nginx-tests: ssl.t annotate

annotate ssl.t @ 1825:3629eda94c1b

Tests: handling of EWOULDBLOCK from sysread() with IO::Socket::SSL. With IO::Socket::SSL, when select() reports that the socket is readable, reading from it might still fail with EWOULDBLOCK, since no application data is available in the socket. In particular, this might happen with TLSv1.3 when a session ticket is received after the handshake. Fix is to explicitly check for EWOULDBLOCK errors.

author	Maxim Dounin <mdounin@mdounin.ru>
date	Tue, 21 Mar 2023 02:57:39 +0300
parents	84b6bb8d74e5
children	a78c32419f02

rev	line source
370 74cfe56c7b83 Tests: simple https tests. Sergey Kandaurov <pluknet@nginx.com> parents: diff changeset	1 #!/usr/bin/perl
74cfe56c7b83 Tests: simple https tests. Sergey Kandaurov <pluknet@nginx.com> parents: diff changeset	2
74cfe56c7b83 Tests: simple https tests. Sergey Kandaurov <pluknet@nginx.com> parents: diff changeset	3 # (C) Sergey Kandaurov
664 97660514e518 Tests: more http ssl tests. Andrey Zelenkov <zelenkov@nginx.com> parents: 503 diff changeset	4 # (C) Andrey Zelenkov
370 74cfe56c7b83 Tests: simple https tests. Sergey Kandaurov <pluknet@nginx.com> parents: diff changeset	5 # (C) Nginx, Inc.
74cfe56c7b83 Tests: simple https tests. Sergey Kandaurov <pluknet@nginx.com> parents: diff changeset	6
74cfe56c7b83 Tests: simple https tests. Sergey Kandaurov <pluknet@nginx.com> parents: diff changeset	7 # Tests for http ssl module.
74cfe56c7b83 Tests: simple https tests. Sergey Kandaurov <pluknet@nginx.com> parents: diff changeset	8
74cfe56c7b83 Tests: simple https tests. Sergey Kandaurov <pluknet@nginx.com> parents: diff changeset	9 ###############################################################################
74cfe56c7b83 Tests: simple https tests. Sergey Kandaurov <pluknet@nginx.com> parents: diff changeset	10
74cfe56c7b83 Tests: simple https tests. Sergey Kandaurov <pluknet@nginx.com> parents: diff changeset	11 use warnings;
74cfe56c7b83 Tests: simple https tests. Sergey Kandaurov <pluknet@nginx.com> parents: diff changeset	12 use strict;
74cfe56c7b83 Tests: simple https tests. Sergey Kandaurov <pluknet@nginx.com> parents: diff changeset	13
74cfe56c7b83 Tests: simple https tests. Sergey Kandaurov <pluknet@nginx.com> parents: diff changeset	14 use Test::More;
74cfe56c7b83 Tests: simple https tests. Sergey Kandaurov <pluknet@nginx.com> parents: diff changeset	15
1325 f80176242a7e Tests: c->read->ready handling in ngx_ssl_recv(), fixed in 1.5.8. Sergey Kandaurov <pluknet@nginx.com> parents: 1324 diff changeset	16 use Socket qw/ CRLF /;
f80176242a7e Tests: c->read->ready handling in ngx_ssl_recv(), fixed in 1.5.8. Sergey Kandaurov <pluknet@nginx.com> parents: 1324 diff changeset	17
370 74cfe56c7b83 Tests: simple https tests. Sergey Kandaurov <pluknet@nginx.com> parents: diff changeset	18 BEGIN { use FindBin; chdir($FindBin::Bin); }
74cfe56c7b83 Tests: simple https tests. Sergey Kandaurov <pluknet@nginx.com> parents: diff changeset	19
74cfe56c7b83 Tests: simple https tests. Sergey Kandaurov <pluknet@nginx.com> parents: diff changeset	20 use lib 'lib';
74cfe56c7b83 Tests: simple https tests. Sergey Kandaurov <pluknet@nginx.com> parents: diff changeset	21 use Test::Nginx;
74cfe56c7b83 Tests: simple https tests. Sergey Kandaurov <pluknet@nginx.com> parents: diff changeset	22
74cfe56c7b83 Tests: simple https tests. Sergey Kandaurov <pluknet@nginx.com> parents: diff changeset	23 ###############################################################################
74cfe56c7b83 Tests: simple https tests. Sergey Kandaurov <pluknet@nginx.com> parents: diff changeset	24
74cfe56c7b83 Tests: simple https tests. Sergey Kandaurov <pluknet@nginx.com> parents: diff changeset	25 select STDERR; $\| = 1;
74cfe56c7b83 Tests: simple https tests. Sergey Kandaurov <pluknet@nginx.com> parents: diff changeset	26 select STDOUT; $\| = 1;
74cfe56c7b83 Tests: simple https tests. Sergey Kandaurov <pluknet@nginx.com> parents: diff changeset	27
430 a82b02635614 Tests: skip ssl tests with ancient IO::Socket::SSL. Maxim Dounin <mdounin@mdounin.ru> parents: 397 diff changeset	28 eval { require IO::Socket::SSL; };
370 74cfe56c7b83 Tests: simple https tests. Sergey Kandaurov <pluknet@nginx.com> parents: diff changeset	29 plan(skip_all => 'IO::Socket::SSL not installed') if $@;
430 a82b02635614 Tests: skip ssl tests with ancient IO::Socket::SSL. Maxim Dounin <mdounin@mdounin.ru> parents: 397 diff changeset	30 eval { IO::Socket::SSL::SSL_VERIFY_NONE(); };
a82b02635614 Tests: skip ssl tests with ancient IO::Socket::SSL. Maxim Dounin <mdounin@mdounin.ru> parents: 397 diff changeset	31 plan(skip_all => 'IO::Socket::SSL too old') if $@;
370 74cfe56c7b83 Tests: simple https tests. Sergey Kandaurov <pluknet@nginx.com> parents: diff changeset	32
1325 f80176242a7e Tests: c->read->ready handling in ngx_ssl_recv(), fixed in 1.5.8. Sergey Kandaurov <pluknet@nginx.com> parents: 1324 diff changeset	33 my $t = Test::Nginx->new()->has(qw/http http_ssl rewrite proxy/)
1723 3581dc3c1937 Tests: added ssl test for "unexpected eof while reading". Sergey Kandaurov <pluknet@nginx.com> parents: 1695 diff changeset	34 ->has_daemon('openssl')->plan(28);
370 74cfe56c7b83 Tests: simple https tests. Sergey Kandaurov <pluknet@nginx.com> parents: diff changeset	35
1068 d0ec761774a5 Tests: client certificate issuer/subject variables. Sergey Kandaurov <pluknet@nginx.com> parents: 1067 diff changeset	36 $t->write_file_expand('nginx.conf', <<'EOF');
370 74cfe56c7b83 Tests: simple https tests. Sergey Kandaurov <pluknet@nginx.com> parents: diff changeset	37
74cfe56c7b83 Tests: simple https tests. Sergey Kandaurov <pluknet@nginx.com> parents: diff changeset	38 %%TEST_GLOBALS%%
74cfe56c7b83 Tests: simple https tests. Sergey Kandaurov <pluknet@nginx.com> parents: diff changeset	39
74cfe56c7b83 Tests: simple https tests. Sergey Kandaurov <pluknet@nginx.com> parents: diff changeset	40 daemon off;
74cfe56c7b83 Tests: simple https tests. Sergey Kandaurov <pluknet@nginx.com> parents: diff changeset	41
74cfe56c7b83 Tests: simple https tests. Sergey Kandaurov <pluknet@nginx.com> parents: diff changeset	42 events {
74cfe56c7b83 Tests: simple https tests. Sergey Kandaurov <pluknet@nginx.com> parents: diff changeset	43 }
74cfe56c7b83 Tests: simple https tests. Sergey Kandaurov <pluknet@nginx.com> parents: diff changeset	44
74cfe56c7b83 Tests: simple https tests. Sergey Kandaurov <pluknet@nginx.com> parents: diff changeset	45 http {
74cfe56c7b83 Tests: simple https tests. Sergey Kandaurov <pluknet@nginx.com> parents: diff changeset	46 %%TEST_GLOBALS_HTTP%%
74cfe56c7b83 Tests: simple https tests. Sergey Kandaurov <pluknet@nginx.com> parents: diff changeset	47
664 97660514e518 Tests: more http ssl tests. Andrey Zelenkov <zelenkov@nginx.com> parents: 503 diff changeset	48 ssl_certificate_key localhost.key;
97660514e518 Tests: more http ssl tests. Andrey Zelenkov <zelenkov@nginx.com> parents: 503 diff changeset	49 ssl_certificate localhost.crt;
97660514e518 Tests: more http ssl tests. Andrey Zelenkov <zelenkov@nginx.com> parents: 503 diff changeset	50 ssl_session_tickets off;
97660514e518 Tests: more http ssl tests. Andrey Zelenkov <zelenkov@nginx.com> parents: 503 diff changeset	51
1675 0d1cec688111 Tests: logging ssl variables with lingering close. Sergey Kandaurov <pluknet@nginx.com> parents: 1655 diff changeset	52 log_format ssl $ssl_protocol;
0d1cec688111 Tests: logging ssl variables with lingering close. Sergey Kandaurov <pluknet@nginx.com> parents: 1655 diff changeset	53
