Mercurial > hg > nginx-tests
annotate ssl_certificates.t @ 1542:451e787aad76
Tests: reworked libgd version detection.
The "libgd-config" binary is deprecated in recent versions and may not exist
or have unexpected output. More, it may not present within older versions,
as well, if installed separately, which previously broke test assumptions.
The fix is change the fallback to skip tests. In addition, recent Perl GD
module (2.57) started to export libgd version, which is now also consulted.
author | Sergey Kandaurov <pluknet@nginx.com> |
---|---|
date | Mon, 13 Jan 2020 18:15:35 +0300 |
parents | dbce8fb5f5f8 |
children | 0e1865aa9b33 |
rev | line source |
---|---|
930
183a6b1f3fa5
Tests: http ssl tests with multiple certificates (ticket #814).
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
1 #!/usr/bin/perl |
183a6b1f3fa5
Tests: http ssl tests with multiple certificates (ticket #814).
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
2 |
183a6b1f3fa5
Tests: http ssl tests with multiple certificates (ticket #814).
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
3 # (C) Sergey Kandaurov |
183a6b1f3fa5
Tests: http ssl tests with multiple certificates (ticket #814).
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
4 # (C) Nginx, Inc. |
183a6b1f3fa5
Tests: http ssl tests with multiple certificates (ticket #814).
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
5 |
183a6b1f3fa5
Tests: http ssl tests with multiple certificates (ticket #814).
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
6 # Tests for http ssl module with multiple certificates. |
183a6b1f3fa5
Tests: http ssl tests with multiple certificates (ticket #814).
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
7 |
183a6b1f3fa5
Tests: http ssl tests with multiple certificates (ticket #814).
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
8 ############################################################################### |
183a6b1f3fa5
Tests: http ssl tests with multiple certificates (ticket #814).
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
9 |
183a6b1f3fa5
Tests: http ssl tests with multiple certificates (ticket #814).
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
10 use warnings; |
183a6b1f3fa5
Tests: http ssl tests with multiple certificates (ticket #814).
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
11 use strict; |
183a6b1f3fa5
Tests: http ssl tests with multiple certificates (ticket #814).
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
12 |
183a6b1f3fa5
Tests: http ssl tests with multiple certificates (ticket #814).
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
13 use Test::More; |
183a6b1f3fa5
Tests: http ssl tests with multiple certificates (ticket #814).
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
14 |
183a6b1f3fa5
Tests: http ssl tests with multiple certificates (ticket #814).
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
15 BEGIN { use FindBin; chdir($FindBin::Bin); } |
183a6b1f3fa5
Tests: http ssl tests with multiple certificates (ticket #814).
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
16 |
183a6b1f3fa5
Tests: http ssl tests with multiple certificates (ticket #814).
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
17 use lib 'lib'; |
183a6b1f3fa5
Tests: http ssl tests with multiple certificates (ticket #814).
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
18 use Test::Nginx; |
183a6b1f3fa5
Tests: http ssl tests with multiple certificates (ticket #814).
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
19 |
183a6b1f3fa5
Tests: http ssl tests with multiple certificates (ticket #814).
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
20 ############################################################################### |
183a6b1f3fa5
Tests: http ssl tests with multiple certificates (ticket #814).
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
21 |
183a6b1f3fa5
Tests: http ssl tests with multiple certificates (ticket #814).
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
22 select STDERR; $| = 1; |
183a6b1f3fa5
Tests: http ssl tests with multiple certificates (ticket #814).
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
23 select STDOUT; $| = 1; |
183a6b1f3fa5
Tests: http ssl tests with multiple certificates (ticket #814).
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
24 |
1388
0090e2476ef0
Tests: support TLS 1.3 in ssl_certificates.t by preferring sigalgs.
Sergey Kandaurov <pluknet@nginx.com>
parents:
1224
diff
changeset
|
25 eval { |
0090e2476ef0
Tests: support TLS 1.3 in ssl_certificates.t by preferring sigalgs.
