Mercurial > hg > nginx-tests
annotate ssl_reject_handshake.t @ 1619:436d0ffc2ea3
Tests: correctly shutdown ssl for reproducible session reuse tests.
Previously, session reuse tests in stream_ssl_certificate.t were prone
to testing errors, since the client doesn't write any application data
before closing a connection, which is done so to pass tests on win32.
In this case, the server may happened to get an unexpected eof meaning
that it will abandon that session. This is specific to stream testing
pattern, changes to ssl_certificate.t are applied too for consistency.
This is also specific to SSL_R_UNEXPECTED_EOF_WHILE_READING, which is
implemented in OpenSSL 3.0.0.
| author | Sergey Kandaurov <pluknet@nginx.com> |
|---|---|
| date | Mon, 23 Nov 2020 22:46:06 +0000 |
| parents | d35db22947ab |
| children | 5ac6efbe5552 |
| rev | line source |
|---|---|
|
1601
376cbc2c2b20
Tests: ssl_reject_handshake tests.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
1 #!/usr/bin/perl |
|
376cbc2c2b20
Tests: ssl_reject_handshake tests.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
2 |
|
376cbc2c2b20
Tests: ssl_reject_handshake tests.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
3 # (C) Sergey Kandaurov |
|
376cbc2c2b20
Tests: ssl_reject_handshake tests.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
4 # (C) Nginx, Inc. |
|
376cbc2c2b20
Tests: ssl_reject_handshake tests.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
5 |
|
376cbc2c2b20
Tests: ssl_reject_handshake tests.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
6 # Tests for http ssl module, ssl_reject_handshake. |
|
376cbc2c2b20
Tests: ssl_reject_handshake tests.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
7 |
|
376cbc2c2b20
Tests: ssl_reject_handshake tests.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
8 ############################################################################### |
|
376cbc2c2b20
Tests: ssl_reject_handshake tests.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
9 |
|
376cbc2c2b20
Tests: ssl_reject_handshake tests.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
10 use warnings; |
|
376cbc2c2b20
Tests: ssl_reject_handshake tests.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
11 use strict; |
|
376cbc2c2b20
Tests: ssl_reject_handshake tests.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
12 |
|
376cbc2c2b20
Tests: ssl_reject_handshake tests.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
13 use Test::More; |
|
376cbc2c2b20
Tests: ssl_reject_handshake tests.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
14 |
|
376cbc2c2b20
Tests: ssl_reject_handshake tests.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
15 BEGIN { use FindBin; chdir($FindBin::Bin); } |
|
376cbc2c2b20
Tests: ssl_reject_handshake tests.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
16 |
|
376cbc2c2b20
Tests: ssl_reject_handshake tests.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
17 use lib 'lib'; |
|
376cbc2c2b20
Tests: ssl_reject_handshake tests.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
18 use Test::Nginx; |
|
376cbc2c2b20
Tests: ssl_reject_handshake tests.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
19 |
|
376cbc2c2b20
Tests: ssl_reject_handshake tests.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
20 ############################################################################### |
|
376cbc2c2b20
Tests: ssl_reject_handshake tests.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
21 |
|
376cbc2c2b20
Tests: ssl_reject_handshake tests.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
22 select STDERR; $| = 1; |
|
376cbc2c2b20
Tests: ssl_reject_handshake tests.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
23 select STDOUT; $| = 1; |
|
376cbc2c2b20
Tests: ssl_reject_handshake tests.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
24 |
|
376cbc2c2b20
Tests: ssl_reject_handshake tests.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
25 eval { require IO::Socket::SSL; }; |
|
376cbc2c2b20
Tests: ssl_reject_handshake tests.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
26 plan(skip_all => 'IO::Socket::SSL not installed') if $@; |
|
1602
d35db22947ab
Tests: fixed ssl_reject_handshake.t with too old IO::Socket::SSL.
Sergey Kandaurov <pluknet@nginx.com>
parents:
1601
diff
changeset
|
27 eval { IO::Socket::SSL->can_client_sni() or die; }; |
|
d35db22947ab
Tests: fixed ssl_reject_handshake.t with too old IO::Socket::SSL.
