Mercurial > hg > nginx-tests
annotate ssl_reject_handshake.t @ 1851:0351dee227a8
Tests: unbreak tests with dynamic certificates on stable.
In 74cffa9d4c43, ticket based session reuse is enabled in addition to
using a shared SSL session cache. This changed how a session can be
resumed in a different server:
- for a session ID based resumption, it is resumed in the same context
- when using session tickets, a key name is also checked for matching
- with a ticket callback, this is skipped in favor of callback's logic
This makes 'session id context match' tests fail with session tickets
on stable since ticket key names are unique in distinct SSL contexts.
On the other hand, tests pass on 1.23.2+ due to automatic ticket keys
rotation that installs ticket callback, and using a common shared SSL
session cache.
author | Sergey Kandaurov <pluknet@nginx.com> |
---|---|
date | Tue, 28 Mar 2023 01:36:32 +0400 |
parents | 2a7fc70900a5 |
children | cdcd75657e52 |
rev | line source |
---|---|
1601
376cbc2c2b20
Tests: ssl_reject_handshake tests.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
1 #!/usr/bin/perl |
376cbc2c2b20
Tests: ssl_reject_handshake tests.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
2 |
376cbc2c2b20
Tests: ssl_reject_handshake tests.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
3 # (C) Sergey Kandaurov |
376cbc2c2b20
Tests: ssl_reject_handshake tests.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
4 # (C) Nginx, Inc. |
376cbc2c2b20
Tests: ssl_reject_handshake tests.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
5 |
376cbc2c2b20
Tests: ssl_reject_handshake tests.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
6 # Tests for http ssl module, ssl_reject_handshake. |
376cbc2c2b20
Tests: ssl_reject_handshake tests.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
7 |
376cbc2c2b20
Tests: ssl_reject_handshake tests.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
8 ############################################################################### |
376cbc2c2b20
Tests: ssl_reject_handshake tests.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
9 |
376cbc2c2b20
Tests: ssl_reject_handshake tests.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
10 use warnings; |
376cbc2c2b20
Tests: ssl_reject_handshake tests.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
11 use strict; |
376cbc2c2b20
Tests: ssl_reject_handshake tests.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
12 |
376cbc2c2b20
Tests: ssl_reject_handshake tests.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
13 use Test::More; |
376cbc2c2b20
Tests: ssl_reject_handshake tests.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
14 |
376cbc2c2b20
Tests: ssl_reject_handshake tests.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
15 BEGIN { use FindBin; chdir($FindBin::Bin); } |
376cbc2c2b20
Tests: ssl_reject_handshake tests.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
16 |
376cbc2c2b20
Tests: ssl_reject_handshake tests.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
17 use lib 'lib'; |
376cbc2c2b20
Tests: ssl_reject_handshake tests.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
18 use Test::Nginx; |
376cbc2c2b20
Tests: ssl_reject_handshake tests.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
19 |
376cbc2c2b20
Tests: ssl_reject_handshake tests.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
20 ############################################################################### |
376cbc2c2b20
Tests: ssl_reject_handshake tests.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
21 |
376cbc2c2b20
Tests: ssl_reject_handshake tests.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
22 select STDERR; $| = 1; |
376cbc2c2b20
Tests: ssl_reject_handshake tests.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
23 select STDOUT; $| = 1; |
376cbc2c2b20
Tests: ssl_reject_handshake tests.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
24 |
376cbc2c2b20
Tests: ssl_reject_handshake tests.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
25 eval { require IO::Socket::SSL; }; |
376cbc2c2b20
Tests: ssl_reject_handshake tests.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
26 plan(skip_all => 'IO::Socket::SSL not installed') if $@; |
1602
d35db22947ab
Tests: fixed ssl_reject_handshake.t with too old IO::Socket::SSL.
Sergey Kandaurov <pluknet@nginx.com>
parents:
1601
diff
changeset
|
27 eval { IO::Socket::SSL->can_client_sni() or die; }; |
d35db22947ab
Tests: fixed ssl_reject_handshake.t with too old IO::Socket::SSL.
Sergey Kandaurov <pluknet@nginx.com>
parents:
1601
diff
changeset
|
28 plan(skip_all => 'IO::Socket::SSL with OpenSSL SNI support required') if $@; |
1601
376cbc2c2b20
Tests: ssl_reject_handshake tests.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
29 |
1602
d35db22947ab
Tests: fixed ssl_reject_handshake.t with too old IO::Socket::SSL.