Sergey Kandaurov <pluknet@nginx.com>
parents:
1224
diff
changeset
|
26 require Net::SSLeay; |
0090e2476ef0
Tests: support TLS 1.3 in ssl_certificates.t by preferring sigalgs.
Sergey Kandaurov <pluknet@nginx.com>
parents:
1224
diff
changeset
|
27 Net::SSLeay::load_error_strings(); |
0090e2476ef0
Tests: support TLS 1.3 in ssl_certificates.t by preferring sigalgs.
Sergey Kandaurov <pluknet@nginx.com>
parents:
1224
diff
changeset
|
28 Net::SSLeay::SSLeay_add_ssl_algorithms(); |
0090e2476ef0
Tests: support TLS 1.3 in ssl_certificates.t by preferring sigalgs.
Sergey Kandaurov <pluknet@nginx.com>
parents:
1224
diff
changeset
|
29 Net::SSLeay::randomize(); |
0090e2476ef0
Tests: support TLS 1.3 in ssl_certificates.t by preferring sigalgs.
Sergey Kandaurov <pluknet@nginx.com>
parents:
1224
diff
changeset
|
30 Net::SSLeay::SSLeay(); |
0090e2476ef0
Tests: support TLS 1.3 in ssl_certificates.t by preferring sigalgs.
Sergey Kandaurov <pluknet@nginx.com>
parents:
1224
diff
changeset
|
31 }; |
0090e2476ef0
Tests: support TLS 1.3 in ssl_certificates.t by preferring sigalgs.
Sergey Kandaurov <pluknet@nginx.com>
parents:
1224
diff
changeset
|
32 plan(skip_all => 'Net::SSLeay not installed or too old') if $@; |
930
183a6b1f3fa5
Tests: http ssl tests with multiple certificates (ticket #814).
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
33 |
183a6b1f3fa5
Tests: http ssl tests with multiple certificates (ticket #814).
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
34 my $t = Test::Nginx->new()->has(qw/http http_ssl/)->has_daemon('openssl'); |
183a6b1f3fa5
Tests: http ssl tests with multiple certificates (ticket #814).
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
35 |
1400
94bcad5611af
Tests: skip OCSP stapling and multiple cert tests with BoringSSL.
Sergey Kandaurov <pluknet@nginx.com>
parents:
1397
diff
changeset
|
36 plan(skip_all => 'no multiple certificates') if $t->has_module('BoringSSL'); |
94bcad5611af
Tests: skip OCSP stapling and multiple cert tests with BoringSSL.
Sergey Kandaurov <pluknet@nginx.com>
parents:
1397
diff
changeset
|
37 |
930
183a6b1f3fa5
Tests: http ssl tests with multiple certificates (ticket #814).
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
38 $t->write_file_expand('nginx.conf', <<'EOF'); |
183a6b1f3fa5
Tests: http ssl tests with multiple certificates (ticket #814).
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
39 |
183a6b1f3fa5
Tests: http ssl tests with multiple certificates (ticket #814).
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
40 %%TEST_GLOBALS%% |
183a6b1f3fa5
Tests: http ssl tests with multiple certificates (ticket #814).
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
41 |
183a6b1f3fa5
Tests: http ssl tests with multiple certificates (ticket #814).
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
42 daemon off; |
183a6b1f3fa5
Tests: http ssl tests with multiple certificates (ticket #814).
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
43 |
183a6b1f3fa5
Tests: http ssl tests with multiple certificates (ticket #814).
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
44 events { |
183a6b1f3fa5
Tests: http ssl tests with multiple certificates (ticket #814).
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
45 } |
183a6b1f3fa5
Tests: http ssl tests with multiple certificates (ticket #814).
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
46 |
183a6b1f3fa5
Tests: http ssl tests with multiple certificates (ticket #814).
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
47 http { |
183a6b1f3fa5
Tests: http ssl tests with multiple certificates (ticket #814).