370 74cfe56c7b83 Tests: simple https tests. Sergey Kandaurov <pluknet@nginx.com> parents: diff changeset	54 server {
974 882267679006 Tests: simplified parallel modifications in tests. Andrey Zelenkov <zelenkov@nginx.com> parents: 952 diff changeset	55 listen 127.0.0.1:8085 ssl;
882267679006 Tests: simplified parallel modifications in tests. Andrey Zelenkov <zelenkov@nginx.com> parents: 952 diff changeset	56 listen 127.0.0.1:8080;
370 74cfe56c7b83 Tests: simple https tests. Sergey Kandaurov <pluknet@nginx.com> parents: diff changeset	57 server_name localhost;
74cfe56c7b83 Tests: simple https tests. Sergey Kandaurov <pluknet@nginx.com> parents: diff changeset	58
664 97660514e518 Tests: more http ssl tests. Andrey Zelenkov <zelenkov@nginx.com> parents: 503 diff changeset	59 ssl_certificate_key inner.key;
97660514e518 Tests: more http ssl tests. Andrey Zelenkov <zelenkov@nginx.com> parents: 503 diff changeset	60 ssl_certificate inner.crt;
503 071e8941e3bf Tests: reduce shared memory zone sizes. Maxim Dounin <mdounin@mdounin.ru> parents: 430 diff changeset	61 ssl_session_cache shared:SSL:1m;
1068 d0ec761774a5 Tests: client certificate issuer/subject variables. Sergey Kandaurov <pluknet@nginx.com> parents: 1067 diff changeset	62 ssl_verify_client optional_no_ca;
370 74cfe56c7b83 Tests: simple https tests. Sergey Kandaurov <pluknet@nginx.com> parents: diff changeset	63
1552 3b6b2667ece9 Tests: added https test with pipelined requests. Sergey Kandaurov <pluknet@nginx.com> parents: 1514 diff changeset	64 keepalive_requests 1000;
3b6b2667ece9 Tests: added https test with pipelined requests. Sergey Kandaurov <pluknet@nginx.com> parents: 1514 diff changeset	65
1514 c6f27bcdd9d9 Tests: revised ssl.t. Sergey Kandaurov <pluknet@nginx.com> parents: 1488 diff changeset	66 location / {
370 74cfe56c7b83 Tests: simple https tests. Sergey Kandaurov <pluknet@nginx.com> parents: diff changeset	67 return 200 "body $ssl_session_reused";
74cfe56c7b83 Tests: simple https tests. Sergey Kandaurov <pluknet@nginx.com> parents: diff changeset	68 }
74cfe56c7b83 Tests: simple https tests. Sergey Kandaurov <pluknet@nginx.com> parents: diff changeset	69 location /id {
74cfe56c7b83 Tests: simple https tests. Sergey Kandaurov <pluknet@nginx.com> parents: diff changeset	70 return 200 "body $ssl_session_id";
74cfe56c7b83 Tests: simple https tests. Sergey Kandaurov <pluknet@nginx.com> parents: diff changeset	71 }
664 97660514e518 Tests: more http ssl tests. Andrey Zelenkov <zelenkov@nginx.com> parents: 503 diff changeset	72 location /cipher {
97660514e518 Tests: more http ssl tests. Andrey Zelenkov <zelenkov@nginx.com> parents: 503 diff changeset	73 return 200 "body $ssl_cipher";
97660514e518 Tests: more http ssl tests. Andrey Zelenkov <zelenkov@nginx.com> parents: 503 diff changeset	74 }
1514 c6f27bcdd9d9 Tests: revised ssl.t. Sergey Kandaurov <pluknet@nginx.com> parents: 1488 diff changeset	75 location /ciphers {
c6f27bcdd9d9 Tests: revised ssl.t. Sergey Kandaurov <pluknet@nginx.com> parents: 1488 diff changeset	76 return 200 "body $ssl_ciphers";
c6f27bcdd9d9 Tests: revised ssl.t. Sergey Kandaurov <pluknet@nginx.com> parents: 1488 diff changeset	77 }
664 97660514e518 Tests: more http ssl tests. Andrey Zelenkov <zelenkov@nginx.com> parents: 503 diff changeset	78 location /client_verify {
97660514e518 Tests: more http ssl tests. Andrey Zelenkov <zelenkov@nginx.com> parents: 503 diff changeset	79 return 200 "body $ssl_client_verify";
97660514e518 Tests: more http ssl tests. Andrey Zelenkov <zelenkov@nginx.com> parents: 503 diff changeset	80 }
97660514e518 Tests: more http ssl tests. Andrey Zelenkov <zelenkov@nginx.com> parents: 503 diff changeset	81 location /protocol {
97660514e518 Tests: more http ssl tests. Andrey Zelenkov <zelenkov@nginx.com> parents: 503 diff changeset	82 return 200 "body $ssl_protocol";
97660514e518 Tests: more http ssl tests. Andrey Zelenkov <zelenkov@nginx.com> parents: 503 diff changeset	83 }
1068 d0ec761774a5 Tests: client certificate issuer/subject variables. Sergey Kandaurov <pluknet@nginx.com> parents: 1067 diff changeset	84 location /issuer {
1382 cb1346b553aa Tests: simple https tests merged back. Sergey Kandaurov <pluknet@nginx.com> parents: 1325 diff changeset	85 return 200 "body $ssl_client_i_dn:$ssl_client_i_dn_legacy";
1068 d0ec761774a5 Tests: client certificate issuer/subject variables. Sergey Kandaurov <pluknet@nginx.com> parents: 1067 diff changeset	86 }
d0ec761774a5 Tests: client certificate issuer/subject variables. Sergey Kandaurov <pluknet@nginx.com> parents: 1067 diff changeset	87 location /subject {
1382 cb1346b553aa Tests: simple https tests merged back. Sergey Kandaurov <pluknet@nginx.com> parents: 1325 diff changeset	88 return 200 "body $ssl_client_s_dn:$ssl_client_s_dn_legacy";
cb1346b553aa Tests: simple https tests merged back. Sergey Kandaurov <pluknet@nginx.com> parents: 1325 diff changeset	89 }
cb1346b553aa Tests: simple https tests merged back. Sergey Kandaurov <pluknet@nginx.com> parents: 1325 diff changeset	90 location /time {
cb1346b553aa Tests: simple https tests merged back. Sergey Kandaurov <pluknet@nginx.com> parents: 1325 diff changeset	91 return 200 "body $ssl_client_v_start!$ssl_client_v_end!$ssl_client_v_remain";
1094 dd8f126afa32 Tests: client certificate time variables tests. Andrey Zelenkov <zelenkov@nginx.com> parents: 1093 diff changeset	92 }
1325 f80176242a7e Tests: c->read->ready handling in ngx_ssl_recv(), fixed in 1.5.8. Sergey Kandaurov <pluknet@nginx.com> parents: 1324 diff changeset	93
f80176242a7e Tests: c->read->ready handling in ngx_ssl_recv(), fixed in 1.5.8. Sergey Kandaurov <pluknet@nginx.com> parents: 1324 diff changeset	94 location /body {
f80176242a7e Tests: c->read->ready handling in ngx_ssl_recv(), fixed in 1.5.8. Sergey Kandaurov <pluknet@nginx.com> parents: 1324 diff changeset	95 add_header X-Body $request_body always;
f80176242a7e Tests: c->read->ready handling in ngx_ssl_recv(), fixed in 1.5.8. Sergey Kandaurov <pluknet@nginx.com> parents: 1324 diff changeset	96 proxy_pass http://127.0.0.1:8080/;
1675 0d1cec688111 Tests: logging ssl variables with lingering close. Sergey Kandaurov <pluknet@nginx.com> parents: 1655 diff changeset	97
0d1cec688111 Tests: logging ssl variables with lingering close. Sergey Kandaurov <pluknet@nginx.com> parents: 1655 diff changeset	98 access_log %%TESTDIR%%/ssl.log ssl;
1325 f80176242a7e Tests: c->read->ready handling in ngx_ssl_recv(), fixed in 1.5.8. Sergey Kandaurov <pluknet@nginx.com> parents: 1324 diff changeset	99 }
664 97660514e518 Tests: more http ssl tests. Andrey Zelenkov <zelenkov@nginx.com> parents: 503 diff changeset	100 }
97660514e518 Tests: more http ssl tests. Andrey Zelenkov <zelenkov@nginx.com> parents: 503 diff changeset	101
97660514e518 Tests: more http ssl tests. Andrey Zelenkov <zelenkov@nginx.com> parents: 503 diff changeset	102 server {
1276 490691c45b3f Tests: style. Sergey Kandaurov <pluknet@nginx.com> parents: 1251 diff changeset	103 listen 127.0.0.1:8081;
664 97660514e518 Tests: more http ssl tests. Andrey Zelenkov <zelenkov@nginx.com> parents: 503 diff changeset	104 server_name localhost;
97660514e518 Tests: more http ssl tests. Andrey Zelenkov <zelenkov@nginx.com> parents: 503 diff changeset	105
97660514e518 Tests: more http ssl tests. Andrey Zelenkov <zelenkov@nginx.com> parents: 503 diff changeset	106 # Special case for enabled "ssl" directive.
