchd is launched.
 func (d *Config) IsDaemonUp() bool {
 	// if pouchd is started with -l option, use the first listen address
+	var sock string
+
 	for _, v := range d.Args {
 		if strings.Contains(v, "-l") || strings.Contains(v, "--listen") {
 			if strings.Contains(v, "--listen-cri") {
 				continue
 			}
-			var sock string
 			if strings.Contains(v, "=") {
 				sock = strings.Split(v, "=")[1]
+				break
 			} else {
 				sock = strings.Fields(v)[1]
+				break
 			}
-			return command.PouchRun("--host", sock, "version").ExitCode == 0
 		}
 	}
 
+	for _, v := range d.Args {
+		if strings.Contains(v, "--tlsverify") {
+			// TODO: need to verify server with TLS
+			return true
+		}
+	}
+
+	if len(sock) != 0 {
+		return command.PouchRun("--host", sock, "version").ExitCode == 0
+	}
+
 	return command.PouchRun("version").ExitCode == 0
 }
 
diff --git a/test/tls/a_client/a_client.csr b/test/tls/a_client/a_client.csr
new file mode 100644
index 000000000..626601065
--- /dev/null
+++ b/test/tls/a_client/a_client.csr
@@ -0,0 +1,17 @@
+-----BEGIN CERTIFICATE REQUEST-----
+MIICsjCCAZoCAQAwbTELMAkGA1UEBhMCQ04xETAPBgNVBAgMCFpoZUppYW5nMREw
+DwYDVQQHDAhIYW5nWmhvdTEQMA4GA1UECgwHQ29tcGFueTETMBEGA1UECwwKRGVw
+YXJ0bWVudDERMA8GA1UEAwwIYV9jbGllbnQwggEiMA0GCSqGSIb3DQEBAQUAA4IB
+DwAwggEKAoIBAQDEkYXb/IIFM5IoOUEoEEoh9xV521IoMTX/ofCT0vvWlobjnrda
+8wWgwmdHgtupaaqyBuCB5yg8mgktWPxil2bJL1Oc+hoMFhlh1k8kULPjNvbM2H19
+8ItmQ8NbrKjTX2BurYdhwk+fo1Er9UC/cKCxaSk0H2LyUpEJm1gj8AFoVNCc7ibr
+H8RdCrRcmmVWrQ6FJskZZWNX/cnqXYH5ageobLuAG2rJt+A33hjP4FSXSOg6hJ+H
+RMtCSuff/K804aj6396H17oW44PolUvDYjeHaBful7WFUrhiIJ9s5o5g4g6hTmD6
+yD9XXw41sd08wHDhnlHMfZ4t2hbD9FGJvnN9AgMBAAGgADANBgkqhkiG9w0BAQsF
+AAOCAQEAsiY2gR/z83bALY9vR3dUB8x7J+PRRa10Da5pAVTgyQ/NZUsHmVSZpQdy
+sXQoLmHo56dS8cc95RWKfdqpy6GakE3XHQQqDduvJspTwcT6MOhcedbL/PsFgBxq
+jifzCM+cM7O4GdFFEucAXn7+HI3GzRs16gZWArXOwPZ7WMWfPMNPxVc5vpFlNfb2
+vrOyCZAJyDJGm/yG+sJKsnSnHin9qlwp88P/vpfGxA0gjJLQRbtfba0uE3P6ogdL
+YKpAG2mfooFgJEjAicHFd4DPBZITnS6SUaSs/REra/n1tZse8ENtlA65aGf1I220
+gm5Nzc8vUzv0vp/1jGLbVXWTh7FsJA==
+-----END CERTIFICATE REQUEST-----
diff --git a/test/tls/a_client/ca.pem b/test/tls/a_client/ca.pem
new file mode 100644
index 000000000..81efaf957
--- /dev/null
+++ b/test/tls/a_client/ca.pem
@@ -0,0 +1,22 @@
+-----BEGIN CERTIFICATE-----
+MIIDsTCCApmgAwIBAgIJAIOPKoV6AtEZMA0GCSqGSIb3DQEBCwUAMG8xCzAJBgNV
+BAYTAkNOMREwDwYDVQQIDAhaaGVKaWFuZzERMA8GA1UEBwwISGFuZ1pob3UxEDAO
+BgNVBAoMB0NvbXBhbnkxEzARBgNVBAsMCkRlcGFydG1lbnQxEzARBgNVBAMMCnBv
+dWNoX3Rlc3QwHhcNMTgwNDEyMDMwNzMzWhcNMjgwNDA5MDMwNzMzWjBvMQswCQYD
+VQQGEwJDTjERMA8GA1UECAwIWmhlSmlhbmcxETAPBgNVBAcMCEhhbmdaaG91MRAw
+DgYDVQQKDAdDb21wYW55MRMwEQYDVQQLDApEZXBhcnRtZW50MRMwEQYDVQQDDApw
+b3VjaF90ZXN0MIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA8vFsyZ5v
+GjlY1gwBw9EjxQauhV4tyt7Y2llwrHdl3eAB4osajJoeFTbxalE041njgPaHQlvW
+Swssi4MdAqapw5pvJWW5qQ6aFNEJ4/uwjbyBsdj0yvFT1j5UwYKQAyuOMPHgznZf
