Mercurial > hg > nginx-tests
annotate ssl_stapling.t @ 1865:0e1865aa9b33
Tests: reworked http SSL tests to use IO::Socket::SSL.
Relevant infrastructure is provided in Test::Nginx http() functions.
This also ensures that SSL handshake and various read and write operations
are guarded with timeouts.
The ssl_sni_reneg.t test uses IO::Socket::SSL::_get_ssl_object() to access
the Net::SSLeay object directly and trigger renegotation. While
not exactly correct, this seems to be good enough for tests.
Similarly, IO::Socket::SSL::_get_ssl_object() is used in ssl_stapling.t,
since SSL_ocsp_staple_callback is called with the socket instead of the
Net::SSLeay object.
Similarly, IO::Socket::SSL::_get_ssl_object() is used in ssl_verify_client.t,
since there seems to be no way to obtain CA list with IO::Socket::SSL.
Notable change to http() request interface is that http_end() now closes
the socket. This is to make sure that SSL connections are properly
closed and SSL sessions are not removed from the IO::Socket::SSL session
cache. This affected access_log.t, which was modified accordingly.
author | Maxim Dounin <mdounin@mdounin.ru> |
---|---|
date | Thu, 18 May 2023 18:07:17 +0300 |
parents | af47a0b348a5 |
children | 231b14e2041a |
rev | line source |
---|---|
1330
b82ed2061f65
Tests: OCSP stapling tests.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
1 #!/usr/bin/perl |
b82ed2061f65
Tests: OCSP stapling tests.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
2 |
b82ed2061f65
Tests: OCSP stapling tests.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
3 # (C) Sergey Kandaurov |
b82ed2061f65
Tests: OCSP stapling tests.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
4 # (C) Nginx, Inc. |
b82ed2061f65
Tests: OCSP stapling tests.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
5 |
b82ed2061f65
Tests: OCSP stapling tests.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
6 # Tests for OCSP stapling. |
b82ed2061f65
Tests: OCSP stapling tests.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
7 |
b82ed2061f65
Tests: OCSP stapling tests.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
8 ############################################################################### |
b82ed2061f65
Tests: OCSP stapling tests.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
9 |
b82ed2061f65
Tests: OCSP stapling tests.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
10 use warnings; |
b82ed2061f65
Tests: OCSP stapling tests.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
11 use strict; |
b82ed2061f65
Tests: OCSP stapling tests.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
12 |
b82ed2061f65
Tests: OCSP stapling tests.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
13 use Test::More; |
b82ed2061f65
Tests: OCSP stapling tests.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
14 |
b82ed2061f65
Tests: OCSP stapling tests.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
15 use MIME::Base64 qw/ decode_base64 /; |
b82ed2061f65
Tests: OCSP stapling tests.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
16 |
b82ed2061f65
Tests: OCSP stapling tests.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
17 BEGIN { use FindBin; chdir($FindBin::Bin); } |
b82ed2061f65
Tests: OCSP stapling tests.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
18 |
b82ed2061f65
Tests: OCSP stapling tests.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
19 use lib 'lib'; |
b82ed2061f65
Tests: OCSP stapling tests.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
20 use Test::Nginx; |
b82ed2061f65
Tests: OCSP stapling tests.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
21 |
b82ed2061f65
Tests: OCSP stapling tests.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
22 ############################################################################### |
b82ed2061f65
Tests: OCSP stapling tests.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
23 |
b82ed2061f65
Tests: OCSP stapling tests.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
24 select STDERR; $| = 1; |
b82ed2061f65
Tests: OCSP stapling tests.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
25 select STDOUT; $| = 1; |
b82ed2061f65
Tests: OCSP stapling tests.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
26 |
1865
0e1865aa9b33
Tests: reworked http SSL tests to use IO::Socket::SSL.
Maxim Dounin <mdounin@mdounin.ru>
parents:
1842
diff
changeset
|
27 my $t = Test::Nginx->new()->has(qw/http http_ssl socket_ssl/) |
0e1865aa9b33
Tests: reworked http SSL tests to use IO::Socket::SSL.
Maxim Dounin <mdounin@mdounin.ru>
parents:
1842
diff
changeset
|
28 ->has_daemon('openssl'); |
1330
b82ed2061f65
Tests: OCSP stapling tests.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
29 |
1865
0e1865aa9b33
Tests: reworked http SSL tests to use IO::Socket::SSL.
Maxim Dounin <mdounin@mdounin.ru>
parents:
1842
diff
changeset
|
30 eval { defined &Net::SSLeay::set_tlsext_status_type or die; }; |
0e1865aa9b33
Tests: reworked http SSL tests to use IO::Socket::SSL.
Maxim Dounin <mdounin@mdounin.ru>
parents:
1842
diff
changeset
|
31 plan(skip_all => 'Net::SSLeay too old') if $@; |
0e1865aa9b33
Tests: reworked http SSL tests to use IO::Socket::SSL.
Maxim Dounin <mdounin@mdounin.ru>
parents:
1842
diff
changeset
|
32 eval { defined &IO::Socket::SSL::SSL_OCSP_TRY_STAPLE or die; }; |
0e1865aa9b33
Tests: reworked http SSL tests to use IO::Socket::SSL.
Maxim Dounin <mdounin@mdounin.ru>
parents:
1842
diff
changeset
|
33 plan(skip_all => 'IO::Socket::SSL too old') if $@; |
1400
94bcad5611af
Tests: skip OCSP stapling and multiple cert tests with BoringSSL.
Sergey Kandaurov <pluknet@nginx.com>
parents:
1397
diff
changeset
|
34 |
94bcad5611af
Tests: skip OCSP stapling and multiple cert tests with BoringSSL.
Sergey Kandaurov <pluknet@nginx.com>
parents:
1397
diff
changeset
|
35 plan(skip_all => 'no OCSP stapling') if $t->has_module('BoringSSL'); |
94bcad5611af
Tests: skip OCSP stapling and multiple cert tests with BoringSSL.
Sergey Kandaurov <pluknet@nginx.com>
parents:
1397
diff
changeset
|
36 |
1842
af47a0b348a5
Tests: LibreSSL certificate negotiation with TLSv1.3.
