Mercurial > hg > nginx-tests

annotate stream_proxy_ssl.t @ 1619:436d0ffc2ea3

Find changesets by keywords (author, files, the commit message), revision number or hash, or revset expression.
Tests: correctly shutdown ssl for reproducible session reuse tests. Previously, session reuse tests in stream_ssl_certificate.t were prone to testing errors, since the client doesn't write any application data before closing a connection, which is done so to pass tests on win32. In this case, the server may happened to get an unexpected eof meaning that it will abandon that session. This is specific to stream testing pattern, changes to ssl_certificate.t are applied too for consistency. This is also specific to SSL_R_UNEXPECTED_EOF_WHILE_READING, which is implemented in OpenSSL 3.0.0.
author Sergey Kandaurov <pluknet@nginx.com>
date Mon, 23 Nov 2020 22:46:06 +0000
parents f3ba4c74de31
children 6705a3760f48
Ignore whitespace changes - Everywhere: Within whitespace: At end of lines:
rev   line source
559
9208d8243926 Tests: stream ssl and proxy ssl tests.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff changeset
1 #!/usr/bin/perl
9208d8243926 Tests: stream ssl and proxy ssl tests.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff changeset
2
9208d8243926 Tests: stream ssl and proxy ssl tests.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff changeset
3 # (C) Sergey Kandaurov
9208d8243926 Tests: stream ssl and proxy ssl tests.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff changeset
4 # (C) Nginx, Inc.
9208d8243926 Tests: stream ssl and proxy ssl tests.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff changeset
5
9208d8243926 Tests: stream ssl and proxy ssl tests.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff changeset
6 # Stream tests for proxy to ssl backend.
9208d8243926 Tests: stream ssl and proxy ssl tests.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff changeset
7
9208d8243926 Tests: stream ssl and proxy ssl tests.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff changeset
8 ###############################################################################
9208d8243926 Tests: stream ssl and proxy ssl tests.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff changeset
9
9208d8243926 Tests: stream ssl and proxy ssl tests.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff changeset
10 use warnings;
9208d8243926 Tests: stream ssl and proxy ssl tests.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff changeset
11 use strict;
9208d8243926 Tests: stream ssl and proxy ssl tests.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff changeset
12
9208d8243926 Tests: stream ssl and proxy ssl tests.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff changeset
13 use Test::More;
9208d8243926 Tests: stream ssl and proxy ssl tests.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff changeset
14
9208d8243926 Tests: stream ssl and proxy ssl tests.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff changeset
15 BEGIN { use FindBin; chdir($FindBin::Bin); }
9208d8243926 Tests: stream ssl and proxy ssl tests.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff changeset
16
9208d8243926 Tests: stream ssl and proxy ssl tests.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff changeset
17 use lib 'lib';
9208d8243926 Tests: stream ssl and proxy ssl tests.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff changeset
18 use Test::Nginx;
1195
af7feabed82a Tests: stream proxy ssl session tests no longer use http backends.
Sergey Kandaurov <pluknet@nginx.com>
parents: 1116
diff changeset
19 use Test::Nginx::Stream qw/ stream /;
559
9208d8243926 Tests: stream ssl and proxy ssl tests.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff changeset
20
9208d8243926 Tests: stream ssl and proxy ssl tests.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff changeset
21 ###############################################################################
9208d8243926 Tests: stream ssl and proxy ssl tests.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff changeset
22
9208d8243926 Tests: stream ssl and proxy ssl tests.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff changeset
23 select STDERR; $| = 1;
9208d8243926 Tests: stream ssl and proxy ssl tests.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff changeset
24 select STDOUT; $| = 1;
9208d8243926 Tests: stream ssl and proxy ssl tests.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff changeset
25
9208d8243926 Tests: stream ssl and proxy ssl tests.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff changeset
26 my $t = Test::Nginx->new()->has(qw/stream stream_ssl http http_ssl/)
1195
af7feabed82a Tests: stream proxy ssl session tests no longer use http backends.
Sergey Kandaurov <pluknet@nginx.com>
parents: 1116
diff changeset
27 ->has(qw/stream_return/)
1197
155573499f20 Tests: more ssl session tests.