Sergey Kandaurov <pluknet@nginx.com>
parents:
1601
diff
changeset
|
30 my $t = Test::Nginx->new()->has(qw/http http_ssl sni/)->has_daemon('openssl'); |
1601
376cbc2c2b20
Tests: ssl_reject_handshake tests.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
31 |
376cbc2c2b20
Tests: ssl_reject_handshake tests.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
32 $t->write_file_expand('nginx.conf', <<'EOF'); |
376cbc2c2b20
Tests: ssl_reject_handshake tests.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
33 |
376cbc2c2b20
Tests: ssl_reject_handshake tests.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
34 %%TEST_GLOBALS%% |
376cbc2c2b20
Tests: ssl_reject_handshake tests.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
35 |
376cbc2c2b20
Tests: ssl_reject_handshake tests.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
36 daemon off; |
376cbc2c2b20
Tests: ssl_reject_handshake tests.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
37 |
376cbc2c2b20
Tests: ssl_reject_handshake tests.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
38 events { |
376cbc2c2b20
Tests: ssl_reject_handshake tests.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
39 } |
376cbc2c2b20
Tests: ssl_reject_handshake tests.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
40 |
376cbc2c2b20
Tests: ssl_reject_handshake tests.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
41 http { |
376cbc2c2b20
Tests: ssl_reject_handshake tests.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
42 %%TEST_GLOBALS_HTTP%% |
376cbc2c2b20
Tests: ssl_reject_handshake tests.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
43 |
376cbc2c2b20
Tests: ssl_reject_handshake tests.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
44 add_header X-Name $ssl_server_name; |
376cbc2c2b20
Tests: ssl_reject_handshake tests.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
45 |
376cbc2c2b20
Tests: ssl_reject_handshake tests.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
46 server { |
376cbc2c2b20
Tests: ssl_reject_handshake tests.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
47 listen 127.0.0.1:8080 ssl; |
376cbc2c2b20
Tests: ssl_reject_handshake tests.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
48 server_name localhost; |
376cbc2c2b20
Tests: ssl_reject_handshake tests.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
49 |
376cbc2c2b20
Tests: ssl_reject_handshake tests.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
50 ssl_reject_handshake on; |
376cbc2c2b20
Tests: ssl_reject_handshake tests.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
51 } |
376cbc2c2b20
Tests: ssl_reject_handshake tests.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
52 |
376cbc2c2b20
Tests: ssl_reject_handshake tests.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
53 server { |
376cbc2c2b20
Tests: ssl_reject_handshake tests.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
54 listen 127.0.0.1:8081; |
376cbc2c2b20
Tests: ssl_reject_handshake tests.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
55 server_name ssl; |
376cbc2c2b20
Tests: ssl_reject_handshake tests.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
56 |
376cbc2c2b20
Tests: ssl_reject_handshake tests.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
57 ssl on; |
376cbc2c2b20
Tests: ssl_reject_handshake tests.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
58 ssl_reject_handshake on; |
376cbc2c2b20
Tests: ssl_reject_handshake tests.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
59 } |
376cbc2c2b20
Tests: ssl_reject_handshake tests.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
60 |
376cbc2c2b20
Tests: ssl_reject_handshake tests.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
61 server { |
1850
2a7fc70900a5
Tests: improved "ssl" directive test in ssl_reject_handshake.t.
Sergey Kandaurov <pluknet@nginx.com>
parents:
1693
diff
changeset
|
62 listen 127.0.0.1:8080; |
2a7fc70900a5
Tests: improved "ssl" directive test in ssl_reject_handshake.t.