Maxim Dounin <mdounin@mdounin.ru>
parents:
1636
diff
changeset
|
37 $t->plan(10)->write_file_expand('nginx.conf', <<'EOF'); |
1330
b82ed2061f65
Tests: OCSP stapling tests.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
38 |
b82ed2061f65
Tests: OCSP stapling tests.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
39 %%TEST_GLOBALS%% |
b82ed2061f65
Tests: OCSP stapling tests.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
40 |
b82ed2061f65
Tests: OCSP stapling tests.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
41 daemon off; |
b82ed2061f65
Tests: OCSP stapling tests.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
42 |
b82ed2061f65
Tests: OCSP stapling tests.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
43 events { |
b82ed2061f65
Tests: OCSP stapling tests.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
44 } |
b82ed2061f65
Tests: OCSP stapling tests.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
45 |
b82ed2061f65
Tests: OCSP stapling tests.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
46 http { |
b82ed2061f65
Tests: OCSP stapling tests.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
47 %%TEST_GLOBALS_HTTP%% |
b82ed2061f65
Tests: OCSP stapling tests.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
48 |
b82ed2061f65
Tests: OCSP stapling tests.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
49 ssl_stapling on; |
b82ed2061f65
Tests: OCSP stapling tests.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
50 ssl_trusted_certificate trusted.crt; |
b82ed2061f65
Tests: OCSP stapling tests.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
51 |
b82ed2061f65
Tests: OCSP stapling tests.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
52 ssl_certificate ec-end-int.crt; |
b82ed2061f65
Tests: OCSP stapling tests.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
53 ssl_certificate_key ec-end.key; |
b82ed2061f65
Tests: OCSP stapling tests.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
54 |
b82ed2061f65
Tests: OCSP stapling tests.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
55 ssl_certificate end-int.crt; |
b82ed2061f65
Tests: OCSP stapling tests.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
56 ssl_certificate_key end.key; |
b82ed2061f65
Tests: OCSP stapling tests.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
57 |
1476
e8ba4ae5e3ac
Tests: fixed ssl_stapling.t for nginx built with OpenSSL 0.9.8y+.
Sergey Kandaurov <pluknet@nginx.com>
parents:
1421
diff
changeset
|
58 ssl_ciphers DEFAULT:ECCdraft; |
e8ba4ae5e3ac
Tests: fixed ssl_stapling.t for nginx built with OpenSSL 0.9.8y+.
Sergey Kandaurov <pluknet@nginx.com>
parents:
1421
diff
changeset
|
59 |
1330
b82ed2061f65
Tests: OCSP stapling tests.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
60 server { |
b82ed2061f65
Tests: OCSP stapling tests.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
61 listen 127.0.0.1:8443 ssl; |
b82ed2061f65
Tests: OCSP stapling tests.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
62 listen 127.0.0.1:8080; |
b82ed2061f65
Tests: OCSP stapling tests.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
63 server_name localhost; |
b82ed2061f65
Tests: OCSP stapling tests.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
64 } |
b82ed2061f65
Tests: OCSP stapling tests.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
65 |
b82ed2061f65
Tests: OCSP stapling tests.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
66 server { |
b82ed2061f65
Tests: OCSP stapling tests.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
67 listen 127.0.0.1:8444 ssl; |
b82ed2061f65
Tests: OCSP stapling tests.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
68 server_name localhost; |
b82ed2061f65
Tests: OCSP stapling tests.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
69 |
b82ed2061f65
Tests: OCSP stapling tests.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
70 ssl_stapling_responder http://127.0.0.1:8081/; |
b82ed2061f65
Tests: OCSP stapling tests.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
71 } |
b82ed2061f65
Tests: OCSP stapling tests.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
72 |
b82ed2061f65
Tests: OCSP stapling tests.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
73 server { |
b82ed2061f65
Tests: OCSP stapling tests.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
74 listen 127.0.0.1:8445 ssl; |
b82ed2061f65
Tests: OCSP stapling tests.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
75 server_name localhost; |
b82ed2061f65
Tests: OCSP stapling tests.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
76 |
b82ed2061f65
Tests: OCSP stapling tests.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
77 ssl_stapling_verify on; |
b82ed2061f65
Tests: OCSP stapling tests.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
78 } |
b82ed2061f65
Tests: OCSP stapling tests.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
79 |
b82ed2061f65
Tests: OCSP stapling tests.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
80 server { |
b82ed2061f65
Tests: OCSP stapling tests.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
81 listen 127.0.0.1:8446 ssl; |
b82ed2061f65
Tests: OCSP stapling tests.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
82 server_name localhost; |
b82ed2061f65
Tests: OCSP stapling tests.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
83 |
b82ed2061f65
Tests: OCSP stapling tests.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
84 ssl_certificate ec-end.crt; |
b82ed2061f65
Tests: OCSP stapling tests.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
85 ssl_certificate_key ec-end.key; |
b82ed2061f65
Tests: OCSP stapling tests.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
86 } |
b82ed2061f65
Tests: OCSP stapling tests.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
87 |
b82ed2061f65
Tests: OCSP stapling tests.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
88 server { |
b82ed2061f65
Tests: OCSP stapling tests.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
89 listen 127.0.0.1:8447 ssl; |
b82ed2061f65
Tests: OCSP stapling tests.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
90 server_name localhost; |
b82ed2061f65
Tests: OCSP stapling tests.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
91 |
b82ed2061f65
Tests: OCSP stapling tests.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
92 ssl_certificate end-int.crt; |
b82ed2061f65
Tests: OCSP stapling tests.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
93 ssl_certificate_key end.key; |
b82ed2061f65
Tests: OCSP stapling tests.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
94 |
b82ed2061f65
Tests: OCSP stapling tests.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
95 ssl_stapling_file %%TESTDIR%%/resp.der; |
b82ed2061f65
Tests: OCSP stapling tests.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
96 } |
b82ed2061f65
Tests: OCSP stapling tests.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
97 |
b82ed2061f65
Tests: OCSP stapling tests.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
98 server { |
b82ed2061f65
Tests: OCSP stapling tests.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
99 listen 127.0.0.1:8448 ssl; |
b82ed2061f65
Tests: OCSP stapling tests.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
100 server_name localhost; |
b82ed2061f65
Tests: OCSP stapling tests.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
101 |
b82ed2061f65
Tests: OCSP stapling tests.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
102 ssl_certificate ec-end-int.crt; |
b82ed2061f65
Tests: OCSP stapling tests.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
103 ssl_certificate_key ec-end.key; |
b82ed2061f65
Tests: OCSP stapling tests.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
104 |
b82ed2061f65
Tests: OCSP stapling tests.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
105 ssl_stapling_file %%TESTDIR%%/ec-resp.der; |
b82ed2061f65
Tests: OCSP stapling tests.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
106 } |
b82ed2061f65
Tests: OCSP stapling tests.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
107 |
b82ed2061f65
Tests: OCSP stapling tests.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
108 server { |
b82ed2061f65
Tests: OCSP stapling tests.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
109 listen 127.0.0.1:8449 ssl; |
b82ed2061f65
Tests: OCSP stapling tests.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
110 server_name localhost; |
b82ed2061f65
Tests: OCSP stapling tests.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
111 |
b82ed2061f65
Tests: OCSP stapling tests.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
112 ssl_stapling_responder http://127.0.0.1:8080/; |
b82ed2061f65
Tests: OCSP stapling tests.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
113 } |
b82ed2061f65
Tests: OCSP stapling tests.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
114 } |
b82ed2061f65
Tests: OCSP stapling tests.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
115 |
b82ed2061f65
Tests: OCSP stapling tests.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
116 EOF |
b82ed2061f65
Tests: OCSP stapling tests.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
117 |
b82ed2061f65
Tests: OCSP stapling tests.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
118 my $d = $t->testdir(); |
b82ed2061f65
Tests: OCSP stapling tests.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
119 my $p = port(8081); |
b82ed2061f65
Tests: OCSP stapling tests.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
120 |
b82ed2061f65
Tests: OCSP stapling tests.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
121 $t->write_file('openssl.conf', <<EOF); |
b82ed2061f65
Tests: OCSP stapling tests.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
122 [ req ] |
1488
dbce8fb5f5f8
Tests: align with OpenSSL security level 2.