Sergey Kandaurov <pluknet@nginx.com>
parents: 1195
diff changeset
28 ->has_daemon('openssl')->plan(6);
559
9208d8243926 Tests: stream ssl and proxy ssl tests.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff changeset
29
9208d8243926 Tests: stream ssl and proxy ssl tests.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff changeset
30 $t->write_file_expand('nginx.conf', <<'EOF');
9208d8243926 Tests: stream ssl and proxy ssl tests.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff changeset
31
9208d8243926 Tests: stream ssl and proxy ssl tests.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff changeset
32 %%TEST_GLOBALS%%
9208d8243926 Tests: stream ssl and proxy ssl tests.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff changeset
33
9208d8243926 Tests: stream ssl and proxy ssl tests.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff changeset
34 daemon off;
9208d8243926 Tests: stream ssl and proxy ssl tests.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff changeset
35
9208d8243926 Tests: stream ssl and proxy ssl tests.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff changeset
36 events {
9208d8243926 Tests: stream ssl and proxy ssl tests.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff changeset
37 }
9208d8243926 Tests: stream ssl and proxy ssl tests.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff changeset
38
9208d8243926 Tests: stream ssl and proxy ssl tests.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff changeset
39 stream {
1609
f3ba4c74de31 Tests: added TEST_GLOBALS_STREAM variable support.
Andrei Belov <defan@nginx.com>
parents: 1488
diff changeset
40 %%TEST_GLOBALS_STREAM%%
f3ba4c74de31 Tests: added TEST_GLOBALS_STREAM variable support.
Andrei Belov <defan@nginx.com>
parents: 1488
diff changeset
41
559
9208d8243926 Tests: stream ssl and proxy ssl tests.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff changeset
42 proxy_ssl on;
9208d8243926 Tests: stream ssl and proxy ssl tests.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff changeset
43 proxy_ssl_session_reuse on;
795
122cd3a82367 Tests: fixed 'proxy connect timeout' test timeouts on slow hosts.
Sergey Kandaurov <pluknet@nginx.com>
parents: 733
diff changeset
44 proxy_connect_timeout 2s;
559
9208d8243926 Tests: stream ssl and proxy ssl tests.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff changeset
45
9208d8243926 Tests: stream ssl and proxy ssl tests.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff changeset
46 server {
1195
af7feabed82a Tests: stream proxy ssl session tests no longer use http backends.
Sergey Kandaurov <pluknet@nginx.com>
parents: 1116
diff changeset
47 listen 127.0.0.1:8081;
af7feabed82a Tests: stream proxy ssl session tests no longer use http backends.
Sergey Kandaurov <pluknet@nginx.com>
parents: 1116
diff changeset
48 proxy_pass 127.0.0.1:8083;
559
9208d8243926 Tests: stream ssl and proxy ssl tests.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff changeset
49 proxy_ssl_session_reuse off;
9208d8243926 Tests: stream ssl and proxy ssl tests.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff changeset
50 }
9208d8243926 Tests: stream ssl and proxy ssl tests.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff changeset
51
9208d8243926 Tests: stream ssl and proxy ssl tests.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff changeset
52 server {
1195
af7feabed82a Tests: stream proxy ssl session tests no longer use http backends.
Sergey Kandaurov <pluknet@nginx.com>
parents: 1116
diff changeset
53 listen 127.0.0.1:8082;
af7feabed82a Tests: stream proxy ssl session tests no longer use http backends.
Sergey Kandaurov <pluknet@nginx.com>
parents: 1116
diff changeset
54 proxy_pass 127.0.0.1:8083;
af7feabed82a Tests: stream proxy ssl session tests no longer use http backends.
Sergey Kandaurov <pluknet@nginx.com>
parents: 1116
diff changeset
55 }
af7feabed82a Tests: stream proxy ssl session tests no longer use http backends.
Sergey Kandaurov <pluknet@nginx.com>
parents: 1116
diff changeset
56
af7feabed82a Tests: stream proxy ssl session tests no longer use http backends.
Sergey Kandaurov <pluknet@nginx.com>
parents: 1116
diff changeset
57 server {
af7feabed82a Tests: stream proxy ssl session tests no longer use http backends.
Sergey Kandaurov <pluknet@nginx.com>
parents: 1116
diff changeset
58 listen 127.0.0.1:8083 ssl;
af7feabed82a Tests: stream proxy ssl session tests no longer use http backends.
Sergey Kandaurov <pluknet@nginx.com>
parents: 1116
diff changeset
59 return $ssl_session_reused;
af7feabed82a Tests: stream proxy ssl session tests no longer use http backends.
Sergey Kandaurov <pluknet@nginx.com>
parents: 1116
diff changeset
60
af7feabed82a Tests: stream proxy ssl session tests no longer use http backends.