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
48 %%TEST_GLOBALS_HTTP%% |
183a6b1f3fa5
Tests: http ssl tests with multiple certificates (ticket #814).
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
49 |
183a6b1f3fa5
Tests: http ssl tests with multiple certificates (ticket #814).
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
50 ssl_certificate_key rsa.key; |
183a6b1f3fa5
Tests: http ssl tests with multiple certificates (ticket #814).
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
51 ssl_certificate rsa.crt; |
1224
2ec9ce1bc820
Tests: fixed ssl_certificates.t for nginx built with OpenSSL 0.9.8.
Sergey Kandaurov <pluknet@nginx.com>
parents:
1220
diff
changeset
|
52 ssl_ciphers DEFAULT:ECCdraft; |
930
183a6b1f3fa5
Tests: http ssl tests with multiple certificates (ticket #814).
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
53 |
183a6b1f3fa5
Tests: http ssl tests with multiple certificates (ticket #814).
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
54 server { |
974
882267679006
Tests: simplified parallel modifications in tests.
Andrey Zelenkov <zelenkov@nginx.com>
parents:
952
diff
changeset
|
55 listen 127.0.0.1:8080 ssl; |
930
183a6b1f3fa5
Tests: http ssl tests with multiple certificates (ticket #814).
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
56 server_name localhost; |
183a6b1f3fa5
Tests: http ssl tests with multiple certificates (ticket #814).
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
57 |
1216
de7d3e249b35
Tests: switch from DSS to ECDSA in ssl_certificates.t.
Sergey Kandaurov <pluknet@nginx.com>
parents:
1140
diff
changeset
|
58 ssl_certificate_key ec.key; |
de7d3e249b35
Tests: switch from DSS to ECDSA in ssl_certificates.t.
Sergey Kandaurov <pluknet@nginx.com>
parents:
1140
diff
changeset
|
59 ssl_certificate ec.crt; |
930
183a6b1f3fa5
Tests: http ssl tests with multiple certificates (ticket #814).
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
60 |
183a6b1f3fa5
Tests: http ssl tests with multiple certificates (ticket #814).
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
61 ssl_certificate_key rsa.key; |
183a6b1f3fa5
Tests: http ssl tests with multiple certificates (ticket #814).
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
62 ssl_certificate rsa.crt; |
183a6b1f3fa5
Tests: http ssl tests with multiple certificates (ticket #814).
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
63 |
183a6b1f3fa5
Tests: http ssl tests with multiple certificates (ticket #814).
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
64 ssl_certificate_key rsa.key; |
183a6b1f3fa5
Tests: http ssl tests with multiple certificates (ticket #814).
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
65 ssl_certificate rsa.crt; |
183a6b1f3fa5
Tests: http ssl tests with multiple certificates (ticket #814).
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
66 } |
183a6b1f3fa5
Tests: http ssl tests with multiple certificates (ticket #814).
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
67 } |
183a6b1f3fa5
Tests: http ssl tests with multiple certificates (ticket #814).
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
68 |
183a6b1f3fa5
Tests: http ssl tests with multiple certificates (ticket #814).
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
69 EOF |
183a6b1f3fa5
Tests: http ssl tests with multiple certificates (ticket #814).
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
70 |
183a6b1f3fa5
Tests: http ssl tests with multiple certificates (ticket #814).
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
71 $t->write_file('openssl.conf', <<EOF); |
183a6b1f3fa5
Tests: http ssl tests with multiple certificates (ticket #814).
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
72 [ req ] |
1488
dbce8fb5f5f8
Tests: align with OpenSSL security level 2.
Sergey Kandaurov <pluknet@nginx.com>
parents:
1421
diff
changeset
|
73 default_bits = 2048 |
930
183a6b1f3fa5
Tests: http ssl tests with multiple certificates (ticket #814).
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
74 encrypt_key = no |
183a6b1f3fa5
Tests: http ssl tests with multiple certificates (ticket #814).