+596Gkf4FqOP/YAkrPC5ksplX5xUe7WG7VzB7/GfbKB6O+ci+vd1yYL6WbCDYlCCg
+j1X9QFL+hzVxioKshAfCH56UNmgkW71t4qfORx8/aXIv4U+Hn6wfMAi8ohXACEYF
+QZpd2YwQ06N0DjFR2NpOOEhxTxyERqsHhmilpkuf5ss/iTDwU+Xm3lZpRiCHqYKX
+mjBsPLQiMJf1WQIDAQABo1AwTjAdBgNVHQ4EFgQUHNPvEoIsU0YvxHIJgZUmj0o8
+B18wHwYDVR0jBBgwFoAUHNPvEoIsU0YvxHIJgZUmj0o8B18wDAYDVR0TBAUwAwEB
+/zANBgkqhkiG9w0BAQsFAAOCAQEAVzctFUQsOCxTDFNIssLLVbReky1UG9Bpmwbp
+BIIjjgXl5O7+9FU1YvhgfYLqvO4tAGzcYlvC/Mjauk30JOqXmMFNlPY+A3I5xXwD
+1G2uCGTBBE+BVr53WvAnmdFXndE5hT6lWrClxDc9meD4GbE0zg6nEA+yFDBcP0Nf
+yArO8Dz7fRl5jTjE8WdC0sWJTJFRaMDWLH+Ox2nSEzbQilhUV6hCr2U7KzZQwKeg
+cTenz2x6m0z/R9yFdaQ7DU7lWYxNuA5IqhQrCzaZM+JbWyZwo6Lb9xfxCPPFa6Nq
+1ft3VZMF/E51nWohbxwIucXNlpXLGVI9cSbEt2fiB8MKYogw6Q==
+-----END CERTIFICATE-----
diff --git a/test/tls/a_client/ca_wrong.pem b/test/tls/a_client/ca_wrong.pem
new file mode 100644
index 000000000..d00f25a13
--- /dev/null
+++ b/test/tls/a_client/ca_wrong.pem
@@ -0,0 +1,22 @@
+-----BEGIN CERTIFICATE-----
+MIIDsTCCApmgAwIBAgIJAIOPKoV6AtEZMA0GCSqGSIb3DQEBCwUAMG8xCzAJBgNV
+BAYTAkNOMREwDwYDVQQIDAhaaGVKaWFuZzERMA8GA1UEBwwISGFuZ1pob3UxEDAO
+AgNVBAoMB0NvbXBhbnkxEzARBgNVBAsMCkRlcGFydG1lbnQxEzARBgNVBAMMCnBv
+dWNoX3Rlc3QwHhcNMTgwNDEyMDMwNzMzWhcNMjgwNDA5MDMwNzMzWjBvMQswCQYD
+VQQGEwJDTjERMA8GA1UECAwIWmhlSmlhbmcxETAPBgNVBAcMCEhhbmdaaG91MRAw
+DgYDVQQKDAdDb21wYW55MRMwEQYDVQQLDApEZXBhcnRtZW50MRMwEQYDVQQDDApw
+b3VjaF90ZXN0MIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA8vFsyZ5v
+GjlY1gwBw9EjxQauhV4tyt7Y2llwrHdl3eAB4osajJoeFTbxalE041njgPaHQlvW
+Swssi4MdAqapw5pvJWW5qQ6aFNEJ4/uwjbyBsdj0yvFT1j5UwYKQAyuOMPHgznZf
+596Gkf4FqOP/YAkrPC5ksplX5xUe7WG7VzB7/GfbKB6O+ci+vd1yYL6WbCDYlCCg
+j1X9QFL+hzVxioKshAfCH56UNmgkW71t4qfORx8/aXIv4U+Hn6wfMAi8ohXACEYF
+QZpd2YwQ06N0DjFR2NpOOEhxTxyERqsHhmilpkuf5ss/iTDwU+Xm3lZpRiCHqYKX
+mjBsPLQiMJf1WQIDAQABo1AwTjAdBgNVHQ4EFgQUHNPvEoIsU0YvxHIJgZUmj0o8
+B18wHwYDVR0jBBgwFoAUHNPvEoIsU0YvxHIJgZUmj0o8B18wDAYDVR0TBAUwAwEB
+/zANBgkqhkiG9w0BAQsFAAOCAQEAVzctFUQsOCxTDFNIssLLVbReky1UG9Bpmwbp
+BIIjjgXl5O7+9FU1YvhgfYLqvO4tAGzcYlvC/Mjauk30JOqXmMFNlPY+A3I5xXwD
+1G2uCGTBBE+BVr53WvAnmdFXndE5hT6lWrClxDc9meD4GbE0zg6nEA+yFDBcP0Nf
+yArO8Dz7fRl5jTjE8WdC0sWJTJFRaMDWLH+Ox2nSEzbQilhUV6hCr2U7KzZQwKeg
+cTenz2x6m0z/R9yFdaQ7DU7lWYxNuA5IqhQrCzaZM+JbWyZwo6Lb9xfxCPPFa6Nq
+1ft3VZMF/E51nWohbxwIucXNlpXLGVI9cSbEt2fiB8MKYogw6Q==
+-----END CERTIFICATE-----
diff --git a/test/tls/a_client/cert.pem b/test/tls/a_client/cert.pem
new file mode 100644
index 000000000..0d21bcec3
--- /dev/null
+++ b/test/tls/a_client/cert.pem
@@ -0,0 +1,21 @@
+-----BEGIN CERTIFICATE-----
+MIIDdjCCAl6gAwIBAgIJANZKqBIM6AuaMA0GCSqGSIb3DQEBCwUAMG8xCzAJBgNV
+BAYTAkNOMREwDwYDVQQIDAhaaGVKaWFuZzERMA8GA1UEBwwISGFuZ1pob3UxEDAO
+BgNVBAoMB0NvbXBhbnkxEzARBgNVBAsMCkRlcGFydG1lbnQxEzARBgNVBAMMCnBv
+dWNoX3Rlc3QwHhcNMTgwNDEyMDMwNzM0WhcNMjgwNDA5MDMwNzM0WjBtMQswCQYD
+VQQGEwJDTjERMA8GA1UECAwIWmhlSmlhbmcxETAPBgNVBAcMCEhhbmdaaG91MRAw
