Mercurial > hg > nginx-tests
annotate stream_ssl_verify_client.t @ 1215:26884729e06b
Tests: cope with resolver resend in mail resolver tests.
Currently, if resolver didn't find PTR type in the answer section of PTR
response, it keeps the node in the resend queue until the next timer event.
author | Sergey Kandaurov <pluknet@nginx.com> |
---|---|
date | Thu, 31 Aug 2017 19:09:04 +0300 |
parents | 8ef51dbb5d69 |
children | 0af58b78df35 |
rev | line source |
---|---|
1104
b3d5a2f8a00b
Tests: stream ssl_verify_client tests.
Andrey Zelenkov <zelenkov@nginx.com>
parents:
diff
changeset
|
1 #!/usr/bin/perl |
b3d5a2f8a00b
Tests: stream ssl_verify_client tests.
Andrey Zelenkov <zelenkov@nginx.com>
parents:
diff
changeset
|
2 |
b3d5a2f8a00b
Tests: stream ssl_verify_client tests.
Andrey Zelenkov <zelenkov@nginx.com>
parents:
diff
changeset
|
3 # (C) Sergey Kandaurov |
b3d5a2f8a00b
Tests: stream ssl_verify_client tests.
Andrey Zelenkov <zelenkov@nginx.com>
parents:
diff
changeset
|
4 # (C) Andrey Zelenkov |
b3d5a2f8a00b
Tests: stream ssl_verify_client tests.
Andrey Zelenkov <zelenkov@nginx.com>
parents:
diff
changeset
|
5 # (C) Nginx, Inc. |
b3d5a2f8a00b
Tests: stream ssl_verify_client tests.
Andrey Zelenkov <zelenkov@nginx.com>
parents:
diff
changeset
|
6 |
b3d5a2f8a00b
Tests: stream ssl_verify_client tests.
Andrey Zelenkov <zelenkov@nginx.com>
parents:
diff
changeset
|
7 # Tests for stream ssl module, ssl_verify_client. |
b3d5a2f8a00b
Tests: stream ssl_verify_client tests.
Andrey Zelenkov <zelenkov@nginx.com>
parents:
diff
changeset
|
8 |
b3d5a2f8a00b
Tests: stream ssl_verify_client tests.
Andrey Zelenkov <zelenkov@nginx.com>
parents:
diff
changeset
|
9 ############################################################################### |
b3d5a2f8a00b
Tests: stream ssl_verify_client tests.
Andrey Zelenkov <zelenkov@nginx.com>
parents:
diff
changeset
|
10 |
b3d5a2f8a00b
Tests: stream ssl_verify_client tests.
Andrey Zelenkov <zelenkov@nginx.com>
parents:
diff
changeset
|
11 use warnings; |
b3d5a2f8a00b
Tests: stream ssl_verify_client tests.
Andrey Zelenkov <zelenkov@nginx.com>
parents:
diff
changeset
|
12 use strict; |
b3d5a2f8a00b
Tests: stream ssl_verify_client tests.
Andrey Zelenkov <zelenkov@nginx.com>
parents:
diff
changeset
|
13 |
b3d5a2f8a00b
Tests: stream ssl_verify_client tests.
Andrey Zelenkov <zelenkov@nginx.com>
parents:
diff
changeset
|
14 use Test::More; |
b3d5a2f8a00b
Tests: stream ssl_verify_client tests.
Andrey Zelenkov <zelenkov@nginx.com>
parents:
diff
changeset
|
15 |
b3d5a2f8a00b
Tests: stream ssl_verify_client tests.
Andrey Zelenkov <zelenkov@nginx.com>
parents:
diff
changeset
|
16 use Socket; |
b3d5a2f8a00b
Tests: stream ssl_verify_client tests.
Andrey Zelenkov <zelenkov@nginx.com>
parents:
diff
changeset
|
17 |
b3d5a2f8a00b
Tests: stream ssl_verify_client tests.
Andrey Zelenkov <zelenkov@nginx.com>
parents:
diff
changeset
|
18 BEGIN { use FindBin; chdir($FindBin::Bin); } |
b3d5a2f8a00b
Tests: stream ssl_verify_client tests.
Andrey Zelenkov <zelenkov@nginx.com>
parents:
diff
changeset
|
19 |
b3d5a2f8a00b
Tests: stream ssl_verify_client tests.
Andrey Zelenkov <zelenkov@nginx.com>
parents:
diff
changeset
|
20 use lib 'lib'; |
b3d5a2f8a00b
Tests: stream ssl_verify_client tests.
Andrey Zelenkov <zelenkov@nginx.com>
parents:
diff
changeset
|
21 use Test::Nginx; |
b3d5a2f8a00b
Tests: stream ssl_verify_client tests.
Andrey Zelenkov <zelenkov@nginx.com>
parents:
diff
changeset
|
22 use Test::Nginx::Stream qw/ stream /; |
b3d5a2f8a00b
Tests: stream ssl_verify_client tests.
Andrey Zelenkov <zelenkov@nginx.com>
parents:
diff
changeset
|
23 |
b3d5a2f8a00b
Tests: stream ssl_verify_client tests.