Sergey Kandaurov <pluknet@nginx.com>
parents:
1476
diff
changeset
|
123 default_bits = 2048 |
1330
b82ed2061f65
Tests: OCSP stapling tests.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
124 encrypt_key = no |
b82ed2061f65
Tests: OCSP stapling tests.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
125 distinguished_name = req_distinguished_name |
b82ed2061f65
Tests: OCSP stapling tests.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
126 [ req_distinguished_name ] |
b82ed2061f65
Tests: OCSP stapling tests.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
127 EOF |
b82ed2061f65
Tests: OCSP stapling tests.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
128 |
b82ed2061f65
Tests: OCSP stapling tests.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
129 $t->write_file('ca.conf', <<EOF); |
b82ed2061f65
Tests: OCSP stapling tests.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
130 [ ca ] |
b82ed2061f65
Tests: OCSP stapling tests.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
131 default_ca = myca |
b82ed2061f65
Tests: OCSP stapling tests.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
132 |
b82ed2061f65
Tests: OCSP stapling tests.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
133 [ myca ] |
b82ed2061f65
Tests: OCSP stapling tests.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
134 new_certs_dir = $d |
b82ed2061f65
Tests: OCSP stapling tests.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
135 database = $d/certindex |
1488
dbce8fb5f5f8
Tests: align with OpenSSL security level 2.
Sergey Kandaurov <pluknet@nginx.com>
parents:
1476
diff
changeset
|
136 default_md = sha256 |
1330
b82ed2061f65
Tests: OCSP stapling tests.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
137 policy = myca_policy |
b82ed2061f65
Tests: OCSP stapling tests.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
138 serial = $d/certserial |
b82ed2061f65
Tests: OCSP stapling tests.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
139 default_days = 1 |
b82ed2061f65
Tests: OCSP stapling tests.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
140 x509_extensions = myca_extensions |
b82ed2061f65
Tests: OCSP stapling tests.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
141 |
b82ed2061f65
Tests: OCSP stapling tests.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
142 [ myca_policy ] |
b82ed2061f65
Tests: OCSP stapling tests.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
143 commonName = supplied |
b82ed2061f65
Tests: OCSP stapling tests.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
144 |
b82ed2061f65
Tests: OCSP stapling tests.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
145 [ myca_extensions ] |
b82ed2061f65
Tests: OCSP stapling tests.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
146 basicConstraints = critical,CA:TRUE |
b82ed2061f65
Tests: OCSP stapling tests.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
147 authorityInfoAccess = OCSP;URI:http://127.0.0.1:$p |
b82ed2061f65
Tests: OCSP stapling tests.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
148 EOF |
b82ed2061f65
Tests: OCSP stapling tests.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
149 |
b82ed2061f65
Tests: OCSP stapling tests.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
150 foreach my $name ('root') { |
b82ed2061f65
Tests: OCSP stapling tests.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
151 system('openssl req -x509 -new ' |
b82ed2061f65
Tests: OCSP stapling tests.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
152 . "-config $d/openssl.conf -subj /CN=$name/ " |
b82ed2061f65
Tests: OCSP stapling tests.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
153 . "-out $d/$name.crt -keyout $d/$name.key " |
b82ed2061f65
Tests: OCSP stapling tests.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
154 . ">>$d/openssl.out 2>&1") == 0 |
b82ed2061f65
Tests: OCSP stapling tests.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
155 or die "Can't create certificate for $name: $!\n"; |
b82ed2061f65
Tests: OCSP stapling tests.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
156 } |
b82ed2061f65
Tests: OCSP stapling tests.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
157 |
b82ed2061f65
Tests: OCSP stapling tests.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
158 foreach my $name ('int', 'end') { |
b82ed2061f65
Tests: OCSP stapling tests.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
159 system("openssl req -new " |
b82ed2061f65
Tests: OCSP stapling tests.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
160 . "-config $d/openssl.conf -subj /CN=$name/ " |
b82ed2061f65
Tests: OCSP stapling tests.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
161 . "-out $d/$name.csr -keyout $d/$name.key " |
b82ed2061f65
Tests: OCSP stapling tests.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
162 . ">>$d/openssl.out 2>&1") == 0 |
b82ed2061f65
Tests: OCSP stapling tests.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
163 or die "Can't create certificate for $name: $!\n"; |
b82ed2061f65
Tests: OCSP stapling tests.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
164 } |
b82ed2061f65
Tests: OCSP stapling tests.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
165 |
b82ed2061f65
Tests: OCSP stapling tests.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
166 foreach my $name ('ec-end') { |
b82ed2061f65
Tests: OCSP stapling tests.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
167 system("openssl ecparam -genkey -out $d/$name.key -name prime256v1 " |
b82ed2061f65
Tests: OCSP stapling tests.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
168 . ">>$d/openssl.out 2>&1") == 0 |
b82ed2061f65
Tests: OCSP stapling tests.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
169 or die "Can't create EC param: $!\n"; |
b82ed2061f65
Tests: OCSP stapling tests.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
170 system("openssl req -new -key $d/$name.key " |
b82ed2061f65
Tests: OCSP stapling tests.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
171 . "-config $d/openssl.conf -subj /CN=$name/ " |
b82ed2061f65
Tests: OCSP stapling tests.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
172 . "-out $d/$name.csr " |
b82ed2061f65
Tests: OCSP stapling tests.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
173 . ">>$d/openssl.out 2>&1") == 0 |
b82ed2061f65
Tests: OCSP stapling tests.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
174 or die "Can't create certificate for $name: $!\n"; |
b82ed2061f65
Tests: OCSP stapling tests.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
175 } |
b82ed2061f65