+DgYDVQQKDAdDb21wYW55MRMwEQYDVQQLDApEZXBhcnRtZW50MREwDwYDVQQDDAhh
+X2NsaWVudDCCASIwDQYJKoZIhvcNAQEBBQADggEPADCCAQoCggEBAMSRhdv8ggUz
+kig5QSgQSiH3FXnbUigxNf+h8JPS+9aWhuOet1rzBaDCZ0eC26lpqrIG4IHnKDya
+CS1Y/GKXZskvU5z6GgwWGWHWTyRQs+M29szYfX3wi2ZDw1usqNNfYG6th2HCT5+j
+USv1QL9woLFpKTQfYvJSkQmbWCPwAWhU0JzuJusfxF0KtFyaZVatDoUmyRllY1f9
+yepdgflqB6hsu4Abasm34DfeGM/gVJdI6DqEn4dEy0JK59/8rzThqPrf3ofXuhbj
+g+iVS8NiN4doF+6XtYVSuGIgn2zmjmDiDqFOYPrIP1dfDjWx3TzAcOGeUcx9ni3a
+FsP0UYm+c30CAwEAAaMXMBUwEwYDVR0lBAwwCgYIKwYBBQUHAwIwDQYJKoZIhvcN
+AQELBQADggEBAN/vf3BgMrnlXqh0SpkPHWG0QVtLYmWhh4ZxlrfI1DZISdCCwKTD
+YdIKT8lmKojJ9fJ1spy9O1QbaHSprGfoufKNuFCcPkc0nLy9oNPUHrLQulMgntF5
+z6bNDXHwTCUdiDZ6rYsu3hgSI4Ch7m9ttMbpgFV66MlHsPXpAROaoZu9YtvQ7quV
+YZjq81xsnv2XiPTQL3FmqNpjLle+xmRn1wzAcnDGataVvOIjmjAwY+eR0+X5J5e1
+K0lqlHrwb4G71UYLnAGwmmj8Top5j/skhA1Hu5Tm/sF7pkg8Lo2xYlkuU7+EY8oT
+fC1hDDXvNc4htMgCzJlNJqwzUox5wCVrPxc=
+-----END CERTIFICATE-----
diff --git a/test/tls/a_client/key.pem b/test/tls/a_client/key.pem
new file mode 100644
index 000000000..0ca67e047
--- /dev/null
+++ b/test/tls/a_client/key.pem
@@ -0,0 +1,27 @@
+-----BEGIN RSA PRIVATE KEY-----
+MIIEowIBAAKCAQEAxJGF2/yCBTOSKDlBKBBKIfcVedtSKDE1/6Hwk9L71paG4563
+WvMFoMJnR4LbqWmqsgbggecoPJoJLVj8YpdmyS9TnPoaDBYZYdZPJFCz4zb2zNh9
+ffCLZkPDW6yo019gbq2HYcJPn6NRK/VAv3CgsWkpNB9i8lKRCZtYI/ABaFTQnO4m
+6x/EXQq0XJplVq0OhSbJGWVjV/3J6l2B+WoHqGy7gBtqybfgN94Yz+BUl0joOoSf
+h0TLQkrn3/yvNOGo+t/eh9e6FuOD6JVLw2I3h2gX7pe1hVK4YiCfbOaOYOIOoU5g
++sg/V18ONbHdPMBw4Z5RzH2eLdoWw/RRib5zfQIDAQABAoIBAB6h4u9eUVDIMZ2t
+FndM2pCidalQwWPcD2Mv9FLFDVPqj0jHgiFdP+JGiVu+i8bB3cTyh2gXAtE22/lC
+Jcqjd3QguPH8k7SQeRIjGKA7J11gQmO31Q6cPs0IAFi39nNCKL/2sONOKaRiChNE
+m/t5bMFY9v/VaFEFBu8tUzX+f+mnEBS8ZJqtfUir79AmyKH+HQNGYs+V0gTOJbHv
+gY0jHHKSOG1X5X1n/IdmCzunVkjjl13/2aWxuDATqYVC/S1HNVJM8zyZ8y4lgEYp
+zHO3+4OczSMqFgtJDpVrZRVZdODyz6sNKDLcSC5tTXdz8mfIN2AW134cFBFN03FD
+iQ5wp8ECgYEA4PSJxNBKj3v/4TYnXAFKgBcg0SQLUM0XFipQxc6pLv33uLNvfo2f
+945SsNGvzlhRRPXXKLLZlVEJ5i3He2Wcu8G35QuUvwODux8b9wntQgItUk9OOR5I
+iElYPb/aRv0ac6sPbACRewdJgYxhWiV6BXzRbwWZltYvb6oaZdGC0y0CgYEA37Ib
+G0QqGzuAEmPFaLczAX+cFlbX1sTzOP/c6/obxX+NYA5pbTeepAWMPh11LpWMeUr2
+t1YTlSYFlcNwxgNye1XTMAPwkaUxDPM7c9GI1KTUe8dDCeqViJfeTUDmOQqz3OOg
+TrBBxRJ1p9BoQNKtvO0USNjmITnkCQ6Y3cIqk5ECgYEAub7xawOaLTP0Kp+ujDe8
+rltqi4Y5mbRe1byHCW4FIHov6+CttU93wM9R1BKwGa+vG0PrLv3Oz44koF04k9lp
+O1dPYt7XKYnbYczkKG2X7KMjjQ1Sx7MLrQzywboCoA8pokyi5Ujq1y1DMqcZU3gS
+cymHPSbglT2x2YAZX+1JGtkCgYBv4VqhVoRgvm+dwvzXFNmT5Eki+yhUqIild4L9
+G0iMjPEem9aq42iazJOJ9Z3IQM/TUmT26Tw+GpgsgWWEA/FcMl6/4xiNH7vaqESR
+9rii8hW8Grsy2HsVqC9tIAqFeQ7gaZCiCpG6iTMDTb72vOhcV48PqDvhXlzpEr3u
+G9DDoQKBgEAgjanLDiC1wTsky6ziPenMSpy1EVNRsdYs/6O8jUdAUbzBGbB16t7n
+bR34HcZjOTsLxL+/ih+1NlxrMt5NHq6elBYB9J2HRwVEJDwuFEGWpgUY4FEZLV69
+2DLlM1Xs5WfjkHRKJMg+Zw1PsPI2NfGUO1QOS71+vt1T3981BG9J
+-----END RSA PRIVATE KEY-----
diff --git a/test/tls/ca-key.pem b/test/tls/ca-key.pem
new file mode 100644
index 000000000..0515ae327
--- /dev/null