Andrey Zelenkov <zelenkov@nginx.com>
parents:
diff
changeset
|
24 ############################################################################### |
b3d5a2f8a00b
Tests: stream ssl_verify_client tests.
Andrey Zelenkov <zelenkov@nginx.com>
parents:
diff
changeset
|
25 |
b3d5a2f8a00b
Tests: stream ssl_verify_client tests.
Andrey Zelenkov <zelenkov@nginx.com>
parents:
diff
changeset
|
26 select STDERR; $| = 1; |
b3d5a2f8a00b
Tests: stream ssl_verify_client tests.
Andrey Zelenkov <zelenkov@nginx.com>
parents:
diff
changeset
|
27 select STDOUT; $| = 1; |
b3d5a2f8a00b
Tests: stream ssl_verify_client tests.
Andrey Zelenkov <zelenkov@nginx.com>
parents:
diff
changeset
|
28 |
b3d5a2f8a00b
Tests: stream ssl_verify_client tests.
Andrey Zelenkov <zelenkov@nginx.com>
parents:
diff
changeset
|
29 eval { |
b3d5a2f8a00b
Tests: stream ssl_verify_client tests.
Andrey Zelenkov <zelenkov@nginx.com>
parents:
diff
changeset
|
30 require Net::SSLeay; |
b3d5a2f8a00b
Tests: stream ssl_verify_client tests.
Andrey Zelenkov <zelenkov@nginx.com>
parents:
diff
changeset
|
31 Net::SSLeay::load_error_strings(); |
b3d5a2f8a00b
Tests: stream ssl_verify_client tests.
Andrey Zelenkov <zelenkov@nginx.com>
parents:
diff
changeset
|
32 Net::SSLeay::SSLeay_add_ssl_algorithms(); |
b3d5a2f8a00b
Tests: stream ssl_verify_client tests.
Andrey Zelenkov <zelenkov@nginx.com>
parents:
diff
changeset
|
33 Net::SSLeay::randomize(); |
b3d5a2f8a00b
Tests: stream ssl_verify_client tests.
Andrey Zelenkov <zelenkov@nginx.com>
parents:
diff
changeset
|
34 }; |
b3d5a2f8a00b
Tests: stream ssl_verify_client tests.
Andrey Zelenkov <zelenkov@nginx.com>
parents:
diff
changeset
|
35 plan(skip_all => 'Net::SSLeay not installed') if $@; |
b3d5a2f8a00b
Tests: stream ssl_verify_client tests.
Andrey Zelenkov <zelenkov@nginx.com>
parents:
diff
changeset
|
36 |
b3d5a2f8a00b
Tests: stream ssl_verify_client tests.
Andrey Zelenkov <zelenkov@nginx.com>
parents:
diff
changeset
|
37 my $t = Test::Nginx->new()->has(qw/stream stream_ssl stream_return/) |
b3d5a2f8a00b
Tests: stream ssl_verify_client tests.
Andrey Zelenkov <zelenkov@nginx.com>
parents:
diff
changeset
|
38 ->has_daemon('openssl'); |
b3d5a2f8a00b
Tests: stream ssl_verify_client tests.
Andrey Zelenkov <zelenkov@nginx.com>
parents:
diff
changeset
|
39 |
b3d5a2f8a00b
Tests: stream ssl_verify_client tests.
Andrey Zelenkov <zelenkov@nginx.com>
parents:
diff
changeset
|
40 $t->write_file_expand('nginx.conf', <<'EOF'); |
b3d5a2f8a00b
Tests: stream ssl_verify_client tests.
Andrey Zelenkov <zelenkov@nginx.com>
parents:
diff
changeset
|
41 |
b3d5a2f8a00b
Tests: stream ssl_verify_client tests.
Andrey Zelenkov <zelenkov@nginx.com>
parents:
diff
changeset
|
42 %%TEST_GLOBALS%% |
b3d5a2f8a00b
Tests: stream ssl_verify_client tests.
Andrey Zelenkov <zelenkov@nginx.com>
parents:
diff
changeset
|
43 |
b3d5a2f8a00b
Tests: stream ssl_verify_client tests.
Andrey Zelenkov <zelenkov@nginx.com>
parents:
diff
changeset
|
44 daemon off; |
b3d5a2f8a00b
Tests: stream ssl_verify_client tests.
Andrey Zelenkov <zelenkov@nginx.com>
parents:
diff
changeset
|
45 |
b3d5a2f8a00b
Tests: stream ssl_verify_client tests.
Andrey Zelenkov <zelenkov@nginx.com>
parents:
diff
changeset
|
46 events { |
b3d5a2f8a00b
Tests: stream ssl_verify_client tests.
Andrey Zelenkov <zelenkov@nginx.com>
parents:
diff
changeset
|
47 } |
b3d5a2f8a00b
Tests: stream ssl_verify_client tests.
Andrey Zelenkov <zelenkov@nginx.com>
parents:
diff
changeset
|
48 |
b3d5a2f8a00b
Tests: stream ssl_verify_client tests.
