Mercurial > hg > nginx-tests
annotate ssl.t @ 431:05c46688b54b
Tests: ssl_password_file.t fixes.
Make sure to always specify listen socket in all servers as the
default vary (under root, nginx will try to listen on 80). Make sure
to detect if an https request was processed by http.
author | Maxim Dounin <mdounin@mdounin.ru> |
---|---|
date | Wed, 09 Jul 2014 05:19:51 +0400 |
parents | a82b02635614 |
children | 071e8941e3bf |
rev | line source |
---|---|
370
74cfe56c7b83
Tests: simple https tests.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
1 #!/usr/bin/perl |
74cfe56c7b83
Tests: simple https tests.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
2 |
74cfe56c7b83
Tests: simple https tests.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
3 # (C) Sergey Kandaurov |
74cfe56c7b83
Tests: simple https tests.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
4 # (C) Nginx, Inc. |
74cfe56c7b83
Tests: simple https tests.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
5 |
74cfe56c7b83
Tests: simple https tests.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
6 # Tests for http ssl module. |
74cfe56c7b83
Tests: simple https tests.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
7 |
74cfe56c7b83
Tests: simple https tests.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
8 ############################################################################### |
74cfe56c7b83
Tests: simple https tests.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
9 |
74cfe56c7b83
Tests: simple https tests.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
10 use warnings; |
74cfe56c7b83
Tests: simple https tests.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
11 use strict; |
74cfe56c7b83
Tests: simple https tests.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
12 |
74cfe56c7b83
Tests: simple https tests.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
13 use Test::More; |
74cfe56c7b83
Tests: simple https tests.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
14 |
74cfe56c7b83
Tests: simple https tests.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
15 BEGIN { use FindBin; chdir($FindBin::Bin); } |
74cfe56c7b83
Tests: simple https tests.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
16 |
74cfe56c7b83
Tests: simple https tests.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
17 use lib 'lib'; |
74cfe56c7b83
Tests: simple https tests.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
18 use Test::Nginx; |
74cfe56c7b83
Tests: simple https tests.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
19 |
74cfe56c7b83
Tests: simple https tests.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
20 ############################################################################### |
74cfe56c7b83
Tests: simple https tests.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
21 |
74cfe56c7b83
Tests: simple https tests.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
22 select STDERR; $| = 1; |
74cfe56c7b83
Tests: simple https tests.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
23 select STDOUT; $| = 1; |
74cfe56c7b83
Tests: simple https tests.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
24 |
430
a82b02635614
Tests: skip ssl tests with ancient IO::Socket::SSL.
Maxim Dounin <mdounin@mdounin.ru>
parents:
397
diff
changeset
|
25 eval { require IO::Socket::SSL; }; |
370
74cfe56c7b83
Tests: simple https tests.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
26 plan(skip_all => 'IO::Socket::SSL not installed') if $@; |
430
a82b02635614
Tests: skip ssl tests with ancient IO::Socket::SSL.
Maxim Dounin <mdounin@mdounin.ru>
parents:
397
diff
changeset
|
27 eval { IO::Socket::SSL::SSL_VERIFY_NONE(); }; |
a82b02635614
Tests: skip ssl tests with ancient IO::Socket::SSL.