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
75 distinguished_name = req_distinguished_name |
183a6b1f3fa5
Tests: http ssl tests with multiple certificates (ticket #814).
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
76 [ req_distinguished_name ] |
183a6b1f3fa5
Tests: http ssl tests with multiple certificates (ticket #814).
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
77 EOF |
183a6b1f3fa5
Tests: http ssl tests with multiple certificates (ticket #814).
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
78 |
183a6b1f3fa5
Tests: http ssl tests with multiple certificates (ticket #814).
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
79 my $d = $t->testdir(); |
183a6b1f3fa5
Tests: http ssl tests with multiple certificates (ticket #814).
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
80 |
1220
0af58b78df35
Tests: removed single quotes from system() calls.
Sergey Kandaurov <pluknet@nginx.com>
parents:
1216
diff
changeset
|
81 system("openssl ecparam -genkey -out $d/ec.key -name prime256v1 " |
1216
de7d3e249b35
Tests: switch from DSS to ECDSA in ssl_certificates.t.
Sergey Kandaurov <pluknet@nginx.com>
parents:
1140
diff
changeset
|
82 . ">>$d/openssl.out 2>&1") == 0 or die "Can't create EC pem: $!\n"; |
1488
dbce8fb5f5f8
Tests: align with OpenSSL security level 2.
Sergey Kandaurov <pluknet@nginx.com>
parents:
1421
diff
changeset
|
83 system("openssl genrsa -out $d/rsa.key 2048 >>$d/openssl.out 2>&1") == 0 |
930
183a6b1f3fa5
Tests: http ssl tests with multiple certificates (ticket #814).
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
84 or die "Can't create RSA pem: $!\n"; |
183a6b1f3fa5
Tests: http ssl tests with multiple certificates (ticket #814).
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
85 |
1216
de7d3e249b35
Tests: switch from DSS to ECDSA in ssl_certificates.t.
Sergey Kandaurov <pluknet@nginx.com>
parents:
1140
diff
changeset
|
86 foreach my $name ('ec', 'rsa') { |
1220
0af58b78df35
Tests: removed single quotes from system() calls.
Sergey Kandaurov <pluknet@nginx.com>
parents:
1216
diff
changeset
|
87 system("openssl req -x509 -new -key $d/$name.key " |
0af58b78df35
Tests: removed single quotes from system() calls.
Sergey Kandaurov <pluknet@nginx.com>
parents:
1216
diff
changeset
|
88 . "-config $d/openssl.conf -subj /CN=$name/ " |
0af58b78df35
Tests: removed single quotes from system() calls.
Sergey Kandaurov <pluknet@nginx.com>
parents:
1216
diff
changeset
|
89 . "-out $d/$name.crt -keyout $d/$name.key " |
930
183a6b1f3fa5
Tests: http ssl tests with multiple certificates (ticket #814).
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
90 . ">>$d/openssl.out 2>&1") == 0 |
183a6b1f3fa5
Tests: http ssl tests with multiple certificates (ticket #814).
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
91 or die "Can't create certificate for $name: $!\n"; |
183a6b1f3fa5
Tests: http ssl tests with multiple certificates (ticket #814).
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
92 } |
183a6b1f3fa5
Tests: http ssl tests with multiple certificates (ticket #814).
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
93 |
1216
de7d3e249b35
Tests: switch from DSS to ECDSA in ssl_certificates.t.
Sergey Kandaurov <pluknet@nginx.com>
parents:
1140
diff
changeset
|
94 $t->run()->plan(2); |
930
183a6b1f3fa5
Tests: http ssl tests with multiple certificates (ticket #814).
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
95 |
183a6b1f3fa5
Tests: http ssl tests with multiple certificates (ticket #814).
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
96 ############################################################################### |
183a6b1f3fa5
Tests: http ssl tests with multiple certificates (ticket #814).
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
97 |
183a6b1f3fa5
Tests: http ssl tests with multiple certificates (ticket #814).