Andrey Zelenkov <zelenkov@nginx.com>
parents:
diff
changeset
|
49 stream { |
1114
c5df4742ad40
Tests: more http/stream ssl_verify_client tests borrowed from mail.
Sergey Kandaurov <pluknet@nginx.com>
parents:
1104
diff
changeset
|
50 log_format status $status; |
1104
b3d5a2f8a00b
Tests: stream ssl_verify_client tests.
Andrey Zelenkov <zelenkov@nginx.com>
parents:
diff
changeset
|
51 |
1114
c5df4742ad40
Tests: more http/stream ssl_verify_client tests borrowed from mail.
Sergey Kandaurov <pluknet@nginx.com>
parents:
1104
diff
changeset
|
52 ssl_certificate_key 1.example.com.key; |
c5df4742ad40
Tests: more http/stream ssl_verify_client tests borrowed from mail.
Sergey Kandaurov <pluknet@nginx.com>
parents:
1104
diff
changeset
|
53 ssl_certificate 1.example.com.crt; |
1104
b3d5a2f8a00b
Tests: stream ssl_verify_client tests.
Andrey Zelenkov <zelenkov@nginx.com>
parents:
diff
changeset
|
54 |
b3d5a2f8a00b
Tests: stream ssl_verify_client tests.
Andrey Zelenkov <zelenkov@nginx.com>
parents:
diff
changeset
|
55 server { |
1114
c5df4742ad40
Tests: more http/stream ssl_verify_client tests borrowed from mail.
Sergey Kandaurov <pluknet@nginx.com>
parents:
1104
diff
changeset
|
56 listen 127.0.0.1:8080; |
c5df4742ad40
Tests: more http/stream ssl_verify_client tests borrowed from mail.
Sergey Kandaurov <pluknet@nginx.com>
parents:
1104
diff
changeset
|
57 return $ssl_client_verify:$ssl_client_cert; |
1104
b3d5a2f8a00b
Tests: stream ssl_verify_client tests.
Andrey Zelenkov <zelenkov@nginx.com>
parents:
diff
changeset
|
58 |
1114
c5df4742ad40
Tests: more http/stream ssl_verify_client tests borrowed from mail.
Sergey Kandaurov <pluknet@nginx.com>
parents:
1104
diff
changeset
|
59 ssl_verify_client on; |
c5df4742ad40
Tests: more http/stream ssl_verify_client tests borrowed from mail.
Sergey Kandaurov <pluknet@nginx.com>
parents:
1104
diff
changeset
|
60 ssl_client_certificate 2.example.com.crt; |
1104
b3d5a2f8a00b
Tests: stream ssl_verify_client tests.
Andrey Zelenkov <zelenkov@nginx.com>
parents:
diff
changeset
|
61 } |
b3d5a2f8a00b
Tests: stream ssl_verify_client tests.
Andrey Zelenkov <zelenkov@nginx.com>
parents:
diff
changeset
|
62 |
b3d5a2f8a00b
Tests: stream ssl_verify_client tests.
Andrey Zelenkov <zelenkov@nginx.com>
parents:
diff
changeset
|
63 server { |
b3d5a2f8a00b
Tests: stream ssl_verify_client tests.
Andrey Zelenkov <zelenkov@nginx.com>
parents:
diff
changeset
|
64 listen 127.0.0.1:8081 ssl; |
1114
c5df4742ad40
Tests: more http/stream ssl_verify_client tests borrowed from mail.
Sergey Kandaurov <pluknet@nginx.com>
parents:
1104
diff
changeset
|
65 return $ssl_client_verify:$ssl_client_cert; |
c5df4742ad40
Tests: more http/stream ssl_verify_client tests borrowed from mail.
Sergey Kandaurov <pluknet@nginx.com>
parents:
1104
diff
changeset
|
66 |
c5df4742ad40
Tests: more http/stream ssl_verify_client tests borrowed from mail.
Sergey Kandaurov <pluknet@nginx.com>
parents:
1104
diff
changeset
|
67 ssl_verify_client on; |
c5df4742ad40
Tests: more http/stream ssl_verify_client tests borrowed from mail.
Sergey Kandaurov <pluknet@nginx.com>
parents:
1104
diff
changeset
|
68 ssl_client_certificate 2.example.com.crt; |
c5df4742ad40
Tests: more http/stream ssl_verify_client tests borrowed from mail.
Sergey Kandaurov <pluknet@nginx.com>
parents:
1104
diff
changeset
|
69 |
c5df4742ad40
Tests: more http/stream ssl_verify_client tests borrowed from mail.
Sergey Kandaurov <pluknet@nginx.com>
parents:
1104
diff
changeset
|
70 access_log %%TESTDIR%%/status.log status; |
c5df4742ad40
Tests: more http/stream ssl_verify_client tests borrowed from mail.
Sergey Kandaurov <pluknet@nginx.com>
parents:
1104
diff
changeset
|
71 } |
c5df4742ad40
Tests: more http/stream ssl_verify_client tests borrowed from mail.
Sergey Kandaurov <pluknet@nginx.com>
parents:
1104
diff
changeset
|
72 |
c5df4742ad40
Tests: more http/stream ssl_verify_client tests borrowed from mail.