Maxim Dounin <mdounin@mdounin.ru>
parents:
397
diff
changeset
|
28 plan(skip_all => 'IO::Socket::SSL too old') if $@; |
370
74cfe56c7b83
Tests: simple https tests.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
29 |
74cfe56c7b83
Tests: simple https tests.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
30 my $t = Test::Nginx->new()->has(qw/http http_ssl rewrite/) |
74cfe56c7b83
Tests: simple https tests.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
31 ->has_daemon('openssl'); |
74cfe56c7b83
Tests: simple https tests.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
32 |
74cfe56c7b83
Tests: simple https tests.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
33 $t->plan(4)->write_file_expand('nginx.conf', <<'EOF'); |
74cfe56c7b83
Tests: simple https tests.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
34 |
74cfe56c7b83
Tests: simple https tests.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
35 %%TEST_GLOBALS%% |
74cfe56c7b83
Tests: simple https tests.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
36 |
74cfe56c7b83
Tests: simple https tests.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
37 daemon off; |
74cfe56c7b83
Tests: simple https tests.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
38 |
74cfe56c7b83
Tests: simple https tests.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
39 events { |
74cfe56c7b83
Tests: simple https tests.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
40 } |
74cfe56c7b83
Tests: simple https tests.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
41 |
74cfe56c7b83
Tests: simple https tests.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
42 http { |
74cfe56c7b83
Tests: simple https tests.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
43 %%TEST_GLOBALS_HTTP%% |
74cfe56c7b83
Tests: simple https tests.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
44 |
74cfe56c7b83
Tests: simple https tests.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
45 server { |
74cfe56c7b83
Tests: simple https tests.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
46 listen 127.0.0.1:8443 ssl; |
74cfe56c7b83
Tests: simple https tests.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
47 listen 127.0.0.1:8080; |
74cfe56c7b83
Tests: simple https tests.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
48 server_name localhost; |
74cfe56c7b83
Tests: simple https tests.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
49 |
74cfe56c7b83
Tests: simple https tests.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
50 ssl_certificate_key localhost.key; |
74cfe56c7b83
Tests: simple https tests.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
51 ssl_certificate localhost.crt; |
74cfe56c7b83
Tests: simple https tests.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
52 ssl_session_cache shared:SSL:10m; |
378
de2f7e86866e
Tests: disabled session tickets.
Sergey Kandaurov <pluknet@nginx.com>
parents:
370
diff
changeset
|
53 ssl_session_tickets off; |
370
74cfe56c7b83
Tests: simple https tests.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
54 |
74cfe56c7b83
Tests: simple https tests.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
55 location /reuse { |
74cfe56c7b83
Tests: simple https tests.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
56 return 200 "body $ssl_session_reused"; |
74cfe56c7b83
Tests: simple https tests.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
57 } |
74cfe56c7b83
Tests: simple https tests.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
58 location /id { |
74cfe56c7b83
Tests: simple https tests.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
59 return 200 "body $ssl_session_id"; |
74cfe56c7b83
Tests: simple https tests.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
60 } |
74cfe56c7b83
Tests: simple https tests.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
61 } |
74cfe56c7b83
Tests: simple https tests.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
62 } |
74cfe56c7b83
Tests: simple https tests.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
63 |
74cfe56c7b83
Tests: simple https tests.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
64 EOF |
74cfe56c7b83
Tests: simple https tests.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
65 |
74cfe56c7b83
Tests: simple https tests.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
66 $t->write_file('openssl.conf', <<EOF); |
74cfe56c7b83
Tests: simple https tests.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
67 [ req ] |
74cfe56c7b83
Tests: simple https tests.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
68 default_bits = 2048 |
74cfe56c7b83
Tests: simple https tests.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
69 encrypt_key = no |
74cfe56c7b83
Tests: simple https tests.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
70 distinguished_name = req_distinguished_name |
74cfe56c7b83
Tests: simple https tests.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
71 [ req_distinguished_name ] |
74cfe56c7b83
Tests: simple https tests.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
72 EOF |
74cfe56c7b83
Tests: simple https tests.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
73 |
74cfe56c7b83
Tests: simple https tests.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
74 my $d = $t->testdir(); |
74cfe56c7b83
Tests: simple https tests.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
75 |
74cfe56c7b83
Tests: simple https tests.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
76 foreach my $name ('localhost') { |
74cfe56c7b83
Tests: simple https tests.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
77 system('openssl req -x509 -new ' |
74cfe56c7b83
Tests: simple https tests.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
78 . "-config '$d/openssl.conf' -subj '/CN=$name/' " |
74cfe56c7b83
Tests: simple https tests.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
79 . "-out '$d/$name.crt' -keyout '$d/$name.key' " |
74cfe56c7b83
Tests: simple https tests.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
80 . ">>$d/openssl.out 2>&1") == 0 |
74cfe56c7b83
