Mercurial > hg > nginx-tests
annotate proxy_ssl.t @ 431:05c46688b54b
Tests: ssl_password_file.t fixes.
Make sure to always specify listen socket in all servers as the
default vary (under root, nginx will try to listen on 80). Make sure
to detect if an https request was processed by http.
| author | Maxim Dounin <mdounin@mdounin.ru> |
|---|---|
| date | Wed, 09 Jul 2014 05:19:51 +0400 |
| parents | ad164c14058a |
| children | a7d04159e52b |
| rev | line source |
|---|---|
|
311
ad164c14058a
Tests: basic proxy tests to ssl backend.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
1 #!/usr/bin/perl |
|
ad164c14058a
Tests: basic proxy tests to ssl backend.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
2 |
|
ad164c14058a
Tests: basic proxy tests to ssl backend.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
3 # (C) Nginx, Inc. |
|
ad164c14058a
Tests: basic proxy tests to ssl backend.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
4 |
|
ad164c14058a
Tests: basic proxy tests to ssl backend.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
5 # Tests for proxy to ssl backend. |
|
ad164c14058a
Tests: basic proxy tests to ssl backend.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
6 |
|
ad164c14058a
Tests: basic proxy tests to ssl backend.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
7 ############################################################################### |
|
ad164c14058a
Tests: basic proxy tests to ssl backend.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
8 |
|
ad164c14058a
Tests: basic proxy tests to ssl backend.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
9 use warnings; |
|
ad164c14058a
Tests: basic proxy tests to ssl backend.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
10 use strict; |
|
ad164c14058a
Tests: basic proxy tests to ssl backend.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
11 |
|
ad164c14058a
Tests: basic proxy tests to ssl backend.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
12 use Test::More; |
|
ad164c14058a
Tests: basic proxy tests to ssl backend.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
13 |
|
ad164c14058a
Tests: basic proxy tests to ssl backend.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
14 BEGIN { use FindBin; chdir($FindBin::Bin); } |
|
ad164c14058a
Tests: basic proxy tests to ssl backend.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
15 |
|
ad164c14058a
Tests: basic proxy tests to ssl backend.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
16 use lib 'lib'; |
|
ad164c14058a
Tests: basic proxy tests to ssl backend.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
17 use Test::Nginx; |
|
ad164c14058a
Tests: basic proxy tests to ssl backend.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
18 |
|
ad164c14058a
Tests: basic proxy tests to ssl backend.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
19 ############################################################################### |
|
ad164c14058a
Tests: basic proxy tests to ssl backend.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
20 |
|
ad164c14058a
Tests: basic proxy tests to ssl backend.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
21 select STDERR; $| = 1; |
|
ad164c14058a
Tests: basic proxy tests to ssl backend.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
22 select STDOUT; $| = 1; |
|
ad164c14058a
Tests: basic proxy tests to ssl backend.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
23 |
|
ad164c14058a
Tests: basic proxy tests to ssl backend.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
24 my $t = Test::Nginx->new()->has(qw/http proxy http_ssl/)->has_daemon('openssl') |
|
ad164c14058a
Tests: basic proxy tests to ssl backend.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
25 ->plan(4)->write_file_expand('nginx.conf', <<'EOF'); |
|
ad164c14058a
Tests: basic proxy tests to ssl backend.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
26 |
|
ad164c14058a
Tests: basic proxy tests to ssl backend.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
27 %%TEST_GLOBALS%% |
|
ad164c14058a
Tests: basic proxy tests to ssl backend.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
28 |
|
ad164c14058a
Tests: basic proxy tests to ssl backend.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
29 daemon off; |
|
ad164c14058a
Tests: basic proxy tests to ssl backend.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
30 |
|
ad164c14058a
Tests: basic proxy tests to ssl backend.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
31 events { |
|
ad164c14058a
Tests: basic proxy tests to ssl backend.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
32 } |
|
ad164c14058a
Tests: basic proxy tests to ssl backend.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
33 |
|
ad164c14058a
Tests: basic proxy tests to ssl backend.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
34 http { |
|
ad164c14058a
Tests: basic proxy tests to ssl backend.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
35 %%TEST_GLOBALS_HTTP%% |
|
ad164c14058a
Tests: basic proxy tests to ssl backend.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
36 |
|
ad164c14058a
Tests: basic proxy tests to ssl backend.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
37 server { |
|
ad164c14058a
Tests: basic proxy tests to ssl backend.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
38 listen 127.0.0.1:8081 ssl; |
|
ad164c14058a
Tests: basic proxy tests to ssl backend.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
39 |
|
ad164c14058a
Tests: basic proxy tests to ssl backend.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
40 ssl_certificate_key localhost.key; |
|
ad164c14058a
Tests: basic proxy tests to ssl backend.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
41 ssl_certificate localhost.crt; |
|
ad164c14058a
Tests: basic proxy tests to ssl backend.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
42 } |
|
ad164c14058a
Tests: basic proxy tests to ssl backend.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
43 |
|
ad164c14058a
Tests: basic proxy tests to ssl backend.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
44 server { |
|
ad164c14058a
Tests: basic proxy tests to ssl backend.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
45 listen 127.0.0.1:8080; |
|
ad164c14058a
Tests: basic proxy tests to ssl backend.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
46 server_name localhost; |
