Mercurial > hg > nginx-tests
annotate ssl.t @ 1825:3629eda94c1b
Tests: handling of EWOULDBLOCK from sysread() with IO::Socket::SSL.
With IO::Socket::SSL, when select() reports that the socket is readable,
reading from it might still fail with EWOULDBLOCK, since no application
data is available in the socket. In particular, this might happen with
TLSv1.3 when a session ticket is received after the handshake. Fix is
to explicitly check for EWOULDBLOCK errors.
author | Maxim Dounin <mdounin@mdounin.ru> |
---|---|
date | Tue, 21 Mar 2023 02:57:39 +0300 |
parents | 84b6bb8d74e5 |
children | a78c32419f02 |
rev | line source |
---|---|
370
74cfe56c7b83
Tests: simple https tests.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
1 #!/usr/bin/perl |
74cfe56c7b83
Tests: simple https tests.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
2 |
74cfe56c7b83
Tests: simple https tests.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
3 # (C) Sergey Kandaurov |
664
97660514e518
Tests: more http ssl tests.
Andrey Zelenkov <zelenkov@nginx.com>
parents:
503
diff
changeset
|
4 # (C) Andrey Zelenkov |
370
74cfe56c7b83
Tests: simple https tests.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
5 # (C) Nginx, Inc. |
74cfe56c7b83
Tests: simple https tests.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
6 |
74cfe56c7b83
Tests: simple https tests.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
7 # Tests for http ssl module. |
74cfe56c7b83
Tests: simple https tests.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
8 |
74cfe56c7b83
Tests: simple https tests.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
9 ############################################################################### |
74cfe56c7b83
Tests: simple https tests.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
10 |
74cfe56c7b83
Tests: simple https tests.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
11 use warnings; |
74cfe56c7b83
Tests: simple https tests.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
12 use strict; |
74cfe56c7b83
Tests: simple https tests.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
13 |
74cfe56c7b83
Tests: simple https tests.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
14 use Test::More; |
74cfe56c7b83
Tests: simple https tests.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
15 |
1325
f80176242a7e
Tests: c->read->ready handling in ngx_ssl_recv(), fixed in 1.5.8.
Sergey Kandaurov <pluknet@nginx.com>
parents:
1324
diff
changeset
|
16 use Socket qw/ CRLF /; |
f80176242a7e
Tests: c->read->ready handling in ngx_ssl_recv(), fixed in 1.5.8.
Sergey Kandaurov <pluknet@nginx.com>
parents:
1324
diff
changeset
|
17 |
370
74cfe56c7b83
Tests: simple https tests.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
18 BEGIN { use FindBin; chdir($FindBin::Bin); } |
74cfe56c7b83
Tests: simple https tests.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
19 |
74cfe56c7b83
Tests: simple https tests.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
20 use lib 'lib'; |
74cfe56c7b83
Tests: simple https tests.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
21 use Test::Nginx; |
74cfe56c7b83
Tests: simple https tests.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
22 |
74cfe56c7b83
Tests: simple https tests.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
23 ############################################################################### |
74cfe56c7b83
Tests: simple https tests.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
24 |
74cfe56c7b83
Tests: simple https tests.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
25 select STDERR; $| = 1; |
74cfe56c7b83
Tests: simple https tests.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
26 select STDOUT; $| = 1; |
74cfe56c7b83
Tests: simple https tests.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
27 |
430
a82b02635614
Tests: skip ssl tests with ancient IO::Socket::SSL.
Maxim Dounin <mdounin@mdounin.ru>
parents:
397
diff
changeset
|
28 eval { require IO::Socket::SSL; }; |
370
74cfe56c7b83
Tests: simple https tests.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
29 plan(skip_all => 'IO::Socket::SSL not installed') if $@; |
430
a82b02635614
Tests: skip ssl tests with ancient IO::Socket::SSL.
Maxim Dounin <mdounin@mdounin.ru>
parents:
397
diff
changeset
|
30 eval { IO::Socket::SSL::SSL_VERIFY_NONE(); }; |
a82b02635614
Tests: skip ssl tests with ancient IO::Socket::SSL.
Maxim Dounin <mdounin@mdounin.ru>
parents:
397
diff
changeset
|
31 plan(skip_all => 'IO::Socket::SSL too old') if $@; |
370
74cfe56c7b83
Tests: simple https tests.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
32 |
1325
f80176242a7e
Tests: c->read->ready handling in ngx_ssl_recv(), fixed in 1.5.8.
Sergey Kandaurov <pluknet@nginx.com>
parents:
1324
diff
changeset
|
33 my $t = Test::Nginx->new()->has(qw/http http_ssl rewrite proxy/) |
1723
3581dc3c1937
Tests: added ssl test for "unexpected eof while reading".
Sergey Kandaurov <pluknet@nginx.com>
parents:
1695
diff
changeset
|
34 ->has_daemon('openssl')->plan(28); |
370
74cfe56c7b83
Tests: simple https tests.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
35 |
1068
d0ec761774a5
Tests: client certificate issuer/subject variables.
Sergey Kandaurov <pluknet@nginx.com>
parents:
1067
diff
changeset
|
36 $t->write_file_expand('nginx.conf', <<'EOF'); |
370
74cfe56c7b83
Tests: simple https tests.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
37 |
74cfe56c7b83
Tests: simple https tests.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
38 %%TEST_GLOBALS%% |
74cfe56c7b83
Tests: simple https tests.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
39 |
74cfe56c7b83
Tests: simple https tests.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
40 daemon off; |
74cfe56c7b83
Tests: simple https tests.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
41 |
74cfe56c7b83
Tests: simple https tests.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
42 events { |
74cfe56c7b83
Tests: simple https tests.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
43 } |
74cfe56c7b83
Tests: simple https tests.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
44 |
74cfe56c7b83
Tests: simple https tests.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
45 http { |
74cfe56c7b83
Tests: simple https tests.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
46 %%TEST_GLOBALS_HTTP%% |
74cfe56c7b83
Tests: simple https tests.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
47 |
664
97660514e518
Tests: more http ssl tests.
Andrey Zelenkov <zelenkov@nginx.com>
parents:
503
diff
changeset
|
48 ssl_certificate_key localhost.key; |
97660514e518
Tests: more http ssl tests.
Andrey Zelenkov <zelenkov@nginx.com>
parents:
503
diff
changeset
|
49 ssl_certificate localhost.crt; |
97660514e518
Tests: more http ssl tests.
Andrey Zelenkov <zelenkov@nginx.com>
parents:
503
diff
changeset
|
50 ssl_session_tickets off; |
97660514e518
Tests: more http ssl tests.
Andrey Zelenkov <zelenkov@nginx.com>
parents:
503
diff
changeset
|
51 |
1675
0d1cec688111
Tests: logging ssl variables with lingering close.
Sergey Kandaurov <pluknet@nginx.com>
parents:
1655
diff
changeset
|
52 log_format ssl $ssl_protocol; |
0d1cec688111
Tests: logging ssl variables with lingering close.
Sergey Kandaurov <pluknet@nginx.com>
parents:
1655
diff
changeset
|
53 |
370
74cfe56c7b83
Tests: simple https tests.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
54 server { |
974
882267679006
Tests: simplified parallel modifications in tests.
Andrey Zelenkov <zelenkov@nginx.com>
parents:
952
diff
changeset
|
55 listen 127.0.0.1:8085 ssl; |
882267679006
Tests: simplified parallel modifications in tests.
Andrey Zelenkov <zelenkov@nginx.com>
parents:
952
diff
changeset
|
56 listen 127.0.0.1:8080; |
370
74cfe56c7b83
Tests: simple https tests.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
57 server_name localhost; |
74cfe56c7b83
Tests: simple https tests.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
58 |
664
97660514e518
Tests: more http ssl tests.
Andrey Zelenkov <zelenkov@nginx.com>
parents:
503
diff
changeset
|
59 ssl_certificate_key inner.key; |
97660514e518
Tests: more http ssl tests.
Andrey Zelenkov <zelenkov@nginx.com>
parents:
503
diff
changeset
|
60 ssl_certificate inner.crt; |
503
071e8941e3bf
Tests: reduce shared memory zone sizes.
Maxim Dounin <mdounin@mdounin.ru>
parents:
430
diff
changeset
|
61 ssl_session_cache shared:SSL:1m; |
1068
d0ec761774a5
Tests: client certificate issuer/subject variables.
Sergey Kandaurov <pluknet@nginx.com>
parents:
1067
diff
changeset
|
62 ssl_verify_client optional_no_ca; |
370
74cfe56c7b83
Tests: simple https tests.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
63 |
1552
3b6b2667ece9
Tests: added https test with pipelined requests.
Sergey Kandaurov <pluknet@nginx.com>
parents:
1514
diff
changeset
|
64 keepalive_requests 1000; |
3b6b2667ece9
Tests: added https test with pipelined requests.
Sergey Kandaurov <pluknet@nginx.com>
parents:
1514
diff
changeset
|
65 |
1514
c6f27bcdd9d9
Tests: revised ssl.t.