Sergey Kandaurov <pluknet@nginx.com>
parents:
1104
diff
changeset
|
73 server { |
c5df4742ad40
Tests: more http/stream ssl_verify_client tests borrowed from mail.
Sergey Kandaurov <pluknet@nginx.com>
parents:
1104
diff
changeset
|
74 listen 127.0.0.1:8082 ssl; |
c5df4742ad40
Tests: more http/stream ssl_verify_client tests borrowed from mail.
Sergey Kandaurov <pluknet@nginx.com>
parents:
1104
diff
changeset
|
75 return $ssl_client_verify:$ssl_client_cert; |
c5df4742ad40
Tests: more http/stream ssl_verify_client tests borrowed from mail.
Sergey Kandaurov <pluknet@nginx.com>
parents:
1104
diff
changeset
|
76 |
c5df4742ad40
Tests: more http/stream ssl_verify_client tests borrowed from mail.
Sergey Kandaurov <pluknet@nginx.com>
parents:
1104
diff
changeset
|
77 ssl_verify_client optional; |
c5df4742ad40
Tests: more http/stream ssl_verify_client tests borrowed from mail.
Sergey Kandaurov <pluknet@nginx.com>
parents:
1104
diff
changeset
|
78 ssl_client_certificate 2.example.com.crt; |
c5df4742ad40
Tests: more http/stream ssl_verify_client tests borrowed from mail.
Sergey Kandaurov <pluknet@nginx.com>
parents:
1104
diff
changeset
|
79 ssl_trusted_certificate 3.example.com.crt; |
c5df4742ad40
Tests: more http/stream ssl_verify_client tests borrowed from mail.
Sergey Kandaurov <pluknet@nginx.com>
parents:
1104
diff
changeset
|
80 } |
c5df4742ad40
Tests: more http/stream ssl_verify_client tests borrowed from mail.
Sergey Kandaurov <pluknet@nginx.com>
parents:
1104
diff
changeset
|
81 |
c5df4742ad40
Tests: more http/stream ssl_verify_client tests borrowed from mail.
Sergey Kandaurov <pluknet@nginx.com>
parents:
1104
diff
changeset
|
82 server { |
c5df4742ad40
Tests: more http/stream ssl_verify_client tests borrowed from mail.
Sergey Kandaurov <pluknet@nginx.com>
parents:
1104
diff
changeset
|
83 listen 127.0.0.1:8083 ssl; |
c5df4742ad40
Tests: more http/stream ssl_verify_client tests borrowed from mail.
Sergey Kandaurov <pluknet@nginx.com>
parents:
1104
diff
changeset
|
84 return $ssl_client_verify:$ssl_client_cert; |
c5df4742ad40
Tests: more http/stream ssl_verify_client tests borrowed from mail.
Sergey Kandaurov <pluknet@nginx.com>
parents:
1104
diff
changeset
|
85 |
c5df4742ad40
Tests: more http/stream ssl_verify_client tests borrowed from mail.
Sergey Kandaurov <pluknet@nginx.com>
parents:
1104
diff
changeset
|
86 ssl_verify_client optional_no_ca; |
c5df4742ad40
Tests: more http/stream ssl_verify_client tests borrowed from mail.
Sergey Kandaurov <pluknet@nginx.com>
parents:
1104
diff
changeset
|
87 ssl_client_certificate 2.example.com.crt; |
1104
b3d5a2f8a00b
Tests: stream ssl_verify_client tests.
Andrey Zelenkov <zelenkov@nginx.com>
parents:
diff
changeset
|
88 } |
b3d5a2f8a00b
Tests: stream ssl_verify_client tests.
Andrey Zelenkov <zelenkov@nginx.com>
parents:
diff
changeset
|
89 } |
b3d5a2f8a00b
Tests: stream ssl_verify_client tests.
Andrey Zelenkov <zelenkov@nginx.com>
parents:
diff
changeset
|
90 |
b3d5a2f8a00b
Tests: stream ssl_verify_client tests.
Andrey Zelenkov <zelenkov@nginx.com>
parents:
diff
changeset
|
91 EOF |
b3d5a2f8a00b
Tests: stream ssl_verify_client tests.
Andrey Zelenkov <zelenkov@nginx.com>
parents:
diff
changeset
|
92 |
b3d5a2f8a00b
Tests: stream ssl_verify_client tests.
Andrey Zelenkov <zelenkov@nginx.com>
parents:
diff
changeset
|
93 $t->write_file('openssl.conf', <<EOF); |
b3d5a2f8a00b
Tests: stream ssl_verify_client tests.
Andrey Zelenkov <zelenkov@nginx.com>
parents:
diff
changeset
|
94 [ req ] |
1116
8ef51dbb5d69
Tests: reduced OpenSSL default key length to 1024.
Sergey Kandaurov <pluknet@nginx.com>
parents:
1114
diff
changeset
|
95 default_bits = 1024 |
1104
b3d5a2f8a00b
Tests: stream ssl_verify_client tests.
Andrey Zelenkov <zelenkov@nginx.com>
parents:
diff
changeset
|
96 encrypt_key = no |
b3d5a2f8a00b
Tests: stream ssl_verify_client tests.
