Mercurial > hg > nginx-tests

annotate uwsgi_ssl_verify.t @ 1943:1786f49cca17

Find changesets by keywords (author, files, the commit message), revision number or hash, or revset expression.
Tests: fixed spurious http_resolver_ipv4.t failures. Previously, to get resolved addresses, the test relied on cached random rotation in resolver, such that a chosen address is eventually changed, which may not happen after several client requests. For this reason, the test is rewritten to get all addresses by switching to the next upstream.
author Sergey Kandaurov <pluknet@nginx.com>
date Mon, 22 Jan 2024 14:11:12 +0400
parents 1b9f21836f57
children
Ignore whitespace changes - Everywhere: Within whitespace: At end of lines:
rev   line source
1688
31ea330ac360 Tests: more uwsgi tests with SSL.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff changeset
1 #!/usr/bin/perl
31ea330ac360 Tests: more uwsgi tests with SSL.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff changeset
2
31ea330ac360 Tests: more uwsgi tests with SSL.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff changeset
3 # (C) Maxim Dounin
31ea330ac360 Tests: more uwsgi tests with SSL.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff changeset
4 # (C) Sergey Kandaurov
31ea330ac360 Tests: more uwsgi tests with SSL.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff changeset
5 # (C) Nginx, Inc.
31ea330ac360 Tests: more uwsgi tests with SSL.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff changeset
6
31ea330ac360 Tests: more uwsgi tests with SSL.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff changeset
7 # Tests for uwsgi backend with SSL, backend certificate verification.
31ea330ac360 Tests: more uwsgi tests with SSL.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff changeset
8
31ea330ac360 Tests: more uwsgi tests with SSL.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff changeset
9 ###############################################################################
31ea330ac360 Tests: more uwsgi tests with SSL.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff changeset
10
31ea330ac360 Tests: more uwsgi tests with SSL.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff changeset
11 use warnings;
31ea330ac360 Tests: more uwsgi tests with SSL.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff changeset
12 use strict;
31ea330ac360 Tests: more uwsgi tests with SSL.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff changeset
13
31ea330ac360 Tests: more uwsgi tests with SSL.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff changeset
14 use Test::More;
31ea330ac360 Tests: more uwsgi tests with SSL.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff changeset
15
31ea330ac360 Tests: more uwsgi tests with SSL.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff changeset
16 BEGIN { use FindBin; chdir($FindBin::Bin); }
31ea330ac360 Tests: more uwsgi tests with SSL.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff changeset
17
31ea330ac360 Tests: more uwsgi tests with SSL.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff changeset
18 use lib 'lib';
31ea330ac360 Tests: more uwsgi tests with SSL.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff changeset
19 use Test::Nginx;
31ea330ac360 Tests: more uwsgi tests with SSL.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff changeset
20
31ea330ac360 Tests: more uwsgi tests with SSL.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff changeset
21 ###############################################################################
31ea330ac360 Tests: more uwsgi tests with SSL.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff changeset
22
31ea330ac360 Tests: more uwsgi tests with SSL.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff changeset
23 select STDERR; $| = 1;
31ea330ac360 Tests: more uwsgi tests with SSL.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff changeset
24 select STDOUT; $| = 1;
31ea330ac360 Tests: more uwsgi tests with SSL.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff changeset
25
31ea330ac360 Tests: more uwsgi tests with SSL.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff changeset
26 my $t = Test::Nginx->new()->has(qw/http http_ssl uwsgi/)
31ea330ac360 Tests: more uwsgi tests with SSL.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff changeset
27 ->has_daemon('uwsgi')->has_daemon('openssl')->plan(6)
31ea330ac360 Tests: more uwsgi tests with SSL.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff changeset
28 ->write_file_expand('nginx.conf', <<'EOF');
31ea330ac360 Tests: more uwsgi tests with SSL.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff changeset
29
31ea330ac360 Tests: more uwsgi tests with SSL.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff changeset
30 %%TEST_GLOBALS%%
31ea330ac360 Tests: more uwsgi tests with SSL.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff changeset
31
31ea330ac360 Tests: more uwsgi tests with SSL.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff changeset
32 daemon off;
31ea330ac360 Tests: more uwsgi tests with SSL.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff changeset
33
31ea330ac360 Tests: more uwsgi tests with SSL.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff changeset
34 events {