Sergey Kandaurov <pluknet@nginx.com>
parents:
1488
diff
changeset
|
66 location / { |
370
74cfe56c7b83
Tests: simple https tests.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
67 return 200 "body $ssl_session_reused"; |
74cfe56c7b83
Tests: simple https tests.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
68 } |
74cfe56c7b83
Tests: simple https tests.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
69 location /id { |
74cfe56c7b83
Tests: simple https tests.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
70 return 200 "body $ssl_session_id"; |
74cfe56c7b83
Tests: simple https tests.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
71 } |
664
97660514e518
Tests: more http ssl tests.
Andrey Zelenkov <zelenkov@nginx.com>
parents:
503
diff
changeset
|
72 location /cipher { |
97660514e518
Tests: more http ssl tests.
Andrey Zelenkov <zelenkov@nginx.com>
parents:
503
diff
changeset
|
73 return 200 "body $ssl_cipher"; |
97660514e518
Tests: more http ssl tests.
Andrey Zelenkov <zelenkov@nginx.com>
parents:
503
diff
changeset
|
74 } |
1514
c6f27bcdd9d9
Tests: revised ssl.t.
Sergey Kandaurov <pluknet@nginx.com>
parents:
1488
diff
changeset
|
75 location /ciphers { |
c6f27bcdd9d9
Tests: revised ssl.t.
Sergey Kandaurov <pluknet@nginx.com>
parents:
1488
diff
changeset
|
76 return 200 "body $ssl_ciphers"; |
c6f27bcdd9d9
Tests: revised ssl.t.
Sergey Kandaurov <pluknet@nginx.com>
parents:
1488
diff
changeset
|
77 } |
664
97660514e518
Tests: more http ssl tests.
Andrey Zelenkov <zelenkov@nginx.com>
parents:
503
diff
changeset
|
78 location /client_verify { |
97660514e518
Tests: more http ssl tests.
Andrey Zelenkov <zelenkov@nginx.com>
parents:
503
diff
changeset
|
79 return 200 "body $ssl_client_verify"; |
97660514e518
Tests: more http ssl tests.
Andrey Zelenkov <zelenkov@nginx.com>
parents:
503
diff
changeset
|
80 } |
97660514e518
Tests: more http ssl tests.
Andrey Zelenkov <zelenkov@nginx.com>
parents:
503
diff
changeset
|
81 location /protocol { |
97660514e518
Tests: more http ssl tests.
Andrey Zelenkov <zelenkov@nginx.com>
parents:
503
diff
changeset
|
82 return 200 "body $ssl_protocol"; |
97660514e518
Tests: more http ssl tests.
Andrey Zelenkov <zelenkov@nginx.com>
parents:
503
diff
changeset
|
83 } |
1068
d0ec761774a5
Tests: client certificate issuer/subject variables.
Sergey Kandaurov <pluknet@nginx.com>
parents:
1067
diff
changeset
|
84 location /issuer { |
1382
cb1346b553aa
Tests: simple https tests merged back.
Sergey Kandaurov <pluknet@nginx.com>
parents:
1325
diff
changeset
|
85 return 200 "body $ssl_client_i_dn:$ssl_client_i_dn_legacy"; |
1068
d0ec761774a5
Tests: client certificate issuer/subject variables.
Sergey Kandaurov <pluknet@nginx.com>
parents:
1067
diff
changeset
|
86 } |
d0ec761774a5
Tests: client certificate issuer/subject variables.
Sergey Kandaurov <pluknet@nginx.com>
parents:
1067
diff
changeset
|
87 location /subject { |
1382
cb1346b553aa
Tests: simple https tests merged back.
Sergey Kandaurov <pluknet@nginx.com>
parents:
1325
diff
changeset
|
88 return 200 "body $ssl_client_s_dn:$ssl_client_s_dn_legacy"; |
cb1346b553aa
Tests: simple https tests merged back.
Sergey Kandaurov <pluknet@nginx.com>
parents:
1325
diff
changeset
|
89 } |
cb1346b553aa
Tests: simple https tests merged back.
Sergey Kandaurov <pluknet@nginx.com>
parents:
1325
diff
changeset
|
90 location /time { |
cb1346b553aa
Tests: simple https tests merged back.
Sergey Kandaurov <pluknet@nginx.com>
parents:
1325
diff
changeset
|
91 return 200 "body $ssl_client_v_start!$ssl_client_v_end!$ssl_client_v_remain"; |
1094
dd8f126afa32
Tests: client certificate time variables tests.
Andrey Zelenkov <zelenkov@nginx.com>
parents:
1093
diff
changeset
|
92 } |
1325
f80176242a7e
Tests: c->read->ready handling in ngx_ssl_recv(), fixed in 1.5.8.
Sergey Kandaurov <pluknet@nginx.com>
parents:
1324
diff
changeset
|
93 |
f80176242a7e
Tests: c->read->ready handling in ngx_ssl_recv(), fixed in 1.5.8.
Sergey Kandaurov <pluknet@nginx.com>
parents:
1324
diff
changeset
|
94 location /body { |
f80176242a7e
Tests: c->read->ready handling in ngx_ssl_recv(), fixed in 1.5.8.
Sergey Kandaurov <pluknet@nginx.com>
parents:
1324
diff
changeset
|
95 add_header X-Body $request_body always; |
f80176242a7e
Tests: c->read->ready handling in ngx_ssl_recv(), fixed in 1.5.8.
Sergey Kandaurov <pluknet@nginx.com>
parents:
1324
diff
changeset
|
96 proxy_pass http://127.0.0.1:8080/; |
1675
0d1cec688111
Tests: logging ssl variables with lingering close.
Sergey Kandaurov <pluknet@nginx.com>
parents:
1655
diff
changeset
|
97 |
0d1cec688111
Tests: logging ssl variables with lingering close.
Sergey Kandaurov <pluknet@nginx.com>
parents:
1655
diff
changeset
|
98 access_log %%TESTDIR%%/ssl.log ssl; |
1325
f80176242a7e
Tests: c->read->ready handling in ngx_ssl_recv(), fixed in 1.5.8.
Sergey Kandaurov <pluknet@nginx.com>
parents:
1324
diff
changeset
|
99 } |
664
97660514e518
Tests: more http ssl tests.
Andrey Zelenkov <zelenkov@nginx.com>
parents:
503
diff
changeset
|
100 } |
97660514e518
Tests: more http ssl tests.
Andrey Zelenkov <zelenkov@nginx.com>
parents:
503
diff
changeset
|
101 |
97660514e518
Tests: more http ssl tests.
Andrey Zelenkov <zelenkov@nginx.com>
parents:
503
diff
changeset
|
102 server { |
1276 | 103 listen 127.0.0.1:8081; |
664
97660514e518
Tests: more http ssl tests.
Andrey Zelenkov <zelenkov@nginx.com>
parents:
503
diff
changeset
|
104 server_name localhost; |
97660514e518
Tests: more http ssl tests.
Andrey Zelenkov <zelenkov@nginx.com>
parents:
503
diff
changeset
|
105 |
97660514e518
Tests: more http ssl tests.
Andrey Zelenkov <zelenkov@nginx.com>
parents:
503
diff
changeset
|
106 # Special case for enabled "ssl" directive. |
97660514e518
Tests: more http ssl tests.
Andrey Zelenkov <zelenkov@nginx.com>
parents:
503
diff
changeset
|
107 |
97660514e518
Tests: more http ssl tests.
Andrey Zelenkov <zelenkov@nginx.com>
parents:
503
diff
changeset
|
108 ssl on; |
97660514e518
Tests: more http ssl tests.
Andrey Zelenkov <zelenkov@nginx.com>
parents:
503
diff
changeset
|
109 ssl_session_cache builtin; |
97660514e518
Tests: more http ssl tests.
Andrey Zelenkov <zelenkov@nginx.com>
parents:
503
diff
changeset
|
110 |
97660514e518
Tests: more http ssl tests.
Andrey Zelenkov <zelenkov@nginx.com>
parents:
503
diff
changeset
|
111 location / { |
97660514e518
Tests: more http ssl tests.
Andrey Zelenkov <zelenkov@nginx.com>
parents:
503
diff
changeset
|
112 return 200 "body $ssl_session_reused"; |
97660514e518
Tests: more http ssl tests.
Andrey Zelenkov <zelenkov@nginx.com>
parents:
503
diff
changeset
|
113 } |
97660514e518
Tests: more http ssl tests.
Andrey Zelenkov <zelenkov@nginx.com>
parents:
503
diff
changeset
|
114 } |
97660514e518
Tests: more http ssl tests.
Andrey Zelenkov <zelenkov@nginx.com>
parents:
503
diff
changeset
|
115 |
97660514e518
Tests: more http ssl tests.
Andrey Zelenkov <zelenkov@nginx.com>
parents:
503
diff
changeset
|
116 server { |
1276 | 117 listen 127.0.0.1:8082 ssl; |
664
97660514e518
Tests: more http ssl tests.
Andrey Zelenkov <zelenkov@nginx.com>
parents:
503
diff
changeset
|
118 server_name localhost; |
97660514e518
Tests: more http ssl tests.
Andrey Zelenkov <zelenkov@nginx.com>
parents:
503
diff
changeset
|
119 |
97660514e518
Tests: more http ssl tests.
Andrey Zelenkov <zelenkov@nginx.com>
parents:
503
diff
changeset
|
120 ssl_session_cache builtin:1000; |
97660514e518
Tests: more http ssl tests.
