Mercurial > hg > nginx-tests
annotate stream_ssl_alpn.t @ 1969:3ba1668cea87
Tests: adjusted stream_ssl_alpn.t to handle old SSL libraries.
The "ssl_alpn" directive of the stream module requires an SSL library with
ALPN support, and startup fails if the directive is used in the configuration
but ALPN support is not available (notably, with OpenSSL before 1.0.2).
Restored try_run() to skip the test in this case.
| author | Maxim Dounin <mdounin@mdounin.ru> |
|---|---|
| date | Mon, 06 May 2024 00:03:01 +0300 |
| parents | 2a0a6035a1af |
| children |
| rev | line source |
|---|---|
|
1739
f2fe58b4b59f
Tests: ALPN tests in the stream module.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
1 #!/usr/bin/perl |
|
f2fe58b4b59f
Tests: ALPN tests in the stream module.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
2 |
|
f2fe58b4b59f
Tests: ALPN tests in the stream module.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
3 # (C) Sergey Kandaurov |
|
f2fe58b4b59f
Tests: ALPN tests in the stream module.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
4 # (C) Nginx, Inc. |
|
f2fe58b4b59f
Tests: ALPN tests in the stream module.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
5 |
|
f2fe58b4b59f
Tests: ALPN tests in the stream module.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
6 # Tests for stream ssl_alpn directive. |
|
f2fe58b4b59f
Tests: ALPN tests in the stream module.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
7 |
|
f2fe58b4b59f
Tests: ALPN tests in the stream module.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
8 ############################################################################### |
|
f2fe58b4b59f
Tests: ALPN tests in the stream module.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
9 |
|
f2fe58b4b59f
Tests: ALPN tests in the stream module.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
10 use warnings; |
|
f2fe58b4b59f
Tests: ALPN tests in the stream module.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
11 use strict; |
|
f2fe58b4b59f
Tests: ALPN tests in the stream module.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
12 |
|
f2fe58b4b59f
Tests: ALPN tests in the stream module.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
13 use Test::More; |
|
f2fe58b4b59f
Tests: ALPN tests in the stream module.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
14 |
|
f2fe58b4b59f
Tests: ALPN tests in the stream module.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
15 BEGIN { use FindBin; chdir($FindBin::Bin); } |
|
f2fe58b4b59f
Tests: ALPN tests in the stream module.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
16 |
|
f2fe58b4b59f
Tests: ALPN tests in the stream module.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
17 use lib 'lib'; |
|
f2fe58b4b59f
Tests: ALPN tests in the stream module.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
18 use Test::Nginx; |
|
f2fe58b4b59f
Tests: ALPN tests in the stream module.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
19 use Test::Nginx::Stream qw/ stream /; |
|
f2fe58b4b59f
Tests: ALPN tests in the stream module.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
20 |
|
f2fe58b4b59f
Tests: ALPN tests in the stream module.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
21 ############################################################################### |
|
f2fe58b4b59f
Tests: ALPN tests in the stream module.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
22 |
|
f2fe58b4b59f
Tests: ALPN tests in the stream module.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
23 select STDERR; $| = 1; |
|
f2fe58b4b59f
Tests: ALPN tests in the stream module.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
24 select STDOUT; $| = 1; |
|
f2fe58b4b59f
Tests: ALPN tests in the stream module.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
25 |
|
1858
cdcd75657e52
Tests: added has_feature() tests for IO::Socket::SSL.
Maxim Dounin <mdounin@mdounin.ru>
parents:
1744
diff
changeset
|
26 my $t = Test::Nginx->new() |
|
cdcd75657e52
Tests: added has_feature() tests for IO::Socket::SSL.
Maxim Dounin <mdounin@mdounin.ru>
parents:
1744
diff
changeset
|
27 ->has(qw/stream stream_ssl stream_return socket_ssl_alpn/) |
|
cdcd75657e52
Tests: added has_feature() tests for IO::Socket::SSL.