31ea330ac360 Tests: more uwsgi tests with SSL.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff changeset
35 }
31ea330ac360 Tests: more uwsgi tests with SSL.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff changeset
36
31ea330ac360 Tests: more uwsgi tests with SSL.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff changeset
37 http {
31ea330ac360 Tests: more uwsgi tests with SSL.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff changeset
38 %%TEST_GLOBALS_HTTP%%
31ea330ac360 Tests: more uwsgi tests with SSL.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff changeset
39
31ea330ac360 Tests: more uwsgi tests with SSL.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff changeset
40 server {
31ea330ac360 Tests: more uwsgi tests with SSL.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff changeset
41 listen 127.0.0.1:8080;
31ea330ac360 Tests: more uwsgi tests with SSL.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff changeset
42 server_name localhost;
31ea330ac360 Tests: more uwsgi tests with SSL.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff changeset
43
31ea330ac360 Tests: more uwsgi tests with SSL.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff changeset
44 location /verify {
31ea330ac360 Tests: more uwsgi tests with SSL.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff changeset
45 uwsgi_pass suwsgi://127.0.0.1:8081;
31ea330ac360 Tests: more uwsgi tests with SSL.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff changeset
46 uwsgi_ssl_name example.com;
31ea330ac360 Tests: more uwsgi tests with SSL.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff changeset
47 uwsgi_ssl_verify on;
31ea330ac360 Tests: more uwsgi tests with SSL.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff changeset
48 uwsgi_ssl_trusted_certificate 1.example.com.crt;
31ea330ac360 Tests: more uwsgi tests with SSL.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff changeset
49 }
31ea330ac360 Tests: more uwsgi tests with SSL.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff changeset
50
31ea330ac360 Tests: more uwsgi tests with SSL.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff changeset
51 location /wildcard {
31ea330ac360 Tests: more uwsgi tests with SSL.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff changeset
52 uwsgi_pass suwsgi://127.0.0.1:8081;
31ea330ac360 Tests: more uwsgi tests with SSL.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff changeset
53 uwsgi_ssl_name foo.example.com;
31ea330ac360 Tests: more uwsgi tests with SSL.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff changeset
54 uwsgi_ssl_verify on;
31ea330ac360 Tests: more uwsgi tests with SSL.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff changeset
55 uwsgi_ssl_trusted_certificate 1.example.com.crt;
31ea330ac360 Tests: more uwsgi tests with SSL.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff changeset
56 }
31ea330ac360 Tests: more uwsgi tests with SSL.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff changeset
57
31ea330ac360 Tests: more uwsgi tests with SSL.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff changeset
58 location /fail {
31ea330ac360 Tests: more uwsgi tests with SSL.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff changeset
59 uwsgi_pass suwsgi://127.0.0.1:8081;
31ea330ac360 Tests: more uwsgi tests with SSL.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff changeset
60 uwsgi_ssl_name no.match.example.com;
31ea330ac360 Tests: more uwsgi tests with SSL.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff changeset
61 uwsgi_ssl_verify on;
31ea330ac360 Tests: more uwsgi tests with SSL.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff changeset
62 uwsgi_ssl_trusted_certificate 1.example.com.crt;
31ea330ac360 Tests: more uwsgi tests with SSL.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff changeset
63 }
31ea330ac360 Tests: more uwsgi tests with SSL.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff changeset
64
31ea330ac360 Tests: more uwsgi tests with SSL.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff changeset
65 location /cn {
31ea330ac360 Tests: more uwsgi tests with SSL.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff changeset
66 uwsgi_pass suwsgi://127.0.0.1:8082;
31ea330ac360 Tests: more uwsgi tests with SSL.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff changeset
67 uwsgi_ssl_name 2.example.com;
31ea330ac360 Tests: more uwsgi tests with SSL.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff changeset
68 uwsgi_ssl_verify on;
31ea330ac360 Tests: more uwsgi tests with SSL.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff changeset
69 uwsgi_ssl_trusted_certificate 2.example.com.crt;
31ea330ac360 Tests: more uwsgi tests with SSL.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff changeset
70 }
31ea330ac360 Tests: more uwsgi tests with SSL.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff changeset
71
31ea330ac360 Tests: more uwsgi tests with SSL.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff changeset
72 location /cn/fail {
31ea330ac360 Tests: more uwsgi tests with SSL.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff changeset
73 uwsgi_pass suwsgi://127.0.0.1:8082;
31ea330ac360 Tests: more uwsgi tests with SSL.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff changeset
