Mercurial > hg > nginx-tests

annotate ssl_certificate_chain.t @ 1969:3ba1668cea87

Find changesets by keywords (author, files, the commit message), revision number or hash, or revset expression.
Tests: adjusted stream_ssl_alpn.t to handle old SSL libraries. The "ssl_alpn" directive of the stream module requires an SSL library with ALPN support, and startup fails if the directive is used in the configuration but ALPN support is not available (notably, with OpenSSL before 1.0.2). Restored try_run() to skip the test in this case.
author Maxim Dounin <mdounin@mdounin.ru>
date Mon, 06 May 2024 00:03:01 +0300
parents 0b5ec15c62ed
children
Ignore whitespace changes - Everywhere: Within whitespace: At end of lines:
rev   line source
686
0af386a519d2 Tests: tests for http ssl module with certificate chain.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff changeset
1 #!/usr/bin/perl
0af386a519d2 Tests: tests for http ssl module with certificate chain.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff changeset
2
0af386a519d2 Tests: tests for http ssl module with certificate chain.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff changeset
3 # (C) Sergey Kandaurov
0af386a519d2 Tests: tests for http ssl module with certificate chain.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff changeset
4 # (C) Nginx, Inc.
0af386a519d2 Tests: tests for http ssl module with certificate chain.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff changeset
5
0af386a519d2 Tests: tests for http ssl module with certificate chain.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff changeset
6 # Tests for http ssl module with certificate chain.
0af386a519d2 Tests: tests for http ssl module with certificate chain.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff changeset
7
0af386a519d2 Tests: tests for http ssl module with certificate chain.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff changeset
8 ###############################################################################
0af386a519d2 Tests: tests for http ssl module with certificate chain.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff changeset
9
0af386a519d2 Tests: tests for http ssl module with certificate chain.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff changeset
10 use warnings;
0af386a519d2 Tests: tests for http ssl module with certificate chain.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff changeset
11 use strict;
0af386a519d2 Tests: tests for http ssl module with certificate chain.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff changeset
12
0af386a519d2 Tests: tests for http ssl module with certificate chain.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff changeset
13 use Test::More;
0af386a519d2 Tests: tests for http ssl module with certificate chain.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff changeset
14
0af386a519d2 Tests: tests for http ssl module with certificate chain.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff changeset
15 BEGIN { use FindBin; chdir($FindBin::Bin); }
0af386a519d2 Tests: tests for http ssl module with certificate chain.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff changeset
16
0af386a519d2 Tests: tests for http ssl module with certificate chain.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff changeset
17 use lib 'lib';
0af386a519d2 Tests: tests for http ssl module with certificate chain.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff changeset
18 use Test::Nginx;
0af386a519d2 Tests: tests for http ssl module with certificate chain.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff changeset
19
0af386a519d2 Tests: tests for http ssl module with certificate chain.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff changeset
20 ###############################################################################
0af386a519d2 Tests: tests for http ssl module with certificate chain.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff changeset
21
0af386a519d2 Tests: tests for http ssl module with certificate chain.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff changeset
22 select STDERR; $| = 1;
0af386a519d2 Tests: tests for http ssl module with certificate chain.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff changeset
23 select STDOUT; $| = 1;
0af386a519d2 Tests: tests for http ssl module with certificate chain.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff changeset
24
1858
cdcd75657e52 Tests: added has_feature() tests for IO::Socket::SSL.
Maxim Dounin <mdounin@mdounin.ru>
parents: 1815
diff changeset
25 my $t = Test::Nginx->new()->has(qw/http http_ssl socket_ssl/)
686
0af386a519d2 Tests: tests for http ssl module with certificate chain.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff changeset
26 ->has_daemon('openssl')->plan(3);
0af386a519d2 Tests: tests for http ssl module with certificate chain.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff changeset
27
0af386a519d2 Tests: tests for http ssl module with certificate chain.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff changeset
28 $t->write_file_expand('nginx.conf', <<'EOF');
0af386a519d2 Tests: tests for http ssl module with certificate chain.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff changeset
29
0af386a519d2 Tests: tests for http ssl module with certificate chain.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff changeset
30 %%TEST_GLOBALS%%
0af386a519d2 Tests: tests for http ssl module with certificate chain.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff changeset
31
0af386a519d2 Tests: tests for http ssl module with certificate chain.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff changeset
32 daemon off;
0af386a519d2 Tests: tests for http ssl module with certificate chain.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff changeset
33
0af386a519d2 Tests: tests for http ssl module with certificate chain.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff changeset
34 events {
0af386a519d2 Tests: tests for http ssl module with certificate chain.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff changeset
35 }
0af386a519d2 Tests: tests for http ssl module with certificate chain.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff changeset
36
0af386a519d2 Tests: tests for http ssl module with certificate chain.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff changeset
37 http {
0af386a519d2 Tests: tests for http ssl module with certificate chain.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff changeset
38 %%TEST_GLOBALS_HTTP%%
0af386a519d2 Tests: tests for http ssl module with certificate chain.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff changeset
39
0af386a519d2 Tests: tests for http ssl module with certificate chain.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff changeset