Sergey Kandaurov <pluknet@nginx.com>
parents:
1601
diff
changeset
|
28 plan(skip_all => 'IO::Socket::SSL with OpenSSL SNI support required') if $@; |
|
1601
376cbc2c2b20
Tests: ssl_reject_handshake tests.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
29 |
|
1602
d35db22947ab
Tests: fixed ssl_reject_handshake.t with too old IO::Socket::SSL.
Sergey Kandaurov <pluknet@nginx.com>
parents:
1601
diff
changeset
|
30 my $t = Test::Nginx->new()->has(qw/http http_ssl sni/)->has_daemon('openssl'); |
|
1601
376cbc2c2b20
Tests: ssl_reject_handshake tests.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
31 |
|
376cbc2c2b20
Tests: ssl_reject_handshake tests.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
32 $t->write_file_expand('nginx.conf', <<'EOF'); |
|
376cbc2c2b20
Tests: ssl_reject_handshake tests.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
33 |
|
376cbc2c2b20
Tests: ssl_reject_handshake tests.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
34 %%TEST_GLOBALS%% |
|
376cbc2c2b20
Tests: ssl_reject_handshake tests.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
35 |
|
376cbc2c2b20
Tests: ssl_reject_handshake tests.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
36 daemon off; |
|
376cbc2c2b20
Tests: ssl_reject_handshake tests.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
37 |
|
376cbc2c2b20
Tests: ssl_reject_handshake tests.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
38 events { |
|
376cbc2c2b20
Tests: ssl_reject_handshake tests.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
39 } |
|
376cbc2c2b20
Tests: ssl_reject_handshake tests.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
40 |
|
376cbc2c2b20
Tests: ssl_reject_handshake tests.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
41 http { |
|
376cbc2c2b20
Tests: ssl_reject_handshake tests.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
42 %%TEST_GLOBALS_HTTP%% |
|
376cbc2c2b20
Tests: ssl_reject_handshake tests.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
43 |
|
376cbc2c2b20
Tests: ssl_reject_handshake tests.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
44 add_header X-Name $ssl_server_name; |
|
376cbc2c2b20
Tests: ssl_reject_handshake tests.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
45 |
|
376cbc2c2b20
Tests: ssl_reject_handshake tests.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
46 server { |
|
376cbc2c2b20
Tests: ssl_reject_handshake tests.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
47 listen 127.0.0.1:8080 ssl; |
|
376cbc2c2b20
Tests: ssl_reject_handshake tests.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
48 server_name localhost; |
|
376cbc2c2b20
Tests: ssl_reject_handshake tests.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
49 |
|
376cbc2c2b20
Tests: ssl_reject_handshake tests.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
50 ssl_reject_handshake on; |
|
376cbc2c2b20
Tests: ssl_reject_handshake tests.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
51 } |
|
376cbc2c2b20
Tests: ssl_reject_handshake tests.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
52 |
|
376cbc2c2b20
Tests: ssl_reject_handshake tests.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
53 server { |
|
376cbc2c2b20
Tests: ssl_reject_handshake tests.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
54 listen 127.0.0.1:8081; |
|
376cbc2c2b20
Tests: ssl_reject_handshake tests.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
55 server_name ssl; |
|
376cbc2c2b20
Tests: ssl_reject_handshake tests.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
56 |
|
376cbc2c2b20
Tests: ssl_reject_handshake tests.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
57 ssl on; |
|
376cbc2c2b20
Tests: ssl_reject_handshake tests.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
58 ssl_reject_handshake on; |
|
376cbc2c2b20
Tests: ssl_reject_handshake tests.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
59 } |
|
376cbc2c2b20
Tests: ssl_reject_handshake tests.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
60 |
|
376cbc2c2b20
Tests: ssl_reject_handshake tests.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
61 server { |
|
376cbc2c2b20
Tests: ssl_reject_handshake tests.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
62 listen 127.0.0.1:8080 ssl; |
|
376cbc2c2b20
Tests: ssl_reject_handshake tests.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
63 listen 127.0.0.1:8081 ssl; |
|
376cbc2c2b20
Tests: ssl_reject_handshake tests.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
64 server_name virtual; |
|
376cbc2c2b20
Tests: ssl_reject_handshake tests.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
65 |
|
376cbc2c2b20
Tests: ssl_reject_handshake tests.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
66 ssl_certificate localhost.crt; |
|
376cbc2c2b20