74 uwsgi_ssl_name bad.example.com;
31ea330ac360 Tests: more uwsgi tests with SSL.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff changeset
75 uwsgi_ssl_verify on;
31ea330ac360 Tests: more uwsgi tests with SSL.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff changeset
76 uwsgi_ssl_trusted_certificate 2.example.com.crt;
31ea330ac360 Tests: more uwsgi tests with SSL.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff changeset
77 }
31ea330ac360 Tests: more uwsgi tests with SSL.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff changeset
78
31ea330ac360 Tests: more uwsgi tests with SSL.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff changeset
79 location /untrusted {
31ea330ac360 Tests: more uwsgi tests with SSL.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff changeset
80 uwsgi_pass suwsgi://127.0.0.1:8082;
31ea330ac360 Tests: more uwsgi tests with SSL.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff changeset
81 uwsgi_ssl_verify on;
31ea330ac360 Tests: more uwsgi tests with SSL.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff changeset
82 uwsgi_ssl_trusted_certificate 1.example.com.crt;
31ea330ac360 Tests: more uwsgi tests with SSL.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff changeset
83 uwsgi_ssl_session_reuse off;
31ea330ac360 Tests: more uwsgi tests with SSL.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff changeset
84 }
31ea330ac360 Tests: more uwsgi tests with SSL.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff changeset
85 }
31ea330ac360 Tests: more uwsgi tests with SSL.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff changeset
86 }
31ea330ac360 Tests: more uwsgi tests with SSL.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff changeset
87
31ea330ac360 Tests: more uwsgi tests with SSL.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff changeset
88 EOF
31ea330ac360 Tests: more uwsgi tests with SSL.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff changeset
89
31ea330ac360 Tests: more uwsgi tests with SSL.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff changeset
90 $t->write_file('openssl.1.example.com.conf', <<EOF);
31ea330ac360 Tests: more uwsgi tests with SSL.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff changeset
91 [ req ]
31ea330ac360 Tests: more uwsgi tests with SSL.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff changeset
92 prompt = no
31ea330ac360 Tests: more uwsgi tests with SSL.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff changeset
93 default_bits = 2048
31ea330ac360 Tests: more uwsgi tests with SSL.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff changeset
94 encrypt_key = no
31ea330ac360 Tests: more uwsgi tests with SSL.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff changeset
95 distinguished_name = req_distinguished_name
31ea330ac360 Tests: more uwsgi tests with SSL.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff changeset
96 x509_extensions = v3_req
31ea330ac360 Tests: more uwsgi tests with SSL.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff changeset
97
31ea330ac360 Tests: more uwsgi tests with SSL.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff changeset
98 [ req_distinguished_name ]
31ea330ac360 Tests: more uwsgi tests with SSL.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff changeset
99 commonName=no.match.example.com
31ea330ac360 Tests: more uwsgi tests with SSL.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff changeset
100
31ea330ac360 Tests: more uwsgi tests with SSL.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff changeset
101 [ v3_req ]
31ea330ac360 Tests: more uwsgi tests with SSL.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff changeset
102 subjectAltName = DNS:example.com,DNS:*.example.com
31ea330ac360 Tests: more uwsgi tests with SSL.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff changeset
103 EOF
31ea330ac360 Tests: more uwsgi tests with SSL.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff changeset
104
31ea330ac360 Tests: more uwsgi tests with SSL.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff changeset
105 $t->write_file('openssl.2.example.com.conf', <<EOF);
31ea330ac360 Tests: more uwsgi tests with SSL.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff changeset
106 [ req ]
31ea330ac360 Tests: more uwsgi tests with SSL.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff changeset
107 prompt = no
31ea330ac360 Tests: more uwsgi tests with SSL.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff changeset
108 default_bits = 2048
31ea330ac360 Tests: more uwsgi tests with SSL.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff changeset
109 encrypt_key = no
31ea330ac360 Tests: more uwsgi tests with SSL.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff changeset
110 distinguished_name = req_distinguished_name
31ea330ac360 Tests: more uwsgi tests with SSL.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff changeset
111
31ea330ac360 Tests: more uwsgi tests with SSL.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff changeset
112 [ req_distinguished_name ]
31ea330ac360 Tests: more uwsgi tests with SSL.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff changeset
113 commonName=2.example.com