40 server {
974
882267679006 Tests: simplified parallel modifications in tests.
Andrey Zelenkov <zelenkov@nginx.com>
parents: 952
diff changeset
41 listen 127.0.0.1:8080 ssl;
686
0af386a519d2 Tests: tests for http ssl module with certificate chain.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff changeset
42 server_name localhost;
0af386a519d2 Tests: tests for http ssl module with certificate chain.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff changeset
43
0af386a519d2 Tests: tests for http ssl module with certificate chain.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff changeset
44 ssl_certificate_key end.key;
0af386a519d2 Tests: tests for http ssl module with certificate chain.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff changeset
45 ssl_certificate end.crt;
0af386a519d2 Tests: tests for http ssl module with certificate chain.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff changeset
46 }
0af386a519d2 Tests: tests for http ssl module with certificate chain.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff changeset
47
0af386a519d2 Tests: tests for http ssl module with certificate chain.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff changeset
48 server {
974
882267679006 Tests: simplified parallel modifications in tests.
Andrey Zelenkov <zelenkov@nginx.com>
parents: 952
diff changeset
49 listen 127.0.0.1:8081 ssl;
686
0af386a519d2 Tests: tests for http ssl module with certificate chain.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff changeset
50 server_name localhost;
0af386a519d2 Tests: tests for http ssl module with certificate chain.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff changeset
51
0af386a519d2 Tests: tests for http ssl module with certificate chain.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff changeset
52 ssl_certificate_key int.key;
0af386a519d2 Tests: tests for http ssl module with certificate chain.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff changeset
53 ssl_certificate int.crt;
0af386a519d2 Tests: tests for http ssl module with certificate chain.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff changeset
54 }
0af386a519d2 Tests: tests for http ssl module with certificate chain.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff changeset
55
0af386a519d2 Tests: tests for http ssl module with certificate chain.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff changeset
56 server {
974
882267679006 Tests: simplified parallel modifications in tests.
Andrey Zelenkov <zelenkov@nginx.com>
parents: 952
diff changeset
57 listen 127.0.0.1:8082 ssl;
686
0af386a519d2 Tests: tests for http ssl module with certificate chain.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff changeset
58 server_name localhost;
0af386a519d2 Tests: tests for http ssl module with certificate chain.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff changeset
59
0af386a519d2 Tests: tests for http ssl module with certificate chain.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff changeset
60 ssl_certificate_key end.key;
0af386a519d2 Tests: tests for http ssl module with certificate chain.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff changeset
61 ssl_certificate end-int.crt;
0af386a519d2 Tests: tests for http ssl module with certificate chain.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff changeset
62 }
0af386a519d2 Tests: tests for http ssl module with certificate chain.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff changeset
63 }
0af386a519d2 Tests: tests for http ssl module with certificate chain.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff changeset
64
0af386a519d2 Tests: tests for http ssl module with certificate chain.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff changeset
65 EOF
0af386a519d2 Tests: tests for http ssl module with certificate chain.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff changeset
66
0af386a519d2 Tests: tests for http ssl module with certificate chain.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff changeset
67 my $d = $t->testdir();
0af386a519d2 Tests: tests for http ssl module with certificate chain.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff changeset
68
0af386a519d2 Tests: tests for http ssl module with certificate chain.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff changeset
69 $t->write_file('openssl.conf', <<EOF);
0af386a519d2 Tests: tests for http ssl module with certificate chain.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff changeset
70 [ req ]
1488
dbce8fb5f5f8 Tests: align with OpenSSL security level 2.
Sergey Kandaurov <pluknet@nginx.com>
parents: 1421
diff changeset
71 default_bits = 2048
686
0af386a519d2 Tests: tests for http ssl module with certificate chain.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff changeset
72 encrypt_key = no
0af386a519d2 Tests: tests for http ssl module with certificate chain.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff changeset
73 distinguished_name = req_distinguished_name
1945
0b5ec15c62ed Tests: compatibility with "openssl" app from OpenSSL 3.2.0.