Sergey Kandaurov <pluknet@nginx.com>
parents: 1116
diff changeset
61 ssl_certificate_key localhost.key;
af7feabed82a Tests: stream proxy ssl session tests no longer use http backends.
Sergey Kandaurov <pluknet@nginx.com>
parents: 1116
diff changeset
62 ssl_certificate localhost.crt;
af7feabed82a Tests: stream proxy ssl session tests no longer use http backends.
Sergey Kandaurov <pluknet@nginx.com>
parents: 1116
diff changeset
63 ssl_session_cache builtin;
af7feabed82a Tests: stream proxy ssl session tests no longer use http backends.
Sergey Kandaurov <pluknet@nginx.com>
parents: 1116
diff changeset
64 }
af7feabed82a Tests: stream proxy ssl session tests no longer use http backends.
Sergey Kandaurov <pluknet@nginx.com>
parents: 1116
diff changeset
65
af7feabed82a Tests: stream proxy ssl session tests no longer use http backends.
Sergey Kandaurov <pluknet@nginx.com>
parents: 1116
diff changeset
66 server {
af7feabed82a Tests: stream proxy ssl session tests no longer use http backends.
Sergey Kandaurov <pluknet@nginx.com>
parents: 1116
diff changeset
67 listen 127.0.0.1:8080;
af7feabed82a Tests: stream proxy ssl session tests no longer use http backends.
Sergey Kandaurov <pluknet@nginx.com>
parents: 1116
diff changeset
68 proxy_pass 127.0.0.1:8084;
559
9208d8243926 Tests: stream ssl and proxy ssl tests.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff changeset
69 }
9208d8243926 Tests: stream ssl and proxy ssl tests.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff changeset
70 }
9208d8243926 Tests: stream ssl and proxy ssl tests.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff changeset
71
9208d8243926 Tests: stream ssl and proxy ssl tests.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff changeset
72 http {
9208d8243926 Tests: stream ssl and proxy ssl tests.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff changeset
73 %%TEST_GLOBALS_HTTP%%
9208d8243926 Tests: stream ssl and proxy ssl tests.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff changeset
74
9208d8243926 Tests: stream ssl and proxy ssl tests.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff changeset
75 server {
1195
af7feabed82a Tests: stream proxy ssl session tests no longer use http backends.
Sergey Kandaurov <pluknet@nginx.com>
parents: 1116
diff changeset
76 listen 127.0.0.1:8084 ssl;
559
9208d8243926 Tests: stream ssl and proxy ssl tests.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff changeset
77 server_name localhost;
9208d8243926 Tests: stream ssl and proxy ssl tests.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff changeset
78
9208d8243926 Tests: stream ssl and proxy ssl tests.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff changeset
79 ssl_certificate_key localhost.key;
9208d8243926 Tests: stream ssl and proxy ssl tests.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff changeset
80 ssl_certificate localhost.crt;
9208d8243926 Tests: stream ssl and proxy ssl tests.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff changeset
81 }
9208d8243926 Tests: stream ssl and proxy ssl tests.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff changeset
82 }
9208d8243926 Tests: stream ssl and proxy ssl tests.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff changeset
83
9208d8243926 Tests: stream ssl and proxy ssl tests.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff changeset
84 EOF
9208d8243926 Tests: stream ssl and proxy ssl tests.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff changeset
85
9208d8243926 Tests: stream ssl and proxy ssl tests.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff changeset
86 $t->write_file('openssl.conf', <<EOF);
9208d8243926 Tests: stream ssl and proxy ssl tests.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff changeset
87 [ req ]
1488
dbce8fb5f5f8 Tests: align with OpenSSL security level 2.
Sergey Kandaurov <pluknet@nginx.com>
parents: 1220
diff changeset
88 default_bits = 2048
559
9208d8243926 Tests: stream ssl and proxy ssl tests.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff changeset
89 encrypt_key = no
9208d8243926 Tests: stream ssl and proxy ssl tests.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff changeset
90 distinguished_name = req_distinguished_name
9208d8243926 Tests: stream ssl and proxy ssl tests.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff changeset
91 [ req_distinguished_name ]
9208d8243926 Tests: stream ssl and proxy ssl tests.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff changeset
92 EOF
9208d8243926 Tests: stream ssl and proxy ssl tests.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff changeset
93
9208d8243926 Tests: stream ssl and proxy ssl tests.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff changeset
94 $t->write_file('index.html', '');
9208d8243926 Tests: stream ssl and proxy ssl tests.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff changeset
95
9208d8243926 Tests: stream ssl and proxy ssl tests.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff changeset
96 my $d = $t->testdir();
9208d8243926 Tests: stream ssl and proxy ssl tests.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff changeset
97
9208d8243926 Tests: stream ssl and proxy ssl tests.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff changeset
98 foreach my $name ('localhost') {
9208d8243926 Tests: stream ssl and proxy ssl tests.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff changeset
99 system('openssl req -x509 -new '
1220
0af58b78df35 Tests: removed single quotes from system() calls.