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
98 like(get_cert('RSA'), qr/CN=rsa/, 'ssl cert RSA'); |
1216
de7d3e249b35
Tests: switch from DSS to ECDSA in ssl_certificates.t.
Sergey Kandaurov <pluknet@nginx.com>
parents:
1140
diff
changeset
|
99 like(get_cert('ECDSA'), qr/CN=ec/, 'ssl cert ECDSA'); |
930
183a6b1f3fa5
Tests: http ssl tests with multiple certificates (ticket #814).
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
100 |
183a6b1f3fa5
Tests: http ssl tests with multiple certificates (ticket #814).
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
101 ############################################################################### |
183a6b1f3fa5
Tests: http ssl tests with multiple certificates (ticket #814).
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
102 |
1388
0090e2476ef0
Tests: support TLS 1.3 in ssl_certificates.t by preferring sigalgs.
Sergey Kandaurov <pluknet@nginx.com>
parents:
1224
diff
changeset
|
103 sub get_version { |
0090e2476ef0
Tests: support TLS 1.3 in ssl_certificates.t by preferring sigalgs.
Sergey Kandaurov <pluknet@nginx.com>
parents:
1224
diff
changeset
|
104 my ($s, $ssl) = get_ssl_socket(); |
0090e2476ef0
Tests: support TLS 1.3 in ssl_certificates.t by preferring sigalgs.
Sergey Kandaurov <pluknet@nginx.com>
parents:
1224
diff
changeset
|
105 return Net::SSLeay::version($ssl); |
0090e2476ef0
Tests: support TLS 1.3 in ssl_certificates.t by preferring sigalgs.
Sergey Kandaurov <pluknet@nginx.com>
parents:
1224
diff
changeset
|
106 } |
0090e2476ef0
Tests: support TLS 1.3 in ssl_certificates.t by preferring sigalgs.
Sergey Kandaurov <pluknet@nginx.com>
parents:
1224
diff
changeset
|
107 |
930
183a6b1f3fa5
Tests: http ssl tests with multiple certificates (ticket #814).
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
108 sub get_cert { |
1388
0090e2476ef0
Tests: support TLS 1.3 in ssl_certificates.t by preferring sigalgs.
Sergey Kandaurov <pluknet@nginx.com>
parents:
1224
diff
changeset
|
109 my ($type) = @_; |
0090e2476ef0
Tests: support TLS 1.3 in ssl_certificates.t by preferring sigalgs.
Sergey Kandaurov <pluknet@nginx.com>
parents:
1224
diff
changeset
|
110 $type = 'PSS' if $type eq 'RSA' && get_version() > 0x0303; |
0090e2476ef0
Tests: support TLS 1.3 in ssl_certificates.t by preferring sigalgs.
Sergey Kandaurov <pluknet@nginx.com>
parents:
1224
diff
changeset
|
111 my ($s, $ssl) = get_ssl_socket($type); |
0090e2476ef0
Tests: support TLS 1.3 in ssl_certificates.t by preferring sigalgs.
Sergey Kandaurov <pluknet@nginx.com>
parents:
1224
diff
changeset
|
112 my $cipher = Net::SSLeay::get_cipher($ssl); |
0090e2476ef0
Tests: support TLS 1.3 in ssl_certificates.t by preferring sigalgs.
Sergey Kandaurov <pluknet@nginx.com>
parents:
1224
diff
changeset
|
113 Test::Nginx::log_core('||', "cipher: $cipher"); |
0090e2476ef0
Tests: support TLS 1.3 in ssl_certificates.t by preferring sigalgs.
Sergey Kandaurov <pluknet@nginx.com>
parents:
1224
diff
changeset
|
114 return Net::SSLeay::dump_peer_certificate($ssl); |
0090e2476ef0
Tests: support TLS 1.3 in ssl_certificates.t by preferring sigalgs.
