Mercurial > hg > nginx-tests
annotate ssl_sni_reneg.t @ 1619:436d0ffc2ea3
Tests: correctly shutdown ssl for reproducible session reuse tests.
Previously, session reuse tests in stream_ssl_certificate.t were prone
to testing errors, since the client doesn't write any application data
before closing a connection, which is done so to pass tests on win32.
In this case, the server may happened to get an unexpected eof meaning
that it will abandon that session. This is specific to stream testing
pattern, changes to ssl_certificate.t are applied too for consistency.
This is also specific to SSL_R_UNEXPECTED_EOF_WHILE_READING, which is
implemented in OpenSSL 3.0.0.
author | Sergey Kandaurov <pluknet@nginx.com> |
---|---|
date | Mon, 23 Nov 2020 22:46:06 +0000 |
parents | 144c6ce732e4 |
children | fd440d324700 |
rev | line source |
---|---|
807
5540ee8a12ce
Tests: https sni tests with renegotiation (ticket #845).
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
1 #!/usr/bin/perl |
5540ee8a12ce
Tests: https sni tests with renegotiation (ticket #845).
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
2 |
5540ee8a12ce
Tests: https sni tests with renegotiation (ticket #845).
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
3 # (C) Sergey Kandaurov |
5540ee8a12ce
Tests: https sni tests with renegotiation (ticket #845).
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
4 # (C) Nginx, Inc. |
5540ee8a12ce
Tests: https sni tests with renegotiation (ticket #845).
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
5 |
5540ee8a12ce
Tests: https sni tests with renegotiation (ticket #845).
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
6 # Tests for http ssl module with SNI and renegotiation. |
5540ee8a12ce
Tests: https sni tests with renegotiation (ticket #845).
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
7 |
5540ee8a12ce
Tests: https sni tests with renegotiation (ticket #845).
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
8 ############################################################################### |
5540ee8a12ce
Tests: https sni tests with renegotiation (ticket #845).
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
9 |
5540ee8a12ce
Tests: https sni tests with renegotiation (ticket #845).
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
10 use warnings; |
5540ee8a12ce
Tests: https sni tests with renegotiation (ticket #845).
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
11 use strict; |
5540ee8a12ce
Tests: https sni tests with renegotiation (ticket #845).
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
12 |
5540ee8a12ce
Tests: https sni tests with renegotiation (ticket #845).
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
13 use Test::More; |
5540ee8a12ce
Tests: https sni tests with renegotiation (ticket #845).
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
14 |
5540ee8a12ce
Tests: https sni tests with renegotiation (ticket #845).
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
15 use Socket qw/ :DEFAULT CRLF /; |
5540ee8a12ce
Tests: https sni tests with renegotiation (ticket #845).
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
16 |
5540ee8a12ce
Tests: https sni tests with renegotiation (ticket #845).
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
17 BEGIN { use FindBin; chdir($FindBin::Bin); } |
5540ee8a12ce
Tests: https sni tests with renegotiation (ticket #845).
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
18 |
5540ee8a12ce
Tests: https sni tests with renegotiation (ticket #845).
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
19 use lib 'lib'; |
5540ee8a12ce
Tests: https sni tests with renegotiation (ticket #845).
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
20 use Test::Nginx; |
5540ee8a12ce
Tests: https sni tests with renegotiation (ticket #845).
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
21 |
5540ee8a12ce
Tests: https sni tests with renegotiation (ticket #845).
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
22 ############################################################################### |
5540ee8a12ce
Tests: https sni tests with renegotiation (ticket #845).
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
23 |
5540ee8a12ce
Tests: https sni tests with renegotiation (ticket #845).
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
24 select STDERR; $| = 1; |
5540ee8a12ce
Tests: https sni tests with renegotiation (ticket #845).
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
25 select STDOUT; $| = 1; |
5540ee8a12ce
Tests: https sni tests with renegotiation (ticket #845).
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
26 |
5540ee8a12ce
Tests: https sni tests with renegotiation (ticket #845).
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
27 eval { |
5540ee8a12ce
Tests: https sni tests with renegotiation (ticket #845).