Tests: OCSP stapling tests.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
176 |
b82ed2061f65
Tests: OCSP stapling tests.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
177 $t->write_file('certserial', '1000'); |
b82ed2061f65
Tests: OCSP stapling tests.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
178 $t->write_file('certindex', ''); |
b82ed2061f65
Tests: OCSP stapling tests.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
179 |
b82ed2061f65
Tests: OCSP stapling tests.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
180 system("openssl ca -batch -config $d/ca.conf " |
b82ed2061f65
Tests: OCSP stapling tests.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
181 . "-keyfile $d/root.key -cert $d/root.crt " |
b82ed2061f65
Tests: OCSP stapling tests.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
182 . "-subj /CN=int/ -in $d/int.csr -out $d/int.crt " |
b82ed2061f65
Tests: OCSP stapling tests.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
183 . ">>$d/openssl.out 2>&1") == 0 |
b82ed2061f65
Tests: OCSP stapling tests.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
184 or die "Can't sign certificate for int: $!\n"; |
b82ed2061f65
Tests: OCSP stapling tests.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
185 |
b82ed2061f65
Tests: OCSP stapling tests.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
186 system("openssl ca -batch -config $d/ca.conf " |
b82ed2061f65
Tests: OCSP stapling tests.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
187 . "-keyfile $d/int.key -cert $d/int.crt " |
b82ed2061f65
Tests: OCSP stapling tests.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
188 . "-subj /CN=ec-end/ -in $d/ec-end.csr -out $d/ec-end.crt " |
b82ed2061f65
Tests: OCSP stapling tests.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
189 . ">>$d/openssl.out 2>&1") == 0 |
b82ed2061f65
Tests: OCSP stapling tests.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
190 or die "Can't sign certificate for ec-end: $!\n"; |
b82ed2061f65
Tests: OCSP stapling tests.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
191 |
b82ed2061f65
Tests: OCSP stapling tests.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
192 system("openssl ca -batch -config $d/ca.conf " |
b82ed2061f65
Tests: OCSP stapling tests.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
193 . "-keyfile $d/int.key -cert $d/int.crt " |
b82ed2061f65
Tests: OCSP stapling tests.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
194 . "-subj /CN=end/ -in $d/end.csr -out $d/end.crt " |
b82ed2061f65
Tests: OCSP stapling tests.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
195 . ">>$d/openssl.out 2>&1") == 0 |
b82ed2061f65
Tests: OCSP stapling tests.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
196 or die "Can't sign certificate for end: $!\n"; |
b82ed2061f65
Tests: OCSP stapling tests.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
197 |
b82ed2061f65
Tests: OCSP stapling tests.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
198 # RFC 6960, serialNumber |
b82ed2061f65
Tests: OCSP stapling tests.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
199 |
b82ed2061f65
Tests: OCSP stapling tests.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
200 system("openssl x509 -in $d/end.crt -serial -noout " |
b82ed2061f65
Tests: OCSP stapling tests.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
201 . ">>$d/serial 2>>$d/openssl.out") == 0 |
b82ed2061f65
Tests: OCSP stapling tests.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
202 or die "Can't obtain serial for end: $!\n"; |
b82ed2061f65
Tests: OCSP stapling tests.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
203 |
b82ed2061f65
Tests: OCSP stapling tests.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
204 my $serial = pack("n2", 0x0202, hex $1) if $t->read_file('serial') =~ /(\d+)/; |
b82ed2061f65
Tests: OCSP stapling tests.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
205 |
b82ed2061f65
Tests: OCSP stapling tests.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
206 system("openssl ca -config $d/ca.conf -revoke $d/end.crt " |
b82ed2061f65
Tests: OCSP stapling tests.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
207 . "-keyfile $d/root.key -cert $d/root.crt " |
b82ed2061f65
Tests: OCSP stapling tests.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
208 . ">>$d/openssl.out 2>&1") == 0 |
b82ed2061f65
Tests: OCSP stapling tests.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
209 or die "Can't revoke end.crt: $!\n"; |
b82ed2061f65
Tests: OCSP stapling tests.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
210 |
b82ed2061f65
Tests: OCSP stapling tests.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
211 system("openssl ocsp -issuer $d/int.crt -cert $d/end.crt " |
b82ed2061f65
Tests: OCSP stapling tests.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
212 . "-reqout $d/req.der >>$d/openssl.out 2>&1") == 0 |
b82ed2061f65
Tests: OCSP stapling tests.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
213 or die "Can't create OCSP request: $!\n"; |
b82ed2061f65
Tests: OCSP stapling tests.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
214 |
b82ed2061f65
Tests: OCSP stapling tests.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
215 system("openssl ocsp -index $d/certindex -CA $d/int.crt " |
b82ed2061f65
Tests: OCSP stapling tests.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
216 . "-rsigner $d/root.crt -rkey $d/root.key " |
b82ed2061f65
Tests: OCSP stapling tests.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
217 . "-reqin $d/req.der -respout $d/resp.der -ndays 1 " |
b82ed2061f65
Tests: OCSP stapling tests.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
218 . ">>$d/openssl.out 2>&1") == 0 |
b82ed2061f65
Tests: OCSP stapling tests.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
219 or die "Can't create OCSP response: $!\n"; |
b82ed2061f65
Tests: OCSP stapling tests.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
220 |
b82ed2061f65
Tests: OCSP stapling tests.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
221 system("openssl ocsp -issuer $d/int.crt -cert $d/ec-end.crt " |
b82ed2061f65
Tests: OCSP stapling tests.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
222 . "-reqout $d/ec-req.der >>$d/openssl.out 2>&1") == 0 |
b82ed2061f65
Tests: OCSP stapling tests.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
223 or die "Can't create EC OCSP request: $!\n"; |
b82ed2061f65
Tests: OCSP stapling tests.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
224 |
b82ed2061f65
Tests: OCSP stapling tests.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