Tests: simple https tests.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
81 or die "Can't create certificate for $name: $!\n"; |
74cfe56c7b83
Tests: simple https tests.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
82 } |
74cfe56c7b83
Tests: simple https tests.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
83 |
74cfe56c7b83
Tests: simple https tests.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
84 my $ctx = new IO::Socket::SSL::SSL_Context( |
74cfe56c7b83
Tests: simple https tests.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
85 SSL_verify_mode => IO::Socket::SSL::SSL_VERIFY_NONE(), |
74cfe56c7b83
Tests: simple https tests.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
86 SSL_session_cache_size => 100); |
74cfe56c7b83
Tests: simple https tests.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
87 |
74cfe56c7b83
Tests: simple https tests.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
88 $t->run(); |
74cfe56c7b83
Tests: simple https tests.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
89 |
74cfe56c7b83
Tests: simple https tests.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
90 ############################################################################### |
74cfe56c7b83
Tests: simple https tests.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
91 |
74cfe56c7b83
Tests: simple https tests.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
92 like(http_get('/reuse', socket => get_ssl_socket($ctx)), qr/^body \.$/m, |
74cfe56c7b83
Tests: simple https tests.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
93 'initial session'); |
74cfe56c7b83
Tests: simple https tests.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
94 like(http_get('/reuse', socket => get_ssl_socket($ctx)), qr/^body r$/m, |
74cfe56c7b83
Tests: simple https tests.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
95 'session reused'); |
74cfe56c7b83
Tests: simple https tests.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
96 |
74cfe56c7b83
Tests: simple https tests.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
97 my ($sid) = http_get('/id', socket => get_ssl_socket($ctx)) =~ /^body (\w+)$/m; |
74cfe56c7b83
Tests: simple https tests.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
98 is(length $sid, 64, 'session id'); |
74cfe56c7b83
Tests: simple https tests.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
99 |
74cfe56c7b83
Tests: simple https tests.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
100 unlike(http_get('/id'), qr/body \w/, 'session id no ssl'); |
74cfe56c7b83
Tests: simple https tests.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
101 |
74cfe56c7b83
Tests: simple https tests.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
102 ############################################################################### |
74cfe56c7b83
Tests: simple https tests.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
103 |
74cfe56c7b83
Tests: simple https tests.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
104 sub get_ssl_socket { |
74cfe56c7b83
Tests: simple https tests.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
105 my ($ctx) = @_; |
74cfe56c7b83
Tests: simple https tests.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
106 my $s; |
74cfe56c7b83
Tests: simple https tests.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
107 |
74cfe56c7b83
Tests: simple https tests.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
108 eval { |
74cfe56c7b83
Tests: simple https tests.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
109 local $SIG{ALRM} = sub { die "timeout\n" }; |
74cfe56c7b83
Tests: simple https tests.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
110 local $SIG{PIPE} = sub { die "sigpipe\n" }; |
74cfe56c7b83
Tests: simple https tests.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
111 alarm(2); |
74cfe56c7b83
Tests: simple https tests.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
112 $s = IO::Socket::SSL->new( |
74cfe56c7b83
Tests: simple https tests.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
113 Proto => 'tcp', |
74cfe56c7b83
Tests: simple https tests.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
114 PeerAddr => '127.0.0.1:8443', |
74cfe56c7b83
Tests: simple https tests.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
115 SSL_verify_mode => IO::Socket::SSL::SSL_VERIFY_NONE(), |
74cfe56c7b83
Tests: simple https tests.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
116 SSL_reuse_ctx => $ctx, |
74cfe56c7b83
Tests: simple https tests.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
117 SSL_error_trap => sub { die $_[1] } |
74cfe56c7b83
Tests: simple https tests.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
118 ); |
74cfe56c7b83
Tests: simple https tests.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
119 alarm(0); |
74cfe56c7b83
Tests: simple https tests.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
120 }; |
74cfe56c7b83
Tests: simple https tests.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
121 alarm(0); |
74cfe56c7b83
Tests: simple https tests.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
122 |
74cfe56c7b83
Tests: simple https tests.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
123 if ($@) { |
74cfe56c7b83
Tests: simple https tests.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
124 log_in("died: $@"); |
74cfe56c7b83
Tests: simple https tests.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
125 return undef; |
74cfe56c7b83
Tests: simple https tests.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
126 } |
74cfe56c7b83
Tests: simple https tests.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
127 |
74cfe56c7b83
Tests: simple https tests.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
128 return $s; |
74cfe56c7b83
Tests: simple https tests.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
129 } |
74cfe56c7b83
Tests: simple https tests.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
130 |
74cfe56c7b83
Tests: simple https tests.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
131 ############################################################################### |