Sergey Kandaurov <pluknet@nginx.com>
parents:
1224
diff
changeset
|
115 } |
0090e2476ef0
Tests: support TLS 1.3 in ssl_certificates.t by preferring sigalgs.
Sergey Kandaurov <pluknet@nginx.com>
parents:
1224
diff
changeset
|
116 |
0090e2476ef0
Tests: support TLS 1.3 in ssl_certificates.t by preferring sigalgs.
Sergey Kandaurov <pluknet@nginx.com>
parents:
1224
diff
changeset
|
117 sub get_ssl_socket { |
0090e2476ef0
Tests: support TLS 1.3 in ssl_certificates.t by preferring sigalgs.
Sergey Kandaurov <pluknet@nginx.com>
parents:
1224
diff
changeset
|
118 my ($type) = @_; |
930
183a6b1f3fa5
Tests: http ssl tests with multiple certificates (ticket #814).
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
119 my $s; |
183a6b1f3fa5
Tests: http ssl tests with multiple certificates (ticket #814).
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
120 |
183a6b1f3fa5
Tests: http ssl tests with multiple certificates (ticket #814).
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
121 eval { |
183a6b1f3fa5
Tests: http ssl tests with multiple certificates (ticket #814).
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
122 local $SIG{ALRM} = sub { die "timeout\n" }; |
183a6b1f3fa5
Tests: http ssl tests with multiple certificates (ticket #814).
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
123 local $SIG{PIPE} = sub { die "sigpipe\n" }; |
1421
4e48bf51714f
Tests: aligned various generic read timeouts to http_end().
Sergey Kandaurov <pluknet@nginx.com>
parents:
1407
diff
changeset
|
124 alarm(8); |
1388
0090e2476ef0
Tests: support TLS 1.3 in ssl_certificates.t by preferring sigalgs.
Sergey Kandaurov <pluknet@nginx.com>
parents:
1224
diff
changeset
|
125 $s = IO::Socket::INET->new('127.0.0.1:' . port(8080)); |
930
183a6b1f3fa5
Tests: http ssl tests with multiple certificates (ticket #814).
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
126 alarm(0); |
183a6b1f3fa5
Tests: http ssl tests with multiple certificates (ticket #814).
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
127 }; |
183a6b1f3fa5
Tests: http ssl tests with multiple certificates (ticket #814).
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
128 alarm(0); |
183a6b1f3fa5
Tests: http ssl tests with multiple certificates (ticket #814).
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
129 |
183a6b1f3fa5
Tests: http ssl tests with multiple certificates (ticket #814).
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
130 if ($@) { |
183a6b1f3fa5
Tests: http ssl tests with multiple certificates (ticket #814).
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
131 log_in("died: $@"); |
183a6b1f3fa5
Tests: http ssl tests with multiple certificates (ticket #814).
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
132 return undef; |
183a6b1f3fa5
Tests: http ssl tests with multiple certificates (ticket #814).
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
133 } |
183a6b1f3fa5
Tests: http ssl tests with multiple certificates (ticket #814).
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
134 |
1388
0090e2476ef0
Tests: support TLS 1.3 in ssl_certificates.t by preferring sigalgs.
Sergey Kandaurov <pluknet@nginx.com>
parents:
1224
diff
changeset
|
135 my $ctx = Net::SSLeay::CTX_new() or die("Failed to create SSL_CTX $!"); |
930
183a6b1f3fa5
Tests: http ssl tests with multiple certificates (ticket #814).
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
136 |
1388
0090e2476ef0
Tests: support TLS 1.3 in ssl_certificates.t by preferring sigalgs.
Sergey Kandaurov <pluknet@nginx.com>
parents:
1224
diff
changeset
|
137 if (defined $type) { |
1397
d3d2aabe16dd
Tests: LibreSSL client detection in multiple certificate tests.
Sergey Kandaurov <pluknet@nginx.com>
parents:
1388
diff
changeset
|
138 my $ssleay = Net::SSLeay::SSLeay(); |
d3d2aabe16dd
Tests: LibreSSL client detection in multiple certificate tests.