225 system("openssl ocsp -index $d/certindex -CA $d/int.crt " |
b82ed2061f65
Tests: OCSP stapling tests.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
226 . "-rsigner $d/root.crt -rkey $d/root.key " |
b82ed2061f65
Tests: OCSP stapling tests.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
227 . "-reqin $d/ec-req.der -respout $d/ec-resp.der -ndays 1 " |
b82ed2061f65
Tests: OCSP stapling tests.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
228 . ">>$d/openssl.out 2>&1") == 0 |
b82ed2061f65
Tests: OCSP stapling tests.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
229 or die "Can't create EC OCSP response: $!\n"; |
b82ed2061f65
Tests: OCSP stapling tests.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
230 |
b82ed2061f65
Tests: OCSP stapling tests.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
231 $t->write_file('trusted.crt', |
b82ed2061f65
Tests: OCSP stapling tests.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
232 $t->read_file('int.crt') . $t->read_file('root.crt')); |
b82ed2061f65
Tests: OCSP stapling tests.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
233 $t->write_file('end-int.crt', |
b82ed2061f65
Tests: OCSP stapling tests.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
234 $t->read_file('end.crt') . $t->read_file('int.crt')); |
b82ed2061f65
Tests: OCSP stapling tests.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
235 $t->write_file('ec-end-int.crt', |
b82ed2061f65
Tests: OCSP stapling tests.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
236 $t->read_file('ec-end.crt') . $t->read_file('int.crt')); |
b82ed2061f65
Tests: OCSP stapling tests.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
237 |
b82ed2061f65
Tests: OCSP stapling tests.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
238 $t->run_daemon(\&http_daemon, $t); |
b82ed2061f65
Tests: OCSP stapling tests.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
239 $t->run(); |
b82ed2061f65
Tests: OCSP stapling tests.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
240 |
b82ed2061f65
Tests: OCSP stapling tests.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
241 $t->waitforsocket("127.0.0.1:" . port(8081)); |
b82ed2061f65
Tests: OCSP stapling tests.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
242 |
b82ed2061f65
Tests: OCSP stapling tests.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
243 ############################################################################### |
b82ed2061f65
Tests: OCSP stapling tests.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
244 |
b82ed2061f65
Tests: OCSP stapling tests.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
245 staple(8443, 'RSA'); |
b82ed2061f65
Tests: OCSP stapling tests.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
246 staple(8443, 'ECDSA'); |
b82ed2061f65
Tests: OCSP stapling tests.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
247 staple(8444, 'RSA'); |
b82ed2061f65
Tests: OCSP stapling tests.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
248 staple(8444, 'ECDSA'); |
b82ed2061f65
Tests: OCSP stapling tests.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
249 staple(8445, 'ECDSA'); |
b82ed2061f65
Tests: OCSP stapling tests.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
250 staple(8446, 'ECDSA'); |
b82ed2061f65
Tests: OCSP stapling tests.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
251 staple(8449, 'ECDSA'); |
b82ed2061f65
Tests: OCSP stapling tests.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
252 |
b82ed2061f65
Tests: OCSP stapling tests.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
253 sleep 1; |
b82ed2061f65
Tests: OCSP stapling tests.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
254 |
b82ed2061f65
Tests: OCSP stapling tests.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
255 ok(!staple(8443, 'RSA'), 'staple revoked'); |
1842
af47a0b348a5
Tests: LibreSSL certificate negotiation with TLSv1.3.
Maxim Dounin <mdounin@mdounin.ru>
parents:
1636
diff
changeset
|
256 |
af47a0b348a5
Tests: LibreSSL certificate negotiation with TLSv1.3.
Maxim Dounin <mdounin@mdounin.ru>
parents:
1636
diff
changeset
|
257 TODO: { |
af47a0b348a5
Tests: LibreSSL certificate negotiation with TLSv1.3.
Maxim Dounin <mdounin@mdounin.ru>
parents:
1636
diff
changeset
|
258 local $TODO = 'broken TLSv1.3 sigalgs in LibreSSL' |
1865
0e1865aa9b33
Tests: reworked http SSL tests to use IO::Socket::SSL.
Maxim Dounin <mdounin@mdounin.ru>
parents:
1842
diff
changeset
|
259 if $t->has_module('LibreSSL') && test_tls13(); |
1842
af47a0b348a5
Tests: LibreSSL certificate negotiation with TLSv1.3.
Maxim Dounin <mdounin@mdounin.ru>
parents:
1636
diff
changeset
|
260 |
1330
b82ed2061f65
Tests: OCSP stapling tests.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
261 ok(staple(8443, 'ECDSA'), 'staple success'); |
b82ed2061f65
Tests: OCSP stapling tests.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
262 |
1842
af47a0b348a5
Tests: LibreSSL certificate negotiation with TLSv1.3.
Maxim Dounin <mdounin@mdounin.ru>
parents:
1636
diff
changeset
|
263 } |
af47a0b348a5
Tests: LibreSSL certificate negotiation with TLSv1.3.
Maxim Dounin <mdounin@mdounin.ru>
parents:
1636
diff
changeset
|
264 |
1330
b82ed2061f65
Tests: OCSP stapling tests.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
265 ok(!staple(8444, 'RSA'), 'responder revoked'); |
1842
af47a0b348a5
Tests: LibreSSL certificate negotiation with TLSv1.3.
Maxim Dounin <mdounin@mdounin.ru>
parents:
1636
diff
changeset
|
266 |
af47a0b348a5
Tests: LibreSSL certificate negotiation with TLSv1.3.
Maxim Dounin <mdounin@mdounin.ru>
parents:
1636
diff
changeset
|
267 TODO: { |
af47a0b348a5
Tests: LibreSSL certificate negotiation with TLSv1.3.
Maxim Dounin <mdounin@mdounin.ru>
parents:
1636
diff
changeset
|
268 local $TODO = 'broken TLSv1.3 sigalgs in LibreSSL' |
1865
0e1865aa9b33
Tests: reworked http SSL tests to use IO::Socket::SSL.
Maxim Dounin <mdounin@mdounin.ru>
parents:
1842
diff
changeset
|
269 if $t->has_module('LibreSSL') && test_tls13(); |
1842
af47a0b348a5
Tests: LibreSSL certificate negotiation with TLSv1.3.
Maxim Dounin <mdounin@mdounin.ru>
parents:
1636
diff
changeset
|
270 |
1330
b82ed2061f65
Tests: OCSP stapling tests.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
271 ok(staple(8444, 'ECDSA'), 'responder success'); |
b82ed2061f65
Tests: OCSP stapling tests.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
272 |
1842
af47a0b348a5
Tests: LibreSSL certificate negotiation with TLSv1.3.
Maxim Dounin <mdounin@mdounin.ru>
parents:
1636
diff
changeset
|
273 } |
af47a0b348a5
Tests: LibreSSL certificate negotiation with TLSv1.3.