+++ b/test/tls/ca-key.pem
@@ -0,0 +1,28 @@
+-----BEGIN PRIVATE KEY-----
+MIIEvwIBADANBgkqhkiG9w0BAQEFAASCBKkwggSlAgEAAoIBAQDy8WzJnm8aOVjW
+DAHD0SPFBq6FXi3K3tjaWXCsd2Xd4AHiixqMmh4VNvFqUTTjWeOA9odCW9ZLCyyL
+gx0CpqnDmm8lZbmpDpoU0Qnj+7CNvIGx2PTK8VPWPlTBgpADK44w8eDOdl/n3oaR
+/gWo4/9gCSs8LmSymVfnFR7tYbtXMHv8Z9soHo75yL693XJgvpZsINiUIKCPVf1A
+Uv6HNXGKgqyEB8IfnpQ2aCRbvW3ip85HHz9pci/hT4efrB8wCLyiFcAIRgVBml3Z
+jBDTo3QOMVHY2k44SHFPHIRGqweGaKWmS5/myz+JMPBT5ebeVmlGIIepgpeaMGw8
+tCIwl/VZAgMBAAECggEAUwZY1Ep107N3facaz03g+IuBBwkZgzRHTc+1Juui/4F3
+g3FggF6HG17sgBYCihQFIOSfcvkpsfm+nmsPdgF5EOTtSQ2Lto/L7oNF6wjv3HBo
+rlvjxJtWuGgS1RMGnl67OFThLA3eVsKAoNH8IyzP8IURpn6AYVzwYoOgTyXQPUol
+AbCeTdma8OM3Q+GLQV2qzo5mTZ8F/u705aHuvHYCarzocHJfJxPZce0UkbGHGABa
+PjTtVFalVIC7PkLru0tJ6aODYx/28oXeDOyg6l5Bth4dn4tGTp2CzMOK1MSamGqr
+w5EduvqWXmOb/T5Pkdg2j/f691agAOaV0YKfjq2bAQKBgQD/9TlCbWBXf654YnSU
+fYccFW/tNzmmeBO+P2x1a4pHL8f+xPSbQa84PbX7in87eXH96gWStCOdNgGZs/Yx
+++jHDVmVLLMwkwBzje9aXLrfx73YgbMdlr3C1xVy9h5g+XY2peq5DQFo9+zVMAaz
+1W//mcX8X5JIBhwwmzXwyME8OQKBgQDy+6dAuUfwvepnYKWU9uxPwkqtwSEL1LOr
+QFP/WRXg1sDn9LIRsXjM3oDps/JNsEcJSmYRO6I+vHjCyJtf4R6ESWIHgi+mpb65
+mwJipcgJawSX8VW8K8Sdr7MhLROrlF+fkLUyA5WtuluFn+hs8wZ7Iul0lcJejqp2
+RCNkOGzCIQKBgQDAaCXH8pKWk8uigVhje01CZjcCGh6DLgahX+n3BoUm6BsuP/4k
+a6b83x7a3Qyxt6RiHDZeRn3zIvLnCOoMPvKIF1f9FGILJKYVN1/zDHwJ1ou2oiD0
+ICm7upVMGwlRGpWrlOOygb1Km/xzcavIKa0MdhrnkSxUagts2nAc9byUuQKBgQCj
+O7I5hf8xWLRvLHswXs2UK2c14SeNJiBpbHbBdRyAhmTjrvwtbLdFkjiyR6QA0up1
+8FgvPYuab80EtfXDbJ2uqwnDF49hebluQRdSJCMFSLK2THeXSSP19wH0yK6NNski
+jflcFxJnumkflLR09LKm6GZDXxRLp7YWa2IHQuy1YQKBgQCzGxUMN1wytdqd0PLH
+4LGSyv99+lYBr7rvlZdXU2gwmYqL5J1TnXLGV9ntx6tr/S7obH8NvW5oFlP6dK1A
+6dLsmr9k3YH7MnCSzA+4bzuzw00cN/JyOmH0l26JLd9jon0xE39TkbGefcy5kDq+
+6hUD9O3D/pGeCbk2Wi8a9oHGOA==
+-----END PRIVATE KEY-----
diff --git a/test/tls/ca.pem b/test/tls/ca.pem
new file mode 100644
index 000000000..81efaf957
--- /dev/null
+++ b/test/tls/ca.pem
@@ -0,0 +1,22 @@
+-----BEGIN CERTIFICATE-----
+MIIDsTCCApmgAwIBAgIJAIOPKoV6AtEZMA0GCSqGSIb3DQEBCwUAMG8xCzAJBgNV
+BAYTAkNOMREwDwYDVQQIDAhaaGVKaWFuZzERMA8GA1UEBwwISGFuZ1pob3UxEDAO
+BgNVBAoMB0NvbXBhbnkxEzARBgNVBAsMCkRlcGFydG1lbnQxEzARBgNVBAMMCnBv
+dWNoX3Rlc3QwHhcNMTgwNDEyMDMwNzMzWhcNMjgwNDA5MDMwNzMzWjBvMQswCQYD
+VQQGEwJDTjERMA8GA1UECAwIWmhlSmlhbmcxETAPBgNVBAcMCEhhbmdaaG91MRAw
+DgYDVQQKDAdDb21wYW55MRMwEQYDVQQLDApEZXBhcnRtZW50MRMwEQYDVQQDDApw
+b3VjaF90ZXN0MIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA8vFsyZ5v
+GjlY1gwBw9EjxQauhV4tyt7Y2llwrHdl3eAB4osajJoeFTbxalE041njgPaHQlvW
+Swssi4MdAqapw5pvJWW5qQ6aFNEJ4/uwjbyBsdj0yvFT1j5UwYKQAyuOMPHgznZf
+596Gkf4FqOP/YAkrPC5ksplX5xUe7WG7VzB7/GfbKB6O+ci+vd1yYL6WbCDYlCCg
+j1X9QFL+hzVxioKshAfCH56UNmgkW71t4qfORx8/aXIv4U+Hn6wfMAi8ohXACEYF
+QZpd2YwQ06N0DjFR2NpOOEhxTxyERqsHhmilpkuf5ss/iTDwU+Xm3lZpRiCHqYKX
+mjBsPLQiMJf1WQIDAQABo1AwTjAdBgNVHQ4EFgQUHNPvEoIsU0YvxHIJgZUmj0o8
+B18wHwYDVR0jBBgwFoAUHNPvEoIsU0YvxHIJgZUmj0o8B18wDAYDVR0TBAUwAwEB