Andrey Zelenkov <zelenkov@nginx.com>
parents:
diff
changeset
|
97 distinguished_name = req_distinguished_name |
b3d5a2f8a00b
Tests: stream ssl_verify_client tests.
Andrey Zelenkov <zelenkov@nginx.com>
parents:
diff
changeset
|
98 [ req_distinguished_name ] |
b3d5a2f8a00b
Tests: stream ssl_verify_client tests.
Andrey Zelenkov <zelenkov@nginx.com>
parents:
diff
changeset
|
99 EOF |
b3d5a2f8a00b
Tests: stream ssl_verify_client tests.
Andrey Zelenkov <zelenkov@nginx.com>
parents:
diff
changeset
|
100 |
1114
c5df4742ad40
Tests: more http/stream ssl_verify_client tests borrowed from mail.
Sergey Kandaurov <pluknet@nginx.com>
parents:
1104
diff
changeset
|
101 my $d = $t->testdir(); |
c5df4742ad40
Tests: more http/stream ssl_verify_client tests borrowed from mail.
Sergey Kandaurov <pluknet@nginx.com>
parents:
1104
diff
changeset
|
102 |
c5df4742ad40
Tests: more http/stream ssl_verify_client tests borrowed from mail.
Sergey Kandaurov <pluknet@nginx.com>
parents:
1104
diff
changeset
|
103 foreach my $name ('1.example.com', '2.example.com', '3.example.com') { |
1104
b3d5a2f8a00b
Tests: stream ssl_verify_client tests.
Andrey Zelenkov <zelenkov@nginx.com>
parents:
diff
changeset
|
104 system('openssl req -x509 -new ' |
b3d5a2f8a00b
Tests: stream ssl_verify_client tests.
Andrey Zelenkov <zelenkov@nginx.com>
parents:
diff
changeset
|
105 . "-config '$d/openssl.conf' -subj '/CN=$name/' " |
b3d5a2f8a00b
Tests: stream ssl_verify_client tests.
Andrey Zelenkov <zelenkov@nginx.com>
parents:
diff
changeset
|
106 . "-out '$d/$name.crt' -keyout '$d/$name.key' " |
b3d5a2f8a00b
Tests: stream ssl_verify_client tests.
Andrey Zelenkov <zelenkov@nginx.com>
parents:
diff
changeset
|
107 . ">>$d/openssl.out 2>&1") == 0 |
b3d5a2f8a00b
Tests: stream ssl_verify_client tests.
Andrey Zelenkov <zelenkov@nginx.com>
parents:
diff
changeset
|
108 or die "Can't create certificate for $name: $!\n"; |
b3d5a2f8a00b
Tests: stream ssl_verify_client tests.
Andrey Zelenkov <zelenkov@nginx.com>
parents:
diff
changeset
|
109 } |
b3d5a2f8a00b
Tests: stream ssl_verify_client tests.
Andrey Zelenkov <zelenkov@nginx.com>
parents:
diff
changeset
|
110 |
1114
c5df4742ad40
Tests: more http/stream ssl_verify_client tests borrowed from mail.
Sergey Kandaurov <pluknet@nginx.com>
parents:
1104
diff
changeset
|
111 $t->try_run('no ssl_verify_client')->plan(10); |
1104
b3d5a2f8a00b
Tests: stream ssl_verify_client tests.
Andrey Zelenkov <zelenkov@nginx.com>
parents:
diff
changeset
|
112 |
b3d5a2f8a00b
Tests: stream ssl_verify_client tests.
Andrey Zelenkov <zelenkov@nginx.com>
parents:
diff
changeset
|
113 ############################################################################### |
b3d5a2f8a00b
Tests: stream ssl_verify_client tests.
Andrey Zelenkov <zelenkov@nginx.com>
parents:
diff
changeset
|
114 |
1114
c5df4742ad40
Tests: more http/stream ssl_verify_client tests borrowed from mail.
Sergey Kandaurov <pluknet@nginx.com>
parents:
1104
diff
changeset
|
115 TODO: { |
c5df4742ad40
Tests: more http/stream ssl_verify_client tests borrowed from mail.
Sergey Kandaurov <pluknet@nginx.com>
parents:
1104
diff
changeset
|
116 todo_skip 'leaves coredump', 1 unless $t->has_version('1.11.9'); |
c5df4742ad40
Tests: more http/stream ssl_verify_client tests borrowed from mail.
Sergey Kandaurov <pluknet@nginx.com>
parents:
1104
diff
changeset
|
117 |
c5df4742ad40
Tests: more http/stream ssl_verify_client tests borrowed from mail.
Sergey Kandaurov <pluknet@nginx.com>
parents:
1104
diff
changeset
|
118 is(stream()->read(), ':', 'plain connection'); |
c5df4742ad40
Tests: more http/stream ssl_verify_client tests borrowed from mail.
Sergey Kandaurov <pluknet@nginx.com>
parents:
1104
diff
changeset
|
119 |
c5df4742ad40
Tests: more http/stream ssl_verify_client tests borrowed from mail.