Maxim Dounin <mdounin@mdounin.ru>
parents: 1866
diff changeset
74 x509_extensions = myca_extensions
686
0af386a519d2 Tests: tests for http ssl module with certificate chain.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff changeset
75 [ req_distinguished_name ]
1945
0b5ec15c62ed Tests: compatibility with "openssl" app from OpenSSL 3.2.0.
Maxim Dounin <mdounin@mdounin.ru>
parents: 1866
diff changeset
76 [ myca_extensions ]
0b5ec15c62ed Tests: compatibility with "openssl" app from OpenSSL 3.2.0.
Maxim Dounin <mdounin@mdounin.ru>
parents: 1866
diff changeset
77 basicConstraints = critical,CA:TRUE
686
0af386a519d2 Tests: tests for http ssl module with certificate chain.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff changeset
78 EOF
0af386a519d2 Tests: tests for http ssl module with certificate chain.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff changeset
79
0af386a519d2 Tests: tests for http ssl module with certificate chain.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff changeset
80 $t->write_file('ca.conf', <<EOF);
0af386a519d2 Tests: tests for http ssl module with certificate chain.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff changeset
81 [ ca ]
0af386a519d2 Tests: tests for http ssl module with certificate chain.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff changeset
82 default_ca = myca
0af386a519d2 Tests: tests for http ssl module with certificate chain.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff changeset
83
0af386a519d2 Tests: tests for http ssl module with certificate chain.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff changeset
84 [ myca ]
0af386a519d2 Tests: tests for http ssl module with certificate chain.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff changeset
85 new_certs_dir = $d
0af386a519d2 Tests: tests for http ssl module with certificate chain.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff changeset
86 database = $d/certindex
1488
dbce8fb5f5f8 Tests: align with OpenSSL security level 2.
Sergey Kandaurov <pluknet@nginx.com>
parents: 1421
diff changeset
87 default_md = sha256
686
0af386a519d2 Tests: tests for http ssl module with certificate chain.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff changeset
88 policy = myca_policy
0af386a519d2 Tests: tests for http ssl module with certificate chain.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff changeset
89 serial = $d/certserial
0af386a519d2 Tests: tests for http ssl module with certificate chain.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff changeset
90 default_days = 1
0af386a519d2 Tests: tests for http ssl module with certificate chain.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff changeset
91 x509_extensions = myca_extensions
0af386a519d2 Tests: tests for http ssl module with certificate chain.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff changeset
92
0af386a519d2 Tests: tests for http ssl module with certificate chain.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff changeset
93 [ myca_policy ]
0af386a519d2 Tests: tests for http ssl module with certificate chain.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff changeset
94 commonName = supplied
0af386a519d2 Tests: tests for http ssl module with certificate chain.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff changeset
95
0af386a519d2 Tests: tests for http ssl module with certificate chain.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff changeset
96 [ myca_extensions ]
0af386a519d2 Tests: tests for http ssl module with certificate chain.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff changeset
97 basicConstraints = critical,CA:TRUE
1815
173c9b792c2c Tests: fixed hostname verification in ssl_certificate_chain.t.
Sergey Kandaurov <pluknet@nginx.com>
parents: 1488
diff changeset
98 subjectAltName = IP:127.0.0.1
686
0af386a519d2 Tests: tests for http ssl module with certificate chain.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff changeset
99 EOF
0af386a519d2 Tests: tests for http ssl module with certificate chain.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff changeset
100
0af386a519d2 Tests: tests for http ssl module with certificate chain.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff changeset
101 foreach my $name ('root') {
0af386a519d2 Tests: tests for http ssl module with certificate chain.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff changeset
102 system('openssl req -x509 -new '
1220
0af58b78df35 Tests: removed single quotes from system() calls.
Sergey Kandaurov <pluknet@nginx.com>
parents: 1116
diff changeset
103 . "-config $d/openssl.conf -subj /CN=$name/ "
0af58b78df35 Tests: removed single quotes from system() calls.