31ea330ac360 Tests: more uwsgi tests with SSL.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff changeset
114 EOF
31ea330ac360 Tests: more uwsgi tests with SSL.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff changeset
115
31ea330ac360 Tests: more uwsgi tests with SSL.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff changeset
116 my $d = $t->testdir();
31ea330ac360 Tests: more uwsgi tests with SSL.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff changeset
117 my $crt1 = "$d/1.example.com.crt";
31ea330ac360 Tests: more uwsgi tests with SSL.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff changeset
118 my $crt2 = "$d/2.example.com.crt";
31ea330ac360 Tests: more uwsgi tests with SSL.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff changeset
119 my $key1 = "$d/1.example.com.key";
31ea330ac360 Tests: more uwsgi tests with SSL.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff changeset
120 my $key2 = "$d/2.example.com.key";
31ea330ac360 Tests: more uwsgi tests with SSL.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff changeset
121
31ea330ac360 Tests: more uwsgi tests with SSL.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff changeset
122 foreach my $name ('1.example.com', '2.example.com') {
31ea330ac360 Tests: more uwsgi tests with SSL.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff changeset
123 system('openssl req -x509 -new '
31ea330ac360 Tests: more uwsgi tests with SSL.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff changeset
124 . "-config $d/openssl.$name.conf "
31ea330ac360 Tests: more uwsgi tests with SSL.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff changeset
125 . "-out $d/$name.crt -keyout $d/$name.key "
31ea330ac360 Tests: more uwsgi tests with SSL.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff changeset
126 . ">>$d/openssl.out 2>&1") == 0
31ea330ac360 Tests: more uwsgi tests with SSL.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff changeset
127 or die "Can't create certificate for $name: $!\n";
31ea330ac360 Tests: more uwsgi tests with SSL.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff changeset
128 }
31ea330ac360 Tests: more uwsgi tests with SSL.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff changeset
129
31ea330ac360 Tests: more uwsgi tests with SSL.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff changeset
130 $t->write_file('uwsgi_test_app.py', <<END);
31ea330ac360 Tests: more uwsgi tests with SSL.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff changeset
131
31ea330ac360 Tests: more uwsgi tests with SSL.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff changeset
132 def application(env, start_response):
31ea330ac360 Tests: more uwsgi tests with SSL.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff changeset
133 start_response('200 OK', [('Content-Type','text/plain')])
31ea330ac360 Tests: more uwsgi tests with SSL.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff changeset
134 return b"SEE-THIS"
31ea330ac360 Tests: more uwsgi tests with SSL.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff changeset
135
31ea330ac360 Tests: more uwsgi tests with SSL.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff changeset
136 END
31ea330ac360 Tests: more uwsgi tests with SSL.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff changeset
137
31ea330ac360 Tests: more uwsgi tests with SSL.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff changeset
138 my $uwsgihelp = `uwsgi -h`;
31ea330ac360 Tests: more uwsgi tests with SSL.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff changeset
139 my @uwsgiopts = ();
31ea330ac360 Tests: more uwsgi tests with SSL.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff changeset
140
31ea330ac360 Tests: more uwsgi tests with SSL.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff changeset
141 if ($uwsgihelp !~ /--wsgi-file/) {
31ea330ac360 Tests: more uwsgi tests with SSL.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff changeset
142 # uwsgi has no python support, maybe plugin load is necessary
31ea330ac360 Tests: more uwsgi tests with SSL.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff changeset
143 push @uwsgiopts, '--plugin', 'python';
31ea330ac360 Tests: more uwsgi tests with SSL.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff changeset
144 push @uwsgiopts, '--plugin', 'python3';
31ea330ac360 Tests: more uwsgi tests with SSL.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff changeset
145 }
31ea330ac360 Tests: more uwsgi tests with SSL.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff changeset
146
1923
1b9f21836f57 Tests: enabled TLSv1 in uwsgi SSL tests.
Maxim Dounin <mdounin@mdounin.ru>
parents: 1688
diff changeset
147 if ($uwsgihelp =~ /--ssl-enable-tlsv1/) {
1b9f21836f57 Tests: enabled TLSv1 in uwsgi SSL tests.
Maxim Dounin <mdounin@mdounin.ru>
parents: 1688
diff changeset
148 # uwsgi disables TLSv1 by default since 2.0.17.1
1b9f21836f57 Tests: enabled TLSv1 in uwsgi SSL tests.
Maxim Dounin <mdounin@mdounin.ru>
parents: 1688
diff changeset
149 push @uwsgiopts, '--ssl-enable-tlsv1';
1b9f21836f57 Tests: enabled TLSv1 in uwsgi SSL tests.
Maxim Dounin <mdounin@mdounin.ru>
parents: 1688
diff changeset
150 }
1b9f21836f57 Tests: enabled TLSv1 in uwsgi SSL tests.