Andrey Zelenkov <zelenkov@nginx.com>
parents:
503
diff
changeset
|
121 |
97660514e518
Tests: more http ssl tests.
Andrey Zelenkov <zelenkov@nginx.com>
parents:
503
diff
changeset
|
122 location / { |
97660514e518
Tests: more http ssl tests.
Andrey Zelenkov <zelenkov@nginx.com>
parents:
503
diff
changeset
|
123 return 200 "body $ssl_session_reused"; |
97660514e518
Tests: more http ssl tests.
Andrey Zelenkov <zelenkov@nginx.com>
parents:
503
diff
changeset
|
124 } |
97660514e518
Tests: more http ssl tests.
Andrey Zelenkov <zelenkov@nginx.com>
parents:
503
diff
changeset
|
125 } |
97660514e518
Tests: more http ssl tests.
Andrey Zelenkov <zelenkov@nginx.com>
parents:
503
diff
changeset
|
126 |
97660514e518
Tests: more http ssl tests.
Andrey Zelenkov <zelenkov@nginx.com>
parents:
503
diff
changeset
|
127 server { |
1276 | 128 listen 127.0.0.1:8083 ssl; |
664
97660514e518
Tests: more http ssl tests.
Andrey Zelenkov <zelenkov@nginx.com>
parents:
503
diff
changeset
|
129 server_name localhost; |
97660514e518
Tests: more http ssl tests.
Andrey Zelenkov <zelenkov@nginx.com>
parents:
503
diff
changeset
|
130 |
97660514e518
Tests: more http ssl tests.
Andrey Zelenkov <zelenkov@nginx.com>
parents:
503
diff
changeset
|
131 ssl_session_cache none; |
97660514e518
Tests: more http ssl tests.
Andrey Zelenkov <zelenkov@nginx.com>
parents:
503
diff
changeset
|
132 |
97660514e518
Tests: more http ssl tests.
Andrey Zelenkov <zelenkov@nginx.com>
parents:
503
diff
changeset
|
133 location / { |
97660514e518
Tests: more http ssl tests.
Andrey Zelenkov <zelenkov@nginx.com>
parents:
503
diff
changeset
|
134 return 200 "body $ssl_session_reused"; |
97660514e518
Tests: more http ssl tests.
Andrey Zelenkov <zelenkov@nginx.com>
parents:
503
diff
changeset
|
135 } |
97660514e518
Tests: more http ssl tests.
Andrey Zelenkov <zelenkov@nginx.com>
parents:
503
diff
changeset
|
136 } |
97660514e518
Tests: more http ssl tests.
Andrey Zelenkov <zelenkov@nginx.com>
parents:
503
diff
changeset
|
137 |
97660514e518
Tests: more http ssl tests.
Andrey Zelenkov <zelenkov@nginx.com>
parents:
503
diff
changeset
|
138 server { |
1276 | 139 listen 127.0.0.1:8084 ssl; |
664
97660514e518
Tests: more http ssl tests.
Andrey Zelenkov <zelenkov@nginx.com>
parents:
503
diff
changeset
|
140 server_name localhost; |
97660514e518
Tests: more http ssl tests.
Andrey Zelenkov <zelenkov@nginx.com>
parents:
503
diff
changeset
|
141 |
97660514e518
Tests: more http ssl tests.
Andrey Zelenkov <zelenkov@nginx.com>
parents:
503
diff
changeset
|
142 ssl_session_cache off; |
97660514e518
Tests: more http ssl tests.
Andrey Zelenkov <zelenkov@nginx.com>
parents:
503
diff
changeset
|
143 |
97660514e518
Tests: more http ssl tests.
Andrey Zelenkov <zelenkov@nginx.com>
parents:
503
diff
changeset
|
144 location / { |
97660514e518
Tests: more http ssl tests.
Andrey Zelenkov <zelenkov@nginx.com>
parents:
503
diff
changeset
|
145 return 200 "body $ssl_session_reused"; |
97660514e518
Tests: more http ssl tests.
Andrey Zelenkov <zelenkov@nginx.com>
parents:
503
diff
changeset
|
146 } |
370
74cfe56c7b83
Tests: simple https tests.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
147 } |
1655
666d54ab5036
Tests: ssl_session_timeout fixes.
Sergey Kandaurov <pluknet@nginx.com>
parents:
1608
diff
changeset
|
148 |
666d54ab5036
Tests: ssl_session_timeout fixes.
Sergey Kandaurov <pluknet@nginx.com>
parents:
1608
diff
changeset
|
149 server { |
666d54ab5036
Tests: ssl_session_timeout fixes.
Sergey Kandaurov <pluknet@nginx.com>
parents:
1608
diff
changeset
|
150 listen 127.0.0.1:8086 ssl; |
666d54ab5036
Tests: ssl_session_timeout fixes.
Sergey Kandaurov <pluknet@nginx.com>
parents:
1608
diff
changeset
|
151 server_name localhost; |
666d54ab5036
Tests: ssl_session_timeout fixes.
Sergey Kandaurov <pluknet@nginx.com>
parents:
1608
diff
changeset
|
152 |
666d54ab5036
Tests: ssl_session_timeout fixes.
Sergey Kandaurov <pluknet@nginx.com>
parents:
1608
diff
changeset
|
153 ssl_session_cache shared:SSL:1m; |
666d54ab5036
Tests: ssl_session_timeout fixes.
Sergey Kandaurov <pluknet@nginx.com>
parents:
1608
diff
changeset
|
154 ssl_session_timeout 1; |
666d54ab5036
Tests: ssl_session_timeout fixes.
Sergey Kandaurov <pluknet@nginx.com>
parents:
1608
diff
changeset
|
155 |
666d54ab5036
Tests: ssl_session_timeout fixes.
Sergey Kandaurov <pluknet@nginx.com>
parents:
1608
diff
changeset
|
156 location / { |
666d54ab5036
Tests: ssl_session_timeout fixes.
Sergey Kandaurov <pluknet@nginx.com>
parents:
1608
diff
changeset
|
157 return 200 "body $ssl_session_reused"; |
666d54ab5036
Tests: ssl_session_timeout fixes.
Sergey Kandaurov <pluknet@nginx.com>
parents:
1608
diff
changeset
|
158 } |
666d54ab5036
Tests: ssl_session_timeout fixes.
Sergey Kandaurov <pluknet@nginx.com>
parents:
1608
diff
changeset
|
159 } |
370
74cfe56c7b83
Tests: simple https tests.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
160 } |
74cfe56c7b83
Tests: simple https tests.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
161 |
74cfe56c7b83
Tests: simple https tests.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
162 EOF |
74cfe56c7b83
Tests: simple https tests.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
163 |
74cfe56c7b83
Tests: simple https tests.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
164 $t->write_file('openssl.conf', <<EOF); |
74cfe56c7b83
Tests: simple https tests.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
165 [ req ] |
1488
dbce8fb5f5f8
Tests: align with OpenSSL security level 2.
Sergey Kandaurov <pluknet@nginx.com>
parents:
1478
diff
changeset
|
166 default_bits = 2048 |
370
74cfe56c7b83
Tests: simple https tests.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
167 encrypt_key = no |
74cfe56c7b83
Tests: simple https tests.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
168 distinguished_name = req_distinguished_name |
74cfe56c7b83
Tests: simple https tests.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
169 [ req_distinguished_name ] |
74cfe56c7b83
Tests: simple https tests.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
170 EOF |
74cfe56c7b83
Tests: simple https tests.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
171 |
74cfe56c7b83
Tests: simple https tests.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
172 my $d = $t->testdir(); |
74cfe56c7b83
Tests: simple https tests.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
173 |
1068
d0ec761774a5
Tests: client certificate issuer/subject variables.
Sergey Kandaurov <pluknet@nginx.com>
parents:
1067
diff
changeset
|
174 $t->write_file('ca.conf', <<EOF); |
d0ec761774a5
Tests: client certificate issuer/subject variables.
Sergey Kandaurov <pluknet@nginx.com>
parents:
1067
diff
changeset
|
175 [ ca ] |
d0ec761774a5
Tests: client certificate issuer/subject variables.
Sergey Kandaurov <pluknet@nginx.com>
parents:
1067
diff
changeset
|
176 default_ca = myca |
d0ec761774a5
Tests: client certificate issuer/subject variables.
Sergey Kandaurov <pluknet@nginx.com>
parents:
1067
diff
changeset
|
177 |
d0ec761774a5
Tests: client certificate issuer/subject variables.
Sergey Kandaurov <pluknet@nginx.com>
parents:
1067
diff
changeset
|
178 [ myca ] |
d0ec761774a5
Tests: client certificate issuer/subject variables.
Sergey Kandaurov <pluknet@nginx.com>
parents:
1067
diff
changeset
|
179 new_certs_dir = $d |
d0ec761774a5
Tests: client certificate issuer/subject variables.
Sergey Kandaurov <pluknet@nginx.com>
parents:
1067
diff
changeset
|
180 database = $d/certindex |
1488
dbce8fb5f5f8
Tests: align with OpenSSL security level 2.
Sergey Kandaurov <pluknet@nginx.com>
parents:
1478
diff
changeset
|
181 default_md = sha256 |
1068
d0ec761774a5
Tests: client certificate issuer/subject variables.