Tests: ssl_reject_handshake tests.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
67 ssl_certificate_key localhost.key; |
|
376cbc2c2b20
Tests: ssl_reject_handshake tests.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
68 } |
|
376cbc2c2b20
Tests: ssl_reject_handshake tests.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
69 |
|
376cbc2c2b20
Tests: ssl_reject_handshake tests.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
70 server { |
|
376cbc2c2b20
Tests: ssl_reject_handshake tests.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
71 listen 127.0.0.1:8082 ssl; |
|
376cbc2c2b20
Tests: ssl_reject_handshake tests.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
72 server_name localhost; |
|
376cbc2c2b20
Tests: ssl_reject_handshake tests.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
73 |
|
376cbc2c2b20
Tests: ssl_reject_handshake tests.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
74 ssl_certificate localhost.crt; |
|
376cbc2c2b20
Tests: ssl_reject_handshake tests.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
75 ssl_certificate_key localhost.key; |
|
376cbc2c2b20
Tests: ssl_reject_handshake tests.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
76 } |
|
376cbc2c2b20
Tests: ssl_reject_handshake tests.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
77 |
|
376cbc2c2b20
Tests: ssl_reject_handshake tests.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
78 server { |
|
376cbc2c2b20
Tests: ssl_reject_handshake tests.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
79 listen 127.0.0.1:8082 ssl; |
|
376cbc2c2b20
Tests: ssl_reject_handshake tests.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
80 server_name virtual1; |
|
376cbc2c2b20
Tests: ssl_reject_handshake tests.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
81 } |
|
376cbc2c2b20
Tests: ssl_reject_handshake tests.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
82 |
|
376cbc2c2b20
Tests: ssl_reject_handshake tests.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
83 server { |
|
376cbc2c2b20
Tests: ssl_reject_handshake tests.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
84 listen 127.0.0.1:8082 ssl; |
|
376cbc2c2b20
Tests: ssl_reject_handshake tests.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
85 server_name virtual2; |
|
376cbc2c2b20
Tests: ssl_reject_handshake tests.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
86 |
|
376cbc2c2b20
Tests: ssl_reject_handshake tests.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
87 ssl_reject_handshake on; |
|
376cbc2c2b20
Tests: ssl_reject_handshake tests.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
88 } |
|
376cbc2c2b20
Tests: ssl_reject_handshake tests.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
89 } |
|
376cbc2c2b20
Tests: ssl_reject_handshake tests.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
90 |
|
376cbc2c2b20
Tests: ssl_reject_handshake tests.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
91 EOF |
|
376cbc2c2b20
Tests: ssl_reject_handshake tests.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
92 |
|
376cbc2c2b20
Tests: ssl_reject_handshake tests.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
93 $t->write_file('openssl.conf', <<EOF); |
|
376cbc2c2b20
Tests: ssl_reject_handshake tests.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
94 [ req ] |
|
376cbc2c2b20
Tests: ssl_reject_handshake tests.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
95 default_bits = 2048 |
|
376cbc2c2b20
Tests: ssl_reject_handshake tests.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
96 encrypt_key = no |
|
376cbc2c2b20
Tests: ssl_reject_handshake tests.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
97 distinguished_name = req_distinguished_name |
|
376cbc2c2b20
Tests: ssl_reject_handshake tests.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
98 [ req_distinguished_name ] |
|
376cbc2c2b20
Tests: ssl_reject_handshake tests.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
99 EOF |
|
376cbc2c2b20
Tests: ssl_reject_handshake tests.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
100 |
|
376cbc2c2b20
Tests: ssl_reject_handshake tests.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
101 my $d = $t->testdir(); |
|
376cbc2c2b20
Tests: ssl_reject_handshake tests.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
102 |
|
376cbc2c2b20
Tests: ssl_reject_handshake tests.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
103 foreach my $name ('localhost') { |
|
376cbc2c2b20
Tests: ssl_reject_handshake tests.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
104 system('openssl req -x509 -new ' |
|
376cbc2c2b20
Tests: ssl_reject_handshake tests.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
105 . "-config $d/openssl.conf -subj /CN=$name/ " |
|
376cbc2c2b20
Tests: ssl_reject_handshake tests.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