97660514e518 Tests: more http ssl tests. Andrey Zelenkov <zelenkov@nginx.com> parents: 503 diff changeset	107
97660514e518 Tests: more http ssl tests. Andrey Zelenkov <zelenkov@nginx.com> parents: 503 diff changeset	108 ssl on;
97660514e518 Tests: more http ssl tests. Andrey Zelenkov <zelenkov@nginx.com> parents: 503 diff changeset	109 ssl_session_cache builtin;
97660514e518 Tests: more http ssl tests. Andrey Zelenkov <zelenkov@nginx.com> parents: 503 diff changeset	110
97660514e518 Tests: more http ssl tests. Andrey Zelenkov <zelenkov@nginx.com> parents: 503 diff changeset	111 location / {
97660514e518 Tests: more http ssl tests. Andrey Zelenkov <zelenkov@nginx.com> parents: 503 diff changeset	112 return 200 "body $ssl_session_reused";
97660514e518 Tests: more http ssl tests. Andrey Zelenkov <zelenkov@nginx.com> parents: 503 diff changeset	113 }
97660514e518 Tests: more http ssl tests. Andrey Zelenkov <zelenkov@nginx.com> parents: 503 diff changeset	114 }
97660514e518 Tests: more http ssl tests. Andrey Zelenkov <zelenkov@nginx.com> parents: 503 diff changeset	115
97660514e518 Tests: more http ssl tests. Andrey Zelenkov <zelenkov@nginx.com> parents: 503 diff changeset	116 server {
1276 490691c45b3f Tests: style. Sergey Kandaurov <pluknet@nginx.com> parents: 1251 diff changeset	117 listen 127.0.0.1:8082 ssl;
664 97660514e518 Tests: more http ssl tests. Andrey Zelenkov <zelenkov@nginx.com> parents: 503 diff changeset	118 server_name localhost;
97660514e518 Tests: more http ssl tests. Andrey Zelenkov <zelenkov@nginx.com> parents: 503 diff changeset	119
97660514e518 Tests: more http ssl tests. Andrey Zelenkov <zelenkov@nginx.com> parents: 503 diff changeset	120 ssl_session_cache builtin:1000;
97660514e518 Tests: more http ssl tests. Andrey Zelenkov <zelenkov@nginx.com> parents: 503 diff changeset	121
97660514e518 Tests: more http ssl tests. Andrey Zelenkov <zelenkov@nginx.com> parents: 503 diff changeset	122 location / {
97660514e518 Tests: more http ssl tests. Andrey Zelenkov <zelenkov@nginx.com> parents: 503 diff changeset	123 return 200 "body $ssl_session_reused";
97660514e518 Tests: more http ssl tests. Andrey Zelenkov <zelenkov@nginx.com> parents: 503 diff changeset	124 }
97660514e518 Tests: more http ssl tests. Andrey Zelenkov <zelenkov@nginx.com> parents: 503 diff changeset	125 }
97660514e518 Tests: more http ssl tests. Andrey Zelenkov <zelenkov@nginx.com> parents: 503 diff changeset	126
97660514e518 Tests: more http ssl tests. Andrey Zelenkov <zelenkov@nginx.com> parents: 503 diff changeset	127 server {
1276 490691c45b3f Tests: style. Sergey Kandaurov <pluknet@nginx.com> parents: 1251 diff changeset	128 listen 127.0.0.1:8083 ssl;
664 97660514e518 Tests: more http ssl tests. Andrey Zelenkov <zelenkov@nginx.com> parents: 503 diff changeset	129 server_name localhost;
97660514e518 Tests: more http ssl tests. Andrey Zelenkov <zelenkov@nginx.com> parents: 503 diff changeset	130
97660514e518 Tests: more http ssl tests. Andrey Zelenkov <zelenkov@nginx.com> parents: 503 diff changeset	131 ssl_session_cache none;
97660514e518 Tests: more http ssl tests. Andrey Zelenkov <zelenkov@nginx.com> parents: 503 diff changeset	132
97660514e518 Tests: more http ssl tests. Andrey Zelenkov <zelenkov@nginx.com> parents: 503 diff changeset	133 location / {
97660514e518 Tests: more http ssl tests. Andrey Zelenkov <zelenkov@nginx.com> parents: 503 diff changeset	134 return 200 "body $ssl_session_reused";
97660514e518 Tests: more http ssl tests. Andrey Zelenkov <zelenkov@nginx.com> parents: 503 diff changeset	135 }
97660514e518 Tests: more http ssl tests. Andrey Zelenkov <zelenkov@nginx.com> parents: 503 diff changeset	136 }
97660514e518 Tests: more http ssl tests. Andrey Zelenkov <zelenkov@nginx.com> parents: 503 diff changeset	137
97660514e518 Tests: more http ssl tests. Andrey Zelenkov <zelenkov@nginx.com> parents: 503 diff changeset	138 server {
1276 490691c45b3f Tests: style. Sergey Kandaurov <pluknet@nginx.com> parents: 1251 diff changeset	139 listen 127.0.0.1:8084 ssl;
664 97660514e518 Tests: more http ssl tests. Andrey Zelenkov <zelenkov@nginx.com> parents: 503 diff changeset	140 server_name localhost;
97660514e518 Tests: more http ssl tests. Andrey Zelenkov <zelenkov@nginx.com> parents: 503 diff changeset	141
97660514e518 Tests: more http ssl tests. Andrey Zelenkov <zelenkov@nginx.com> parents: 503 diff changeset	142 ssl_session_cache off;
97660514e518 Tests: more http ssl tests. Andrey Zelenkov <zelenkov@nginx.com> parents: 503 diff changeset	143
97660514e518 Tests: more http ssl tests. Andrey Zelenkov <zelenkov@nginx.com> parents: 503 diff changeset	144 location / {
97660514e518 Tests: more http ssl tests. Andrey Zelenkov <zelenkov@nginx.com> parents: 503 diff changeset	145 return 200 "body $ssl_session_reused";
97660514e518 Tests: more http ssl tests. Andrey Zelenkov <zelenkov@nginx.com> parents: 503 diff changeset	146 }
370 74cfe56c7b83 Tests: simple https tests. Sergey Kandaurov <pluknet@nginx.com> parents: diff changeset	147 }
1655 666d54ab5036 Tests: ssl_session_timeout fixes. Sergey Kandaurov <pluknet@nginx.com> parents: 1608 diff changeset	148
666d54ab5036 Tests: ssl_session_timeout fixes. Sergey Kandaurov <pluknet@nginx.com> parents: 1608 diff changeset	149 server {
666d54ab5036 Tests: ssl_session_timeout fixes. Sergey Kandaurov <pluknet@nginx.com> parents: 1608 diff changeset	150 listen 127.0.0.1:8086 ssl;
666d54ab5036 Tests: ssl_session_timeout fixes. Sergey Kandaurov <pluknet@nginx.com> parents: 1608 diff changeset	151 server_name localhost;
666d54ab5036 Tests: ssl_session_timeout fixes. Sergey Kandaurov <pluknet@nginx.com> parents: 1608 diff changeset	152
666d54ab5036 Tests: ssl_session_timeout fixes. Sergey Kandaurov <pluknet@nginx.com> parents: 1608 diff changeset	153 ssl_session_cache shared:SSL:1m;
666d54ab5036 Tests: ssl_session_timeout fixes. Sergey Kandaurov <pluknet@nginx.com> parents: 1608 diff changeset	154 ssl_session_timeout 1;
666d54ab5036 Tests: ssl_session_timeout fixes. Sergey Kandaurov <pluknet@nginx.com> parents: 1608 diff changeset	155
666d54ab5036 Tests: ssl_session_timeout fixes. Sergey Kandaurov <pluknet@nginx.com> parents: 1608 diff changeset	156 location / {
666d54ab5036 Tests: ssl_session_timeout fixes. Sergey Kandaurov <pluknet@nginx.com> parents: 1608 diff changeset	157 return 200 "body $ssl_session_reused";
666d54ab5036 Tests: ssl_session_timeout fixes. Sergey Kandaurov <pluknet@nginx.com> parents: 1608 diff changeset	158 }
666d54ab5036 Tests: ssl_session_timeout fixes. Sergey Kandaurov <pluknet@nginx.com> parents: 1608 diff changeset	159 }
370 74cfe56c7b83 Tests: simple https tests. Sergey Kandaurov <pluknet@nginx.com> parents: diff changeset	160 }
74cfe56c7b83 Tests: simple https tests. Sergey Kandaurov <pluknet@nginx.com> parents: diff changeset	161
74cfe56c7b83 Tests: simple https tests. Sergey Kandaurov <pluknet@nginx.com> parents: diff changeset	162 EOF
74cfe56c7b83 Tests: simple https tests. Sergey Kandaurov <pluknet@nginx.com> parents: diff changeset	163
74cfe56c7b83 Tests: simple https tests. Sergey Kandaurov <pluknet@nginx.com> parents: diff changeset	164 $t->write_file('openssl.conf', <<EOF);
74cfe56c7b83 Tests: simple https tests. Sergey Kandaurov <pluknet@nginx.com> parents: diff changeset	165 [ req ]
1488 dbce8fb5f5f8 Tests: align with OpenSSL security level 2. Sergey Kandaurov <pluknet@nginx.com> parents: 1478 diff changeset	166 default_bits = 2048
370 74cfe56c7b83 Tests: simple https tests. Sergey Kandaurov <pluknet@nginx.com> parents: diff changeset	167 encrypt_key = no