Sergey Kandaurov <pluknet@nginx.com>
parents:
1067
diff
changeset
|
182 policy = myca_policy |
d0ec761774a5
Tests: client certificate issuer/subject variables.
Sergey Kandaurov <pluknet@nginx.com>
parents:
1067
diff
changeset
|
183 serial = $d/certserial |
1094
dd8f126afa32
Tests: client certificate time variables tests.
Andrey Zelenkov <zelenkov@nginx.com>
parents:
1093
diff
changeset
|
184 default_days = 3 |
1068
d0ec761774a5
Tests: client certificate issuer/subject variables.
Sergey Kandaurov <pluknet@nginx.com>
parents:
1067
diff
changeset
|
185 |
d0ec761774a5
Tests: client certificate issuer/subject variables.
Sergey Kandaurov <pluknet@nginx.com>
parents:
1067
diff
changeset
|
186 [ myca_policy ] |
d0ec761774a5
Tests: client certificate issuer/subject variables.
Sergey Kandaurov <pluknet@nginx.com>
parents:
1067
diff
changeset
|
187 commonName = supplied |
d0ec761774a5
Tests: client certificate issuer/subject variables.
Sergey Kandaurov <pluknet@nginx.com>
parents:
1067
diff
changeset
|
188 EOF |
d0ec761774a5
Tests: client certificate issuer/subject variables.
Sergey Kandaurov <pluknet@nginx.com>
parents:
1067
diff
changeset
|
189 |
d0ec761774a5
Tests: client certificate issuer/subject variables.
Sergey Kandaurov <pluknet@nginx.com>
parents:
1067
diff
changeset
|
190 $t->write_file('certserial', '1000'); |
d0ec761774a5
Tests: client certificate issuer/subject variables.
Sergey Kandaurov <pluknet@nginx.com>
parents:
1067
diff
changeset
|
191 $t->write_file('certindex', ''); |
d0ec761774a5
Tests: client certificate issuer/subject variables.
Sergey Kandaurov <pluknet@nginx.com>
parents:
1067
diff
changeset
|
192 |
d0ec761774a5
Tests: client certificate issuer/subject variables.
Sergey Kandaurov <pluknet@nginx.com>
parents:
1067
diff
changeset
|
193 system('openssl req -x509 -new ' |
1220
0af58b78df35
Tests: removed single quotes from system() calls.
Sergey Kandaurov <pluknet@nginx.com>
parents:
1139
diff
changeset
|
194 . "-config $d/openssl.conf -subj /CN=issuer/ " |
0af58b78df35
Tests: removed single quotes from system() calls.
Sergey Kandaurov <pluknet@nginx.com>
parents:
1139
diff
changeset
|
195 . "-out $d/issuer.crt -keyout $d/issuer.key " |
1068
d0ec761774a5
Tests: client certificate issuer/subject variables.
Sergey Kandaurov <pluknet@nginx.com>
parents:
1067
diff
changeset
|
196 . ">>$d/openssl.out 2>&1") == 0 |
d0ec761774a5
Tests: client certificate issuer/subject variables.
Sergey Kandaurov <pluknet@nginx.com>
parents:
1067
diff
changeset
|
197 or die "Can't create certificate for issuer: $!\n"; |
d0ec761774a5
Tests: client certificate issuer/subject variables.
Sergey Kandaurov <pluknet@nginx.com>
parents:
1067
diff
changeset
|
198 |
d0ec761774a5
Tests: client certificate issuer/subject variables.
Sergey Kandaurov <pluknet@nginx.com>
parents:
1067
diff
changeset
|
199 system("openssl req -new " |
1220
0af58b78df35
Tests: removed single quotes from system() calls.
Sergey Kandaurov <pluknet@nginx.com>
parents:
1139
diff
changeset
|
200 . "-config $d/openssl.conf -subj /CN=subject/ " |
0af58b78df35
Tests: removed single quotes from system() calls.
Sergey Kandaurov <pluknet@nginx.com>
parents:
1139
diff
changeset
|
201 . "-out $d/subject.csr -keyout $d/subject.key " |
1068
d0ec761774a5
Tests: client certificate issuer/subject variables.
Sergey Kandaurov <pluknet@nginx.com>
parents:
1067
diff
changeset
|
202 . ">>$d/openssl.out 2>&1") == 0 |
d0ec761774a5
Tests: client certificate issuer/subject variables.
Sergey Kandaurov <pluknet@nginx.com>
parents:
1067
diff
changeset
|
203 or die "Can't create certificate for subject: $!\n"; |
d0ec761774a5
Tests: client certificate issuer/subject variables.
Sergey Kandaurov <pluknet@nginx.com>
parents:
1067
diff
changeset
|
204 |
1220
0af58b78df35
Tests: removed single quotes from system() calls.
Sergey Kandaurov <pluknet@nginx.com>
parents:
1139
diff
changeset
|
205 system("openssl ca -batch -config $d/ca.conf " |
0af58b78df35
Tests: removed single quotes from system() calls.
Sergey Kandaurov <pluknet@nginx.com>
parents:
1139
diff
changeset
|
206 . "-keyfile $d/issuer.key -cert $d/issuer.crt " |
0af58b78df35
Tests: removed single quotes from system() calls.
Sergey Kandaurov <pluknet@nginx.com>
parents:
1139
diff
changeset
|
207 . "-subj /CN=subject/ -in $d/subject.csr -out $d/subject.crt " |
1068
d0ec761774a5
Tests: client certificate issuer/subject variables.
Sergey Kandaurov <pluknet@nginx.com>
parents:
1067
diff
changeset
|
208 . ">>$d/openssl.out 2>&1") == 0 |
d0ec761774a5
Tests: client certificate issuer/subject variables.
Sergey Kandaurov <pluknet@nginx.com>
parents:
1067
diff
changeset
|
209 or die "Can't sign certificate for subject: $!\n"; |
d0ec761774a5
Tests: client certificate issuer/subject variables.
Sergey Kandaurov <pluknet@nginx.com>
parents:
1067
diff
changeset
|
210 |
664
97660514e518
Tests: more http ssl tests.
Andrey Zelenkov <zelenkov@nginx.com>
parents:
503
diff
changeset
|
211 foreach my $name ('localhost', 'inner') { |
370
74cfe56c7b83
Tests: simple https tests.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
212 system('openssl req -x509 -new ' |
1220
0af58b78df35
Tests: removed single quotes from system() calls.
Sergey Kandaurov <pluknet@nginx.com>
parents:
1139
diff
changeset
|
213 . "-config $d/openssl.conf -subj /CN=$name/ " |
0af58b78df35
Tests: removed single quotes from system() calls.
Sergey Kandaurov <pluknet@nginx.com>
parents:
1139
diff
changeset
|
214 . "-out $d/$name.crt -keyout $d/$name.key " |
370
74cfe56c7b83
Tests: simple https tests.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
215 . ">>$d/openssl.out 2>&1") == 0 |
74cfe56c7b83
Tests: simple https tests.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
216 or die "Can't create certificate for $name: $!\n"; |
74cfe56c7b83
Tests: simple https tests.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
217 } |
74cfe56c7b83
Tests: simple https tests.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
218 |
1514
c6f27bcdd9d9
Tests: revised ssl.t.
Sergey Kandaurov <pluknet@nginx.com>
parents:
1488
diff
changeset
|
219 # suppress deprecation warning |
370
74cfe56c7b83
Tests: simple https tests.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
220 |
1324
918bf90466e0
Tests: hide startup warnings about deprecated ssl.
Sergey Kandaurov <pluknet@nginx.com>
parents:
1276
diff
changeset
|
221 open OLDERR, ">&", \*STDERR; close STDERR; |
1139
e7e968e3eb74
Tests: split ssl.t to run relevant tests on stable versions again.
Sergey Kandaurov <pluknet@nginx.com>
parents:
1132
diff
changeset
|
222 $t->run(); |
1324
918bf90466e0
Tests: hide startup warnings about deprecated ssl.
Sergey Kandaurov <pluknet@nginx.com>
parents:
1276
diff
changeset
|
223 open STDERR, ">&", \*OLDERR; |
370
74cfe56c7b83
Tests: simple https tests.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
224 |
74cfe56c7b83
Tests: simple https tests.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
225 ############################################################################### |
74cfe56c7b83
Tests: simple https tests.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
226 |
1514
c6f27bcdd9d9
Tests: revised ssl.t.
Sergey Kandaurov <pluknet@nginx.com>
parents:
1488
diff
changeset
|
227 my $ctx; |
664
97660514e518
Tests: more http ssl tests.
Andrey Zelenkov <zelenkov@nginx.com>
parents:
503
diff
changeset
|
228 |
1478
f9718a0773b9
Tests: skip TLS 1.3 session reuse tests with older Perl modules.
Sergey Kandaurov <pluknet@nginx.com>
parents:
1449
diff
changeset
|
229 SKIP: { |
1514
c6f27bcdd9d9
Tests: revised ssl.t.
Sergey Kandaurov <pluknet@nginx.com>
parents:
1488
diff
changeset
|
230 skip 'no TLS 1.3 sessions', 6 if get('/protocol', 8085) =~ /TLSv1.3/ |
1478
f9718a0773b9
Tests: skip TLS 1.3 session reuse tests with older Perl modules.