Sergey Kandaurov <pluknet@nginx.com>
parents:
1104
diff
changeset
|
120 } |
c5df4742ad40
Tests: more http/stream ssl_verify_client tests borrowed from mail.
Sergey Kandaurov <pluknet@nginx.com>
parents:
1104
diff
changeset
|
121 |
c5df4742ad40
Tests: more http/stream ssl_verify_client tests borrowed from mail.
Sergey Kandaurov <pluknet@nginx.com>
parents:
1104
diff
changeset
|
122 TODO: { |
c5df4742ad40
Tests: more http/stream ssl_verify_client tests borrowed from mail.
Sergey Kandaurov <pluknet@nginx.com>
parents:
1104
diff
changeset
|
123 local $TODO = 'fails on one-pass ngx_ssl_handshake' |
c5df4742ad40
Tests: more http/stream ssl_verify_client tests borrowed from mail.
Sergey Kandaurov <pluknet@nginx.com>
parents:
1104
diff
changeset
|
124 unless $t->has_version('1.11.9'); |
c5df4742ad40
Tests: more http/stream ssl_verify_client tests borrowed from mail.
Sergey Kandaurov <pluknet@nginx.com>
parents:
1104
diff
changeset
|
125 |
c5df4742ad40
Tests: more http/stream ssl_verify_client tests borrowed from mail.
Sergey Kandaurov <pluknet@nginx.com>
parents:
1104
diff
changeset
|
126 is(get(8081), '', 'no cert'); |
c5df4742ad40
Tests: more http/stream ssl_verify_client tests borrowed from mail.
Sergey Kandaurov <pluknet@nginx.com>
parents:
1104
diff
changeset
|
127 is(get(8082, '1.example.com'), '', 'bad optional cert'); |
c5df4742ad40
Tests: more http/stream ssl_verify_client tests borrowed from mail.
Sergey Kandaurov <pluknet@nginx.com>
parents:
1104
diff
changeset
|
128 |
c5df4742ad40
Tests: more http/stream ssl_verify_client tests borrowed from mail.
Sergey Kandaurov <pluknet@nginx.com>
parents:
1104
diff
changeset
|
129 } |
c5df4742ad40
Tests: more http/stream ssl_verify_client tests borrowed from mail.
Sergey Kandaurov <pluknet@nginx.com>
parents:
1104
diff
changeset
|
130 |
c5df4742ad40
Tests: more http/stream ssl_verify_client tests borrowed from mail.
Sergey Kandaurov <pluknet@nginx.com>
parents:
1104
diff
changeset
|
131 is(get(8082), 'NONE:', 'no optional cert'); |
c5df4742ad40
Tests: more http/stream ssl_verify_client tests borrowed from mail.
Sergey Kandaurov <pluknet@nginx.com>
parents:
1104
diff
changeset
|
132 like(get(8083, '1.example.com'), qr/FAILED.*BEGIN/, 'bad optional_no_ca cert'); |
1104
b3d5a2f8a00b
Tests: stream ssl_verify_client tests.
Andrey Zelenkov <zelenkov@nginx.com>
parents:
diff
changeset
|
133 |
1114
c5df4742ad40
Tests: more http/stream ssl_verify_client tests borrowed from mail.
Sergey Kandaurov <pluknet@nginx.com>
parents:
1104
diff
changeset
|
134 like(get(8081, '2.example.com'), qr/SUCCESS.*BEGIN/, 'good cert'); |
c5df4742ad40
Tests: more http/stream ssl_verify_client tests borrowed from mail.
Sergey Kandaurov <pluknet@nginx.com>
parents:
1104
diff
changeset
|
135 like(get(8082, '2.example.com'), qr/SUCCESS.*BEGIN/, 'good cert optional'); |
c5df4742ad40
Tests: more http/stream ssl_verify_client tests borrowed from mail.
Sergey Kandaurov <pluknet@nginx.com>
parents:
1104
diff
changeset
|
136 like(get(8082, '3.example.com'), qr/SUCCESS.*BEGIN/, 'good cert trusted'); |
c5df4742ad40
Tests: more http/stream ssl_verify_client tests borrowed from mail.
Sergey Kandaurov <pluknet@nginx.com>
parents:
1104
diff
changeset
|
137 |
c5df4742ad40
Tests: more http/stream ssl_verify_client tests borrowed from mail.
Sergey Kandaurov <pluknet@nginx.com>
parents:
1104
diff
changeset
|
138 SKIP: { |
c5df4742ad40
Tests: more http/stream ssl_verify_client tests borrowed from mail.
Sergey Kandaurov <pluknet@nginx.com>
parents:
1104
diff
changeset
|
139 skip 'Net::SSLeay version >= 1.36 required', 1 if $Net::SSLeay::VERSION < 1.36; |
c5df4742ad40
Tests: more http/stream ssl_verify_client tests borrowed from mail.
Sergey Kandaurov <pluknet@nginx.com>
parents:
1104
diff
changeset
|
140 |
c5df4742ad40
Tests: more http/stream ssl_verify_client tests borrowed from mail.
Sergey Kandaurov <pluknet@nginx.com>
parents:
1104
diff
changeset
|
141 my $ca = join ' ', get(8082, '3.example.com'); |
c5df4742ad40
Tests: more http/stream ssl_verify_client tests borrowed from mail.