Maxim Dounin <mdounin@mdounin.ru>
parents:
1744
diff
changeset
|
28 ->has_daemon('openssl') |
|
cdcd75657e52
Tests: added has_feature() tests for IO::Socket::SSL.
Maxim Dounin <mdounin@mdounin.ru>
parents:
1744
diff
changeset
|
29 ->write_file_expand('nginx.conf', <<'EOF'); |
|
1739
f2fe58b4b59f
Tests: ALPN tests in the stream module.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
30 |
|
f2fe58b4b59f
Tests: ALPN tests in the stream module.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
31 %%TEST_GLOBALS%% |
|
f2fe58b4b59f
Tests: ALPN tests in the stream module.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
32 |
|
f2fe58b4b59f
Tests: ALPN tests in the stream module.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
33 daemon off; |
|
f2fe58b4b59f
Tests: ALPN tests in the stream module.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
34 |
|
f2fe58b4b59f
Tests: ALPN tests in the stream module.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
35 events { |
|
f2fe58b4b59f
Tests: ALPN tests in the stream module.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
36 } |
|
f2fe58b4b59f
Tests: ALPN tests in the stream module.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
37 |
|
f2fe58b4b59f
Tests: ALPN tests in the stream module.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
38 stream { |
|
f2fe58b4b59f
Tests: ALPN tests in the stream module.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
39 %%TEST_GLOBALS_STREAM%% |
|
f2fe58b4b59f
Tests: ALPN tests in the stream module.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
40 |
|
f2fe58b4b59f
Tests: ALPN tests in the stream module.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
41 log_format test $status; |
|
f2fe58b4b59f
Tests: ALPN tests in the stream module.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
42 access_log %%TESTDIR%%/test.log test; |
|
f2fe58b4b59f
Tests: ALPN tests in the stream module.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
43 |
|
f2fe58b4b59f
Tests: ALPN tests in the stream module.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
44 ssl_certificate_key localhost.key; |
|
f2fe58b4b59f
Tests: ALPN tests in the stream module.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
45 ssl_certificate localhost.crt; |
|
f2fe58b4b59f
Tests: ALPN tests in the stream module.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
46 |
|
f2fe58b4b59f
Tests: ALPN tests in the stream module.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
47 server { |
|
f2fe58b4b59f
Tests: ALPN tests in the stream module.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
48 listen 127.0.0.1:8080 ssl; |
|
f2fe58b4b59f
Tests: ALPN tests in the stream module.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
49 return "X $ssl_alpn_protocol X"; |
|
f2fe58b4b59f
Tests: ALPN tests in the stream module.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
50 ssl_alpn first second; |
|
f2fe58b4b59f
Tests: ALPN tests in the stream module.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
51 } |
|
f2fe58b4b59f
Tests: ALPN tests in the stream module.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
52 } |
|
f2fe58b4b59f
Tests: ALPN tests in the stream module.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
53 |
|
f2fe58b4b59f
Tests: ALPN tests in the stream module.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
54 EOF |
|
f2fe58b4b59f
Tests: ALPN tests in the stream module.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
55 |
|
f2fe58b4b59f
Tests: ALPN tests in the stream module.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
56 $t->write_file('openssl.conf', <<EOF); |
|
f2fe58b4b59f
Tests: ALPN tests in the stream module.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
57 [ req ] |
|
f2fe58b4b59f
Tests: ALPN tests in the stream module.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
58 default_bits = 2048 |
|
f2fe58b4b59f
Tests: ALPN tests in the stream module.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
59 encrypt_key = no |
|
f2fe58b4b59f
Tests: ALPN tests in the stream module.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