74cfe56c7b83 Tests: simple https tests. Sergey Kandaurov <pluknet@nginx.com> parents: diff changeset	168 distinguished_name = req_distinguished_name
74cfe56c7b83 Tests: simple https tests. Sergey Kandaurov <pluknet@nginx.com> parents: diff changeset	169 [ req_distinguished_name ]
74cfe56c7b83 Tests: simple https tests. Sergey Kandaurov <pluknet@nginx.com> parents: diff changeset	170 EOF
74cfe56c7b83 Tests: simple https tests. Sergey Kandaurov <pluknet@nginx.com> parents: diff changeset	171
74cfe56c7b83 Tests: simple https tests. Sergey Kandaurov <pluknet@nginx.com> parents: diff changeset	172 my $d = $t->testdir();
74cfe56c7b83 Tests: simple https tests. Sergey Kandaurov <pluknet@nginx.com> parents: diff changeset	173
1068 d0ec761774a5 Tests: client certificate issuer/subject variables. Sergey Kandaurov <pluknet@nginx.com> parents: 1067 diff changeset	174 $t->write_file('ca.conf', <<EOF);
d0ec761774a5 Tests: client certificate issuer/subject variables. Sergey Kandaurov <pluknet@nginx.com> parents: 1067 diff changeset	175 [ ca ]
d0ec761774a5 Tests: client certificate issuer/subject variables. Sergey Kandaurov <pluknet@nginx.com> parents: 1067 diff changeset	176 default_ca = myca
d0ec761774a5 Tests: client certificate issuer/subject variables. Sergey Kandaurov <pluknet@nginx.com> parents: 1067 diff changeset	177
d0ec761774a5 Tests: client certificate issuer/subject variables. Sergey Kandaurov <pluknet@nginx.com> parents: 1067 diff changeset	178 [ myca ]
d0ec761774a5 Tests: client certificate issuer/subject variables. Sergey Kandaurov <pluknet@nginx.com> parents: 1067 diff changeset	179 new_certs_dir = $d
d0ec761774a5 Tests: client certificate issuer/subject variables. Sergey Kandaurov <pluknet@nginx.com> parents: 1067 diff changeset	180 database = $d/certindex
1488 dbce8fb5f5f8 Tests: align with OpenSSL security level 2. Sergey Kandaurov <pluknet@nginx.com> parents: 1478 diff changeset	181 default_md = sha256
1068 d0ec761774a5 Tests: client certificate issuer/subject variables. Sergey Kandaurov <pluknet@nginx.com> parents: 1067 diff changeset	182 policy = myca_policy
d0ec761774a5 Tests: client certificate issuer/subject variables. Sergey Kandaurov <pluknet@nginx.com> parents: 1067 diff changeset	183 serial = $d/certserial
1094 dd8f126afa32 Tests: client certificate time variables tests. Andrey Zelenkov <zelenkov@nginx.com> parents: 1093 diff changeset	184 default_days = 3
1068 d0ec761774a5 Tests: client certificate issuer/subject variables. Sergey Kandaurov <pluknet@nginx.com> parents: 1067 diff changeset	185
d0ec761774a5 Tests: client certificate issuer/subject variables. Sergey Kandaurov <pluknet@nginx.com> parents: 1067 diff changeset	186 [ myca_policy ]
d0ec761774a5 Tests: client certificate issuer/subject variables. Sergey Kandaurov <pluknet@nginx.com> parents: 1067 diff changeset	187 commonName = supplied
d0ec761774a5 Tests: client certificate issuer/subject variables. Sergey Kandaurov <pluknet@nginx.com> parents: 1067 diff changeset	188 EOF
d0ec761774a5 Tests: client certificate issuer/subject variables. Sergey Kandaurov <pluknet@nginx.com> parents: 1067 diff changeset	189
d0ec761774a5 Tests: client certificate issuer/subject variables. Sergey Kandaurov <pluknet@nginx.com> parents: 1067 diff changeset	190 $t->write_file('certserial', '1000');
d0ec761774a5 Tests: client certificate issuer/subject variables. Sergey Kandaurov <pluknet@nginx.com> parents: 1067 diff changeset	191 $t->write_file('certindex', '');
d0ec761774a5 Tests: client certificate issuer/subject variables. Sergey Kandaurov <pluknet@nginx.com> parents: 1067 diff changeset	192
d0ec761774a5 Tests: client certificate issuer/subject variables. Sergey Kandaurov <pluknet@nginx.com> parents: 1067 diff changeset	193 system('openssl req -x509 -new '
1220 0af58b78df35 Tests: removed single quotes from system() calls. Sergey Kandaurov <pluknet@nginx.com> parents: 1139 diff changeset	194 . "-config $d/openssl.conf -subj /CN=issuer/ "
0af58b78df35 Tests: removed single quotes from system() calls. Sergey Kandaurov <pluknet@nginx.com> parents: 1139 diff changeset	195 . "-out $d/issuer.crt -keyout $d/issuer.key "
1068 d0ec761774a5 Tests: client certificate issuer/subject variables. Sergey Kandaurov <pluknet@nginx.com> parents: 1067 diff changeset	196 . ">>$d/openssl.out 2>&1") == 0
d0ec761774a5 Tests: client certificate issuer/subject variables. Sergey Kandaurov <pluknet@nginx.com> parents: 1067 diff changeset	197 or die "Can't create certificate for issuer: $!\n";
d0ec761774a5 Tests: client certificate issuer/subject variables. Sergey Kandaurov <pluknet@nginx.com> parents: 1067 diff changeset	198
d0ec761774a5 Tests: client certificate issuer/subject variables. Sergey Kandaurov <pluknet@nginx.com> parents: 1067 diff changeset	199 system("openssl req -new "
1220 0af58b78df35 Tests: removed single quotes from system() calls. Sergey Kandaurov <pluknet@nginx.com> parents: 1139 diff changeset	200 . "-config $d/openssl.conf -subj /CN=subject/ "
0af58b78df35 Tests: removed single quotes from system() calls. Sergey Kandaurov <pluknet@nginx.com> parents: 1139 diff changeset	201 . "-out $d/subject.csr -keyout $d/subject.key "
1068 d0ec761774a5 Tests: client certificate issuer/subject variables. Sergey Kandaurov <pluknet@nginx.com> parents: 1067 diff changeset	202 . ">>$d/openssl.out 2>&1") == 0
d0ec761774a5 Tests: client certificate issuer/subject variables. Sergey Kandaurov <pluknet@nginx.com> parents: 1067 diff changeset	203 or die "Can't create certificate for subject: $!\n";
d0ec761774a5 Tests: client certificate issuer/subject variables. Sergey Kandaurov <pluknet@nginx.com> parents: 1067 diff changeset	204
1220 0af58b78df35 Tests: removed single quotes from system() calls. Sergey Kandaurov <pluknet@nginx.com> parents: 1139 diff changeset	205 system("openssl ca -batch -config $d/ca.conf "
0af58b78df35 Tests: removed single quotes from system() calls. Sergey Kandaurov <pluknet@nginx.com> parents: 1139 diff changeset	206 . "-keyfile $d/issuer.key -cert $d/issuer.crt "
0af58b78df35 Tests: removed single quotes from system() calls. Sergey Kandaurov <pluknet@nginx.com> parents: 1139 diff changeset	207 . "-subj /CN=subject/ -in $d/subject.csr -out $d/subject.crt "
1068 d0ec761774a5 Tests: client certificate issuer/subject variables. Sergey Kandaurov <pluknet@nginx.com> parents: 1067 diff changeset	208 . ">>$d/openssl.out 2>&1") == 0
d0ec761774a5 Tests: client certificate issuer/subject variables. Sergey Kandaurov <pluknet@nginx.com> parents: 1067 diff changeset	209 or die "Can't sign certificate for subject: $!\n";
d0ec761774a5 Tests: client certificate issuer/subject variables. Sergey Kandaurov <pluknet@nginx.com> parents: 1067 diff changeset	210
664 97660514e518 Tests: more http ssl tests. Andrey Zelenkov <zelenkov@nginx.com> parents: 503 diff changeset	211 foreach my $name ('localhost', 'inner') {
370 74cfe56c7b83 Tests: simple https tests. Sergey Kandaurov <pluknet@nginx.com> parents: diff changeset	212 system('openssl req -x509 -new '
1220 0af58b78df35 Tests: removed single quotes from system() calls. Sergey Kandaurov <pluknet@nginx.com> parents: 1139 diff changeset	213 . "-config $d/openssl.conf -subj /CN=$name/ "
0af58b78df35 Tests: removed single quotes from system() calls. Sergey Kandaurov <pluknet@nginx.com> parents: 1139 diff changeset	214 . "-out $d/$name.crt -keyout $d/$name.key "
370 74cfe56c7b83 Tests: simple https tests. Sergey Kandaurov <pluknet@nginx.com> parents: diff changeset	215 . ">>$d/openssl.out 2>&1") == 0