Sergey Kandaurov <pluknet@nginx.com>
parents: 1116
diff changeset
104 . "-out $d/$name.crt -keyout $d/$name.key "
686
0af386a519d2 Tests: tests for http ssl module with certificate chain.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff changeset
105 . ">>$d/openssl.out 2>&1") == 0
0af386a519d2 Tests: tests for http ssl module with certificate chain.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff changeset
106 or die "Can't create certificate for $name: $!\n";
0af386a519d2 Tests: tests for http ssl module with certificate chain.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff changeset
107 }
0af386a519d2 Tests: tests for http ssl module with certificate chain.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff changeset
108
0af386a519d2 Tests: tests for http ssl module with certificate chain.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff changeset
109 foreach my $name ('int', 'end') {
0af386a519d2 Tests: tests for http ssl module with certificate chain.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff changeset
110 system("openssl req -new "
1220
0af58b78df35 Tests: removed single quotes from system() calls.
Sergey Kandaurov <pluknet@nginx.com>
parents: 1116
diff changeset
111 . "-config $d/openssl.conf -subj /CN=$name/ "
0af58b78df35 Tests: removed single quotes from system() calls.
Sergey Kandaurov <pluknet@nginx.com>
parents: 1116
diff changeset
112 . "-out $d/$name.csr -keyout $d/$name.key "
686
0af386a519d2 Tests: tests for http ssl module with certificate chain.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff changeset
113 . ">>$d/openssl.out 2>&1") == 0
0af386a519d2 Tests: tests for http ssl module with certificate chain.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff changeset
114 or die "Can't create certificate for $name: $!\n";
0af386a519d2 Tests: tests for http ssl module with certificate chain.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff changeset
115 }
0af386a519d2 Tests: tests for http ssl module with certificate chain.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff changeset
116
0af386a519d2 Tests: tests for http ssl module with certificate chain.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff changeset
117 $t->write_file('certserial', '1000');
0af386a519d2 Tests: tests for http ssl module with certificate chain.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff changeset
118 $t->write_file('certindex', '');
0af386a519d2 Tests: tests for http ssl module with certificate chain.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff changeset
119
1220
0af58b78df35 Tests: removed single quotes from system() calls.
Sergey Kandaurov <pluknet@nginx.com>
parents: 1116
diff changeset
120 system("openssl ca -batch -config $d/ca.conf "
0af58b78df35 Tests: removed single quotes from system() calls.
Sergey Kandaurov <pluknet@nginx.com>
parents: 1116
diff changeset
121 . "-keyfile $d/root.key -cert $d/root.crt "
0af58b78df35 Tests: removed single quotes from system() calls.
Sergey Kandaurov <pluknet@nginx.com>
parents: 1116
diff changeset
122 . "-subj /CN=int/ -in $d/int.csr -out $d/int.crt "
686
0af386a519d2 Tests: tests for http ssl module with certificate chain.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff changeset
123 . ">>$d/openssl.out 2>&1") == 0
0af386a519d2 Tests: tests for http ssl module with certificate chain.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff changeset
124 or die "Can't sign certificate for int: $!\n";
0af386a519d2 Tests: tests for http ssl module with certificate chain.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff changeset
125
1220
0af58b78df35 Tests: removed single quotes from system() calls.
Sergey Kandaurov <pluknet@nginx.com>
parents: 1116
diff changeset
126 system("openssl ca -batch -config $d/ca.conf "
0af58b78df35 Tests: removed single quotes from system() calls.
Sergey Kandaurov <pluknet@nginx.com>
parents: 1116
diff changeset
127 . "-keyfile $d/int.key -cert $d/int.crt "
0af58b78df35 Tests: removed single quotes from system() calls.
Sergey Kandaurov <pluknet@nginx.com>
parents: 1116
diff changeset
128 . "-subj /CN=end/ -in $d/end.csr -out $d/end.crt "
686
0af386a519d2 Tests: tests for http ssl module with certificate chain.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff changeset
129 . ">>$d/openssl.out 2>&1") == 0
0af386a519d2 Tests: tests for http ssl module with certificate chain.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff changeset
130 or die "Can't sign certificate for end: $!\n";
0af386a519d2 Tests: tests for http ssl module with certificate chain.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff changeset
131
0af386a519d2 Tests: tests for http ssl module with certificate chain.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff changeset
132 $t->write_file('end-int.crt',
0af386a519d2 Tests: tests for http ssl module with certificate chain.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff changeset
133 $t->read_file('end.crt') . $t->read_file('int.crt'));
0af386a519d2 Tests: tests for http ssl module with certificate chain.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff changeset
134
0af386a519d2 Tests: tests for http ssl module with certificate chain.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff changeset
135 $t->run();
0af386a519d2 Tests: tests for http ssl module with certificate chain.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff changeset
136
0af386a519d2 Tests: tests for http ssl module with certificate chain.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff changeset
137 ###############################################################################
0af386a519d2 Tests: tests for http ssl module with certificate chain.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff changeset
138
1866
a797d7428fa5 Tests: simplified http SSL tests with IO::Socket::SSL.