106 . "-out $d/$name.crt -keyout $d/$name.key " |
|
376cbc2c2b20
Tests: ssl_reject_handshake tests.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
107 . ">>$d/openssl.out 2>&1") == 0 |
|
376cbc2c2b20
Tests: ssl_reject_handshake tests.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
108 or die "Can't create certificate for $name: $!\n"; |
|
376cbc2c2b20
Tests: ssl_reject_handshake tests.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
109 } |
|
376cbc2c2b20
Tests: ssl_reject_handshake tests.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
110 |
|
376cbc2c2b20
Tests: ssl_reject_handshake tests.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
111 $t->write_file('index.html', ''); |
|
376cbc2c2b20
Tests: ssl_reject_handshake tests.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
112 $t->try_run('no ssl_reject_handshake')->plan(9); |
|
376cbc2c2b20
Tests: ssl_reject_handshake tests.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
113 |
|
376cbc2c2b20
Tests: ssl_reject_handshake tests.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
114 ############################################################################### |
|
376cbc2c2b20
Tests: ssl_reject_handshake tests.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
115 |
|
376cbc2c2b20
Tests: ssl_reject_handshake tests.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
116 # default virtual server rejected |
|
376cbc2c2b20
Tests: ssl_reject_handshake tests.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
117 |
|
376cbc2c2b20
Tests: ssl_reject_handshake tests.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
118 like(get('default', 8080), qr/unrecognized name/, 'default rejected'); |
|
376cbc2c2b20
Tests: ssl_reject_handshake tests.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
119 like(get(undef, 8080), qr/unrecognized name/, 'absent sni rejected'); |
|
376cbc2c2b20
Tests: ssl_reject_handshake tests.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
120 like(get('virtual', 8080), qr/virtual/, 'virtual accepted'); |
|
376cbc2c2b20
Tests: ssl_reject_handshake tests.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
121 |
|
376cbc2c2b20
Tests: ssl_reject_handshake tests.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
122 # default virtual server rejected - ssl on |
|
376cbc2c2b20
Tests: ssl_reject_handshake tests.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
123 |
|
376cbc2c2b20
Tests: ssl_reject_handshake tests.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
124 like(get('default', 8081), qr/unrecognized name/, 'default rejected - ssl on'); |
|
376cbc2c2b20
Tests: ssl_reject_handshake tests.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
125 like(get('virtual', 8081), qr/virtual/, 'virtual accepted - ssl on'); |
|
376cbc2c2b20
Tests: ssl_reject_handshake tests.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
126 |
|
376cbc2c2b20
Tests: ssl_reject_handshake tests.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
127 # non-default server "virtual2" rejected |
|
376cbc2c2b20
Tests: ssl_reject_handshake tests.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
128 |
|
376cbc2c2b20
Tests: ssl_reject_handshake tests.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
129 like(get('default', 8082), qr/default/, 'default accepted'); |
|
376cbc2c2b20
Tests: ssl_reject_handshake tests.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
130 like(get(undef, 8082), qr/200 OK(?!.*X-Name)/is, 'absent sni accepted'); |
|
376cbc2c2b20
Tests: ssl_reject_handshake tests.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
131 like(get('virtual1', 8082), qr/virtual1/, 'virtual 1 accepted'); |
|
376cbc2c2b20
Tests: ssl_reject_handshake tests.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
132 like(get('virtual2', 8082), qr/unrecognized name/, 'virtual 2 rejected'); |
|
376cbc2c2b20
Tests: ssl_reject_handshake tests.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
133 |
|
376cbc2c2b20
Tests: ssl_reject_handshake tests.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
134 ############################################################################### |
|
376cbc2c2b20
Tests: ssl_reject_handshake tests.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
135 |
|
376cbc2c2b20
Tests: ssl_reject_handshake tests.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
136 sub get { |
|
376cbc2c2b20
Tests: ssl_reject_handshake tests.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
137 my ($host, $port) = @_; |
|
376cbc2c2b20
Tests: ssl_reject_handshake tests.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
138 my $s = get_ssl_socket($host, $port) or return $@; |
|
376cbc2c2b20
Tests: ssl_reject_handshake tests.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
139 $host = 'localhost' if !defined $host; |
|