74cfe56c7b83 Tests: simple https tests. Sergey Kandaurov <pluknet@nginx.com> parents: diff changeset	216 or die "Can't create certificate for $name: $!\n";
74cfe56c7b83 Tests: simple https tests. Sergey Kandaurov <pluknet@nginx.com> parents: diff changeset	217 }
74cfe56c7b83 Tests: simple https tests. Sergey Kandaurov <pluknet@nginx.com> parents: diff changeset	218
1514 c6f27bcdd9d9 Tests: revised ssl.t. Sergey Kandaurov <pluknet@nginx.com> parents: 1488 diff changeset	219 # suppress deprecation warning
370 74cfe56c7b83 Tests: simple https tests. Sergey Kandaurov <pluknet@nginx.com> parents: diff changeset	220
1324 918bf90466e0 Tests: hide startup warnings about deprecated ssl. Sergey Kandaurov <pluknet@nginx.com> parents: 1276 diff changeset	221 open OLDERR, ">&", \*STDERR; close STDERR;
1139 e7e968e3eb74 Tests: split ssl.t to run relevant tests on stable versions again. Sergey Kandaurov <pluknet@nginx.com> parents: 1132 diff changeset	222 $t->run();
1324 918bf90466e0 Tests: hide startup warnings about deprecated ssl. Sergey Kandaurov <pluknet@nginx.com> parents: 1276 diff changeset	223 open STDERR, ">&", \*OLDERR;
370 74cfe56c7b83 Tests: simple https tests. Sergey Kandaurov <pluknet@nginx.com> parents: diff changeset	224
74cfe56c7b83 Tests: simple https tests. Sergey Kandaurov <pluknet@nginx.com> parents: diff changeset	225 ###############################################################################
74cfe56c7b83 Tests: simple https tests. Sergey Kandaurov <pluknet@nginx.com> parents: diff changeset	226
1514 c6f27bcdd9d9 Tests: revised ssl.t. Sergey Kandaurov <pluknet@nginx.com> parents: 1488 diff changeset	227 my $ctx;
664 97660514e518 Tests: more http ssl tests. Andrey Zelenkov <zelenkov@nginx.com> parents: 503 diff changeset	228
1478 f9718a0773b9 Tests: skip TLS 1.3 session reuse tests with older Perl modules. Sergey Kandaurov <pluknet@nginx.com> parents: 1449 diff changeset	229 SKIP: {
1514 c6f27bcdd9d9 Tests: revised ssl.t. Sergey Kandaurov <pluknet@nginx.com> parents: 1488 diff changeset	230 skip 'no TLS 1.3 sessions', 6 if get('/protocol', 8085) =~ /TLSv1.3/
1478 f9718a0773b9 Tests: skip TLS 1.3 session reuse tests with older Perl modules. Sergey Kandaurov <pluknet@nginx.com> parents: 1449 diff changeset	231 && ($Net::SSLeay::VERSION < 1.88 \|\| $IO::Socket::SSL::VERSION < 2.061);
f9718a0773b9 Tests: skip TLS 1.3 session reuse tests with older Perl modules. Sergey Kandaurov <pluknet@nginx.com> parents: 1449 diff changeset	232
1514 c6f27bcdd9d9 Tests: revised ssl.t. Sergey Kandaurov <pluknet@nginx.com> parents: 1488 diff changeset	233 $ctx = get_ssl_context();
c6f27bcdd9d9 Tests: revised ssl.t. Sergey Kandaurov <pluknet@nginx.com> parents: 1488 diff changeset	234
c6f27bcdd9d9 Tests: revised ssl.t. Sergey Kandaurov <pluknet@nginx.com> parents: 1488 diff changeset	235 like(get('/', 8085, $ctx), qr/^body \.$/m, 'cache shared');
c6f27bcdd9d9 Tests: revised ssl.t. Sergey Kandaurov <pluknet@nginx.com> parents: 1488 diff changeset	236 like(get('/', 8085, $ctx), qr/^body r$/m, 'cache shared reused');
c6f27bcdd9d9 Tests: revised ssl.t. Sergey Kandaurov <pluknet@nginx.com> parents: 1488 diff changeset	237
c6f27bcdd9d9 Tests: revised ssl.t. Sergey Kandaurov <pluknet@nginx.com> parents: 1488 diff changeset	238 $ctx = get_ssl_context();
c6f27bcdd9d9 Tests: revised ssl.t. Sergey Kandaurov <pluknet@nginx.com> parents: 1488 diff changeset	239
c6f27bcdd9d9 Tests: revised ssl.t. Sergey Kandaurov <pluknet@nginx.com> parents: 1488 diff changeset	240 like(get('/', 8081, $ctx), qr/^body \.$/m, 'cache builtin');
c6f27bcdd9d9 Tests: revised ssl.t. Sergey Kandaurov <pluknet@nginx.com> parents: 1488 diff changeset	241 like(get('/', 8081, $ctx), qr/^body r$/m, 'cache builtin reused');
c6f27bcdd9d9 Tests: revised ssl.t. Sergey Kandaurov <pluknet@nginx.com> parents: 1488 diff changeset	242
c6f27bcdd9d9 Tests: revised ssl.t. Sergey Kandaurov <pluknet@nginx.com> parents: 1488 diff changeset	243 $ctx = get_ssl_context();
c6f27bcdd9d9 Tests: revised ssl.t. Sergey Kandaurov <pluknet@nginx.com> parents: 1488 diff changeset	244
c6f27bcdd9d9 Tests: revised ssl.t. Sergey Kandaurov <pluknet@nginx.com> parents: 1488 diff changeset	245 like(get('/', 8082, $ctx), qr/^body \.$/m, 'cache builtin size');
c6f27bcdd9d9 Tests: revised ssl.t. Sergey Kandaurov <pluknet@nginx.com> parents: 1488 diff changeset	246 like(get('/', 8082, $ctx), qr/^body r$/m, 'cache builtin size reused');
664 97660514e518 Tests: more http ssl tests. Andrey Zelenkov <zelenkov@nginx.com> parents: 503 diff changeset	247
1478 f9718a0773b9 Tests: skip TLS 1.3 session reuse tests with older Perl modules. Sergey Kandaurov <pluknet@nginx.com> parents: 1449 diff changeset	248 }
664 97660514e518 Tests: more http ssl tests. Andrey Zelenkov <zelenkov@nginx.com> parents: 503 diff changeset	249
1514 c6f27bcdd9d9 Tests: revised ssl.t. Sergey Kandaurov <pluknet@nginx.com> parents: 1488 diff changeset	250 $ctx = get_ssl_context();
c6f27bcdd9d9 Tests: revised ssl.t. Sergey Kandaurov <pluknet@nginx.com> parents: 1488 diff changeset	251
c6f27bcdd9d9 Tests: revised ssl.t. Sergey Kandaurov <pluknet@nginx.com> parents: 1488 diff changeset	252 like(get('/', 8083, $ctx), qr/^body \.$/m, 'cache none');
c6f27bcdd9d9 Tests: revised ssl.t. Sergey Kandaurov <pluknet@nginx.com> parents: 1488 diff changeset	253 like(get('/', 8083, $ctx), qr/^body \.$/m, 'cache none not reused');
664 97660514e518 Tests: more http ssl tests. Andrey Zelenkov <zelenkov@nginx.com> parents: 503 diff changeset	254
1514 c6f27bcdd9d9 Tests: revised ssl.t. Sergey Kandaurov <pluknet@nginx.com> parents: 1488 diff changeset	255 $ctx = get_ssl_context();
c6f27bcdd9d9 Tests: revised ssl.t. Sergey Kandaurov <pluknet@nginx.com> parents: 1488 diff changeset	256
c6f27bcdd9d9 Tests: revised ssl.t. Sergey Kandaurov <pluknet@nginx.com> parents: 1488 diff changeset	257 like(get('/', 8084, $ctx), qr/^body \.$/m, 'cache off');
c6f27bcdd9d9 Tests: revised ssl.t. Sergey Kandaurov <pluknet@nginx.com> parents: 1488 diff changeset	258 like(get('/', 8084, $ctx), qr/^body \.$/m, 'cache off not reused');
664 97660514e518 Tests: more http ssl tests. Andrey Zelenkov <zelenkov@nginx.com> parents: 503 diff changeset	259
97660514e518 Tests: more http ssl tests. Andrey Zelenkov <zelenkov@nginx.com> parents: 503 diff changeset	260 # ssl certificate inheritance
97660514e518 Tests: more http ssl tests. Andrey Zelenkov <zelenkov@nginx.com> parents: 503 diff changeset	261
1514 c6f27bcdd9d9 Tests: revised ssl.t. Sergey Kandaurov <pluknet@nginx.com> parents: 1488 diff changeset	262 my $s = get_ssl_socket(8081);
664 97660514e518 Tests: more http ssl tests. Andrey Zelenkov <zelenkov@nginx.com> parents: 503 diff changeset	263 like($s->dump_peer_certificate(), qr/CN=localhost/, 'CN');
97660514e518 Tests: more http ssl tests. Andrey Zelenkov <zelenkov@nginx.com> parents: 503 diff changeset	264
97660514e518 Tests: more http ssl tests. Andrey Zelenkov <zelenkov@nginx.com> parents: 503 diff changeset	265 $s->close();
97660514e518 Tests: more http ssl tests. Andrey Zelenkov <zelenkov@nginx.com> parents: 503 diff changeset	266
1514 c6f27bcdd9d9 Tests: revised ssl.t. Sergey Kandaurov <pluknet@nginx.com> parents: 1488 diff changeset	267 $s = get_ssl_socket(8085);
664 97660514e518 Tests: more http ssl tests. Andrey Zelenkov <zelenkov@nginx.com> parents: 503 diff changeset	268 like($s->dump_peer_certificate(), qr/CN=inner/, 'CN inner');
97660514e518 Tests: more http ssl tests. Andrey Zelenkov <zelenkov@nginx.com> parents: 503 diff changeset	269