Sergey Kandaurov <pluknet@nginx.com>
parents:
1693
diff
changeset
|
63 listen 127.0.0.1:8081; |
1601
376cbc2c2b20
Tests: ssl_reject_handshake tests.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
64 server_name virtual; |
376cbc2c2b20
Tests: ssl_reject_handshake tests.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
65 |
376cbc2c2b20
Tests: ssl_reject_handshake tests.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
66 ssl_certificate localhost.crt; |
376cbc2c2b20
Tests: ssl_reject_handshake tests.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
67 ssl_certificate_key localhost.key; |
376cbc2c2b20
Tests: ssl_reject_handshake tests.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
68 } |
376cbc2c2b20
Tests: ssl_reject_handshake tests.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
69 |
376cbc2c2b20
Tests: ssl_reject_handshake tests.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
70 server { |
376cbc2c2b20
Tests: ssl_reject_handshake tests.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
71 listen 127.0.0.1:8082 ssl; |
376cbc2c2b20
Tests: ssl_reject_handshake tests.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
72 server_name localhost; |
376cbc2c2b20
Tests: ssl_reject_handshake tests.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
73 |
376cbc2c2b20
Tests: ssl_reject_handshake tests.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
74 ssl_certificate localhost.crt; |
376cbc2c2b20
Tests: ssl_reject_handshake tests.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
75 ssl_certificate_key localhost.key; |
376cbc2c2b20
Tests: ssl_reject_handshake tests.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
76 } |
376cbc2c2b20
Tests: ssl_reject_handshake tests.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
77 |
376cbc2c2b20
Tests: ssl_reject_handshake tests.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
78 server { |
1850
2a7fc70900a5
Tests: improved "ssl" directive test in ssl_reject_handshake.t.
Sergey Kandaurov <pluknet@nginx.com>
parents:
1693
diff
changeset
|
79 listen 127.0.0.1:8082; |
1601
376cbc2c2b20
Tests: ssl_reject_handshake tests.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
80 server_name virtual1; |
376cbc2c2b20
Tests: ssl_reject_handshake tests.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
81 } |
376cbc2c2b20
Tests: ssl_reject_handshake tests.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
82 |
376cbc2c2b20
Tests: ssl_reject_handshake tests.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
83 server { |
1850
2a7fc70900a5
Tests: improved "ssl" directive test in ssl_reject_handshake.t.
Sergey Kandaurov <pluknet@nginx.com>
parents:
1693
diff
changeset
|
84 listen 127.0.0.1:8082; |
1601
376cbc2c2b20
Tests: ssl_reject_handshake tests.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
85 server_name virtual2; |
376cbc2c2b20
Tests: ssl_reject_handshake tests.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
86 |
376cbc2c2b20
Tests: ssl_reject_handshake tests.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
87 ssl_reject_handshake on; |
376cbc2c2b20
Tests: ssl_reject_handshake tests.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
88 } |
376cbc2c2b20
Tests: ssl_reject_handshake tests.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
89 } |
376cbc2c2b20
Tests: ssl_reject_handshake tests.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
90 |
376cbc2c2b20
Tests: ssl_reject_handshake tests.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
91 EOF |
376cbc2c2b20
Tests: ssl_reject_handshake tests.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
92 |
376cbc2c2b20
Tests: ssl_reject_handshake tests.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
93 $t->write_file('openssl.conf', <<EOF); |
376cbc2c2b20
Tests: ssl_reject_handshake tests.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
94 [ req ] |
376cbc2c2b20
Tests: ssl_reject_handshake tests.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
95 default_bits = 2048 |
376cbc2c2b20
Tests: ssl_reject_handshake tests.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
96 encrypt_key = no |
376cbc2c2b20
Tests: ssl_reject_handshake tests.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
97 distinguished_name = req_distinguished_name |
376cbc2c2b20
Tests: ssl_reject_handshake tests.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
98 [ req_distinguished_name ] |
376cbc2c2b20
Tests: ssl_reject_handshake tests.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
99 EOF |
376cbc2c2b20
Tests: ssl_reject_handshake tests.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
100 |
376cbc2c2b20
Tests: ssl_reject_handshake tests.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
101 my $d = $t->testdir(); |
376cbc2c2b20
Tests: ssl_reject_handshake tests.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
102 |
376cbc2c2b20
Tests: ssl_reject_handshake tests.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
103 foreach my $name ('localhost') { |
376cbc2c2b20
Tests: ssl_reject_handshake tests.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
104 system('openssl req -x509 -new ' |
376cbc2c2b20
Tests: ssl_reject_handshake tests.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
105 . "-config $d/openssl.conf -subj /CN=$name/ " |
376cbc2c2b20
Tests: ssl_reject_handshake tests.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
106 . "-out $d/$name.crt -keyout $d/$name.key " |
376cbc2c2b20
Tests: ssl_reject_handshake tests.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
107 . ">>$d/openssl.out 2>&1") == 0 |
376cbc2c2b20
Tests: ssl_reject_handshake tests.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
108 or die "Can't create certificate for $name: $!\n"; |
376cbc2c2b20
Tests: ssl_reject_handshake tests.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
109 } |
376cbc2c2b20
Tests: ssl_reject_handshake tests.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
110 |
376cbc2c2b20
Tests: ssl_reject_handshake tests.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
111 $t->write_file('index.html', ''); |
1693
5ac6efbe5552
Tests: removed TODO and try_run() checks for legacy versions.