|
ad164c14058a
Tests: basic proxy tests to ssl backend.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
47 |
|
ad164c14058a
Tests: basic proxy tests to ssl backend.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
48 add_header X-Foo ssl; |
|
ad164c14058a
Tests: basic proxy tests to ssl backend.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
49 |
|
ad164c14058a
Tests: basic proxy tests to ssl backend.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
50 location /ssl_reuse { |
|
ad164c14058a
Tests: basic proxy tests to ssl backend.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
51 proxy_pass https://127.0.0.1:8081/; |
|
ad164c14058a
Tests: basic proxy tests to ssl backend.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
52 proxy_ssl_session_reuse on; |
|
ad164c14058a
Tests: basic proxy tests to ssl backend.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
53 } |
|
ad164c14058a
Tests: basic proxy tests to ssl backend.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
54 |
|
ad164c14058a
Tests: basic proxy tests to ssl backend.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
55 location /ssl { |
|
ad164c14058a
Tests: basic proxy tests to ssl backend.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
56 proxy_pass https://127.0.0.1:8081/; |
|
ad164c14058a
Tests: basic proxy tests to ssl backend.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
57 proxy_ssl_session_reuse off; |
|
ad164c14058a
Tests: basic proxy tests to ssl backend.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
58 } |
|
ad164c14058a
Tests: basic proxy tests to ssl backend.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
59 } |
|
ad164c14058a
Tests: basic proxy tests to ssl backend.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
60 } |
|
ad164c14058a
Tests: basic proxy tests to ssl backend.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
61 |
|
ad164c14058a
Tests: basic proxy tests to ssl backend.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
62 EOF |
|
ad164c14058a
Tests: basic proxy tests to ssl backend.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
63 |
|
ad164c14058a
Tests: basic proxy tests to ssl backend.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
64 $t->write_file('openssl.conf', <<EOF); |
|
ad164c14058a
Tests: basic proxy tests to ssl backend.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
65 [ req ] |
|
ad164c14058a
Tests: basic proxy tests to ssl backend.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
66 default_bits = 2048 |
|
ad164c14058a
Tests: basic proxy tests to ssl backend.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
67 encrypt_key = no |
|
ad164c14058a
Tests: basic proxy tests to ssl backend.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
68 distinguished_name = req_distinguished_name |
|
ad164c14058a
Tests: basic proxy tests to ssl backend.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
69 [ req_distinguished_name ] |
|
ad164c14058a
Tests: basic proxy tests to ssl backend.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
70 EOF |
|
ad164c14058a
Tests: basic proxy tests to ssl backend.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
71 |
|
ad164c14058a
Tests: basic proxy tests to ssl backend.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
72 $t->write_file('index.html', ''); |
|
ad164c14058a
Tests: basic proxy tests to ssl backend.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
73 |
|
ad164c14058a
Tests: basic proxy tests to ssl backend.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
74 my $d = $t->testdir(); |
|
ad164c14058a
Tests: basic proxy tests to ssl backend.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
75 |
|
ad164c14058a
Tests: basic proxy tests to ssl backend.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
76 foreach my $name ('localhost') { |
|
ad164c14058a
Tests: basic proxy tests to ssl backend.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
77 system('openssl req -x509 -new ' |
|
ad164c14058a
Tests: basic proxy tests to ssl backend.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
78 . "-config '$d/openssl.conf' -subj '/CN=$name/' " |
|
ad164c14058a
Tests: basic proxy tests to ssl backend.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
79 . "-out '$d/$name.crt' -keyout '$d/$name.key' " |
|
ad164c14058a
Tests: basic proxy tests to ssl backend.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
80 . ">>$d/openssl.out 2>&1") == 0 |
|
ad164c14058a
Tests: basic proxy tests to ssl backend.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
81 or die "Can't create certificate for $name: $!\n"; |
|
ad164c14058a
Tests: basic proxy tests to ssl backend.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
82 } |
|
ad164c14058a
Tests: basic proxy tests to ssl backend.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
83 |
|
ad164c14058a
Tests: basic proxy tests to ssl backend.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
84 $t->run(); |
|
ad164c14058a
Tests: basic proxy tests to ssl backend.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
85 |
|
ad164c14058a
Tests: basic proxy tests to ssl backend.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
86 ############################################################################### |
|
ad164c14058a
Tests: basic proxy tests to ssl backend.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
87 |
|
ad164c14058a
Tests: basic proxy tests to ssl backend.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
88 like(http_get('/ssl'), qr/200 OK.*X-Foo: ssl/ms, 'ssl'); |
|
ad164c14058a
Tests: basic proxy tests to ssl backend.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
89 like(http_get('/ssl'), qr/200 OK.*X-Foo: ssl/ms, 'ssl 2'); |
|
ad164c14058a
Tests: basic proxy tests to ssl backend.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
90 like(http_get('/ssl_reuse'), qr/200 OK.*X-Foo: ssl/ms, 'ssl reuse session'); |
|
ad164c14058a
Tests: basic proxy tests to ssl backend.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
91 like(http_get('/ssl_reuse'), qr/200 OK.*X-Foo: ssl/ms, 'ssl reuse session 2'); |
|
ad164c14058a
Tests: basic proxy tests to ssl backend.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
92 |
|
ad164c14058a
Tests: basic proxy tests to ssl backend.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
93 ############################################################################### |