Sergey Kandaurov <pluknet@nginx.com>
parents:
1449
diff
changeset
|
231 && ($Net::SSLeay::VERSION < 1.88 || $IO::Socket::SSL::VERSION < 2.061); |
f9718a0773b9
Tests: skip TLS 1.3 session reuse tests with older Perl modules.
Sergey Kandaurov <pluknet@nginx.com>
parents:
1449
diff
changeset
|
232 |
1514
c6f27bcdd9d9
Tests: revised ssl.t.
Sergey Kandaurov <pluknet@nginx.com>
parents:
1488
diff
changeset
|
233 $ctx = get_ssl_context(); |
c6f27bcdd9d9
Tests: revised ssl.t.
Sergey Kandaurov <pluknet@nginx.com>
parents:
1488
diff
changeset
|
234 |
c6f27bcdd9d9
Tests: revised ssl.t.
Sergey Kandaurov <pluknet@nginx.com>
parents:
1488
diff
changeset
|
235 like(get('/', 8085, $ctx), qr/^body \.$/m, 'cache shared'); |
c6f27bcdd9d9
Tests: revised ssl.t.
Sergey Kandaurov <pluknet@nginx.com>
parents:
1488
diff
changeset
|
236 like(get('/', 8085, $ctx), qr/^body r$/m, 'cache shared reused'); |
c6f27bcdd9d9
Tests: revised ssl.t.
Sergey Kandaurov <pluknet@nginx.com>
parents:
1488
diff
changeset
|
237 |
c6f27bcdd9d9
Tests: revised ssl.t.
Sergey Kandaurov <pluknet@nginx.com>
parents:
1488
diff
changeset
|
238 $ctx = get_ssl_context(); |
c6f27bcdd9d9
Tests: revised ssl.t.
Sergey Kandaurov <pluknet@nginx.com>
parents:
1488
diff
changeset
|
239 |
c6f27bcdd9d9
Tests: revised ssl.t.
Sergey Kandaurov <pluknet@nginx.com>
parents:
1488
diff
changeset
|
240 like(get('/', 8081, $ctx), qr/^body \.$/m, 'cache builtin'); |
c6f27bcdd9d9
Tests: revised ssl.t.
Sergey Kandaurov <pluknet@nginx.com>
parents:
1488
diff
changeset
|
241 like(get('/', 8081, $ctx), qr/^body r$/m, 'cache builtin reused'); |
c6f27bcdd9d9
Tests: revised ssl.t.
Sergey Kandaurov <pluknet@nginx.com>
parents:
1488
diff
changeset
|
242 |
c6f27bcdd9d9
Tests: revised ssl.t.
Sergey Kandaurov <pluknet@nginx.com>
parents:
1488
diff
changeset
|
243 $ctx = get_ssl_context(); |
c6f27bcdd9d9
Tests: revised ssl.t.
Sergey Kandaurov <pluknet@nginx.com>
parents:
1488
diff
changeset
|
244 |
c6f27bcdd9d9
Tests: revised ssl.t.
Sergey Kandaurov <pluknet@nginx.com>
parents:
1488
diff
changeset
|
245 like(get('/', 8082, $ctx), qr/^body \.$/m, 'cache builtin size'); |
c6f27bcdd9d9
Tests: revised ssl.t.
Sergey Kandaurov <pluknet@nginx.com>
parents:
1488
diff
changeset
|
246 like(get('/', 8082, $ctx), qr/^body r$/m, 'cache builtin size reused'); |
664
97660514e518
Tests: more http ssl tests.
Andrey Zelenkov <zelenkov@nginx.com>
parents:
503
diff
changeset
|
247 |
1478
f9718a0773b9
Tests: skip TLS 1.3 session reuse tests with older Perl modules.
Sergey Kandaurov <pluknet@nginx.com>
parents:
1449
diff
changeset
|
248 } |
664
97660514e518
Tests: more http ssl tests.
Andrey Zelenkov <zelenkov@nginx.com>
parents:
503
diff
changeset
|
249 |
1514
c6f27bcdd9d9
Tests: revised ssl.t.
Sergey Kandaurov <pluknet@nginx.com>
parents:
1488
diff
changeset
|
250 $ctx = get_ssl_context(); |
c6f27bcdd9d9
Tests: revised ssl.t.
Sergey Kandaurov <pluknet@nginx.com>
parents:
1488
diff
changeset
|
251 |
c6f27bcdd9d9
Tests: revised ssl.t.
Sergey Kandaurov <pluknet@nginx.com>
parents:
1488
diff
changeset
|
252 like(get('/', 8083, $ctx), qr/^body \.$/m, 'cache none'); |
c6f27bcdd9d9
Tests: revised ssl.t.
Sergey Kandaurov <pluknet@nginx.com>
parents:
1488
diff
changeset
|
253 like(get('/', 8083, $ctx), qr/^body \.$/m, 'cache none not reused'); |
664
97660514e518
Tests: more http ssl tests.
Andrey Zelenkov <zelenkov@nginx.com>
parents:
503
diff
changeset
|
254 |
1514
c6f27bcdd9d9
Tests: revised ssl.t.
Sergey Kandaurov <pluknet@nginx.com>
parents:
1488
diff
changeset
|
255 $ctx = get_ssl_context(); |
c6f27bcdd9d9
Tests: revised ssl.t.
Sergey Kandaurov <pluknet@nginx.com>
parents:
1488
diff
changeset
|
256 |
c6f27bcdd9d9
Tests: revised ssl.t.
Sergey Kandaurov <pluknet@nginx.com>
parents:
1488
diff
changeset
|
257 like(get('/', 8084, $ctx), qr/^body \.$/m, 'cache off'); |
c6f27bcdd9d9
Tests: revised ssl.t.
Sergey Kandaurov <pluknet@nginx.com>
parents:
1488
diff
changeset
|
258 like(get('/', 8084, $ctx), qr/^body \.$/m, 'cache off not reused'); |
664
97660514e518
Tests: more http ssl tests.
Andrey Zelenkov <zelenkov@nginx.com>
parents:
503
diff
changeset
|
259 |
97660514e518
Tests: more http ssl tests.
Andrey Zelenkov <zelenkov@nginx.com>
parents:
503
diff
changeset
|
260 # ssl certificate inheritance |
97660514e518
Tests: more http ssl tests.
Andrey Zelenkov <zelenkov@nginx.com>
parents:
503
diff
changeset
|
261 |
1514
c6f27bcdd9d9
Tests: revised ssl.t.
Sergey Kandaurov <pluknet@nginx.com>
parents:
1488
diff
changeset
|
262 my $s = get_ssl_socket(8081); |
664
97660514e518
Tests: more http ssl tests.
Andrey Zelenkov <zelenkov@nginx.com>
parents:
503
diff
changeset
|
263 like($s->dump_peer_certificate(), qr/CN=localhost/, 'CN'); |
97660514e518
Tests: more http ssl tests.
Andrey Zelenkov <zelenkov@nginx.com>
parents:
503
diff
changeset
|
264 |
97660514e518
Tests: more http ssl tests.
Andrey Zelenkov <zelenkov@nginx.com>
parents:
503
diff
changeset
|
265 $s->close(); |
97660514e518
Tests: more http ssl tests.
Andrey Zelenkov <zelenkov@nginx.com>
parents:
503
diff
changeset
|
266 |
1514
c6f27bcdd9d9
Tests: revised ssl.t.
Sergey Kandaurov <pluknet@nginx.com>
parents:
1488
diff
changeset
|
267 $s = get_ssl_socket(8085); |
664
97660514e518
Tests: more http ssl tests.
Andrey Zelenkov <zelenkov@nginx.com>
parents:
503
diff
changeset
|
268 like($s->dump_peer_certificate(), qr/CN=inner/, 'CN inner'); |
97660514e518
Tests: more http ssl tests.
Andrey Zelenkov <zelenkov@nginx.com>
parents:
503
diff
changeset
|
269 |
97660514e518
Tests: more http ssl tests.
Andrey Zelenkov <zelenkov@nginx.com>
parents:
503
diff
changeset
|
270 $s->close(); |
97660514e518
Tests: more http ssl tests.
Andrey Zelenkov <zelenkov@nginx.com>
parents:
503
diff
changeset
|
271 |
97660514e518
Tests: more http ssl tests.
Andrey Zelenkov <zelenkov@nginx.com>
parents:
503
diff
changeset
|
272 # session timeout |
97660514e518
Tests: more http ssl tests.
Andrey Zelenkov <zelenkov@nginx.com>
parents:
503
diff
changeset
|
273 |
1655
666d54ab5036
Tests: ssl_session_timeout fixes.
Sergey Kandaurov <pluknet@nginx.com>
parents:
1608
diff
changeset
|
274 $ctx = get_ssl_context(); |
666d54ab5036
Tests: ssl_session_timeout fixes.
Sergey Kandaurov <pluknet@nginx.com>
parents:
1608
diff
changeset
|
275 |
666d54ab5036
Tests: ssl_session_timeout fixes.
Sergey Kandaurov <pluknet@nginx.com>
parents:
1608
diff
changeset
|
276 get('/', 8086, $ctx); |
664
97660514e518
Tests: more http ssl tests.