60 distinguished_name = req_distinguished_name |
|
f2fe58b4b59f
Tests: ALPN tests in the stream module.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
61 [ req_distinguished_name ] |
|
f2fe58b4b59f
Tests: ALPN tests in the stream module.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
62 EOF |
|
f2fe58b4b59f
Tests: ALPN tests in the stream module.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
63 |
|
f2fe58b4b59f
Tests: ALPN tests in the stream module.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
64 my $d = $t->testdir(); |
|
f2fe58b4b59f
Tests: ALPN tests in the stream module.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
65 |
|
f2fe58b4b59f
Tests: ALPN tests in the stream module.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
66 foreach my $name ('localhost') { |
|
f2fe58b4b59f
Tests: ALPN tests in the stream module.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
67 system('openssl req -x509 -new ' |
|
f2fe58b4b59f
Tests: ALPN tests in the stream module.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
68 . "-config $d/openssl.conf -subj /CN=$name/ " |
|
f2fe58b4b59f
Tests: ALPN tests in the stream module.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
69 . "-out $d/$name.crt -keyout $d/$name.key " |
|
f2fe58b4b59f
Tests: ALPN tests in the stream module.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
70 . ">>$d/openssl.out 2>&1") == 0 |
|
f2fe58b4b59f
Tests: ALPN tests in the stream module.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
71 or die "Can't create certificate for $name: $!\n"; |
|
f2fe58b4b59f
Tests: ALPN tests in the stream module.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
72 } |
|
f2fe58b4b59f
Tests: ALPN tests in the stream module.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
73 |
|
1969
3ba1668cea87
Tests: adjusted stream_ssl_alpn.t to handle old SSL libraries.
Maxim Dounin <mdounin@mdounin.ru>
parents:
1937
diff
changeset
|
74 $t->try_run('no ssl_alpn')->plan(6); |
|
1739
f2fe58b4b59f
Tests: ALPN tests in the stream module.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
75 |
|
f2fe58b4b59f
Tests: ALPN tests in the stream module.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
76 ############################################################################### |
|
f2fe58b4b59f
Tests: ALPN tests in the stream module.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
77 |
|
f2fe58b4b59f
Tests: ALPN tests in the stream module.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
78 is(get_ssl('first'), 'X first X', 'alpn match'); |
|
f2fe58b4b59f
Tests: ALPN tests in the stream module.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
79 is(get_ssl('wrong', 'first'), 'X first X', 'alpn many'); |
|
f2fe58b4b59f
Tests: ALPN tests in the stream module.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
80 is(get_ssl('wrong', 'second'), 'X second X', 'alpn second'); |
|
f2fe58b4b59f
Tests: ALPN tests in the stream module.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
81 is(get_ssl(), 'X X', 'no alpn'); |
|
1743
2318ed01ce53
Tests: skip ALPN rejection tests with too old LibreSSL.
Sergey Kandaurov <pluknet@nginx.com>
parents:
1739
diff
changeset
|
82 |
|
2318ed01ce53
Tests: skip ALPN rejection tests with too old LibreSSL.
Sergey Kandaurov <pluknet@nginx.com>
parents:
1739
diff
changeset
|
83 SKIP: { |
|
1860
58951cf933e1
Tests: added has_feature() test for SSL libraries.
Maxim Dounin <mdounin@mdounin.ru>
parents:
1858
diff
changeset
|
84 skip 'LibreSSL too old', 2 |
|
58951cf933e1
Tests: added has_feature() test for SSL libraries.
Maxim Dounin <mdounin@mdounin.ru>
parents:
1858
diff
changeset
|
85 if $t->has_module('LibreSSL') |
|
58951cf933e1
Tests: added has_feature() test for SSL libraries.
Maxim Dounin <mdounin@mdounin.ru>
parents:
1858
diff
changeset
|
86 and not $t->has_feature('libressl:3.4.0'); |
|
58951cf933e1
Tests: added has_feature() test for SSL libraries.
Maxim Dounin <mdounin@mdounin.ru>
parents:
1858
diff
changeset
|
87 skip 'OpenSSL too old', 2 |
|
58951cf933e1
Tests: added has_feature() test for SSL libraries.