Maxim Dounin <mdounin@mdounin.ru>
parents: 1688
diff changeset
151
1688
31ea330ac360 Tests: more uwsgi tests with SSL.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff changeset
152 open OLDERR, ">&", \*STDERR; close STDERR;
31ea330ac360 Tests: more uwsgi tests with SSL.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff changeset
153 $t->run_daemon('uwsgi', @uwsgiopts,
31ea330ac360 Tests: more uwsgi tests with SSL.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff changeset
154 '--ssl-socket', '127.0.0.1:' . port(8081) . ",$crt1,$key1",
31ea330ac360 Tests: more uwsgi tests with SSL.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff changeset
155 '--wsgi-file', $d . '/uwsgi_test_app.py',
31ea330ac360 Tests: more uwsgi tests with SSL.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff changeset
156 '--logto', $d . '/uwsgi_log');
31ea330ac360 Tests: more uwsgi tests with SSL.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff changeset
157 $t->run_daemon('uwsgi', @uwsgiopts,
31ea330ac360 Tests: more uwsgi tests with SSL.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff changeset
158 '--ssl-socket', '127.0.0.1:' . port(8082) . ",$crt2,$key2",
31ea330ac360 Tests: more uwsgi tests with SSL.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff changeset
159 '--wsgi-file', $d . '/uwsgi_test_app.py',
31ea330ac360 Tests: more uwsgi tests with SSL.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff changeset
160 '--logto', $d . '/uwsgi_log');
31ea330ac360 Tests: more uwsgi tests with SSL.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff changeset
161 open STDERR, ">&", \*OLDERR;
31ea330ac360 Tests: more uwsgi tests with SSL.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff changeset
162
31ea330ac360 Tests: more uwsgi tests with SSL.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff changeset
163 $t->run();
31ea330ac360 Tests: more uwsgi tests with SSL.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff changeset
164
31ea330ac360 Tests: more uwsgi tests with SSL.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff changeset
165 $t->waitforsocket('127.0.0.1:' . port(8081))
31ea330ac360 Tests: more uwsgi tests with SSL.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff changeset
166 or die "Can't start uwsgi";
31ea330ac360 Tests: more uwsgi tests with SSL.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff changeset
167 $t->waitforsocket('127.0.0.1:' . port(8082))
31ea330ac360 Tests: more uwsgi tests with SSL.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff changeset
168 or die "Can't start uwsgi";
31ea330ac360 Tests: more uwsgi tests with SSL.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff changeset
169
31ea330ac360 Tests: more uwsgi tests with SSL.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff changeset
170 ###############################################################################
31ea330ac360 Tests: more uwsgi tests with SSL.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff changeset
171
31ea330ac360 Tests: more uwsgi tests with SSL.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff changeset
172 # subjectAltName
31ea330ac360 Tests: more uwsgi tests with SSL.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff changeset
173
31ea330ac360 Tests: more uwsgi tests with SSL.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff changeset
174 like(http_get('/verify'), qr/200 OK/ms, 'verify');
31ea330ac360 Tests: more uwsgi tests with SSL.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff changeset
175 like(http_get('/wildcard'), qr/200 OK/ms, 'verify wildcard');
31ea330ac360 Tests: more uwsgi tests with SSL.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff changeset
176 like(http_get('/fail'), qr/502 Bad/ms, 'verify fail');
31ea330ac360 Tests: more uwsgi tests with SSL.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff changeset
177
31ea330ac360 Tests: more uwsgi tests with SSL.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff changeset
178 # commonName
31ea330ac360 Tests: more uwsgi tests with SSL.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff changeset
179
31ea330ac360 Tests: more uwsgi tests with SSL.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff changeset
180 like(http_get('/cn'), qr/200 OK/ms, 'verify cn');
31ea330ac360 Tests: more uwsgi tests with SSL.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff changeset
181 like(http_get('/cn/fail'), qr/502 Bad/ms, 'verify cn fail');
31ea330ac360 Tests: more uwsgi tests with SSL.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff changeset
182
31ea330ac360 Tests: more uwsgi tests with SSL.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff changeset
183 # untrusted
31ea330ac360 Tests: more uwsgi tests with SSL.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff changeset
184
31ea330ac360 Tests: more uwsgi tests with SSL.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff changeset
185 like(http_get('/untrusted'), qr/502 Bad/ms, 'untrusted');
31ea330ac360 Tests: more uwsgi tests with SSL.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff changeset
186
31ea330ac360 Tests: more uwsgi tests with SSL.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff changeset
187 ###############################################################################