97660514e518 Tests: more http ssl tests. Andrey Zelenkov <zelenkov@nginx.com> parents: 503 diff changeset	270 $s->close();
97660514e518 Tests: more http ssl tests. Andrey Zelenkov <zelenkov@nginx.com> parents: 503 diff changeset	271
97660514e518 Tests: more http ssl tests. Andrey Zelenkov <zelenkov@nginx.com> parents: 503 diff changeset	272 # session timeout
97660514e518 Tests: more http ssl tests. Andrey Zelenkov <zelenkov@nginx.com> parents: 503 diff changeset	273
1655 666d54ab5036 Tests: ssl_session_timeout fixes. Sergey Kandaurov <pluknet@nginx.com> parents: 1608 diff changeset	274 $ctx = get_ssl_context();
666d54ab5036 Tests: ssl_session_timeout fixes. Sergey Kandaurov <pluknet@nginx.com> parents: 1608 diff changeset	275
666d54ab5036 Tests: ssl_session_timeout fixes. Sergey Kandaurov <pluknet@nginx.com> parents: 1608 diff changeset	276 get('/', 8086, $ctx);
664 97660514e518 Tests: more http ssl tests. Andrey Zelenkov <zelenkov@nginx.com> parents: 503 diff changeset	277 select undef, undef, undef, 2.1;
97660514e518 Tests: more http ssl tests. Andrey Zelenkov <zelenkov@nginx.com> parents: 503 diff changeset	278
1655 666d54ab5036 Tests: ssl_session_timeout fixes. Sergey Kandaurov <pluknet@nginx.com> parents: 1608 diff changeset	279 like(get('/', 8086, $ctx), qr/^body \.$/m, 'session timeout');
664 97660514e518 Tests: more http ssl tests. Andrey Zelenkov <zelenkov@nginx.com> parents: 503 diff changeset	280
97660514e518 Tests: more http ssl tests. Andrey Zelenkov <zelenkov@nginx.com> parents: 503 diff changeset	281 # embedded variables
370 74cfe56c7b83 Tests: simple https tests. Sergey Kandaurov <pluknet@nginx.com> parents: diff changeset	282
1067 4606a2ec3d7c Tests: ssl.t cleanup, no functional changes. Sergey Kandaurov <pluknet@nginx.com> parents: 974 diff changeset	283 like(get('/id', 8085), qr/^body \w{64}$/m, 'session id');
370 74cfe56c7b83 Tests: simple https tests. Sergey Kandaurov <pluknet@nginx.com> parents: diff changeset	284 unlike(http_get('/id'), qr/body \w/, 'session id no ssl');
1067 4606a2ec3d7c Tests: ssl.t cleanup, no functional changes. Sergey Kandaurov <pluknet@nginx.com> parents: 974 diff changeset	285 like(get('/cipher', 8085), qr/^body [\w-]+$/m, 'cipher');
1514 c6f27bcdd9d9 Tests: revised ssl.t. Sergey Kandaurov <pluknet@nginx.com> parents: 1488 diff changeset	286
c6f27bcdd9d9 Tests: revised ssl.t. Sergey Kandaurov <pluknet@nginx.com> parents: 1488 diff changeset	287 SKIP: {
c6f27bcdd9d9 Tests: revised ssl.t. Sergey Kandaurov <pluknet@nginx.com> parents: 1488 diff changeset	288 skip 'BoringSSL', 1 if $t->has_module('BoringSSL');
c6f27bcdd9d9 Tests: revised ssl.t. Sergey Kandaurov <pluknet@nginx.com> parents: 1488 diff changeset	289
c6f27bcdd9d9 Tests: revised ssl.t. Sergey Kandaurov <pluknet@nginx.com> parents: 1488 diff changeset	290 like(get('/ciphers', 8085), qr/^body [:\w-]+$/m, 'ciphers');
c6f27bcdd9d9 Tests: revised ssl.t. Sergey Kandaurov <pluknet@nginx.com> parents: 1488 diff changeset	291
c6f27bcdd9d9 Tests: revised ssl.t. Sergey Kandaurov <pluknet@nginx.com> parents: 1488 diff changeset	292 }
c6f27bcdd9d9 Tests: revised ssl.t. Sergey Kandaurov <pluknet@nginx.com> parents: 1488 diff changeset	293
1067 4606a2ec3d7c Tests: ssl.t cleanup, no functional changes. Sergey Kandaurov <pluknet@nginx.com> parents: 974 diff changeset	294 like(get('/client_verify', 8085), qr/^body NONE$/m, 'client verify');
4606a2ec3d7c Tests: ssl.t cleanup, no functional changes. Sergey Kandaurov <pluknet@nginx.com> parents: 974 diff changeset	295 like(get('/protocol', 8085), qr/^body (TLS\|SSL)v(\d\|\.)+$/m, 'protocol');
1382 cb1346b553aa Tests: simple https tests merged back. Sergey Kandaurov <pluknet@nginx.com> parents: 1325 diff changeset	296 like(cert('/issuer', 8085), qr!^body CN=issuer:/CN=issuer$!m, 'issuer');
cb1346b553aa Tests: simple https tests merged back. Sergey Kandaurov <pluknet@nginx.com> parents: 1325 diff changeset	297 like(cert('/subject', 8085), qr!^body CN=subject:/CN=subject$!m, 'subject');
cb1346b553aa Tests: simple https tests merged back. Sergey Kandaurov <pluknet@nginx.com> parents: 1325 diff changeset	298 like(cert('/time', 8085), qr/^body [:\s\w]+![:\s\w]+![23]$/m, 'time');
1139 e7e968e3eb74 Tests: split ssl.t to run relevant tests on stable versions again. Sergey Kandaurov <pluknet@nginx.com> parents: 1132 diff changeset	299
1325 f80176242a7e Tests: c->read->ready handling in ngx_ssl_recv(), fixed in 1.5.8. Sergey Kandaurov <pluknet@nginx.com> parents: 1324 diff changeset	300 # c->read->ready handling bug in ngx_ssl_recv(), triggered with chunked body
f80176242a7e Tests: c->read->ready handling in ngx_ssl_recv(), fixed in 1.5.8. Sergey Kandaurov <pluknet@nginx.com> parents: 1324 diff changeset	301
f80176242a7e Tests: c->read->ready handling in ngx_ssl_recv(), fixed in 1.5.8. Sergey Kandaurov <pluknet@nginx.com> parents: 1324 diff changeset	302 like(get_body('/body', '0123456789', 20, 5), qr/X-Body: (0123456789){100}/,
f80176242a7e Tests: c->read->ready handling in ngx_ssl_recv(), fixed in 1.5.8. Sergey Kandaurov <pluknet@nginx.com> parents: 1324 diff changeset	303 'request body chunked');
f80176242a7e Tests: c->read->ready handling in ngx_ssl_recv(), fixed in 1.5.8. Sergey Kandaurov <pluknet@nginx.com> parents: 1324 diff changeset	304
1552 3b6b2667ece9 Tests: added https test with pipelined requests. Sergey Kandaurov <pluknet@nginx.com> parents: 1514 diff changeset	305 # pipelined requests
3b6b2667ece9 Tests: added https test with pipelined requests. Sergey Kandaurov <pluknet@nginx.com> parents: 1514 diff changeset	306
3b6b2667ece9 Tests: added https test with pipelined requests. Sergey Kandaurov <pluknet@nginx.com> parents: 1514 diff changeset	307 $s = get_ssl_socket(8085);
3b6b2667ece9 Tests: added https test with pipelined requests. Sergey Kandaurov <pluknet@nginx.com> parents: 1514 diff changeset	308 my $req = <<EOF;
3b6b2667ece9 Tests: added https test with pipelined requests. Sergey Kandaurov <pluknet@nginx.com> parents: 1514 diff changeset	309 GET / HTTP/1.1
3b6b2667ece9 Tests: added https test with pipelined requests. Sergey Kandaurov <pluknet@nginx.com> parents: 1514 diff changeset	310 Host: localhost
3b6b2667ece9 Tests: added https test with pipelined requests. Sergey Kandaurov <pluknet@nginx.com> parents: 1514 diff changeset	311
3b6b2667ece9 Tests: added https test with pipelined requests. Sergey Kandaurov <pluknet@nginx.com> parents: 1514 diff changeset	312 EOF
3b6b2667ece9 Tests: added https test with pipelined requests. Sergey Kandaurov <pluknet@nginx.com> parents: 1514 diff changeset	313
3b6b2667ece9 Tests: added https test with pipelined requests. Sergey Kandaurov <pluknet@nginx.com> parents: 1514 diff changeset	314 $req x= 1000;
3b6b2667ece9 Tests: added https test with pipelined requests. Sergey Kandaurov <pluknet@nginx.com> parents: 1514 diff changeset	315
3b6b2667ece9 Tests: added https test with pipelined requests. Sergey Kandaurov <pluknet@nginx.com> parents: 1514 diff changeset	316 my $r = http($req, socket => $s) \|\| "";
1820 84b6bb8d74e5 Tests: speedup lingering close with request pipelining. Sergey Kandaurov <pluknet@nginx.com> parents: 1748 diff changeset	317 $s = undef;
1552 3b6b2667ece9 Tests: added https test with pipelined requests. Sergey Kandaurov <pluknet@nginx.com> parents: 1514 diff changeset	318 is(() = $r =~ /(200 OK)/g, 1000, 'pipelined requests');
3b6b2667ece9 Tests: added https test with pipelined requests. Sergey Kandaurov <pluknet@nginx.com> parents: 1514 diff changeset	319
1723 3581dc3c1937 Tests: added ssl test for "unexpected eof while reading". Sergey Kandaurov <pluknet@nginx.com> parents: 1695 diff changeset	320 # OpenSSL 3.0 error "unexpected eof while reading" seen as a critical error