Maxim Dounin <mdounin@mdounin.ru>
parents:
1858
diff
changeset
|
88 if $t->has_module('OpenSSL') |
|
58951cf933e1
Tests: added has_feature() test for SSL libraries.
Maxim Dounin <mdounin@mdounin.ru>
parents:
1858
diff
changeset
|
89 and not $t->has_feature('openssl:1.1.0'); |
|
1743
2318ed01ce53
Tests: skip ALPN rejection tests with too old LibreSSL.
Sergey Kandaurov <pluknet@nginx.com>
parents:
1739
diff
changeset
|
90 |
|
1739
f2fe58b4b59f
Tests: ALPN tests in the stream module.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
91 ok(!get_ssl('wrong'), 'alpn mismatch'); |
|
f2fe58b4b59f
Tests: ALPN tests in the stream module.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
92 |
|
f2fe58b4b59f
Tests: ALPN tests in the stream module.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
93 $t->stop(); |
|
f2fe58b4b59f
Tests: ALPN tests in the stream module.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
94 |
|
f2fe58b4b59f
Tests: ALPN tests in the stream module.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
95 like($t->read_file('test.log'), qr/500$/, 'alpn mismatch - log'); |
|
f2fe58b4b59f
Tests: ALPN tests in the stream module.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
96 |
|
1743
2318ed01ce53
Tests: skip ALPN rejection tests with too old LibreSSL.
Sergey Kandaurov <pluknet@nginx.com>
parents:
1739
diff
changeset
|
97 } |
|
2318ed01ce53
Tests: skip ALPN rejection tests with too old LibreSSL.
Sergey Kandaurov <pluknet@nginx.com>
parents:
1739
diff
changeset
|
98 |
|
1739
f2fe58b4b59f
Tests: ALPN tests in the stream module.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
99 ############################################################################### |
|
f2fe58b4b59f
Tests: ALPN tests in the stream module.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
100 |
|
f2fe58b4b59f
Tests: ALPN tests in the stream module.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
101 sub get_ssl { |
|
f2fe58b4b59f
Tests: ALPN tests in the stream module.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
102 my (@alpn) = @_; |
|
f2fe58b4b59f
Tests: ALPN tests in the stream module.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
103 |
|
1864
46351d990aee
Tests: simplified stream SSL tests with IO::Socket::SSL.
Maxim Dounin <mdounin@mdounin.ru>
parents:
1860
diff
changeset
|
104 my $s = stream( |
|
46351d990aee
Tests: simplified stream SSL tests with IO::Socket::SSL.
Maxim Dounin <mdounin@mdounin.ru>
parents:
1860
diff
changeset
|
105 PeerAddr => '127.0.0.1:' . port(8080), |
|
46351d990aee
Tests: simplified stream SSL tests with IO::Socket::SSL.
Maxim Dounin <mdounin@mdounin.ru>
parents:
1860
diff
changeset
|
106 SSL => 1, |
|
46351d990aee
Tests: simplified stream SSL tests with IO::Socket::SSL.
Maxim Dounin <mdounin@mdounin.ru>
parents:
1860
diff
changeset
|
107 SSL_alpn_protocols => [ @alpn ] |
|
46351d990aee
Tests: simplified stream SSL tests with IO::Socket::SSL.
Maxim Dounin <mdounin@mdounin.ru>
parents:
1860
diff
changeset
|
108 ); |
|
1739
f2fe58b4b59f
Tests: ALPN tests in the stream module.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
109 |
|
f2fe58b4b59f
Tests: ALPN tests in the stream module.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
110 return $s->read(); |
|
f2fe58b4b59f
Tests: ALPN tests in the stream module.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
111 } |
|
f2fe58b4b59f
Tests: ALPN tests in the stream module.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
112 |
|
f2fe58b4b59f
Tests: ALPN tests in the stream module.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
113 ############################################################################### |