Maxim Dounin <mdounin@mdounin.ru>
parents: 1858
diff changeset
139 ok(!get_ssl_socket(8080), 'incomplete chain');
a797d7428fa5 Tests: simplified http SSL tests with IO::Socket::SSL.
Maxim Dounin <mdounin@mdounin.ru>
parents: 1858
diff changeset
140 ok(get_ssl_socket(8081), 'intermediate');
a797d7428fa5 Tests: simplified http SSL tests with IO::Socket::SSL.
Maxim Dounin <mdounin@mdounin.ru>
parents: 1858
diff changeset
141 ok(get_ssl_socket(8082), 'intermediate server');
686
0af386a519d2 Tests: tests for http ssl module with certificate chain.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff changeset
142
0af386a519d2 Tests: tests for http ssl module with certificate chain.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff changeset
143 ###############################################################################
0af386a519d2 Tests: tests for http ssl module with certificate chain.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff changeset
144
0af386a519d2 Tests: tests for http ssl module with certificate chain.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff changeset
145 sub get_ssl_socket {
0af386a519d2 Tests: tests for http ssl module with certificate chain.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff changeset
146 my ($port) = @_;
1866
a797d7428fa5 Tests: simplified http SSL tests with IO::Socket::SSL.
Maxim Dounin <mdounin@mdounin.ru>
parents: 1858
diff changeset
147 my ($verify);
686
0af386a519d2 Tests: tests for http ssl module with certificate chain.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff changeset
148
1866
a797d7428fa5 Tests: simplified http SSL tests with IO::Socket::SSL.
Maxim Dounin <mdounin@mdounin.ru>
parents: 1858
diff changeset
149 http(
a797d7428fa5 Tests: simplified http SSL tests with IO::Socket::SSL.
Maxim Dounin <mdounin@mdounin.ru>
parents: 1858
diff changeset
150 '', PeerAddr => '127.0.0.1:' . port($port), start => 1,
a797d7428fa5 Tests: simplified http SSL tests with IO::Socket::SSL.
Maxim Dounin <mdounin@mdounin.ru>
parents: 1858
diff changeset
151 SSL => 1,
a797d7428fa5 Tests: simplified http SSL tests with IO::Socket::SSL.
Maxim Dounin <mdounin@mdounin.ru>
parents: 1858
diff changeset
152 SSL_verify_mode => IO::Socket::SSL::SSL_VERIFY_PEER(),
a797d7428fa5 Tests: simplified http SSL tests with IO::Socket::SSL.
Maxim Dounin <mdounin@mdounin.ru>
parents: 1858
diff changeset
153 SSL_ca_file => "$d/root.crt",
a797d7428fa5 Tests: simplified http SSL tests with IO::Socket::SSL.
Maxim Dounin <mdounin@mdounin.ru>
parents: 1858
diff changeset
154 SSL_verify_callback => sub {
a797d7428fa5 Tests: simplified http SSL tests with IO::Socket::SSL.
Maxim Dounin <mdounin@mdounin.ru>
parents: 1858
diff changeset
155 my ($ok) = @_;
a797d7428fa5 Tests: simplified http SSL tests with IO::Socket::SSL.
Maxim Dounin <mdounin@mdounin.ru>
parents: 1858
diff changeset
156 $verify = $ok;
a797d7428fa5 Tests: simplified http SSL tests with IO::Socket::SSL.
Maxim Dounin <mdounin@mdounin.ru>
parents: 1858
diff changeset
157 return $ok;
a797d7428fa5 Tests: simplified http SSL tests with IO::Socket::SSL.
Maxim Dounin <mdounin@mdounin.ru>
parents: 1858
diff changeset
158 }
a797d7428fa5 Tests: simplified http SSL tests with IO::Socket::SSL.
Maxim Dounin <mdounin@mdounin.ru>
parents: 1858
diff changeset
159 );
686
0af386a519d2 Tests: tests for http ssl module with certificate chain.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff changeset
160
0af386a519d2 Tests: tests for http ssl module with certificate chain.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff changeset
161 return $verify;
0af386a519d2 Tests: tests for http ssl module with certificate chain.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff changeset
162 }
0af386a519d2 Tests: tests for http ssl module with certificate chain.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff changeset
163
0af386a519d2 Tests: tests for http ssl module with certificate chain.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff changeset
164 ###############################################################################