+/zANBgkqhkiG9w0BAQsFAAOCAQEAVzctFUQsOCxTDFNIssLLVbReky1UG9Bpmwbp
+BIIjjgXl5O7+9FU1YvhgfYLqvO4tAGzcYlvC/Mjauk30JOqXmMFNlPY+A3I5xXwD
+1G2uCGTBBE+BVr53WvAnmdFXndE5hT6lWrClxDc9meD4GbE0zg6nEA+yFDBcP0Nf
+yArO8Dz7fRl5jTjE8WdC0sWJTJFRaMDWLH+Ox2nSEzbQilhUV6hCr2U7KzZQwKeg
+cTenz2x6m0z/R9yFdaQ7DU7lWYxNuA5IqhQrCzaZM+JbWyZwo6Lb9xfxCPPFa6Nq
+1ft3VZMF/E51nWohbxwIucXNlpXLGVI9cSbEt2fiB8MKYogw6Q==
+-----END CERTIFICATE-----
diff --git a/test/tls/ca.srl b/test/tls/ca.srl
new file mode 100644
index 000000000..5ac98cb0a
--- /dev/null
+++ b/test/tls/ca.srl
@@ -0,0 +1 @@
+D64AA8120CE80B9A
diff --git a/test/tls/extfile.out b/test/tls/extfile.out
new file mode 100644
index 000000000..74dedb380
--- /dev/null
+++ b/test/tls/extfile.out
@@ -0,0 +1 @@
+extendedKeyUsage = clientAuth
diff --git a/test/tls/generate_tls.sh b/test/tls/generate_tls.sh
new file mode 100644
index 000000000..04cc3ee16
--- /dev/null
+++ b/test/tls/generate_tls.sh
@@ -0,0 +1,35 @@
+#!/bin/bash
+
+set -x
+which openssl
+if (( $? != 0 )) ; then
+	echo "Fail to find openssl tool"
+	exit 1
+fi
+
+# Generate CA
+openssl req -new -newkey rsa:2048 -days 3650 -nodes -x509 -subj "/C=CN/ST=ZheJiang/L=HangZhou/O=Company/OU=Department/CN=pouch_test" -keyout ca-key.pem -out ca.pem
+
+# Generate private key for server
+name="server"
+mkdir -p ${name}
+openssl genrsa -out ${name}/key.pem 2048
+# Generate CSR
+openssl req -subj "/C=CN/ST=ZheJiang/L=HangZhou/O=Company/OU=Department/CN=${name}" -new -key ${name}/key.pem -out ${name}/$name.csr
+# Generate CRT
+echo "extendedKeyUsage = serverAuth" >./extfile.out
+openssl x509 -req -days 3650 -in ${name}/${name}.csr -CA ca.pem -CAkey ca-key.pem -CAcreateserial -out ${name}/cert.pem -extfile extfile.out
+cp ca.pem ${name}/ca.pem
+
+# Client
+name=a_client
+mkdir -p ${name}
+# create a key
+openssl genrsa -out ${name}/key.pem 2048
+# create a csr
+openssl req -subj "/C=CN/ST=ZheJiang/L=HangZhou/O=Company/OU=Department/CN=${name}" -new -key ${name}/key.pem -out ${name}/$name.csr
+# generate a certificate
+echo "extendedKeyUsage = clientAuth" >./extfile.out
+openssl x509 -req -days 3650 -in ${name}/${name}.csr -CA ca.pem -CAkey ca-key.pem -CAcreateserial -out ${name}/cert.pem -extfile ./extfile.out
+
+cp ca.pem ${name}/ca.pem
diff --git a/test/tls/server/ca.pem b/test/tls/server/ca.pem
new file mode 100644
index 000000000..81efaf957
--- /dev/null
+++ b/test/tls/server/ca.pem
@@ -0,0 +1,22 @@
+-----BEGIN CERTIFICATE-----
+MIIDsTCCApmgAwIBAgIJAIOPKoV6AtEZMA0GCSqGSIb3DQEBCwUAMG8xCzAJBgNV
+BAYTAkNOMREwDwYDVQQIDAhaaGVKaWFuZzERMA8GA1UEBwwISGFuZ1pob3UxEDAO
+BgNVBAoMB0NvbXBhbnkxEzARBgNVBAsMCkRlcGFydG1lbnQxEzARBgNVBAMMCnBv
+dWNoX3Rlc3QwHhcNMTgwNDEyMDMwNzMzWhcNMjgwNDA5MDMwNzMzWjBvMQswCQYD
+VQQGEwJDTjERMA8GA1UECAwIWmhlSmlhbmcxETAPBgNVBAcMCEhhbmdaaG91MRAw
+DgYDVQQKDAdDb21wYW55MRMwEQYDVQQLDApEZXBhcnRtZW50MRMwEQYDVQQDDApw