Sergey Kandaurov <pluknet@nginx.com>
parents:
1388
diff
changeset
|
139 if ($ssleay < 0x1000200f || $ssleay == 0x20000000) { |
1388
0090e2476ef0
Tests: support TLS 1.3 in ssl_certificates.t by preferring sigalgs.
Sergey Kandaurov <pluknet@nginx.com>
parents:
1224
diff
changeset
|
140 Net::SSLeay::CTX_set_cipher_list($ctx, $type) |
0090e2476ef0
Tests: support TLS 1.3 in ssl_certificates.t by preferring sigalgs.
Sergey Kandaurov <pluknet@nginx.com>
parents:
1224
diff
changeset
|
141 or die("Failed to set cipher list"); |
0090e2476ef0
Tests: support TLS 1.3 in ssl_certificates.t by preferring sigalgs.
Sergey Kandaurov <pluknet@nginx.com>
parents:
1224
diff
changeset
|
142 } else { |
0090e2476ef0
Tests: support TLS 1.3 in ssl_certificates.t by preferring sigalgs.
Sergey Kandaurov <pluknet@nginx.com>
parents:
1224
diff
changeset
|
143 # SSL_CTRL_SET_SIGALGS_LIST |
0090e2476ef0
Tests: support TLS 1.3 in ssl_certificates.t by preferring sigalgs.
Sergey Kandaurov <pluknet@nginx.com>
parents:
1224
diff
changeset
|
144 Net::SSLeay::CTX_ctrl($ctx, 98, 0, $type . '+SHA256') |
0090e2476ef0
Tests: support TLS 1.3 in ssl_certificates.t by preferring sigalgs.
Sergey Kandaurov <pluknet@nginx.com>
parents:
1224
diff
changeset
|
145 or die("Failed to set sigalgs"); |
0090e2476ef0
Tests: support TLS 1.3 in ssl_certificates.t by preferring sigalgs.
Sergey Kandaurov <pluknet@nginx.com>
parents:
1224
diff
changeset
|
146 } |
0090e2476ef0
Tests: support TLS 1.3 in ssl_certificates.t by preferring sigalgs.
Sergey Kandaurov <pluknet@nginx.com>
parents:
1224
diff
changeset
|
147 } |
930
183a6b1f3fa5
Tests: http ssl tests with multiple certificates (ticket #814).
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
148 |
1388
0090e2476ef0
Tests: support TLS 1.3 in ssl_certificates.t by preferring sigalgs.
Sergey Kandaurov <pluknet@nginx.com>
parents:
1224
diff
changeset
|
149 my $ssl = Net::SSLeay::new($ctx) or die("Failed to create SSL $!"); |
0090e2476ef0
Tests: support TLS 1.3 in ssl_certificates.t by preferring sigalgs.
Sergey Kandaurov <pluknet@nginx.com>
parents:
1224
diff
changeset
|
150 Net::SSLeay::set_fd($ssl, fileno($s)); |
0090e2476ef0
Tests: support TLS 1.3 in ssl_certificates.t by preferring sigalgs.
Sergey Kandaurov <pluknet@nginx.com>
parents:
1224
diff
changeset
|
151 Net::SSLeay::connect($ssl) or die("ssl connect"); |
0090e2476ef0
Tests: support TLS 1.3 in ssl_certificates.t by preferring sigalgs.
Sergey Kandaurov <pluknet@nginx.com>
parents:
1224
diff
changeset
|
152 return ($s, $ssl); |
930
183a6b1f3fa5
Tests: http ssl tests with multiple certificates (ticket #814).
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
153 } |
183a6b1f3fa5
Tests: http ssl tests with multiple certificates (ticket #814).
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
154 |
183a6b1f3fa5
Tests: http ssl tests with multiple certificates (ticket #814).
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
155 ############################################################################### |