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
28 require Net::SSLeay; |
5540ee8a12ce
Tests: https sni tests with renegotiation (ticket #845).
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
29 Net::SSLeay::load_error_strings(); |
5540ee8a12ce
Tests: https sni tests with renegotiation (ticket #845).
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
30 Net::SSLeay::SSLeay_add_ssl_algorithms(); |
5540ee8a12ce
Tests: https sni tests with renegotiation (ticket #845).
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
31 Net::SSLeay::randomize(); |
5540ee8a12ce
Tests: https sni tests with renegotiation (ticket #845).
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
32 }; |
5540ee8a12ce
Tests: https sni tests with renegotiation (ticket #845).
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
33 plan(skip_all => 'Net::SSLeay not installed') if $@; |
5540ee8a12ce
Tests: https sni tests with renegotiation (ticket #845).
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
34 |
5540ee8a12ce
Tests: https sni tests with renegotiation (ticket #845).
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
35 eval { |
5540ee8a12ce
Tests: https sni tests with renegotiation (ticket #845).
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
36 my $ctx = Net::SSLeay::CTX_new() or die; |
5540ee8a12ce
Tests: https sni tests with renegotiation (ticket #845).
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
37 my $ssl = Net::SSLeay::new($ctx) or die; |
5540ee8a12ce
Tests: https sni tests with renegotiation (ticket #845).
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
38 Net::SSLeay::set_tlsext_host_name($ssl, 'example.org') == 1 or die; |
5540ee8a12ce
Tests: https sni tests with renegotiation (ticket #845).
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
39 }; |
5540ee8a12ce
Tests: https sni tests with renegotiation (ticket #845).
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
40 plan(skip_all => 'Net::SSLeay with OpenSSL SNI support required') if $@; |
5540ee8a12ce
Tests: https sni tests with renegotiation (ticket #845).
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
41 |
1387
ad3cb6f451a5
Tests: skip ssl_sni_reneg.t with TLS 1.3.
Sergey Kandaurov <pluknet@nginx.com>
parents:
1380
diff
changeset
|
42 my $t = Test::Nginx->new()->has(qw/http http_ssl/)->has_daemon('openssl'); |
807
5540ee8a12ce
Tests: https sni tests with renegotiation (ticket #845).
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
43 |
5540ee8a12ce
Tests: https sni tests with renegotiation (ticket #845).
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
44 $t->write_file_expand('nginx.conf', <<'EOF'); |
5540ee8a12ce
Tests: https sni tests with renegotiation (ticket #845).
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
45 |
5540ee8a12ce
Tests: https sni tests with renegotiation (ticket #845).
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
46 %%TEST_GLOBALS%% |
5540ee8a12ce
Tests: https sni tests with renegotiation (ticket #845).
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
47 |
5540ee8a12ce
Tests: https sni tests with renegotiation (ticket #845).
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
48 daemon off; |
5540ee8a12ce
Tests: https sni tests with renegotiation (ticket #845).
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
49 |
5540ee8a12ce
Tests: https sni tests with renegotiation (ticket #845).
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
50 events { |
5540ee8a12ce
Tests: https sni tests with renegotiation (ticket #845).
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
51 } |
5540ee8a12ce
Tests: https sni tests with renegotiation (ticket #845).
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
52 |
5540ee8a12ce
Tests: https sni tests with renegotiation (ticket #845).
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
53 http { |
5540ee8a12ce
Tests: https sni tests with renegotiation (ticket #845).
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
54 %%TEST_GLOBALS_HTTP%% |
5540ee8a12ce
Tests: https sni tests with renegotiation (ticket #845).
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
55 |
5540ee8a12ce
Tests: https sni tests with renegotiation (ticket #845).
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
56 ssl_certificate_key localhost.key; |
5540ee8a12ce
Tests: https sni tests with renegotiation (ticket #845).
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
57 ssl_certificate localhost.crt; |
5540ee8a12ce
Tests: https sni tests with renegotiation (ticket #845).
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
58 |
5540ee8a12ce
Tests: https sni tests with renegotiation (ticket #845).