+b3VjaF90ZXN0MIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA8vFsyZ5v
+GjlY1gwBw9EjxQauhV4tyt7Y2llwrHdl3eAB4osajJoeFTbxalE041njgPaHQlvW
+Swssi4MdAqapw5pvJWW5qQ6aFNEJ4/uwjbyBsdj0yvFT1j5UwYKQAyuOMPHgznZf
+596Gkf4FqOP/YAkrPC5ksplX5xUe7WG7VzB7/GfbKB6O+ci+vd1yYL6WbCDYlCCg
+j1X9QFL+hzVxioKshAfCH56UNmgkW71t4qfORx8/aXIv4U+Hn6wfMAi8ohXACEYF
+QZpd2YwQ06N0DjFR2NpOOEhxTxyERqsHhmilpkuf5ss/iTDwU+Xm3lZpRiCHqYKX
+mjBsPLQiMJf1WQIDAQABo1AwTjAdBgNVHQ4EFgQUHNPvEoIsU0YvxHIJgZUmj0o8
+B18wHwYDVR0jBBgwFoAUHNPvEoIsU0YvxHIJgZUmj0o8B18wDAYDVR0TBAUwAwEB
+/zANBgkqhkiG9w0BAQsFAAOCAQEAVzctFUQsOCxTDFNIssLLVbReky1UG9Bpmwbp
+BIIjjgXl5O7+9FU1YvhgfYLqvO4tAGzcYlvC/Mjauk30JOqXmMFNlPY+A3I5xXwD
+1G2uCGTBBE+BVr53WvAnmdFXndE5hT6lWrClxDc9meD4GbE0zg6nEA+yFDBcP0Nf
+yArO8Dz7fRl5jTjE8WdC0sWJTJFRaMDWLH+Ox2nSEzbQilhUV6hCr2U7KzZQwKeg
+cTenz2x6m0z/R9yFdaQ7DU7lWYxNuA5IqhQrCzaZM+JbWyZwo6Lb9xfxCPPFa6Nq
+1ft3VZMF/E51nWohbxwIucXNlpXLGVI9cSbEt2fiB8MKYogw6Q==
+-----END CERTIFICATE-----
diff --git a/test/tls/server/cert.pem b/test/tls/server/cert.pem
new file mode 100644
index 000000000..af5d1e0f1
--- /dev/null
+++ b/test/tls/server/cert.pem
@@ -0,0 +1,21 @@
+-----BEGIN CERTIFICATE-----
+MIIDdDCCAlygAwIBAgIJANZKqBIM6AuZMA0GCSqGSIb3DQEBCwUAMG8xCzAJBgNV
+BAYTAkNOMREwDwYDVQQIDAhaaGVKaWFuZzERMA8GA1UEBwwISGFuZ1pob3UxEDAO
+BgNVBAoMB0NvbXBhbnkxEzARBgNVBAsMCkRlcGFydG1lbnQxEzARBgNVBAMMCnBv
+dWNoX3Rlc3QwHhcNMTgwNDEyMDMwNzM0WhcNMjgwNDA5MDMwNzM0WjBrMQswCQYD
+VQQGEwJDTjERMA8GA1UECAwIWmhlSmlhbmcxETAPBgNVBAcMCEhhbmdaaG91MRAw
+DgYDVQQKDAdDb21wYW55MRMwEQYDVQQLDApEZXBhcnRtZW50MQ8wDQYDVQQDDAZz
+ZXJ2ZXIwggEiMA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQCx4uxZjx5nqPKa
+DuVEj0c/IV2dNzRVcseHqRT5S33vjzY7UoqFNm1VPnC0cTYwVjBTBTfT5uATaJbg
+OeeH75dZt9ZO8PWEjy3fsgQ+AXLOY//b9uHS73E/2+ppL6IZcrrSabRhRNKBzcWw
+ocCXRqTZdM47xL5YZjCCZeUiUaBCipB+eiswfaD3JIikR1RwPvAlsAMiR8Ebik4s
+a/i2PwxBpKWGUG3JlJ4VwkDbuV7q6O5+WUmXvgKgirL84oxvXJo0JDD0GLBT7ZVx
+8rkUgUy68WBx5CrQb22MPKMlKWbpNMae5AcDSfjWKOxovqV69U30bF0mbr9gTGW0
+qJY9ZukdAgMBAAGjFzAVMBMGA1UdJQQMMAoGCCsGAQUFBwMBMA0GCSqGSIb3DQEB
+CwUAA4IBAQA20ex7FQiOtaxl0GA2r8IOZCvNXCPrDW0zmdL9UEerMV7V41KpRitl
+J+c3iOsrc4IPogaqzFe6p5DR3zASZovJ8zW520ZRIybe8VrRb2N6UUKe4pVuV6sy
+gfAPp6Z4hJPqqLKDGg+dY1bAqAu5UR+mA9qTXEc9qpgI/FqYX2Qdt6JLUHyuSrmm
+tSQhgjM/zP4L7HNuMAmYqZgIagQiWYn6Hc8Zmeo2q1C1MIfv8GhDaZI0juKrISq8
+0LeFT6YYLE0mY8PJv4CtbdbSL8bPvcB7sY7KMPNCw7o1OM8Wm2PB6EXQ3EQagNNE
+AdJN1XW9H65JdXblV+5w5+/A+o0e8P1e
+-----END CERTIFICATE-----
diff --git a/test/tls/server/key.pem b/test/tls/server/key.pem
new file mode 100644
index 000000000..a743066c3
--- /dev/null
+++ b/test/tls/server/key.pem
@@ -0,0 +1,27 @@
+-----BEGIN RSA PRIVATE KEY-----
+MIIEowIBAAKCAQEAseLsWY8eZ6jymg7lRI9HPyFdnTc0VXLHh6kU+Ut97482O1KK
+hTZtVT5wtHE2MFYwUwU30+bgE2iW4Dnnh++XWbfWTvD1hI8t37IEPgFyzmP/2/bh
+0u9xP9vqaS+iGXK60mm0YUTSgc3FsKHAl0ak2XTOO8S+WGYwgmXlIlGgQoqQfnor
+MH2g9ySIpEdUcD7wJbADIkfBG4pOLGv4tj8MQaSlhlBtyZSeFcJA27le6ujufllJ