Andrey Zelenkov <zelenkov@nginx.com>
parents:
503
diff
changeset
|
277 select undef, undef, undef, 2.1; |
97660514e518
Tests: more http ssl tests.
Andrey Zelenkov <zelenkov@nginx.com>
parents:
503
diff
changeset
|
278 |
1655
666d54ab5036
Tests: ssl_session_timeout fixes.
Sergey Kandaurov <pluknet@nginx.com>
parents:
1608
diff
changeset
|
279 like(get('/', 8086, $ctx), qr/^body \.$/m, 'session timeout'); |
664
97660514e518
Tests: more http ssl tests.
Andrey Zelenkov <zelenkov@nginx.com>
parents:
503
diff
changeset
|
280 |
97660514e518
Tests: more http ssl tests.
Andrey Zelenkov <zelenkov@nginx.com>
parents:
503
diff
changeset
|
281 # embedded variables |
370
74cfe56c7b83
Tests: simple https tests.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
282 |
1067
4606a2ec3d7c
Tests: ssl.t cleanup, no functional changes.
Sergey Kandaurov <pluknet@nginx.com>
parents:
974
diff
changeset
|
283 like(get('/id', 8085), qr/^body \w{64}$/m, 'session id'); |
370
74cfe56c7b83
Tests: simple https tests.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
284 unlike(http_get('/id'), qr/body \w/, 'session id no ssl'); |
1067
4606a2ec3d7c
Tests: ssl.t cleanup, no functional changes.
Sergey Kandaurov <pluknet@nginx.com>
parents:
974
diff
changeset
|
285 like(get('/cipher', 8085), qr/^body [\w-]+$/m, 'cipher'); |
1514
c6f27bcdd9d9
Tests: revised ssl.t.
Sergey Kandaurov <pluknet@nginx.com>
parents:
1488
diff
changeset
|
286 |
c6f27bcdd9d9
Tests: revised ssl.t.
Sergey Kandaurov <pluknet@nginx.com>
parents:
1488
diff
changeset
|
287 SKIP: { |
c6f27bcdd9d9
Tests: revised ssl.t.
Sergey Kandaurov <pluknet@nginx.com>
parents:
1488
diff
changeset
|
288 skip 'BoringSSL', 1 if $t->has_module('BoringSSL'); |
c6f27bcdd9d9
Tests: revised ssl.t.
Sergey Kandaurov <pluknet@nginx.com>
parents:
1488
diff
changeset
|
289 |
c6f27bcdd9d9
Tests: revised ssl.t.
Sergey Kandaurov <pluknet@nginx.com>
parents:
1488
diff
changeset
|
290 like(get('/ciphers', 8085), qr/^body [:\w-]+$/m, 'ciphers'); |
c6f27bcdd9d9
Tests: revised ssl.t.
Sergey Kandaurov <pluknet@nginx.com>
parents:
1488
diff
changeset
|
291 |
c6f27bcdd9d9
Tests: revised ssl.t.
Sergey Kandaurov <pluknet@nginx.com>
parents:
1488
diff
changeset
|
292 } |
c6f27bcdd9d9
Tests: revised ssl.t.
Sergey Kandaurov <pluknet@nginx.com>
parents:
1488
diff
changeset
|
293 |
1067
4606a2ec3d7c
Tests: ssl.t cleanup, no functional changes.
Sergey Kandaurov <pluknet@nginx.com>
parents:
974
diff
changeset
|
294 like(get('/client_verify', 8085), qr/^body NONE$/m, 'client verify'); |
4606a2ec3d7c
Tests: ssl.t cleanup, no functional changes.
Sergey Kandaurov <pluknet@nginx.com>
parents:
974
diff
changeset
|
295 like(get('/protocol', 8085), qr/^body (TLS|SSL)v(\d|\.)+$/m, 'protocol'); |
1382
cb1346b553aa
Tests: simple https tests merged back.
Sergey Kandaurov <pluknet@nginx.com>
parents:
1325
diff
changeset
|
296 like(cert('/issuer', 8085), qr!^body CN=issuer:/CN=issuer$!m, 'issuer'); |
cb1346b553aa
Tests: simple https tests merged back.
Sergey Kandaurov <pluknet@nginx.com>
parents:
1325
diff
changeset
|
297 like(cert('/subject', 8085), qr!^body CN=subject:/CN=subject$!m, 'subject'); |
cb1346b553aa
Tests: simple https tests merged back.
Sergey Kandaurov <pluknet@nginx.com>
parents:
1325
diff
changeset
|
298 like(cert('/time', 8085), qr/^body [:\s\w]+![:\s\w]+![23]$/m, 'time'); |
1139
e7e968e3eb74
Tests: split ssl.t to run relevant tests on stable versions again.
Sergey Kandaurov <pluknet@nginx.com>
parents:
1132
diff
changeset
|
299 |
1325
f80176242a7e
Tests: c->read->ready handling in ngx_ssl_recv(), fixed in 1.5.8.
Sergey Kandaurov <pluknet@nginx.com>
parents:
1324
diff
changeset
|
300 # c->read->ready handling bug in ngx_ssl_recv(), triggered with chunked body |
f80176242a7e
Tests: c->read->ready handling in ngx_ssl_recv(), fixed in 1.5.8.
Sergey Kandaurov <pluknet@nginx.com>
parents:
1324
diff
changeset
|
301 |
f80176242a7e
Tests: c->read->ready handling in ngx_ssl_recv(), fixed in 1.5.8.
Sergey Kandaurov <pluknet@nginx.com>
parents:
1324
diff
changeset
|
302 like(get_body('/body', '0123456789', 20, 5), qr/X-Body: (0123456789){100}/, |
f80176242a7e
Tests: c->read->ready handling in ngx_ssl_recv(), fixed in 1.5.8.
Sergey Kandaurov <pluknet@nginx.com>
parents:
1324
diff
changeset
|
303 'request body chunked'); |
f80176242a7e
Tests: c->read->ready handling in ngx_ssl_recv(), fixed in 1.5.8.
Sergey Kandaurov <pluknet@nginx.com>
parents:
1324
diff
changeset
|
304 |
1552
3b6b2667ece9
Tests: added https test with pipelined requests.
Sergey Kandaurov <pluknet@nginx.com>
parents:
1514
diff
changeset
|
305 # pipelined requests |
3b6b2667ece9
Tests: added https test with pipelined requests.
Sergey Kandaurov <pluknet@nginx.com>
parents:
1514
diff
changeset
|
306 |
3b6b2667ece9
Tests: added https test with pipelined requests.
Sergey Kandaurov <pluknet@nginx.com>
parents:
1514
diff
changeset
|
307 $s = get_ssl_socket(8085); |
3b6b2667ece9
Tests: added https test with pipelined requests.
Sergey Kandaurov <pluknet@nginx.com>
parents:
1514
diff
changeset
|
308 my $req = <<EOF; |
3b6b2667ece9
Tests: added https test with pipelined requests.
Sergey Kandaurov <pluknet@nginx.com>
parents:
1514
diff
changeset
|
309 GET / HTTP/1.1 |
3b6b2667ece9
Tests: added https test with pipelined requests.
Sergey Kandaurov <pluknet@nginx.com>
parents:
1514
diff
changeset
|
310 Host: localhost |
3b6b2667ece9
Tests: added https test with pipelined requests.
Sergey Kandaurov <pluknet@nginx.com>
parents:
1514
diff
changeset
|
311 |
3b6b2667ece9
Tests: added https test with pipelined requests.
Sergey Kandaurov <pluknet@nginx.com>
parents:
1514
diff
changeset
|
312 EOF |
3b6b2667ece9
Tests: added https test with pipelined requests.
Sergey Kandaurov <pluknet@nginx.com>
parents:
1514
diff
changeset
|
313 |
3b6b2667ece9
Tests: added https test with pipelined requests.
Sergey Kandaurov <pluknet@nginx.com>
parents:
1514
diff
changeset
|
314 $req x= 1000; |
3b6b2667ece9
Tests: added https test with pipelined requests.
Sergey Kandaurov <pluknet@nginx.com>
parents:
1514
diff
changeset
|
315 |
3b6b2667ece9
Tests: added https test with pipelined requests.
Sergey Kandaurov <pluknet@nginx.com>
parents:
1514
diff
changeset
|
316 my $r = http($req, socket => $s) || ""; |
1820
84b6bb8d74e5
Tests: speedup lingering close with request pipelining.
Sergey Kandaurov <pluknet@nginx.com>
parents:
1748
diff
changeset
|
317 $s = undef; |
1552
3b6b2667ece9
Tests: added https test with pipelined requests.
Sergey Kandaurov <pluknet@nginx.com>
parents:
1514
diff
changeset
|
318 is(() = $r =~ /(200 OK)/g, 1000, 'pipelined requests'); |
3b6b2667ece9
Tests: added https test with pipelined requests.
Sergey Kandaurov <pluknet@nginx.com>
parents:
1514
diff
changeset
|
319 |
1723
3581dc3c1937
Tests: added ssl test for "unexpected eof while reading".
Sergey Kandaurov <pluknet@nginx.com>
parents:
1695
diff
changeset
|
320 # OpenSSL 3.0 error "unexpected eof while reading" seen as a critical error |
3581dc3c1937
Tests: added ssl test for "unexpected eof while reading".