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
59 server { |
974
882267679006
Tests: simplified parallel modifications in tests.
Andrey Zelenkov <zelenkov@nginx.com>
parents:
952
diff
changeset
|
60 listen 127.0.0.1:8080 ssl; |
1380
f50c7d90f5c9
Tests: more https sni tests with renegotiation (ticket #1646).
Sergey Kandaurov <pluknet@nginx.com>
parents:
1377
diff
changeset
|
61 listen 127.0.0.1:8081 ssl; |
807
5540ee8a12ce
Tests: https sni tests with renegotiation (ticket #845).
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
62 server_name localhost; |
5540ee8a12ce
Tests: https sni tests with renegotiation (ticket #845).
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
63 |
5540ee8a12ce
Tests: https sni tests with renegotiation (ticket #845).
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
64 location / { } |
5540ee8a12ce
Tests: https sni tests with renegotiation (ticket #845).
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
65 } |
1380
f50c7d90f5c9
Tests: more https sni tests with renegotiation (ticket #1646).
Sergey Kandaurov <pluknet@nginx.com>
parents:
1377
diff
changeset
|
66 |
f50c7d90f5c9
Tests: more https sni tests with renegotiation (ticket #1646).
Sergey Kandaurov <pluknet@nginx.com>
parents:
1377
diff
changeset
|
67 server { |
f50c7d90f5c9
Tests: more https sni tests with renegotiation (ticket #1646).
Sergey Kandaurov <pluknet@nginx.com>
parents:
1377
diff
changeset
|
68 listen 127.0.0.1:8081 ssl; |
f50c7d90f5c9
Tests: more https sni tests with renegotiation (ticket #1646).
Sergey Kandaurov <pluknet@nginx.com>
parents:
1377
diff
changeset
|
69 server_name localhost2; |
f50c7d90f5c9
Tests: more https sni tests with renegotiation (ticket #1646).
Sergey Kandaurov <pluknet@nginx.com>
parents:
1377
diff
changeset
|
70 |
f50c7d90f5c9
Tests: more https sni tests with renegotiation (ticket #1646).
Sergey Kandaurov <pluknet@nginx.com>
parents:
1377
diff
changeset
|
71 location / { } |
f50c7d90f5c9
Tests: more https sni tests with renegotiation (ticket #1646).
Sergey Kandaurov <pluknet@nginx.com>
parents:
1377
diff
changeset
|
72 } |
807
5540ee8a12ce
Tests: https sni tests with renegotiation (ticket #845).
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
73 } |
5540ee8a12ce
Tests: https sni tests with renegotiation (ticket #845).
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
74 |
5540ee8a12ce
Tests: https sni tests with renegotiation (ticket #845).
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
75 EOF |
5540ee8a12ce
Tests: https sni tests with renegotiation (ticket #845).
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
76 |
5540ee8a12ce
Tests: https sni tests with renegotiation (ticket #845).
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
77 $t->write_file('openssl.conf', <<EOF); |
5540ee8a12ce
Tests: https sni tests with renegotiation (ticket #845).
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
78 [ req ] |
1488
dbce8fb5f5f8
Tests: align with OpenSSL security level 2.
Sergey Kandaurov <pluknet@nginx.com>
parents:
1421
diff
changeset
|
79 default_bits = 2048 |
807
5540ee8a12ce
Tests: https sni tests with renegotiation (ticket #845).
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
80 encrypt_key = no |
5540ee8a12ce
Tests: https sni tests with renegotiation (ticket #845).
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
81 distinguished_name = req_distinguished_name |
5540ee8a12ce
Tests: https sni tests with renegotiation (ticket #845).
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
82 [ req_distinguished_name ] |
5540ee8a12ce
Tests: https sni tests with renegotiation (ticket #845).
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
83 EOF |
5540ee8a12ce
Tests: https sni tests with renegotiation (ticket #845).
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
84 |
5540ee8a12ce
Tests: https sni tests with renegotiation (ticket #845).
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
85 my $d = $t->testdir(); |
5540ee8a12ce
Tests: https sni tests with renegotiation (ticket #845).