Sergey Kandaurov <pluknet@nginx.com>
parents:
1104
diff
changeset
|
142 is($ca, '/CN=2.example.com', 'no trusted sent'); |
c5df4742ad40
Tests: more http/stream ssl_verify_client tests borrowed from mail.
Sergey Kandaurov <pluknet@nginx.com>
parents:
1104
diff
changeset
|
143 |
c5df4742ad40
Tests: more http/stream ssl_verify_client tests borrowed from mail.
Sergey Kandaurov <pluknet@nginx.com>
parents:
1104
diff
changeset
|
144 } |
c5df4742ad40
Tests: more http/stream ssl_verify_client tests borrowed from mail.
Sergey Kandaurov <pluknet@nginx.com>
parents:
1104
diff
changeset
|
145 |
c5df4742ad40
Tests: more http/stream ssl_verify_client tests borrowed from mail.
Sergey Kandaurov <pluknet@nginx.com>
parents:
1104
diff
changeset
|
146 TODO: { |
c5df4742ad40
Tests: more http/stream ssl_verify_client tests borrowed from mail.
Sergey Kandaurov <pluknet@nginx.com>
parents:
1104
diff
changeset
|
147 local $TODO = 'not yet, see above' unless $t->has_version('1.11.9'); |
c5df4742ad40
Tests: more http/stream ssl_verify_client tests borrowed from mail.
Sergey Kandaurov <pluknet@nginx.com>
parents:
1104
diff
changeset
|
148 |
c5df4742ad40
Tests: more http/stream ssl_verify_client tests borrowed from mail.
Sergey Kandaurov <pluknet@nginx.com>
parents:
1104
diff
changeset
|
149 $t->stop(); |
c5df4742ad40
Tests: more http/stream ssl_verify_client tests borrowed from mail.
Sergey Kandaurov <pluknet@nginx.com>
parents:
1104
diff
changeset
|
150 |
c5df4742ad40
Tests: more http/stream ssl_verify_client tests borrowed from mail.
Sergey Kandaurov <pluknet@nginx.com>
parents:
1104
diff
changeset
|
151 is($t->read_file('status.log'), "500\n200\n", 'log'); |
c5df4742ad40
Tests: more http/stream ssl_verify_client tests borrowed from mail.
Sergey Kandaurov <pluknet@nginx.com>
parents:
1104
diff
changeset
|
152 |
c5df4742ad40
Tests: more http/stream ssl_verify_client tests borrowed from mail.
Sergey Kandaurov <pluknet@nginx.com>
parents:
1104
diff
changeset
|
153 } |
1104
b3d5a2f8a00b
Tests: stream ssl_verify_client tests.
Andrey Zelenkov <zelenkov@nginx.com>
parents:
diff
changeset
|
154 |
b3d5a2f8a00b
Tests: stream ssl_verify_client tests.
Andrey Zelenkov <zelenkov@nginx.com>
parents:
diff
changeset
|
155 ############################################################################### |
b3d5a2f8a00b
Tests: stream ssl_verify_client tests.
Andrey Zelenkov <zelenkov@nginx.com>
parents:
diff
changeset
|
156 |
1114
c5df4742ad40
Tests: more http/stream ssl_verify_client tests borrowed from mail.
Sergey Kandaurov <pluknet@nginx.com>
parents:
1104
diff
changeset
|
157 sub get { |
c5df4742ad40
Tests: more http/stream ssl_verify_client tests borrowed from mail.
Sergey Kandaurov <pluknet@nginx.com>
parents:
1104
diff
changeset
|
158 my ($port, $cert) = @_; |
1104
b3d5a2f8a00b
Tests: stream ssl_verify_client tests.
Andrey Zelenkov <zelenkov@nginx.com>
parents:
diff
changeset
|
159 |
b3d5a2f8a00b
Tests: stream ssl_verify_client tests.
Andrey Zelenkov <zelenkov@nginx.com>
parents:
diff
changeset
|
160 my $dest_ip = inet_aton('127.0.0.1'); |
1114
c5df4742ad40
Tests: more http/stream ssl_verify_client tests borrowed from mail.
Sergey Kandaurov <pluknet@nginx.com>
parents:
1104
diff
changeset
|
161 my $dest_serv_params = sockaddr_in(port($port), $dest_ip); |
1104
b3d5a2f8a00b
Tests: stream ssl_verify_client tests.
Andrey Zelenkov <zelenkov@nginx.com>
parents:
diff
changeset
|
162 |
b3d5a2f8a00b
Tests: stream ssl_verify_client tests.
Andrey Zelenkov <zelenkov@nginx.com>
parents:
diff
changeset
|
163 socket(my $s, &AF_INET, &SOCK_STREAM, 0) or die "socket: $!"; |
b3d5a2f8a00b
Tests: stream ssl_verify_client tests.
Andrey Zelenkov <zelenkov@nginx.com>
parents:
diff
changeset
|
164 connect($s, $dest_serv_params) or die "connect: $!"; |
b3d5a2f8a00b
Tests: stream ssl_verify_client tests.