Sergey Kandaurov <pluknet@nginx.com>
parents:
1695
diff
changeset
|
321 |
3581dc3c1937
Tests: added ssl test for "unexpected eof while reading".
Sergey Kandaurov <pluknet@nginx.com>
parents:
1695
diff
changeset
|
322 ok(get_ssl_socket(8085), 'ssl unexpected eof'); |
3581dc3c1937
Tests: added ssl test for "unexpected eof while reading".
Sergey Kandaurov <pluknet@nginx.com>
parents:
1695
diff
changeset
|
323 |
1608
2f00ed2e0d1a
Tests: added test for SSL shutdown on lingering close.
Sergey Kandaurov <pluknet@nginx.com>
parents:
1552
diff
changeset
|
324 # close_notify is sent before lingering close |
2f00ed2e0d1a
Tests: added test for SSL shutdown on lingering close.
Sergey Kandaurov <pluknet@nginx.com>
parents:
1552
diff
changeset
|
325 |
2f00ed2e0d1a
Tests: added test for SSL shutdown on lingering close.
Sergey Kandaurov <pluknet@nginx.com>
parents:
1552
diff
changeset
|
326 is(get_ssl_shutdown(8085), 1, 'ssl shutdown on lingering close'); |
2f00ed2e0d1a
Tests: added test for SSL shutdown on lingering close.
Sergey Kandaurov <pluknet@nginx.com>
parents:
1552
diff
changeset
|
327 |
1675
0d1cec688111
Tests: logging ssl variables with lingering close.
Sergey Kandaurov <pluknet@nginx.com>
parents:
1655
diff
changeset
|
328 $t->stop(); |
0d1cec688111
Tests: logging ssl variables with lingering close.
Sergey Kandaurov <pluknet@nginx.com>
parents:
1655
diff
changeset
|
329 |
0d1cec688111
Tests: logging ssl variables with lingering close.
Sergey Kandaurov <pluknet@nginx.com>
parents:
1655
diff
changeset
|
330 like($t->read_file('ssl.log'), qr/^(TLS|SSL)v(\d|\.)+$/m, |
0d1cec688111
Tests: logging ssl variables with lingering close.
Sergey Kandaurov <pluknet@nginx.com>
parents:
1655
diff
changeset
|
331 'log ssl variable on lingering close'); |
0d1cec688111
Tests: logging ssl variables with lingering close.
Sergey Kandaurov <pluknet@nginx.com>
parents:
1655
diff
changeset
|
332 |
1723
3581dc3c1937
Tests: added ssl test for "unexpected eof while reading".
Sergey Kandaurov <pluknet@nginx.com>
parents:
1695
diff
changeset
|
333 like(`grep -F '[crit]' ${\($t->testdir())}/error.log`, qr/^$/s, 'no crit'); |
3581dc3c1937
Tests: added ssl test for "unexpected eof while reading".
Sergey Kandaurov <pluknet@nginx.com>
parents:
1695
diff
changeset
|
334 |
370
74cfe56c7b83
Tests: simple https tests.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
335 ############################################################################### |
74cfe56c7b83
Tests: simple https tests.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
336 |
1067
4606a2ec3d7c
Tests: ssl.t cleanup, no functional changes.
Sergey Kandaurov <pluknet@nginx.com>
parents:
974
diff
changeset
|
337 sub get { |
1514
c6f27bcdd9d9
Tests: revised ssl.t.
Sergey Kandaurov <pluknet@nginx.com>
parents:
1488
diff
changeset
|
338 my ($uri, $port, $ctx) = @_; |
c6f27bcdd9d9
Tests: revised ssl.t.
Sergey Kandaurov <pluknet@nginx.com>
parents:
1488
diff
changeset
|
339 my $s = get_ssl_socket($port, $ctx) or return; |
1132
3d312b6a1a19
Tests: avoid $ssl_session_reused tests failure with OpenSSL 1.1.0.
Sergey Kandaurov <pluknet@nginx.com>
parents:
1116
diff
changeset
|
340 my $r = http_get($uri, socket => $s); |
3d312b6a1a19
Tests: avoid $ssl_session_reused tests failure with OpenSSL 1.1.0.
Sergey Kandaurov <pluknet@nginx.com>
parents:
1116
diff
changeset
|
341 $s->close(); |
3d312b6a1a19
Tests: avoid $ssl_session_reused tests failure with OpenSSL 1.1.0.
Sergey Kandaurov <pluknet@nginx.com>
parents:
1116
diff
changeset
|
342 return $r; |
1067
4606a2ec3d7c
Tests: ssl.t cleanup, no functional changes.
Sergey Kandaurov <pluknet@nginx.com>
parents:
974
diff
changeset
|
343 } |
4606a2ec3d7c
Tests: ssl.t cleanup, no functional changes.
Sergey Kandaurov <pluknet@nginx.com>
parents:
974
diff
changeset
|
344 |
1325
f80176242a7e
Tests: c->read->ready handling in ngx_ssl_recv(), fixed in 1.5.8.
Sergey Kandaurov <pluknet@nginx.com>
parents:
1324
diff
changeset
|
345 sub get_body { |
f80176242a7e
Tests: c->read->ready handling in ngx_ssl_recv(), fixed in 1.5.8.
Sergey Kandaurov <pluknet@nginx.com>
parents:
1324
diff
changeset
|
346 my ($uri, $body, $len, $n) = @_; |
1514
c6f27bcdd9d9
Tests: revised ssl.t.
Sergey Kandaurov <pluknet@nginx.com>
parents:
1488
diff
changeset
|
347 my $s = get_ssl_socket(8085) or return; |
1325
f80176242a7e
Tests: c->read->ready handling in ngx_ssl_recv(), fixed in 1.5.8.
Sergey Kandaurov <pluknet@nginx.com>
parents:
1324
diff
changeset
|
348 http("GET /body HTTP/1.1" . CRLF |
f80176242a7e
Tests: c->read->ready handling in ngx_ssl_recv(), fixed in 1.5.8.
Sergey Kandaurov <pluknet@nginx.com>
parents:
1324
diff
changeset
|
349 . "Host: localhost" . CRLF |
f80176242a7e
Tests: c->read->ready handling in ngx_ssl_recv(), fixed in 1.5.8.
Sergey Kandaurov <pluknet@nginx.com>
parents:
1324
diff
changeset
|
350 . "Connection: close" . CRLF |
f80176242a7e
Tests: c->read->ready handling in ngx_ssl_recv(), fixed in 1.5.8.
Sergey Kandaurov <pluknet@nginx.com>
parents:
1324
diff
changeset
|
351 . "Transfer-Encoding: chunked" . CRLF . CRLF, |
f80176242a7e
Tests: c->read->ready handling in ngx_ssl_recv(), fixed in 1.5.8.
Sergey Kandaurov <pluknet@nginx.com>
parents:
1324
diff
changeset
|
352 socket => $s, start => 1); |
1514
c6f27bcdd9d9
Tests: revised ssl.t.
Sergey Kandaurov <pluknet@nginx.com>
parents:
1488
diff
changeset
|
353 my $chs = unpack("H*", pack("C", length($body) * $len)); |
c6f27bcdd9d9
Tests: revised ssl.t.
Sergey Kandaurov <pluknet@nginx.com>
parents:
1488
diff
changeset
|
354 http($chs . CRLF . $body x $len . CRLF, socket => $s, start => 1) |
1325
f80176242a7e
Tests: c->read->ready handling in ngx_ssl_recv(), fixed in 1.5.8.
Sergey Kandaurov <pluknet@nginx.com>
parents:
1324
diff
changeset
|
355 for 1 .. $n; |
f80176242a7e
Tests: c->read->ready handling in ngx_ssl_recv(), fixed in 1.5.8.
Sergey Kandaurov <pluknet@nginx.com>
parents:
1324
diff
changeset
|
356 my $r = http("0" . CRLF . CRLF, socket => $s); |
f80176242a7e
Tests: c->read->ready handling in ngx_ssl_recv(), fixed in 1.5.8.
Sergey Kandaurov <pluknet@nginx.com>
parents:
1324
diff
changeset
|
357 $s->close(); |
f80176242a7e
Tests: c->read->ready handling in ngx_ssl_recv(), fixed in 1.5.8.
Sergey Kandaurov <pluknet@nginx.com>
parents:
1324
diff
changeset
|
358 return $r; |
f80176242a7e
Tests: c->read->ready handling in ngx_ssl_recv(), fixed in 1.5.8.
Sergey Kandaurov <pluknet@nginx.com>
parents:
1324
diff
changeset
|
359 } |
f80176242a7e
Tests: c->read->ready handling in ngx_ssl_recv(), fixed in 1.5.8.
Sergey Kandaurov <pluknet@nginx.com>
parents:
1324
diff
changeset
|
360 |
1068
d0ec761774a5
Tests: client certificate issuer/subject variables.
Sergey Kandaurov <pluknet@nginx.com>
parents:
1067
diff
changeset
|
361 sub cert { |
d0ec761774a5
Tests: client certificate issuer/subject variables.
Sergey Kandaurov <pluknet@nginx.com>
parents:
1067
diff
changeset
|
362 my ($uri, $port) = @_; |
1514
c6f27bcdd9d9
Tests: revised ssl.t.