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
86 |
5540ee8a12ce
Tests: https sni tests with renegotiation (ticket #845).
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
87 foreach my $name ('localhost') { |
5540ee8a12ce
Tests: https sni tests with renegotiation (ticket #845).
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
88 system('openssl req -x509 -new ' |
1220
0af58b78df35
Tests: removed single quotes from system() calls.
Sergey Kandaurov <pluknet@nginx.com>
parents:
1173
diff
changeset
|
89 . "-config $d/openssl.conf -subj /CN=$name/ " |
0af58b78df35
Tests: removed single quotes from system() calls.
Sergey Kandaurov <pluknet@nginx.com>
parents:
1173
diff
changeset
|
90 . "-out $d/$name.crt -keyout $d/$name.key " |
807
5540ee8a12ce
Tests: https sni tests with renegotiation (ticket #845).
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
91 . ">>$d/openssl.out 2>&1") == 0 |
5540ee8a12ce
Tests: https sni tests with renegotiation (ticket #845).
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
92 or die "Can't create certificate for $name: $!\n"; |
5540ee8a12ce
Tests: https sni tests with renegotiation (ticket #845).
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
93 } |
5540ee8a12ce
Tests: https sni tests with renegotiation (ticket #845).
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
94 |
5540ee8a12ce
Tests: https sni tests with renegotiation (ticket #845).
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
95 $t->run(); |
5540ee8a12ce
Tests: https sni tests with renegotiation (ticket #845).
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
96 |
1387
ad3cb6f451a5
Tests: skip ssl_sni_reneg.t with TLS 1.3.
Sergey Kandaurov <pluknet@nginx.com>
parents:
1380
diff
changeset
|
97 { |
ad3cb6f451a5
Tests: skip ssl_sni_reneg.t with TLS 1.3.
Sergey Kandaurov <pluknet@nginx.com>
parents:
1380
diff
changeset
|
98 my (undef, $ssl) = get_ssl_socket(8080); |
ad3cb6f451a5
Tests: skip ssl_sni_reneg.t with TLS 1.3.
Sergey Kandaurov <pluknet@nginx.com>
parents:
1380
diff
changeset
|
99 plan(skip_all => "TLS 1.3 forbids renegotiation") |
ad3cb6f451a5
Tests: skip ssl_sni_reneg.t with TLS 1.3.
Sergey Kandaurov <pluknet@nginx.com>
parents:
1380
diff
changeset
|
100 if Net::SSLeay::version($ssl) > 0x0303; |
ad3cb6f451a5
Tests: skip ssl_sni_reneg.t with TLS 1.3.
Sergey Kandaurov <pluknet@nginx.com>
parents:
1380
diff
changeset
|
101 } |
ad3cb6f451a5
Tests: skip ssl_sni_reneg.t with TLS 1.3.
Sergey Kandaurov <pluknet@nginx.com>
parents:
1380
diff
changeset
|
102 |
ad3cb6f451a5
Tests: skip ssl_sni_reneg.t with TLS 1.3.
Sergey Kandaurov <pluknet@nginx.com>
parents:
1380
diff
changeset
|
103 $t->plan(8); |
ad3cb6f451a5
Tests: skip ssl_sni_reneg.t with TLS 1.3.
Sergey Kandaurov <pluknet@nginx.com>
parents:
1380
diff
changeset
|
104 |
807
5540ee8a12ce
Tests: https sni tests with renegotiation (ticket #845).
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
105 ############################################################################### |
5540ee8a12ce
Tests: https sni tests with renegotiation (ticket #845).
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
106 |
1380
f50c7d90f5c9
Tests: more https sni tests with renegotiation (ticket #1646).
Sergey Kandaurov <pluknet@nginx.com>
parents:
1377
diff
changeset
|
107 my ($s, $ssl) = get_ssl_socket(8080); |
807
5540ee8a12ce
Tests: https sni tests with renegotiation (ticket #845).
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
108 ok($s, 'connection'); |
5540ee8a12ce
Tests: https sni tests with renegotiation (ticket #845).