Sergey Kandaurov <pluknet@nginx.com>
parents:
1602
diff
changeset
|
112 |
5ac6efbe5552
Tests: removed TODO and try_run() checks for legacy versions.
Sergey Kandaurov <pluknet@nginx.com>
parents:
1602
diff
changeset
|
113 # suppress deprecation warning |
5ac6efbe5552
Tests: removed TODO and try_run() checks for legacy versions.
Sergey Kandaurov <pluknet@nginx.com>
parents:
1602
diff
changeset
|
114 |
5ac6efbe5552
Tests: removed TODO and try_run() checks for legacy versions.
Sergey Kandaurov <pluknet@nginx.com>
parents:
1602
diff
changeset
|
115 open OLDERR, ">&", \*STDERR; close STDERR; |
5ac6efbe5552
Tests: removed TODO and try_run() checks for legacy versions.
Sergey Kandaurov <pluknet@nginx.com>
parents:
1602
diff
changeset
|
116 $t->run()->plan(9); |
5ac6efbe5552
Tests: removed TODO and try_run() checks for legacy versions.
Sergey Kandaurov <pluknet@nginx.com>
parents:
1602
diff
changeset
|
117 open STDERR, ">&", \*OLDERR; |
1601
376cbc2c2b20
Tests: ssl_reject_handshake tests.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
118 |
376cbc2c2b20
Tests: ssl_reject_handshake tests.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
119 ############################################################################### |
376cbc2c2b20
Tests: ssl_reject_handshake tests.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
120 |
376cbc2c2b20
Tests: ssl_reject_handshake tests.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
121 # default virtual server rejected |
376cbc2c2b20
Tests: ssl_reject_handshake tests.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
122 |
376cbc2c2b20
Tests: ssl_reject_handshake tests.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
123 like(get('default', 8080), qr/unrecognized name/, 'default rejected'); |
376cbc2c2b20
Tests: ssl_reject_handshake tests.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
124 like(get(undef, 8080), qr/unrecognized name/, 'absent sni rejected'); |
376cbc2c2b20
Tests: ssl_reject_handshake tests.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
125 like(get('virtual', 8080), qr/virtual/, 'virtual accepted'); |
376cbc2c2b20
Tests: ssl_reject_handshake tests.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
126 |
376cbc2c2b20
Tests: ssl_reject_handshake tests.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
127 # default virtual server rejected - ssl on |
376cbc2c2b20
Tests: ssl_reject_handshake tests.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
128 |
376cbc2c2b20
Tests: ssl_reject_handshake tests.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
129 like(get('default', 8081), qr/unrecognized name/, 'default rejected - ssl on'); |
376cbc2c2b20
Tests: ssl_reject_handshake tests.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
130 like(get('virtual', 8081), qr/virtual/, 'virtual accepted - ssl on'); |
376cbc2c2b20
Tests: ssl_reject_handshake tests.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
131 |
376cbc2c2b20
Tests: ssl_reject_handshake tests.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
132 # non-default server "virtual2" rejected |
376cbc2c2b20
Tests: ssl_reject_handshake tests.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
133 |
376cbc2c2b20
Tests: ssl_reject_handshake tests.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
134 like(get('default', 8082), qr/default/, 'default accepted'); |
376cbc2c2b20
Tests: ssl_reject_handshake tests.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
135 like(get(undef, 8082), qr/200 OK(?!.*X-Name)/is, 'absent sni accepted'); |
376cbc2c2b20
Tests: ssl_reject_handshake tests.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
136 like(get('virtual1', 8082), qr/virtual1/, 'virtual 1 accepted'); |
376cbc2c2b20
Tests: ssl_reject_handshake tests.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
137 like(get('virtual2', 8082), qr/unrecognized name/, 'virtual 2 rejected'); |
376cbc2c2b20
Tests: ssl_reject_handshake tests.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
138 |
376cbc2c2b20
Tests: ssl_reject_handshake tests.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
139 ############################################################################### |
376cbc2c2b20
Tests: ssl_reject_handshake tests.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
140 |
376cbc2c2b20
Tests: ssl_reject_handshake tests.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
141 sub get { |
376cbc2c2b20
Tests: ssl_reject_handshake tests.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
142 my ($host, $port) = @_; |
376cbc2c2b20
Tests: ssl_reject_handshake tests.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
143 my $s = get_ssl_socket($host, $port) or return $@; |
376cbc2c2b20
Tests: ssl_reject_handshake tests.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