Sergey Kandaurov <pluknet@nginx.com>
parents:
1488
diff
changeset
|
363 my $s = get_ssl_socket($port, undef, |
1068
d0ec761774a5
Tests: client certificate issuer/subject variables.
Sergey Kandaurov <pluknet@nginx.com>
parents:
1067
diff
changeset
|
364 SSL_cert_file => "$d/subject.crt", |
d0ec761774a5
Tests: client certificate issuer/subject variables.
Sergey Kandaurov <pluknet@nginx.com>
parents:
1067
diff
changeset
|
365 SSL_key_file => "$d/subject.key") or return; |
d0ec761774a5
Tests: client certificate issuer/subject variables.
Sergey Kandaurov <pluknet@nginx.com>
parents:
1067
diff
changeset
|
366 http_get($uri, socket => $s); |
d0ec761774a5
Tests: client certificate issuer/subject variables.
Sergey Kandaurov <pluknet@nginx.com>
parents:
1067
diff
changeset
|
367 } |
d0ec761774a5
Tests: client certificate issuer/subject variables.
Sergey Kandaurov <pluknet@nginx.com>
parents:
1067
diff
changeset
|
368 |
1514
c6f27bcdd9d9
Tests: revised ssl.t.
Sergey Kandaurov <pluknet@nginx.com>
parents:
1488
diff
changeset
|
369 sub get_ssl_context { |
c6f27bcdd9d9
Tests: revised ssl.t.
Sergey Kandaurov <pluknet@nginx.com>
parents:
1488
diff
changeset
|
370 return IO::Socket::SSL::SSL_Context->new( |
c6f27bcdd9d9
Tests: revised ssl.t.
Sergey Kandaurov <pluknet@nginx.com>
parents:
1488
diff
changeset
|
371 SSL_verify_mode => IO::Socket::SSL::SSL_VERIFY_NONE(), |
c6f27bcdd9d9
Tests: revised ssl.t.
Sergey Kandaurov <pluknet@nginx.com>
parents:
1488
diff
changeset
|
372 SSL_session_cache_size => 100 |
c6f27bcdd9d9
Tests: revised ssl.t.
Sergey Kandaurov <pluknet@nginx.com>
parents:
1488
diff
changeset
|
373 ); |
c6f27bcdd9d9
Tests: revised ssl.t.
Sergey Kandaurov <pluknet@nginx.com>
parents:
1488
diff
changeset
|
374 } |
c6f27bcdd9d9
Tests: revised ssl.t.
Sergey Kandaurov <pluknet@nginx.com>
parents:
1488
diff
changeset
|
375 |
370
74cfe56c7b83
Tests: simple https tests.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
376 sub get_ssl_socket { |
1514
c6f27bcdd9d9
Tests: revised ssl.t.
Sergey Kandaurov <pluknet@nginx.com>
parents:
1488
diff
changeset
|
377 my ($port, $ctx, %extra) = @_; |
370
74cfe56c7b83
Tests: simple https tests.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
378 my $s; |
74cfe56c7b83
Tests: simple https tests.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
379 |
74cfe56c7b83
Tests: simple https tests.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
380 eval { |
74cfe56c7b83
Tests: simple https tests.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
381 local $SIG{ALRM} = sub { die "timeout\n" }; |
74cfe56c7b83
Tests: simple https tests.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
382 local $SIG{PIPE} = sub { die "sigpipe\n" }; |
1421
4e48bf51714f
Tests: aligned various generic read timeouts to http_end().
Sergey Kandaurov <pluknet@nginx.com>
parents:
1407
diff
changeset
|
383 alarm(8); |
370
74cfe56c7b83
Tests: simple https tests.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
384 $s = IO::Socket::SSL->new( |
74cfe56c7b83
Tests: simple https tests.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
385 Proto => 'tcp', |
664
97660514e518
Tests: more http ssl tests.
Andrey Zelenkov <zelenkov@nginx.com>
parents:
503
diff
changeset
|
386 PeerAddr => '127.0.0.1', |
1514
c6f27bcdd9d9
Tests: revised ssl.t.
Sergey Kandaurov <pluknet@nginx.com>
parents:
1488
diff
changeset
|
387 PeerPort => port($port), |
370
74cfe56c7b83
Tests: simple https tests.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
388 SSL_verify_mode => IO::Socket::SSL::SSL_VERIFY_NONE(), |
74cfe56c7b83
Tests: simple https tests.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
389 SSL_reuse_ctx => $ctx, |
1068
d0ec761774a5
Tests: client certificate issuer/subject variables.
Sergey Kandaurov <pluknet@nginx.com>
parents:
1067
diff
changeset
|
390 SSL_error_trap => sub { die $_[1] }, |
d0ec761774a5
Tests: client certificate issuer/subject variables.
Sergey Kandaurov <pluknet@nginx.com>
parents:
1067
diff
changeset
|
391 %extra |
370
74cfe56c7b83
Tests: simple https tests.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
392 ); |
74cfe56c7b83
Tests: simple https tests.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
393 alarm(0); |
74cfe56c7b83
Tests: simple https tests.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
394 }; |
74cfe56c7b83
Tests: simple https tests.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
395 alarm(0); |
74cfe56c7b83
Tests: simple https tests.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
396 |
74cfe56c7b83
Tests: simple https tests.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
397 if ($@) { |
74cfe56c7b83
Tests: simple https tests.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
398 log_in("died: $@"); |
74cfe56c7b83
Tests: simple https tests.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
399 return undef; |
74cfe56c7b83
Tests: simple https tests.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
400 } |
74cfe56c7b83
Tests: simple https tests.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
401 |
74cfe56c7b83
Tests: simple https tests.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
402 return $s; |
74cfe56c7b83
Tests: simple https tests.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
403 } |
74cfe56c7b83
Tests: simple https tests.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
404 |
1608
2f00ed2e0d1a
Tests: added test for SSL shutdown on lingering close.
Sergey Kandaurov <pluknet@nginx.com>
parents:
1552
diff
changeset
|
405 sub get_ssl_shutdown { |
2f00ed2e0d1a
Tests: added test for SSL shutdown on lingering close.
Sergey Kandaurov <pluknet@nginx.com>
parents:
1552
diff
changeset
|
406 my ($port) = @_; |
2f00ed2e0d1a
Tests: added test for SSL shutdown on lingering close.
Sergey Kandaurov <pluknet@nginx.com>
parents:
1552
diff
changeset
|
407 |
2f00ed2e0d1a
Tests: added test for SSL shutdown on lingering close.
Sergey Kandaurov <pluknet@nginx.com>
parents:
1552
diff
changeset
|
408 my $s = IO::Socket::INET->new('127.0.0.1:' . port($port)); |
2f00ed2e0d1a
Tests: added test for SSL shutdown on lingering close.
Sergey Kandaurov <pluknet@nginx.com>
parents:
1552
diff
changeset
|
409 my $ctx = Net::SSLeay::CTX_new() or die("Failed to create SSL_CTX $!"); |
2f00ed2e0d1a
Tests: added test for SSL shutdown on lingering close.
Sergey Kandaurov <pluknet@nginx.com>
parents:
1552
diff
changeset
|
410 my $ssl = Net::SSLeay::new($ctx) or die("Failed to create SSL $!"); |
2f00ed2e0d1a
Tests: added test for SSL shutdown on lingering close.
Sergey Kandaurov <pluknet@nginx.com>
parents:
1552
diff
changeset
|
411 Net::SSLeay::set_fd($ssl, fileno($s)); |
2f00ed2e0d1a
Tests: added test for SSL shutdown on lingering close.
Sergey Kandaurov <pluknet@nginx.com>
parents:
1552
diff
changeset
|
412 Net::SSLeay::connect($ssl) or die("ssl connect"); |
2f00ed2e0d1a
Tests: added test for SSL shutdown on lingering close.
Sergey Kandaurov <pluknet@nginx.com>
parents:
1552
diff
changeset
|
413 Net::SSLeay::write($ssl, 'GET /' . CRLF . 'extra'); |
2f00ed2e0d1a
Tests: added test for SSL shutdown on lingering close.
Sergey Kandaurov <pluknet@nginx.com>
parents:
1552
diff
changeset
|
414 Net::SSLeay::read($ssl); |
2f00ed2e0d1a
Tests: added test for SSL shutdown on lingering close.
Sergey Kandaurov <pluknet@nginx.com>
parents:
1552
diff
changeset
|
415 Net::SSLeay::set_shutdown($ssl, 1); |
2f00ed2e0d1a
Tests: added test for SSL shutdown on lingering close.
Sergey Kandaurov <pluknet@nginx.com>
parents:
1552
diff
changeset
|
416 Net::SSLeay::shutdown($ssl); |
2f00ed2e0d1a
Tests: added test for SSL shutdown on lingering close.
Sergey Kandaurov <pluknet@nginx.com>
parents:
1552
diff
changeset
|
417 } |
2f00ed2e0d1a
Tests: added test for SSL shutdown on lingering close.
Sergey Kandaurov <pluknet@nginx.com>
parents:
1552
diff
changeset
|
418 |
370
74cfe56c7b83
Tests: simple https tests.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
419 ############################################################################### |