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
109 |
5540ee8a12ce
Tests: https sni tests with renegotiation (ticket #845).
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
110 SKIP: { |
5540ee8a12ce
Tests: https sni tests with renegotiation (ticket #845).
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
111 skip 'connection failed', 3 unless $s; |
5540ee8a12ce
Tests: https sni tests with renegotiation (ticket #845).
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
112 |
1173
1a54d45d5587
Tests: handled SIGPIPE in ssl_sni_reneg.t.
Sergey Kandaurov <pluknet@nginx.com>
parents:
1116
diff
changeset
|
113 local $SIG{PIPE} = 'IGNORE'; |
1a54d45d5587
Tests: handled SIGPIPE in ssl_sni_reneg.t.
Sergey Kandaurov <pluknet@nginx.com>
parents:
1116
diff
changeset
|
114 |
807
5540ee8a12ce
Tests: https sni tests with renegotiation (ticket #845).
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
115 Net::SSLeay::write($ssl, 'GET / HTTP/1.0' . CRLF); |
5540ee8a12ce
Tests: https sni tests with renegotiation (ticket #845).
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
116 |
5540ee8a12ce
Tests: https sni tests with renegotiation (ticket #845).
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
117 ok(Net::SSLeay::renegotiate($ssl), 'renegotiation'); |
5540ee8a12ce
Tests: https sni tests with renegotiation (ticket #845).
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
118 ok(Net::SSLeay::set_tlsext_host_name($ssl, 'localhost'), 'SNI'); |
5540ee8a12ce
Tests: https sni tests with renegotiation (ticket #845).
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
119 |
5540ee8a12ce
Tests: https sni tests with renegotiation (ticket #845).
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
120 Net::SSLeay::write($ssl, 'Host: localhost' . CRLF . CRLF); |
5540ee8a12ce
Tests: https sni tests with renegotiation (ticket #845).
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
121 |
1377
09c2291b2bab
Tests: relaxed test for no response on SSL renegotiation attempt.
Sergey Kandaurov <pluknet@nginx.com>
parents:
1220
diff
changeset
|
122 ok(!Net::SSLeay::read($ssl), 'response'); |
807
5540ee8a12ce
Tests: https sni tests with renegotiation (ticket #845).
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
123 |
5540ee8a12ce
Tests: https sni tests with renegotiation (ticket #845).
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
124 } |
5540ee8a12ce
Tests: https sni tests with renegotiation (ticket #845).
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
125 |
1380
f50c7d90f5c9
Tests: more https sni tests with renegotiation (ticket #1646).
Sergey Kandaurov <pluknet@nginx.com>
parents:
1377
diff
changeset
|
126 # virtual servers |
f50c7d90f5c9
Tests: more https sni tests with renegotiation (ticket #1646).
Sergey Kandaurov <pluknet@nginx.com>
parents:
1377
diff
changeset
|
127 |
f50c7d90f5c9
Tests: more https sni tests with renegotiation (ticket #1646).
Sergey Kandaurov <pluknet@nginx.com>
parents:
1377
diff
changeset
|
128 ($s, $ssl) = get_ssl_socket(8081); |
f50c7d90f5c9
Tests: more https sni tests with renegotiation (ticket #1646).
Sergey Kandaurov <pluknet@nginx.com>
parents:
1377
diff
changeset
|
129 ok($s, 'connection 2'); |
f50c7d90f5c9
Tests: more https sni tests with renegotiation (ticket #1646).
Sergey Kandaurov <pluknet@nginx.com>
parents:
1377
diff
changeset
|
130 |
f50c7d90f5c9
Tests: more https sni tests with renegotiation (ticket #1646).
Sergey Kandaurov <pluknet@nginx.com>
parents:
1377
diff
changeset
|
131 SKIP: { |
f50c7d90f5c9
Tests: more https sni tests with renegotiation (ticket #1646).
Sergey Kandaurov <pluknet@nginx.com>
parents:
1377
diff
changeset
|
132 skip 'connection failed', 3 unless $s; |
f50c7d90f5c9
Tests: more https sni tests with renegotiation (ticket #1646).