Maxim Dounin <mdounin@mdounin.ru>
parents:
1636
diff
changeset
|
274 |
1330
b82ed2061f65
Tests: OCSP stapling tests.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
275 ok(!staple(8445, 'ECDSA'), 'verify - root not trusted'); |
b82ed2061f65
Tests: OCSP stapling tests.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
276 |
b82ed2061f65
Tests: OCSP stapling tests.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
277 ok(staple(8446, 'ECDSA', "$d/int.crt"), 'cert store'); |
b82ed2061f65
Tests: OCSP stapling tests.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
278 |
b82ed2061f65
Tests: OCSP stapling tests.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
279 is(staple(8447, 'RSA'), '1 1', 'file revoked'); |
b82ed2061f65
Tests: OCSP stapling tests.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
280 is(staple(8448, 'ECDSA'), '1 0', 'file success'); |
b82ed2061f65
Tests: OCSP stapling tests.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
281 |
b82ed2061f65
Tests: OCSP stapling tests.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
282 ok(!staple(8449, 'ECDSA'), 'ocsp error'); |
b82ed2061f65
Tests: OCSP stapling tests.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
283 |
1842
af47a0b348a5
Tests: LibreSSL certificate negotiation with TLSv1.3.
Maxim Dounin <mdounin@mdounin.ru>
parents:
1636
diff
changeset
|
284 TODO: { |
af47a0b348a5
Tests: LibreSSL certificate negotiation with TLSv1.3.
Maxim Dounin <mdounin@mdounin.ru>
parents:
1636
diff
changeset
|
285 local $TODO = 'broken TLSv1.3 sigalgs in LibreSSL' |
1865
0e1865aa9b33
Tests: reworked http SSL tests to use IO::Socket::SSL.
Maxim Dounin <mdounin@mdounin.ru>
parents:
1842
diff
changeset
|
286 if $t->has_module('LibreSSL') && test_tls13(); |
1842
af47a0b348a5
Tests: LibreSSL certificate negotiation with TLSv1.3.
Maxim Dounin <mdounin@mdounin.ru>
parents:
1636
diff
changeset
|
287 |
af47a0b348a5
Tests: LibreSSL certificate negotiation with TLSv1.3.
Maxim Dounin <mdounin@mdounin.ru>
parents:
1636
diff
changeset
|
288 like(`grep -F '[crit]' ${\($t->testdir())}/error.log`, qr/^$/s, 'no crit'); |
af47a0b348a5
Tests: LibreSSL certificate negotiation with TLSv1.3.
Maxim Dounin <mdounin@mdounin.ru>
parents:
1636
diff
changeset
|
289 |
af47a0b348a5
Tests: LibreSSL certificate negotiation with TLSv1.3.
Maxim Dounin <mdounin@mdounin.ru>
parents:
1636
diff
changeset
|
290 } |
af47a0b348a5
Tests: LibreSSL certificate negotiation with TLSv1.3.
Maxim Dounin <mdounin@mdounin.ru>
parents:
1636
diff
changeset
|
291 |
1330
b82ed2061f65
Tests: OCSP stapling tests.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
292 ############################################################################### |
b82ed2061f65
Tests: OCSP stapling tests.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
293 |
b82ed2061f65
Tests: OCSP stapling tests.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
294 sub staple { |
b82ed2061f65
Tests: OCSP stapling tests.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
295 my ($port, $ciphers, $ca) = @_; |
b82ed2061f65
Tests: OCSP stapling tests.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
296 my (@resp); |
b82ed2061f65
Tests: OCSP stapling tests.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
297 |
b82ed2061f65
Tests: OCSP stapling tests.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
298 my $staple_cb = sub { |
1865
0e1865aa9b33
Tests: reworked http SSL tests to use IO::Socket::SSL.
Maxim Dounin <mdounin@mdounin.ru>
parents:
1842
diff
changeset
|
299 my ($s, $resp) = @_; |
1330
b82ed2061f65
Tests: OCSP stapling tests.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
300 push @resp, !!$resp; |
b82ed2061f65
Tests: OCSP stapling tests.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
301 return 1 unless $resp; |
1865
0e1865aa9b33
Tests: reworked http SSL tests to use IO::Socket::SSL.
Maxim Dounin <mdounin@mdounin.ru>
parents:
1842
diff
changeset
|
302 |
0e1865aa9b33
Tests: reworked http SSL tests to use IO::Socket::SSL.
Maxim Dounin <mdounin@mdounin.ru>
parents:
1842
diff
changeset
|
303 # Contrary to the documentation, IO::Socket::SSL calls the |
0e1865aa9b33
Tests: reworked http SSL tests to use IO::Socket::SSL.
Maxim Dounin <mdounin@mdounin.ru>
parents:
1842
diff
changeset
|
304 # SSL_ocsp_staple_callback with the socket, and not the |
0e1865aa9b33
Tests: reworked http SSL tests to use IO::Socket::SSL.
Maxim Dounin <mdounin@mdounin.ru>
parents:
1842
diff
changeset
|
305 # Net::SSLeay object. |
0e1865aa9b33
Tests: reworked http SSL tests to use IO::Socket::SSL.
Maxim Dounin <mdounin@mdounin.ru>
parents:
1842
diff
changeset
|
306 |
0e1865aa9b33
Tests: reworked http SSL tests to use IO::Socket::SSL.
Maxim Dounin <mdounin@mdounin.ru>
parents:
1842
diff
changeset
|
307 my $ssl = $s->_get_ssl_object(); |
0e1865aa9b33
Tests: reworked http SSL tests to use IO::Socket::SSL.
Maxim Dounin <mdounin@mdounin.ru>
parents:
1842
diff
changeset
|
308 |
1389
73a9504ae6fd
Tests: support TLS 1.3 in ssl_stapling.t by preferring sigalgs.
Sergey Kandaurov <pluknet@nginx.com>
parents:
1330
diff
changeset
|
309 my $cert = Net::SSLeay::get_peer_certificate($ssl); |
73a9504ae6fd
Tests: support TLS 1.3 in ssl_stapling.t by preferring sigalgs.
Sergey Kandaurov <pluknet@nginx.com>
parents:
1330
diff
changeset
|
310 my $certid = eval { Net::SSLeay::OCSP_cert2ids($ssl, $cert) } |
1330
b82ed2061f65
Tests: OCSP stapling tests.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
311 or do { die "no OCSP_CERTID for certificate: $@"; }; |
b82ed2061f65
Tests: OCSP stapling tests.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
312 |
b82ed2061f65
Tests: OCSP stapling tests.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
313 my @res = Net::SSLeay::OCSP_response_results($resp, $certid); |
b82ed2061f65
Tests: OCSP stapling tests.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
314 push @resp, $res[0][2]->{'statusType'}; |
b82ed2061f65
Tests: OCSP stapling tests.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
315 }; |
b82ed2061f65
Tests: OCSP stapling tests.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
316 |
1865
0e1865aa9b33
Tests: reworked http SSL tests to use IO::Socket::SSL.