3581dc3c1937 Tests: added ssl test for "unexpected eof while reading". Sergey Kandaurov <pluknet@nginx.com> parents: 1695 diff changeset	321
3581dc3c1937 Tests: added ssl test for "unexpected eof while reading". Sergey Kandaurov <pluknet@nginx.com> parents: 1695 diff changeset	322 ok(get_ssl_socket(8085), 'ssl unexpected eof');
3581dc3c1937 Tests: added ssl test for "unexpected eof while reading". Sergey Kandaurov <pluknet@nginx.com> parents: 1695 diff changeset	323
1608 2f00ed2e0d1a Tests: added test for SSL shutdown on lingering close. Sergey Kandaurov <pluknet@nginx.com> parents: 1552 diff changeset	324 # close_notify is sent before lingering close
2f00ed2e0d1a Tests: added test for SSL shutdown on lingering close. Sergey Kandaurov <pluknet@nginx.com> parents: 1552 diff changeset	325
2f00ed2e0d1a Tests: added test for SSL shutdown on lingering close. Sergey Kandaurov <pluknet@nginx.com> parents: 1552 diff changeset	326 is(get_ssl_shutdown(8085), 1, 'ssl shutdown on lingering close');
2f00ed2e0d1a Tests: added test for SSL shutdown on lingering close. Sergey Kandaurov <pluknet@nginx.com> parents: 1552 diff changeset	327
1675 0d1cec688111 Tests: logging ssl variables with lingering close. Sergey Kandaurov <pluknet@nginx.com> parents: 1655 diff changeset	328 $t->stop();
0d1cec688111 Tests: logging ssl variables with lingering close. Sergey Kandaurov <pluknet@nginx.com> parents: 1655 diff changeset	329
0d1cec688111 Tests: logging ssl variables with lingering close. Sergey Kandaurov <pluknet@nginx.com> parents: 1655 diff changeset	330 like($t->read_file('ssl.log'), qr/^(TLS\|SSL)v(\d\|\.)+$/m,
0d1cec688111 Tests: logging ssl variables with lingering close. Sergey Kandaurov <pluknet@nginx.com> parents: 1655 diff changeset	331 'log ssl variable on lingering close');
0d1cec688111 Tests: logging ssl variables with lingering close. Sergey Kandaurov <pluknet@nginx.com> parents: 1655 diff changeset	332
1723 3581dc3c1937 Tests: added ssl test for "unexpected eof while reading". Sergey Kandaurov <pluknet@nginx.com> parents: 1695 diff changeset	333 like(`grep -F '[crit]' ${\($t->testdir())}/error.log`, qr/^$/s, 'no crit');
3581dc3c1937 Tests: added ssl test for "unexpected eof while reading". Sergey Kandaurov <pluknet@nginx.com> parents: 1695 diff changeset	334
370 74cfe56c7b83 Tests: simple https tests. Sergey Kandaurov <pluknet@nginx.com> parents: diff changeset	335 ###############################################################################
74cfe56c7b83 Tests: simple https tests. Sergey Kandaurov <pluknet@nginx.com> parents: diff changeset	336
1067 4606a2ec3d7c Tests: ssl.t cleanup, no functional changes. Sergey Kandaurov <pluknet@nginx.com> parents: 974 diff changeset	337 sub get {
1514 c6f27bcdd9d9 Tests: revised ssl.t. Sergey Kandaurov <pluknet@nginx.com> parents: 1488 diff changeset	338 my ($uri, $port, $ctx) = @_;
c6f27bcdd9d9 Tests: revised ssl.t. Sergey Kandaurov <pluknet@nginx.com> parents: 1488 diff changeset	339 my $s = get_ssl_socket($port, $ctx) or return;
1132 3d312b6a1a19 Tests: avoid $ssl_session_reused tests failure with OpenSSL 1.1.0. Sergey Kandaurov <pluknet@nginx.com> parents: 1116 diff changeset	340 my $r = http_get($uri, socket => $s);
3d312b6a1a19 Tests: avoid $ssl_session_reused tests failure with OpenSSL 1.1.0. Sergey Kandaurov <pluknet@nginx.com> parents: 1116 diff changeset	341 $s->close();
3d312b6a1a19 Tests: avoid $ssl_session_reused tests failure with OpenSSL 1.1.0. Sergey Kandaurov <pluknet@nginx.com> parents: 1116 diff changeset	342 return $r;
1067 4606a2ec3d7c Tests: ssl.t cleanup, no functional changes. Sergey Kandaurov <pluknet@nginx.com> parents: 974 diff changeset	343 }
4606a2ec3d7c Tests: ssl.t cleanup, no functional changes. Sergey Kandaurov <pluknet@nginx.com> parents: 974 diff changeset	344
1325 f80176242a7e Tests: c->read->ready handling in ngx_ssl_recv(), fixed in 1.5.8. Sergey Kandaurov <pluknet@nginx.com> parents: 1324 diff changeset	345 sub get_body {
f80176242a7e Tests: c->read->ready handling in ngx_ssl_recv(), fixed in 1.5.8. Sergey Kandaurov <pluknet@nginx.com> parents: 1324 diff changeset	346 my ($uri, $body, $len, $n) = @_;
1514 c6f27bcdd9d9 Tests: revised ssl.t. Sergey Kandaurov <pluknet@nginx.com> parents: 1488 diff changeset	347 my $s = get_ssl_socket(8085) or return;
1325 f80176242a7e Tests: c->read->ready handling in ngx_ssl_recv(), fixed in 1.5.8. Sergey Kandaurov <pluknet@nginx.com> parents: 1324 diff changeset	348 http("GET /body HTTP/1.1" . CRLF
f80176242a7e Tests: c->read->ready handling in ngx_ssl_recv(), fixed in 1.5.8. Sergey Kandaurov <pluknet@nginx.com> parents: 1324 diff changeset	349 . "Host: localhost" . CRLF
f80176242a7e Tests: c->read->ready handling in ngx_ssl_recv(), fixed in 1.5.8. Sergey Kandaurov <pluknet@nginx.com> parents: 1324 diff changeset	350 . "Connection: close" . CRLF
f80176242a7e Tests: c->read->ready handling in ngx_ssl_recv(), fixed in 1.5.8. Sergey Kandaurov <pluknet@nginx.com> parents: 1324 diff changeset	351 . "Transfer-Encoding: chunked" . CRLF . CRLF,
f80176242a7e Tests: c->read->ready handling in ngx_ssl_recv(), fixed in 1.5.8. Sergey Kandaurov <pluknet@nginx.com> parents: 1324 diff changeset	352 socket => $s, start => 1);
1514 c6f27bcdd9d9 Tests: revised ssl.t. Sergey Kandaurov <pluknet@nginx.com> parents: 1488 diff changeset	353 my $chs = unpack("H", pack("C", length($body) $len));
c6f27bcdd9d9 Tests: revised ssl.t. Sergey Kandaurov <pluknet@nginx.com> parents: 1488 diff changeset	354 http($chs . CRLF . $body x $len . CRLF, socket => $s, start => 1)
1325 f80176242a7e Tests: c->read->ready handling in ngx_ssl_recv(), fixed in 1.5.8. Sergey Kandaurov <pluknet@nginx.com> parents: 1324 diff changeset	355 for 1 .. $n;
f80176242a7e Tests: c->read->ready handling in ngx_ssl_recv(), fixed in 1.5.8. Sergey Kandaurov <pluknet@nginx.com> parents: 1324 diff changeset	356 my $r = http("0" . CRLF . CRLF, socket => $s);
f80176242a7e Tests: c->read->ready handling in ngx_ssl_recv(), fixed in 1.5.8. Sergey Kandaurov <pluknet@nginx.com> parents: 1324 diff changeset	357 $s->close();
f80176242a7e Tests: c->read->ready handling in ngx_ssl_recv(), fixed in 1.5.8. Sergey Kandaurov <pluknet@nginx.com> parents: 1324 diff changeset	358 return $r;
f80176242a7e Tests: c->read->ready handling in ngx_ssl_recv(), fixed in 1.5.8. Sergey Kandaurov <pluknet@nginx.com> parents: 1324 diff changeset	359 }
f80176242a7e Tests: c->read->ready handling in ngx_ssl_recv(), fixed in 1.5.8. Sergey Kandaurov <pluknet@nginx.com> parents: 1324 diff changeset	360
1068 d0ec761774a5 Tests: client certificate issuer/subject variables. Sergey Kandaurov <pluknet@nginx.com> parents: 1067 diff changeset	361 sub cert {
d0ec761774a5 Tests: client certificate issuer/subject variables. Sergey Kandaurov <pluknet@nginx.com> parents: 1067 diff changeset	362 my ($uri, $port) = @_;
1514 c6f27bcdd9d9 Tests: revised ssl.t. Sergey Kandaurov <pluknet@nginx.com> parents: 1488 diff changeset	363 my $s = get_ssl_socket($port, undef,
1068 d0ec761774a5 Tests: client certificate issuer/subject variables. Sergey Kandaurov <pluknet@nginx.com> parents: 1067 diff changeset	364 SSL_cert_file => "$d/subject.crt",
d0ec761774a5 Tests: client certificate issuer/subject variables. Sergey Kandaurov <pluknet@nginx.com> parents: 1067 diff changeset	365 SSL_key_file => "$d/subject.key") or return;
d0ec761774a5 Tests: client certificate issuer/subject variables. Sergey Kandaurov <pluknet@nginx.com> parents: 1067 diff changeset	366 http_get($uri, socket => $s);