+l74CoIqy/OKMb1yaNCQw9BiwU+2VcfK5FIFMuvFgceQq0G9tjDyjJSlm6TTGnuQH
+A0n41ijsaL6levVN9GxdJm6/YExltKiWPWbpHQIDAQABAoIBAEGVKhIyw8Dv9tF5
+oGlQcbICuSLXUYIXWRzY55SpknqZ0CK64bsPP+vno2HDQ3k6rYJOMDD9s6s0Kjvs
+3UGuwZwgPPDJwZrntr/8P7gkjJEvKQuNz+AWyygCCkBRgW/kbqBYvFoIJ5wXo0Tl
+vb2IHArYF5jNhmfM9SF+M6YddfpRwi2+mIT0vD0cvEIgx6koLYzcYyB+EmQrDwlt
+IsGpSfQpicWSezHgs/gcuU8M1MXFpsEI95nzNO5fBdbAJmxo4ouNVwl0eBN3rsSN
+wpIZPhD8Bw1bpToq0VkrYOcEVirU3ndzDo9FHKqwGrK2zCMyL4RnnKkr8vvtJ7fC
+H4G6X8ECgYEA4cQ8mFyTGS97bo48Cfxjtp3i6ynBts8AXKR4Y4LwDHJiKjQuvyQZ
+Pd90m/suOjEiFTSNwRMmFg7Dxpfd3zL4tixqcVC1N8i5FVN2IGuw6N2L23uxpSk9
+1/IZH8ria1vuSsZTTOrJH3IxwjTd8+RKx4BdCyf0Px0Srld1H3Xkx0UCgYEAybVA
+qh7lMu+CWfylqhXF68Wy3DRv4xK8zwHFz1Ek4IRxL5Mu4CoSGqK/dpmTY2vgcOs0
+Wt1EK7Mm+hCTNh6KV0z/dVuZ3xAn04Aa1WRvVjdDfMR/q3VlYOxUBFV0NhwF/Omm
+V0gp7WAEE4U2H7xcODD7B6Zykv8DLRvffp8Oq/kCgYBlsG0Wt4PuMSvolRpH6S3E
+oIMIJ0vAmqZwFAjB0cVr5c1/cvenUowoCVFNvKqKvXy7jmtXDtf10XqvJdJi6WOL
+MqBTH+YwFTIAgBJR8g/CI6AOIT3Xxaa8cKiOYGTxtHu1pHT6zTn/9wCgmA1tAGQK
+TjAaiUmDcAXtDymLHSAJ/QKBgDcs3HZsoxeOyqJg6NQgxpYa6zUvJtf/fSRHANwX
+/zVnJSr1YOIyv+cHU8ZWdinBDZD11clxMz+c7vGCbTJlokQFLO/mUa3h1nMVXMG4
+ingT/+L2QVIed8/OdaEF2xceDUlEhJrlg4qKNDM+wjJmLPe19kT+c+Lf3PeO41DY
+o4PJAoGBAMJIFV2A3IJtZNw6cbEil2UIrPnizzxeeLb5mP6eCk6Gomm9FvuHmiYn
+L7D3iasYSP7VvEsFO1Sfwytw71AeS2zDhw+NmXleKX/9OmxIIlsn6h6yclSFQbhi
+xA2ANTXlhKmZsKJq8D2uyYxGINZypc2u5pjjwVCc5kI8laTL7w6H
+-----END RSA PRIVATE KEY-----
diff --git a/test/tls/server/server.csr b/test/tls/server/server.csr
new file mode 100644
index 000000000..17f5f85a9
--- /dev/null
+++ b/test/tls/server/server.csr
@@ -0,0 +1,17 @@
+-----BEGIN CERTIFICATE REQUEST-----
+MIICsDCCAZgCAQAwazELMAkGA1UEBhMCQ04xETAPBgNVBAgMCFpoZUppYW5nMREw
+DwYDVQQHDAhIYW5nWmhvdTEQMA4GA1UECgwHQ29tcGFueTETMBEGA1UECwwKRGVw
+YXJ0bWVudDEPMA0GA1UEAwwGc2VydmVyMIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8A
+MIIBCgKCAQEAseLsWY8eZ6jymg7lRI9HPyFdnTc0VXLHh6kU+Ut97482O1KKhTZt
+VT5wtHE2MFYwUwU30+bgE2iW4Dnnh++XWbfWTvD1hI8t37IEPgFyzmP/2/bh0u9x
+P9vqaS+iGXK60mm0YUTSgc3FsKHAl0ak2XTOO8S+WGYwgmXlIlGgQoqQfnorMH2g
+9ySIpEdUcD7wJbADIkfBG4pOLGv4tj8MQaSlhlBtyZSeFcJA27le6ujufllJl74C
+oIqy/OKMb1yaNCQw9BiwU+2VcfK5FIFMuvFgceQq0G9tjDyjJSlm6TTGnuQHA0n4
+1ijsaL6levVN9GxdJm6/YExltKiWPWbpHQIDAQABoAAwDQYJKoZIhvcNAQELBQAD
+ggEBAKH4z7jMmIgaftZZBn3ifRzcELjRCKR14opOVZyli+HRKuJurPN964DRqqgO
+Wbh4YBONZ3d5bGLssT8alxyUcsYPOwEQ6hAMN/QhLwgBu/bvSkwtqsrhOGrhB2zP
+xg9jq+2HC4dGqmSMBmcPKyy8aKEl+qar3B8wYMdxokWovKi3P8oGUzR3jSB9VhFu
+xautWAo9q8bKQ0Tb55FzKtJ9HSmsT2+XcbJnP7yU1R68eR4lU5yGZqFIqLfO6Hgl
+rzkJ0kzYOdWWm832JDa8oIssE+2qeAz4Oa7VuRCV4hxmS136oKKV60jXCZtYAdS2
+79+poYapnlimpy4skdmW0RdwftM=
+-----END CERTIFICATE REQUEST-----
diff --git a/test/utils.go b/test/utils.go
index 9a453aa7d..beef93cf5 100644
--- a/test/utils.go
+++ b/test/utils.go
@@ -1,6 +1,8 @@
 package main
 
 import (
+	"os"
+
 	"github.com/alibaba/pouch/test/environment"
 
 	"github.com/go-check/check"
@@ -24,6 +26,15 @@ const (