Maxim Dounin <mdounin@mdounin.ru>
parents:
1842
diff
changeset
|
317 my $ctx_cb = sub { |
0e1865aa9b33
Tests: reworked http SSL tests to use IO::Socket::SSL.
Maxim Dounin <mdounin@mdounin.ru>
parents:
1842
diff
changeset
|
318 my $ctx = shift; |
0e1865aa9b33
Tests: reworked http SSL tests to use IO::Socket::SSL.
Maxim Dounin <mdounin@mdounin.ru>
parents:
1842
diff
changeset
|
319 return unless defined $ciphers; |
0e1865aa9b33
Tests: reworked http SSL tests to use IO::Socket::SSL.
Maxim Dounin <mdounin@mdounin.ru>
parents:
1842
diff
changeset
|
320 my $ssleay = Net::SSLeay::SSLeay(); |
0e1865aa9b33
Tests: reworked http SSL tests to use IO::Socket::SSL.
Maxim Dounin <mdounin@mdounin.ru>
parents:
1842
diff
changeset
|
321 return if ($ssleay < 0x1000200f || $ssleay == 0x20000000); |
0e1865aa9b33
Tests: reworked http SSL tests to use IO::Socket::SSL.
Maxim Dounin <mdounin@mdounin.ru>
parents:
1842
diff
changeset
|
322 my $sigalgs = 'RSA+SHA256:PSS+SHA256'; |
0e1865aa9b33
Tests: reworked http SSL tests to use IO::Socket::SSL.
Maxim Dounin <mdounin@mdounin.ru>
parents:
1842
diff
changeset
|
323 $sigalgs = $ciphers . '+SHA256' unless $ciphers eq 'RSA'; |
0e1865aa9b33
Tests: reworked http SSL tests to use IO::Socket::SSL.
Maxim Dounin <mdounin@mdounin.ru>
parents:
1842
diff
changeset
|
324 # SSL_CTRL_SET_SIGALGS_LIST |
0e1865aa9b33
Tests: reworked http SSL tests to use IO::Socket::SSL.
Maxim Dounin <mdounin@mdounin.ru>
parents:
1842
diff
changeset
|
325 Net::SSLeay::CTX_ctrl($ctx, 98, 0, $sigalgs) |
0e1865aa9b33
Tests: reworked http SSL tests to use IO::Socket::SSL.
Maxim Dounin <mdounin@mdounin.ru>
parents:
1842
diff
changeset
|
326 or die("Failed to set sigalgs"); |
1330
b82ed2061f65
Tests: OCSP stapling tests.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
327 }; |
1389
73a9504ae6fd
Tests: support TLS 1.3 in ssl_stapling.t by preferring sigalgs.
Sergey Kandaurov <pluknet@nginx.com>
parents:
1330
diff
changeset
|
328 |
1865
0e1865aa9b33
Tests: reworked http SSL tests to use IO::Socket::SSL.
Maxim Dounin <mdounin@mdounin.ru>
parents:
1842
diff
changeset
|
329 my $s = http_get( |
0e1865aa9b33
Tests: reworked http SSL tests to use IO::Socket::SSL.
Maxim Dounin <mdounin@mdounin.ru>
parents:
1842
diff
changeset
|
330 '/', start => 1, PeerAddr => '127.0.0.1:' . port($port), |
0e1865aa9b33
Tests: reworked http SSL tests to use IO::Socket::SSL.
Maxim Dounin <mdounin@mdounin.ru>
parents:
1842
diff
changeset
|
331 SSL => 1, |
0e1865aa9b33
Tests: reworked http SSL tests to use IO::Socket::SSL.
Maxim Dounin <mdounin@mdounin.ru>
parents:
1842
diff
changeset
|
332 SSL_cipher_list => $ciphers, |
0e1865aa9b33
Tests: reworked http SSL tests to use IO::Socket::SSL.
Maxim Dounin <mdounin@mdounin.ru>
parents:
1842
diff
changeset
|
333 SSL_create_ctx_callback => $ctx_cb, |
0e1865aa9b33
Tests: reworked http SSL tests to use IO::Socket::SSL.
Maxim Dounin <mdounin@mdounin.ru>
parents:
1842
diff
changeset
|
334 SSL_ocsp_staple_callback => $staple_cb, |
0e1865aa9b33
Tests: reworked http SSL tests to use IO::Socket::SSL.
Maxim Dounin <mdounin@mdounin.ru>
parents:
1842
diff
changeset
|
335 SSL_ocsp_mode => IO::Socket::SSL::SSL_OCSP_TRY_STAPLE(), |
0e1865aa9b33
Tests: reworked http SSL tests to use IO::Socket::SSL.
Maxim Dounin <mdounin@mdounin.ru>
parents:
1842
diff
changeset
|
336 SSL_ca_file => $ca |
0e1865aa9b33
Tests: reworked http SSL tests to use IO::Socket::SSL.
Maxim Dounin <mdounin@mdounin.ru>
parents:
1842
diff
changeset
|
337 ); |
1389
73a9504ae6fd
Tests: support TLS 1.3 in ssl_stapling.t by preferring sigalgs.
Sergey Kandaurov <pluknet@nginx.com>
parents:
1330
diff
changeset
|
338 |
1865
0e1865aa9b33
Tests: reworked http SSL tests to use IO::Socket::SSL.
Maxim Dounin <mdounin@mdounin.ru>
parents:
1842
diff
changeset
|
339 return $s unless $s; |
1330
b82ed2061f65
Tests: OCSP stapling tests.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
340 return join ' ', @resp; |
b82ed2061f65
Tests: OCSP stapling tests.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
341 } |
b82ed2061f65
Tests: OCSP stapling tests.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
342 |
1865
0e1865aa9b33
Tests: reworked http SSL tests to use IO::Socket::SSL.
Maxim Dounin <mdounin@mdounin.ru>
parents:
1842
diff
changeset
|
343 sub test_tls13 { |
0e1865aa9b33
Tests: reworked http SSL tests to use IO::Socket::SSL.