d0ec761774a5 Tests: client certificate issuer/subject variables. Sergey Kandaurov <pluknet@nginx.com> parents: 1067 diff changeset	367 }
d0ec761774a5 Tests: client certificate issuer/subject variables. Sergey Kandaurov <pluknet@nginx.com> parents: 1067 diff changeset	368
1514 c6f27bcdd9d9 Tests: revised ssl.t. Sergey Kandaurov <pluknet@nginx.com> parents: 1488 diff changeset	369 sub get_ssl_context {
c6f27bcdd9d9 Tests: revised ssl.t. Sergey Kandaurov <pluknet@nginx.com> parents: 1488 diff changeset	370 return IO::Socket::SSL::SSL_Context->new(
c6f27bcdd9d9 Tests: revised ssl.t. Sergey Kandaurov <pluknet@nginx.com> parents: 1488 diff changeset	371 SSL_verify_mode => IO::Socket::SSL::SSL_VERIFY_NONE(),
c6f27bcdd9d9 Tests: revised ssl.t. Sergey Kandaurov <pluknet@nginx.com> parents: 1488 diff changeset	372 SSL_session_cache_size => 100
c6f27bcdd9d9 Tests: revised ssl.t. Sergey Kandaurov <pluknet@nginx.com> parents: 1488 diff changeset	373 );
c6f27bcdd9d9 Tests: revised ssl.t. Sergey Kandaurov <pluknet@nginx.com> parents: 1488 diff changeset	374 }
c6f27bcdd9d9 Tests: revised ssl.t. Sergey Kandaurov <pluknet@nginx.com> parents: 1488 diff changeset	375
370 74cfe56c7b83 Tests: simple https tests. Sergey Kandaurov <pluknet@nginx.com> parents: diff changeset	376 sub get_ssl_socket {
1514 c6f27bcdd9d9 Tests: revised ssl.t. Sergey Kandaurov <pluknet@nginx.com> parents: 1488 diff changeset	377 my ($port, $ctx, %extra) = @_;
370 74cfe56c7b83 Tests: simple https tests. Sergey Kandaurov <pluknet@nginx.com> parents: diff changeset	378 my $s;
74cfe56c7b83 Tests: simple https tests. Sergey Kandaurov <pluknet@nginx.com> parents: diff changeset	379
74cfe56c7b83 Tests: simple https tests. Sergey Kandaurov <pluknet@nginx.com> parents: diff changeset	380 eval {
74cfe56c7b83 Tests: simple https tests. Sergey Kandaurov <pluknet@nginx.com> parents: diff changeset	381 local $SIG{ALRM} = sub { die "timeout\n" };
74cfe56c7b83 Tests: simple https tests. Sergey Kandaurov <pluknet@nginx.com> parents: diff changeset	382 local $SIG{PIPE} = sub { die "sigpipe\n" };
1421 4e48bf51714f Tests: aligned various generic read timeouts to http_end(). Sergey Kandaurov <pluknet@nginx.com> parents: 1407 diff changeset	383 alarm(8);
370 74cfe56c7b83 Tests: simple https tests. Sergey Kandaurov <pluknet@nginx.com> parents: diff changeset	384 $s = IO::Socket::SSL->new(
74cfe56c7b83 Tests: simple https tests. Sergey Kandaurov <pluknet@nginx.com> parents: diff changeset	385 Proto => 'tcp',
664 97660514e518 Tests: more http ssl tests. Andrey Zelenkov <zelenkov@nginx.com> parents: 503 diff changeset	386 PeerAddr => '127.0.0.1',
1514 c6f27bcdd9d9 Tests: revised ssl.t. Sergey Kandaurov <pluknet@nginx.com> parents: 1488 diff changeset	387 PeerPort => port($port),
370 74cfe56c7b83 Tests: simple https tests. Sergey Kandaurov <pluknet@nginx.com> parents: diff changeset	388 SSL_verify_mode => IO::Socket::SSL::SSL_VERIFY_NONE(),
74cfe56c7b83 Tests: simple https tests. Sergey Kandaurov <pluknet@nginx.com> parents: diff changeset	389 SSL_reuse_ctx => $ctx,
1068 d0ec761774a5 Tests: client certificate issuer/subject variables. Sergey Kandaurov <pluknet@nginx.com> parents: 1067 diff changeset	390 SSL_error_trap => sub { die $_[1] },
d0ec761774a5 Tests: client certificate issuer/subject variables. Sergey Kandaurov <pluknet@nginx.com> parents: 1067 diff changeset	391 %extra
370 74cfe56c7b83 Tests: simple https tests. Sergey Kandaurov <pluknet@nginx.com> parents: diff changeset	392 );
74cfe56c7b83 Tests: simple https tests. Sergey Kandaurov <pluknet@nginx.com> parents: diff changeset	393 alarm(0);
74cfe56c7b83 Tests: simple https tests. Sergey Kandaurov <pluknet@nginx.com> parents: diff changeset	394 };
74cfe56c7b83 Tests: simple https tests. Sergey Kandaurov <pluknet@nginx.com> parents: diff changeset	395 alarm(0);
74cfe56c7b83 Tests: simple https tests. Sergey Kandaurov <pluknet@nginx.com> parents: diff changeset	396
74cfe56c7b83 Tests: simple https tests. Sergey Kandaurov <pluknet@nginx.com> parents: diff changeset	397 if ($@) {
74cfe56c7b83 Tests: simple https tests. Sergey Kandaurov <pluknet@nginx.com> parents: diff changeset	398 log_in("died: $@");
74cfe56c7b83 Tests: simple https tests. Sergey Kandaurov <pluknet@nginx.com> parents: diff changeset	399 return undef;
74cfe56c7b83 Tests: simple https tests. Sergey Kandaurov <pluknet@nginx.com> parents: diff changeset	400 }
74cfe56c7b83 Tests: simple https tests. Sergey Kandaurov <pluknet@nginx.com> parents: diff changeset	401
74cfe56c7b83 Tests: simple https tests. Sergey Kandaurov <pluknet@nginx.com> parents: diff changeset	402 return $s;
74cfe56c7b83 Tests: simple https tests. Sergey Kandaurov <pluknet@nginx.com> parents: diff changeset	403 }
74cfe56c7b83 Tests: simple https tests. Sergey Kandaurov <pluknet@nginx.com> parents: diff changeset	404
1608 2f00ed2e0d1a Tests: added test for SSL shutdown on lingering close. Sergey Kandaurov <pluknet@nginx.com> parents: 1552 diff changeset	405 sub get_ssl_shutdown {
2f00ed2e0d1a Tests: added test for SSL shutdown on lingering close. Sergey Kandaurov <pluknet@nginx.com> parents: 1552 diff changeset	406 my ($port) = @_;
2f00ed2e0d1a Tests: added test for SSL shutdown on lingering close. Sergey Kandaurov <pluknet@nginx.com> parents: 1552 diff changeset	407
2f00ed2e0d1a Tests: added test for SSL shutdown on lingering close. Sergey Kandaurov <pluknet@nginx.com> parents: 1552 diff changeset	408 my $s = IO::Socket::INET->new('127.0.0.1:' . port($port));
2f00ed2e0d1a Tests: added test for SSL shutdown on lingering close. Sergey Kandaurov <pluknet@nginx.com> parents: 1552 diff changeset	409 my $ctx = Net::SSLeay::CTX_new() or die("Failed to create SSL_CTX $!");
2f00ed2e0d1a Tests: added test for SSL shutdown on lingering close. Sergey Kandaurov <pluknet@nginx.com> parents: 1552 diff changeset	410 my $ssl = Net::SSLeay::new($ctx) or die("Failed to create SSL $!");
2f00ed2e0d1a Tests: added test for SSL shutdown on lingering close. Sergey Kandaurov <pluknet@nginx.com> parents: 1552 diff changeset	411 Net::SSLeay::set_fd($ssl, fileno($s));
2f00ed2e0d1a Tests: added test for SSL shutdown on lingering close. Sergey Kandaurov <pluknet@nginx.com> parents: 1552 diff changeset	412 Net::SSLeay::connect($ssl) or die("ssl connect");
2f00ed2e0d1a Tests: added test for SSL shutdown on lingering close. Sergey Kandaurov <pluknet@nginx.com> parents: 1552 diff changeset	413 Net::SSLeay::write($ssl, 'GET /' . CRLF . 'extra');
2f00ed2e0d1a Tests: added test for SSL shutdown on lingering close. Sergey Kandaurov <pluknet@nginx.com> parents: 1552 diff changeset	414 Net::SSLeay::read($ssl);
2f00ed2e0d1a Tests: added test for SSL shutdown on lingering close. Sergey Kandaurov <pluknet@nginx.com> parents: 1552 diff changeset	415 Net::SSLeay::set_shutdown($ssl, 1);
2f00ed2e0d1a Tests: added test for SSL shutdown on lingering close. Sergey Kandaurov <pluknet@nginx.com> parents: 1552 diff changeset	416 Net::SSLeay::shutdown($ssl);
2f00ed2e0d1a Tests: added test for SSL shutdown on lingering close. Sergey Kandaurov <pluknet@nginx.com> parents: 1552 diff changeset	417 }
2f00ed2e0d1a Tests: added test for SSL shutdown on lingering close. Sergey Kandaurov <pluknet@nginx.com> parents: 1552 diff changeset	418
370 74cfe56c7b83 Tests: simple https tests. Sergey Kandaurov <pluknet@nginx.com> parents: diff changeset	419 ###############################################################################

Mercurial > hg > nginx-tests

annotate ssl.t @ 1825:3629eda94c1b