Sergey Kandaurov <pluknet@nginx.com>
parents:
1377
diff
changeset
|
133 |
1409
0bc5bd58d9de
Tests: handled SIGPIPE in ssl_sni_reneg.t.
Sergey Kandaurov <pluknet@nginx.com>
parents:
1407
diff
changeset
|
134 local $SIG{PIPE} = 'IGNORE'; |
0bc5bd58d9de
Tests: handled SIGPIPE in ssl_sni_reneg.t.
Sergey Kandaurov <pluknet@nginx.com>
parents:
1407
diff
changeset
|
135 |
1380
f50c7d90f5c9
Tests: more https sni tests with renegotiation (ticket #1646).
Sergey Kandaurov <pluknet@nginx.com>
parents:
1377
diff
changeset
|
136 Net::SSLeay::write($ssl, 'GET / HTTP/1.0' . CRLF); |
f50c7d90f5c9
Tests: more https sni tests with renegotiation (ticket #1646).
Sergey Kandaurov <pluknet@nginx.com>
parents:
1377
diff
changeset
|
137 |
f50c7d90f5c9
Tests: more https sni tests with renegotiation (ticket #1646).
Sergey Kandaurov <pluknet@nginx.com>
parents:
1377
diff
changeset
|
138 ok(Net::SSLeay::renegotiate($ssl), 'renegotiation'); |
f50c7d90f5c9
Tests: more https sni tests with renegotiation (ticket #1646).
Sergey Kandaurov <pluknet@nginx.com>
parents:
1377
diff
changeset
|
139 ok(Net::SSLeay::set_tlsext_host_name($ssl, 'localhost'), 'SNI'); |
f50c7d90f5c9
Tests: more https sni tests with renegotiation (ticket #1646).
Sergey Kandaurov <pluknet@nginx.com>
parents:
1377
diff
changeset
|
140 |
f50c7d90f5c9
Tests: more https sni tests with renegotiation (ticket #1646).
Sergey Kandaurov <pluknet@nginx.com>
parents:
1377
diff
changeset
|
141 Net::SSLeay::write($ssl, 'Host: localhost' . CRLF . CRLF); |
f50c7d90f5c9
Tests: more https sni tests with renegotiation (ticket #1646).
Sergey Kandaurov <pluknet@nginx.com>
parents:
1377
diff
changeset
|
142 |
f50c7d90f5c9
Tests: more https sni tests with renegotiation (ticket #1646).
Sergey Kandaurov <pluknet@nginx.com>
parents:
1377
diff
changeset
|
143 ok(!Net::SSLeay::read($ssl), 'virtual servers'); |
f50c7d90f5c9
Tests: more https sni tests with renegotiation (ticket #1646).
Sergey Kandaurov <pluknet@nginx.com>
parents:
1377
diff
changeset
|
144 |
f50c7d90f5c9
Tests: more https sni tests with renegotiation (ticket #1646).
Sergey Kandaurov <pluknet@nginx.com>
parents:
1377
diff
changeset
|
145 } |
f50c7d90f5c9
Tests: more https sni tests with renegotiation (ticket #1646).
Sergey Kandaurov <pluknet@nginx.com>
parents:
1377
diff
changeset
|
146 |
807
5540ee8a12ce
Tests: https sni tests with renegotiation (ticket #845).
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
147 ############################################################################### |
5540ee8a12ce
Tests: https sni tests with renegotiation (ticket #845).
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
148 |
5540ee8a12ce
Tests: https sni tests with renegotiation (ticket #845).
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
149 sub get_ssl_socket { |
1380
f50c7d90f5c9
Tests: more https sni tests with renegotiation (ticket #1646).
Sergey Kandaurov <pluknet@nginx.com>
parents:
1377
diff
changeset
|
150 my ($port) = @_; |
807
5540ee8a12ce
Tests: https sni tests with renegotiation (ticket #845).
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
151 my $s; |
5540ee8a12ce
Tests: https sni tests with renegotiation (ticket #845).
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
152 |
5540ee8a12ce
Tests: https sni tests with renegotiation (ticket #845).