Andrey Zelenkov <zelenkov@nginx.com>
parents:
diff
changeset
|
165 |
1114
c5df4742ad40
Tests: more http/stream ssl_verify_client tests borrowed from mail.
Sergey Kandaurov <pluknet@nginx.com>
parents:
1104
diff
changeset
|
166 my $ctx = Net::SSLeay::CTX_new() or die("Failed to create SSL_CTX $!"); |
c5df4742ad40
Tests: more http/stream ssl_verify_client tests borrowed from mail.
Sergey Kandaurov <pluknet@nginx.com>
parents:
1104
diff
changeset
|
167 Net::SSLeay::set_cert_and_key($ctx, "$d/$cert.crt", "$d/$cert.key") |
c5df4742ad40
Tests: more http/stream ssl_verify_client tests borrowed from mail.
Sergey Kandaurov <pluknet@nginx.com>
parents:
1104
diff
changeset
|
168 or die if $cert; |
1104
b3d5a2f8a00b
Tests: stream ssl_verify_client tests.
Andrey Zelenkov <zelenkov@nginx.com>
parents:
diff
changeset
|
169 my $ssl = Net::SSLeay::new($ctx) or die("Failed to create SSL $!"); |
b3d5a2f8a00b
Tests: stream ssl_verify_client tests.
Andrey Zelenkov <zelenkov@nginx.com>
parents:
diff
changeset
|
170 Net::SSLeay::set_fd($ssl, fileno($s)); |
b3d5a2f8a00b
Tests: stream ssl_verify_client tests.
Andrey Zelenkov <zelenkov@nginx.com>
parents:
diff
changeset
|
171 Net::SSLeay::connect($ssl) or die("ssl connect"); |
1114
c5df4742ad40
Tests: more http/stream ssl_verify_client tests borrowed from mail.
Sergey Kandaurov <pluknet@nginx.com>
parents:
1104
diff
changeset
|
172 |
c5df4742ad40
Tests: more http/stream ssl_verify_client tests borrowed from mail.
Sergey Kandaurov <pluknet@nginx.com>
parents:
1104
diff
changeset
|
173 my $buf = Net::SSLeay::read($ssl); |
c5df4742ad40
Tests: more http/stream ssl_verify_client tests borrowed from mail.
Sergey Kandaurov <pluknet@nginx.com>
parents:
1104
diff
changeset
|
174 log_in($buf); |
c5df4742ad40
Tests: more http/stream ssl_verify_client tests borrowed from mail.
Sergey Kandaurov <pluknet@nginx.com>
parents:
1104
diff
changeset
|
175 return $buf unless wantarray(); |
c5df4742ad40
Tests: more http/stream ssl_verify_client tests borrowed from mail.
Sergey Kandaurov <pluknet@nginx.com>
parents:
1104
diff
changeset
|
176 |
c5df4742ad40
Tests: more http/stream ssl_verify_client tests borrowed from mail.
Sergey Kandaurov <pluknet@nginx.com>
parents:
1104
diff
changeset
|
177 my $list = Net::SSLeay::get_client_CA_list($ssl); |
c5df4742ad40
Tests: more http/stream ssl_verify_client tests borrowed from mail.
Sergey Kandaurov <pluknet@nginx.com>
parents:
1104
diff
changeset
|
178 my @names; |
c5df4742ad40
Tests: more http/stream ssl_verify_client tests borrowed from mail.
Sergey Kandaurov <pluknet@nginx.com>
parents:
1104
diff
changeset
|
179 for my $i (0 .. Net::SSLeay::sk_X509_NAME_num($list) - 1) { |
c5df4742ad40
Tests: more http/stream ssl_verify_client tests borrowed from mail.
Sergey Kandaurov <pluknet@nginx.com>
parents:
1104
diff
changeset
|
180 my $name = Net::SSLeay::sk_X509_NAME_value($list, $i); |
c5df4742ad40
Tests: more http/stream ssl_verify_client tests borrowed from mail.
Sergey Kandaurov <pluknet@nginx.com>
parents:
1104
diff
changeset
|
181 push @names, Net::SSLeay::X509_NAME_oneline($name); |
c5df4742ad40
Tests: more http/stream ssl_verify_client tests borrowed from mail.
Sergey Kandaurov <pluknet@nginx.com>
parents:
1104
diff
changeset
|
182 } |
c5df4742ad40
Tests: more http/stream ssl_verify_client tests borrowed from mail.
Sergey Kandaurov <pluknet@nginx.com>
parents:
1104
diff
changeset
|
183 return @names; |
1104
b3d5a2f8a00b
Tests: stream ssl_verify_client tests.
Andrey Zelenkov <zelenkov@nginx.com>
parents:
diff
changeset
|
184 } |
b3d5a2f8a00b
Tests: stream ssl_verify_client tests.
Andrey Zelenkov <zelenkov@nginx.com>
parents:
diff
changeset
|
185 |
b3d5a2f8a00b
Tests: stream ssl_verify_client tests.
Andrey Zelenkov <zelenkov@nginx.com>
parents:
diff
changeset
|
186 ############################################################################### |