144 $host = 'localhost' if !defined $host; |
376cbc2c2b20
Tests: ssl_reject_handshake tests.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
145 my $r = http(<<EOF, socket => $s); |
376cbc2c2b20
Tests: ssl_reject_handshake tests.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
146 GET / HTTP/1.0 |
376cbc2c2b20
Tests: ssl_reject_handshake tests.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
147 Host: $host |
376cbc2c2b20
Tests: ssl_reject_handshake tests.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
148 |
376cbc2c2b20
Tests: ssl_reject_handshake tests.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
149 EOF |
376cbc2c2b20
Tests: ssl_reject_handshake tests.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
150 |
376cbc2c2b20
Tests: ssl_reject_handshake tests.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
151 $s->close(); |
376cbc2c2b20
Tests: ssl_reject_handshake tests.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
152 return $r; |
376cbc2c2b20
Tests: ssl_reject_handshake tests.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
153 } |
376cbc2c2b20
Tests: ssl_reject_handshake tests.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
154 |
376cbc2c2b20
Tests: ssl_reject_handshake tests.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
155 sub get_ssl_socket { |
376cbc2c2b20
Tests: ssl_reject_handshake tests.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
156 my ($host, $port) = @_; |
376cbc2c2b20
Tests: ssl_reject_handshake tests.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
157 my $s; |
376cbc2c2b20
Tests: ssl_reject_handshake tests.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
158 |
376cbc2c2b20
Tests: ssl_reject_handshake tests.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
159 eval { |
376cbc2c2b20
Tests: ssl_reject_handshake tests.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
160 local $SIG{ALRM} = sub { die "timeout\n" }; |
376cbc2c2b20
Tests: ssl_reject_handshake tests.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
161 local $SIG{PIPE} = sub { die "sigpipe\n" }; |
376cbc2c2b20
Tests: ssl_reject_handshake tests.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
162 alarm(8); |
376cbc2c2b20
Tests: ssl_reject_handshake tests.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
163 $s = IO::Socket::SSL->new( |
376cbc2c2b20
Tests: ssl_reject_handshake tests.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
164 Proto => 'tcp', |
376cbc2c2b20
Tests: ssl_reject_handshake tests.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
165 PeerAddr => '127.0.0.1', |
376cbc2c2b20
Tests: ssl_reject_handshake tests.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
166 PeerPort => port($port), |
376cbc2c2b20
Tests: ssl_reject_handshake tests.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
167 SSL_hostname => $host, |
376cbc2c2b20
Tests: ssl_reject_handshake tests.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
168 SSL_verify_mode => IO::Socket::SSL::SSL_VERIFY_NONE(), |
376cbc2c2b20
Tests: ssl_reject_handshake tests.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
169 SSL_error_trap => sub { die $_[1] }, |
376cbc2c2b20
Tests: ssl_reject_handshake tests.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
170 ); |
376cbc2c2b20
Tests: ssl_reject_handshake tests.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
171 alarm(0); |
376cbc2c2b20
Tests: ssl_reject_handshake tests.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
172 }; |
376cbc2c2b20
Tests: ssl_reject_handshake tests.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
173 alarm(0); |
376cbc2c2b20
Tests: ssl_reject_handshake tests.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
174 |
376cbc2c2b20
Tests: ssl_reject_handshake tests.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
175 if ($@) { |
376cbc2c2b20
Tests: ssl_reject_handshake tests.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
176 log_in("died: $@"); |
376cbc2c2b20
Tests: ssl_reject_handshake tests.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
177 return undef; |
376cbc2c2b20
Tests: ssl_reject_handshake tests.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
178 } |
376cbc2c2b20
Tests: ssl_reject_handshake tests.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
179 |
376cbc2c2b20
Tests: ssl_reject_handshake tests.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
180 return $s; |
376cbc2c2b20
Tests: ssl_reject_handshake tests.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
181 } |
376cbc2c2b20
Tests: ssl_reject_handshake tests.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
182 |
376cbc2c2b20
Tests: ssl_reject_handshake tests.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
183 ############################################################################### |