Maxim Dounin <mdounin@mdounin.ru>
parents:
1842
diff
changeset
|
344 return http_get('/', start => 1, SSL => 1) =~ /TLSv1.3/; |
1389
73a9504ae6fd
Tests: support TLS 1.3 in ssl_stapling.t by preferring sigalgs.
Sergey Kandaurov <pluknet@nginx.com>
parents:
1330
diff
changeset
|
345 } |
73a9504ae6fd
Tests: support TLS 1.3 in ssl_stapling.t by preferring sigalgs.
Sergey Kandaurov <pluknet@nginx.com>
parents:
1330
diff
changeset
|
346 |
1330
b82ed2061f65
Tests: OCSP stapling tests.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
347 ############################################################################### |
b82ed2061f65
Tests: OCSP stapling tests.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
348 |
b82ed2061f65
Tests: OCSP stapling tests.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
349 sub http_daemon { |
b82ed2061f65
Tests: OCSP stapling tests.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
350 my ($t) = shift; |
b82ed2061f65
Tests: OCSP stapling tests.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
351 my $server = IO::Socket::INET->new( |
b82ed2061f65
Tests: OCSP stapling tests.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
352 Proto => 'tcp', |
b82ed2061f65
Tests: OCSP stapling tests.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
353 LocalHost => "127.0.0.1:" . port(8081), |
b82ed2061f65
Tests: OCSP stapling tests.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
354 Listen => 5, |
b82ed2061f65
Tests: OCSP stapling tests.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
355 Reuse => 1 |
b82ed2061f65
Tests: OCSP stapling tests.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
356 ) |
b82ed2061f65
Tests: OCSP stapling tests.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
357 or die "Can't create listening socket: $!\n"; |
b82ed2061f65
Tests: OCSP stapling tests.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
358 |
b82ed2061f65
Tests: OCSP stapling tests.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
359 local $SIG{PIPE} = 'IGNORE'; |
b82ed2061f65
Tests: OCSP stapling tests.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
360 |
b82ed2061f65
Tests: OCSP stapling tests.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
361 while (my $client = $server->accept()) { |
b82ed2061f65
Tests: OCSP stapling tests.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
362 $client->autoflush(1); |
b82ed2061f65
Tests: OCSP stapling tests.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
363 |
b82ed2061f65
Tests: OCSP stapling tests.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
364 my $headers = ''; |
b82ed2061f65
Tests: OCSP stapling tests.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
365 my $uri = ''; |
b82ed2061f65
Tests: OCSP stapling tests.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
366 |
b82ed2061f65
Tests: OCSP stapling tests.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
367 while (<$client>) { |
b82ed2061f65
Tests: OCSP stapling tests.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
368 $headers .= $_; |
b82ed2061f65
Tests: OCSP stapling tests.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
369 last if (/^\x0d?\x0a?$/); |
b82ed2061f65
Tests: OCSP stapling tests.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
370 } |
b82ed2061f65
Tests: OCSP stapling tests.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
371 |
b82ed2061f65
Tests: OCSP stapling tests.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
372 $uri = $1 if $headers =~ /^\S+\s+\/([^ ]+)\s+HTTP/i; |
b82ed2061f65
Tests: OCSP stapling tests.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
373 next unless $uri; |
b82ed2061f65
Tests: OCSP stapling tests.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
374 |
b82ed2061f65
Tests: OCSP stapling tests.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
375 $uri =~ s/%([0-9A-Fa-f]{2})/chr(hex($1))/eg; |
b82ed2061f65
Tests: OCSP stapling tests.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
376 my $req = decode_base64($uri); |
b82ed2061f65
Tests: OCSP stapling tests.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
377 my $resp = index($req, $serial) > 0 ? 'resp' : 'ec-resp'; |
b82ed2061f65
Tests: OCSP stapling tests.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
378 |
b82ed2061f65
Tests: OCSP stapling tests.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
379 # ocsp dummy handler |
b82ed2061f65
Tests: OCSP stapling tests.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
380 |
b82ed2061f65
Tests: OCSP stapling tests.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
381 select undef, undef, undef, 0.02; |
b82ed2061f65
Tests: OCSP stapling tests.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
382 |
b82ed2061f65
Tests: OCSP stapling tests.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
383 $headers = <<"EOF"; |
b82ed2061f65
Tests: OCSP stapling tests.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
384 HTTP/1.1 200 OK |
b82ed2061f65
Tests: OCSP stapling tests.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
385 Connection: close |
b82ed2061f65
Tests: OCSP stapling tests.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
386 Content-Type: application/ocsp-response |
b82ed2061f65
Tests: OCSP stapling tests.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
387 |
b82ed2061f65
Tests: OCSP stapling tests.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
388 EOF |
b82ed2061f65
Tests: OCSP stapling tests.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
389 |
1636
2d371452658c
Tests: fixed serving binary OCSP responses on win32.
Sergey Kandaurov <pluknet@nginx.com>
parents:
1488
diff
changeset
|
390 local $/; |
2d371452658c
Tests: fixed serving binary OCSP responses on win32.
Sergey Kandaurov <pluknet@nginx.com>
parents:
1488
diff
changeset
|
391 open my $fh, '<', "$d/$resp.der" |
2d371452658c
Tests: fixed serving binary OCSP responses on win32.
Sergey Kandaurov <pluknet@nginx.com>
parents:
1488
diff
changeset
|
392 or die "Can't open $resp.der: $!"; |
2d371452658c
Tests: fixed serving binary OCSP responses on win32.
Sergey Kandaurov <pluknet@nginx.com>
parents:
1488
diff
changeset
|
393 binmode $fh; |
2d371452658c
Tests: fixed serving binary OCSP responses on win32.
Sergey Kandaurov <pluknet@nginx.com>
parents:
1488
diff
changeset
|
394 my $content = <$fh>; |
2d371452658c
Tests: fixed serving binary OCSP responses on win32.
Sergey Kandaurov <pluknet@nginx.com>
parents:
1488
diff
changeset
|
395 close $fh; |
2d371452658c
Tests: fixed serving binary OCSP responses on win32.
Sergey Kandaurov <pluknet@nginx.com>
parents:
1488
diff
changeset
|
396 |
2d371452658c
Tests: fixed serving binary OCSP responses on win32.
Sergey Kandaurov <pluknet@nginx.com>
parents:
1488
diff
changeset
|
397 print $client $headers . $content; |
1330
b82ed2061f65
Tests: OCSP stapling tests.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
398 } |
b82ed2061f65
Tests: OCSP stapling tests.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
399 } |
b82ed2061f65
Tests: OCSP stapling tests.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
400 |
b82ed2061f65
Tests: OCSP stapling tests.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
401 ############################################################################### |