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
153 my $dest_ip = inet_aton('127.0.0.1'); |
1380
f50c7d90f5c9
Tests: more https sni tests with renegotiation (ticket #1646).
Sergey Kandaurov <pluknet@nginx.com>
parents:
1377
diff
changeset
|
154 my $dest_serv_params = sockaddr_in(port($port), $dest_ip); |
807
5540ee8a12ce
Tests: https sni tests with renegotiation (ticket #845).
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
155 |
5540ee8a12ce
Tests: https sni tests with renegotiation (ticket #845).
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
156 eval { |
5540ee8a12ce
Tests: https sni tests with renegotiation (ticket #845).
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
157 local $SIG{ALRM} = sub { die "timeout\n" }; |
5540ee8a12ce
Tests: https sni tests with renegotiation (ticket #845).
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
158 local $SIG{PIPE} = sub { die "sigpipe\n" }; |
1421
4e48bf51714f
Tests: aligned various generic read timeouts to http_end().
Sergey Kandaurov <pluknet@nginx.com>
parents:
1411
diff
changeset
|
159 alarm(8); |
807
5540ee8a12ce
Tests: https sni tests with renegotiation (ticket #845).
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
160 socket($s, &AF_INET, &SOCK_STREAM, 0) or die "socket: $!"; |
5540ee8a12ce
Tests: https sni tests with renegotiation (ticket #845).
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
161 connect($s, $dest_serv_params) or die "connect: $!"; |
5540ee8a12ce
Tests: https sni tests with renegotiation (ticket #845).
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
162 alarm(0); |
5540ee8a12ce
Tests: https sni tests with renegotiation (ticket #845).
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
163 }; |
5540ee8a12ce
Tests: https sni tests with renegotiation (ticket #845).
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
164 alarm(0); |
5540ee8a12ce
Tests: https sni tests with renegotiation (ticket #845).
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
165 |
5540ee8a12ce
Tests: https sni tests with renegotiation (ticket #845).
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
166 if ($@) { |
5540ee8a12ce
Tests: https sni tests with renegotiation (ticket #845).
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
167 log_in("died: $@"); |
5540ee8a12ce
Tests: https sni tests with renegotiation (ticket #845).
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
168 return undef; |
5540ee8a12ce
Tests: https sni tests with renegotiation (ticket #845).
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
169 } |
5540ee8a12ce
Tests: https sni tests with renegotiation (ticket #845).
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
170 |
5540ee8a12ce
Tests: https sni tests with renegotiation (ticket #845).
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
171 my $ctx = Net::SSLeay::CTX_new() or die("Failed to create SSL_CTX $!"); |
5540ee8a12ce
Tests: https sni tests with renegotiation (ticket #845).
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
172 my $ssl = Net::SSLeay::new($ctx) or die("Failed to create SSL $!"); |
1102
89d7d4d1be40
Tests: whitespace fixes.
Andrey Zelenkov <zelenkov@nginx.com>
parents:
1020
diff
changeset
|
173 Net::SSLeay::set_fd($ssl, fileno($s)); |
1380
f50c7d90f5c9
Tests: more https sni tests with renegotiation (ticket #1646).
Sergey Kandaurov <pluknet@nginx.com>
parents:
1377
diff
changeset
|
174 Net::SSLeay::set_tlsext_host_name($ssl, 'localhost'); |
807
5540ee8a12ce
Tests: https sni tests with renegotiation (ticket #845).
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
175 Net::SSLeay::connect($ssl) or die("ssl connect"); |
5540ee8a12ce
Tests: https sni tests with renegotiation (ticket #845).
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
176 |
5540ee8a12ce
Tests: https sni tests with renegotiation (ticket #845).
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
177 return ($s, $ssl); |
5540ee8a12ce
Tests: https sni tests with renegotiation (ticket #845).
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
178 } |
5540ee8a12ce
Tests: https sni tests with renegotiation (ticket #845).
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
179 |
5540ee8a12ce
Tests: https sni tests with renegotiation (ticket #845).
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
180 ############################################################################### |