376cbc2c2b20
Tests: ssl_reject_handshake tests.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
140 my $r = http(<<EOF, socket => $s); |
|
376cbc2c2b20
Tests: ssl_reject_handshake tests.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
141 GET / HTTP/1.0 |
|
376cbc2c2b20
Tests: ssl_reject_handshake tests.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
142 Host: $host |
|
376cbc2c2b20
Tests: ssl_reject_handshake tests.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
143 |
|
376cbc2c2b20
Tests: ssl_reject_handshake tests.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
144 EOF |
|
376cbc2c2b20
Tests: ssl_reject_handshake tests.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
145 |
|
376cbc2c2b20
Tests: ssl_reject_handshake tests.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
146 $s->close(); |
|
376cbc2c2b20
Tests: ssl_reject_handshake tests.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
147 return $r; |
|
376cbc2c2b20
Tests: ssl_reject_handshake tests.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
148 } |
|
376cbc2c2b20
Tests: ssl_reject_handshake tests.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
149 |
|
376cbc2c2b20
Tests: ssl_reject_handshake tests.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
150 sub get_ssl_socket { |
|
376cbc2c2b20
Tests: ssl_reject_handshake tests.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
151 my ($host, $port) = @_; |
|
376cbc2c2b20
Tests: ssl_reject_handshake tests.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
152 my $s; |
|
376cbc2c2b20
Tests: ssl_reject_handshake tests.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
153 |
|
376cbc2c2b20
Tests: ssl_reject_handshake tests.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
154 eval { |
|
376cbc2c2b20
Tests: ssl_reject_handshake tests.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
155 local $SIG{ALRM} = sub { die "timeout\n" }; |
|
376cbc2c2b20
Tests: ssl_reject_handshake tests.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
156 local $SIG{PIPE} = sub { die "sigpipe\n" }; |
|
376cbc2c2b20
Tests: ssl_reject_handshake tests.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
157 alarm(8); |
|
376cbc2c2b20
Tests: ssl_reject_handshake tests.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
158 $s = IO::Socket::SSL->new( |
|
376cbc2c2b20
Tests: ssl_reject_handshake tests.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
159 Proto => 'tcp', |
|
376cbc2c2b20
Tests: ssl_reject_handshake tests.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
160 PeerAddr => '127.0.0.1', |
|
376cbc2c2b20
Tests: ssl_reject_handshake tests.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
161 PeerPort => port($port), |
|
376cbc2c2b20
Tests: ssl_reject_handshake tests.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
162 SSL_hostname => $host, |
|
376cbc2c2b20
Tests: ssl_reject_handshake tests.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
163 SSL_verify_mode => IO::Socket::SSL::SSL_VERIFY_NONE(), |
|
376cbc2c2b20
Tests: ssl_reject_handshake tests.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
164 SSL_error_trap => sub { die $_[1] }, |
|
376cbc2c2b20
Tests: ssl_reject_handshake tests.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
165 ); |
|
376cbc2c2b20
Tests: ssl_reject_handshake tests.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
166 alarm(0); |
|
376cbc2c2b20
Tests: ssl_reject_handshake tests.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
167 }; |
|
376cbc2c2b20
Tests: ssl_reject_handshake tests.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
168 alarm(0); |
|
376cbc2c2b20
Tests: ssl_reject_handshake tests.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
169 |
|
376cbc2c2b20
Tests: ssl_reject_handshake tests.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
170 if ($@) { |
|
376cbc2c2b20
Tests: ssl_reject_handshake tests.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
171 log_in("died: $@"); |
|
376cbc2c2b20
Tests: ssl_reject_handshake tests.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
172 return undef; |
|
376cbc2c2b20
Tests: ssl_reject_handshake tests.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
173 } |
|
376cbc2c2b20
Tests: ssl_reject_handshake tests.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
174 |
|
376cbc2c2b20
Tests: ssl_reject_handshake tests.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
175 return $s; |
|
376cbc2c2b20
Tests: ssl_reject_handshake tests.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
176 } |
|
376cbc2c2b20
Tests: ssl_reject_handshake tests.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
177 |
|
376cbc2c2b20
Tests: ssl_reject_handshake tests.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
178 ############################################################################### |