Sergey Kandaurov <pluknet@nginx.com>
parents: 1197
diff changeset
100 . "-config $d/openssl.conf -subj /CN=$name/ "
0af58b78df35 Tests: removed single quotes from system() calls.
Sergey Kandaurov <pluknet@nginx.com>
parents: 1197
diff changeset
101 . "-out $d/$name.crt -keyout $d/$name.key "
559
9208d8243926 Tests: stream ssl and proxy ssl tests.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff changeset
102 . ">>$d/openssl.out 2>&1") == 0
9208d8243926 Tests: stream ssl and proxy ssl tests.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff changeset
103 or die "Can't create certificate for $name: $!\n";
9208d8243926 Tests: stream ssl and proxy ssl tests.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff changeset
104 }
9208d8243926 Tests: stream ssl and proxy ssl tests.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff changeset
105
9208d8243926 Tests: stream ssl and proxy ssl tests.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff changeset
106 $t->run();
9208d8243926 Tests: stream ssl and proxy ssl tests.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff changeset
107
9208d8243926 Tests: stream ssl and proxy ssl tests.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff changeset
108 ###############################################################################
9208d8243926 Tests: stream ssl and proxy ssl tests.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff changeset
109
1195
af7feabed82a Tests: stream proxy ssl session tests no longer use http backends.
Sergey Kandaurov <pluknet@nginx.com>
parents: 1116
diff changeset
110 is(stream('127.0.0.1:' . port(8081))->read(), '.', 'ssl');
af7feabed82a Tests: stream proxy ssl session tests no longer use http backends.
Sergey Kandaurov <pluknet@nginx.com>
parents: 1116
diff changeset
111 is(stream('127.0.0.1:' . port(8081))->read(), '.', 'ssl 2');
559
9208d8243926 Tests: stream ssl and proxy ssl tests.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff changeset
112
1195
af7feabed82a Tests: stream proxy ssl session tests no longer use http backends.
Sergey Kandaurov <pluknet@nginx.com>
parents: 1116
diff changeset
113 is(stream('127.0.0.1:' . port(8082))->read(), '.', 'ssl session new');
af7feabed82a Tests: stream proxy ssl session tests no longer use http backends.
Sergey Kandaurov <pluknet@nginx.com>
parents: 1116
diff changeset
114 is(stream('127.0.0.1:' . port(8082))->read(), 'r', 'ssl session reused');
1197
155573499f20 Tests: more ssl session tests.
Sergey Kandaurov <pluknet@nginx.com>
parents: 1195
diff changeset
115 is(stream('127.0.0.1:' . port(8082))->read(), 'r', 'ssl session reused 2');
559
9208d8243926 Tests: stream ssl and proxy ssl tests.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff changeset
116
732
984bfe661cce Tests: stream and http proxy_connect_timeout tests.
Sergey Kandaurov <pluknet@nginx.com>
parents: 559
diff changeset
117 my $s = http('', start => 1);
984bfe661cce Tests: stream and http proxy_connect_timeout tests.
Sergey Kandaurov <pluknet@nginx.com>
parents: 559
diff changeset
118
795
122cd3a82367 Tests: fixed 'proxy connect timeout' test timeouts on slow hosts.
Sergey Kandaurov <pluknet@nginx.com>
parents: 733
diff changeset
119 sleep 3;
732
984bfe661cce Tests: stream and http proxy_connect_timeout tests.
Sergey Kandaurov <pluknet@nginx.com>
parents: 559
diff changeset
120
733
3b25ee897439 Tests: removed stream_proxy_ssl.t TODO, fix committed.
Sergey Kandaurov <pluknet@nginx.com>
parents: 732
diff changeset
121 like(http_get('/', socket => $s), qr/200 OK/, 'proxy connect timeout');
732
984bfe661cce Tests: stream and http proxy_connect_timeout tests.
Sergey Kandaurov <pluknet@nginx.com>
parents: 559
diff changeset
122
559
9208d8243926 Tests: stream ssl and proxy ssl tests.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff changeset
123 ###############################################################################