 	testHubAddress  = "registry.hub.docker.com"
 	testHubUser     = "pouchcontainertest"
 	testHubPasswd   = "pouchcontainertest"
+
+	testDaemonHTTPSAddr = "tcp://0.0.0.0:2000"
+	serverCa            = "/tmp/tls/server/ca.pem"
+	serverCert          = "/tmp/tls/server/cert.pem"
+	serverKey           = "/tmp/tls/server/key.pem"
+	clientCa            = "/tmp/tls/a_client/ca.pem"
+	clientCert          = "/tmp/tls/a_client/cert.pem"
+	clientKey           = "/tmp/tls/a_client/key.pem"
+	clientWrongCa       = "/tmp/tls/a_client/ca_wrong.pem"
 )
 
 func init() {
@@ -50,3 +61,26 @@ func SkipIfFalse(c *check.C, conditions ...VerifyCondition) {
 		}
 	}
 }
+
+// IsTLSExist check if the TLS related file exists.
+func IsTLSExist() bool {
+	if _, err := os.Stat(serverCa); os.IsNotExist(err) {
+		return false
+	}
+	if _, err := os.Stat(serverKey); os.IsNotExist(err) {
+		return false
+	}
+	if _, err := os.Stat(serverCert); os.IsNotExist(err) {
+		return false
+	}
+	if _, err := os.Stat(clientCa); os.IsNotExist(err) {
+		return false
+	}
+	if _, err := os.Stat(clientCert); os.IsNotExist(err) {
+		return false
+	}
+	if _, err := os.Stat(clientKey); os.IsNotExist(err) {
+		return false
+	}
+	return true
+}
diff --git a/test/z_cli_daemon_test.go b/test/z_cli_daemon_test.go
index aa8941d72..cae3a9353 100644
--- a/test/z_cli_daemon_test.go
+++ b/test/z_cli_daemon_test.go
@@ -290,3 +290,46 @@ func (suite *PouchDaemonSuite) TestDaemonDefaultRegistry(c *check.C) {
 
 	defer dcfg.KillDaemon()
 }
+
+// TestDaemonTlsVerify tests start daemon with TLS verification enabled.
+func (suite *PouchDaemonSuite) TestDaemonTlsVerify(c *check.C) {
+	SkipIfFalse(c, IsTLSExist)
+	dcfg := daemon.NewConfig()
+	dcfg.Listen = ""
+	dcfg.NewArgs("--listen=" + testDaemonHTTPSAddr)
+	dcfg.Args = append(dcfg.Args,
+		"--tlsverify",
+		"--tlscacert="+serverCa,
+		"--tlscert="+serverCert,
+		"--tlskey="+serverKey)
+	dcfg.Debug = false
+	// Skip error check, because the function to check daemon up using CLI without TLS info.
+	dcfg.StartDaemon()
+
+	// Must kill it, as we may loose the pid in next call.
+	defer dcfg.KillDaemon()
+
+	// Use TLS could success
+	result := RunWithSpecifiedDaemon(&dcfg,
+		"--tlscacert="+clientCa,
+		"--tlscert="+clientCert,
+		"--tlskey="+clientKey, "version")
+	result.Assert(c, icmd.Success)
+
+	// Do not use TLS should fail
+	result = RunWithSpecifiedDaemon(&dcfg, "version")
+	c.Assert(result.ExitCode, check.Equals, 1)
+	err := util.PartialEqual(result.Stderr(), "malformed HTTP response")
+	c.Assert(err, check.IsNil)
+
+	{
+		// Use wrong CA should fail
+		result := RunWithSpecifiedDaemon(&dcfg,
+			"--tlscacert="+clientWrongCa,
+			"--tlscert="+clientCert,
+			"--tlskey="+clientKey, "version")
+		c.Assert(result.ExitCode, check.Equals, 1)
+		err := util.PartialEqual(result.Stderr(), "failed to append certificates")
+		c.Assert(err, check.IsNil)
+	}
+}