Mercurial > hg > nginx-tests

annotate ssl_certificates.t @ 1542:451e787aad76

Find changesets by keywords (author, files, the commit message), revision number or hash, or revset expression.
Tests: reworked libgd version detection. The "libgd-config" binary is deprecated in recent versions and may not exist or have unexpected output. More, it may not present within older versions, as well, if installed separately, which previously broke test assumptions. The fix is change the fallback to skip tests. In addition, recent Perl GD module (2.57) started to export libgd version, which is now also consulted.
author Sergey Kandaurov <pluknet@nginx.com>
date Mon, 13 Jan 2020 18:15:35 +0300
parents dbce8fb5f5f8
children 0e1865aa9b33
Ignore whitespace changes - Everywhere: Within whitespace: At end of lines:
rev   line source
930
183a6b1f3fa5 Tests: http ssl tests with multiple certificates (ticket #814).
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff changeset
1 #!/usr/bin/perl
183a6b1f3fa5 Tests: http ssl tests with multiple certificates (ticket #814).
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff changeset
2
183a6b1f3fa5 Tests: http ssl tests with multiple certificates (ticket #814).
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff changeset
3 # (C) Sergey Kandaurov
183a6b1f3fa5 Tests: http ssl tests with multiple certificates (ticket #814).
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff changeset
4 # (C) Nginx, Inc.
183a6b1f3fa5 Tests: http ssl tests with multiple certificates (ticket #814).
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff changeset
5
183a6b1f3fa5 Tests: http ssl tests with multiple certificates (ticket #814).
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff changeset
6 # Tests for http ssl module with multiple certificates.
183a6b1f3fa5 Tests: http ssl tests with multiple certificates (ticket #814).
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff changeset
7
183a6b1f3fa5 Tests: http ssl tests with multiple certificates (ticket #814).
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff changeset
8 ###############################################################################
183a6b1f3fa5 Tests: http ssl tests with multiple certificates (ticket #814).
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff changeset
9
183a6b1f3fa5 Tests: http ssl tests with multiple certificates (ticket #814).
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff changeset
10 use warnings;
183a6b1f3fa5 Tests: http ssl tests with multiple certificates (ticket #814).
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff changeset
11 use strict;
183a6b1f3fa5 Tests: http ssl tests with multiple certificates (ticket #814).
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff changeset
12
183a6b1f3fa5 Tests: http ssl tests with multiple certificates (ticket #814).
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff changeset
13 use Test::More;
183a6b1f3fa5 Tests: http ssl tests with multiple certificates (ticket #814).
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff changeset
14
183a6b1f3fa5 Tests: http ssl tests with multiple certificates (ticket #814).
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff changeset
15 BEGIN { use FindBin; chdir($FindBin::Bin); }
183a6b1f3fa5 Tests: http ssl tests with multiple certificates (ticket #814).
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff changeset
16
183a6b1f3fa5 Tests: http ssl tests with multiple certificates (ticket #814).
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff changeset
17 use lib 'lib';
183a6b1f3fa5 Tests: http ssl tests with multiple certificates (ticket #814).
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff changeset
18 use Test::Nginx;
183a6b1f3fa5 Tests: http ssl tests with multiple certificates (ticket #814).
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff changeset
19
183a6b1f3fa5 Tests: http ssl tests with multiple certificates (ticket #814).
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff changeset
20 ###############################################################################
183a6b1f3fa5 Tests: http ssl tests with multiple certificates (ticket #814).
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff changeset
21
183a6b1f3fa5 Tests: http ssl tests with multiple certificates (ticket #814).
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff changeset
22 select STDERR; $| = 1;
183a6b1f3fa5 Tests: http ssl tests with multiple certificates (ticket #814).
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff changeset
23 select STDOUT; $| = 1;
183a6b1f3fa5 Tests: http ssl tests with multiple certificates (ticket #814).
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff changeset
24
1388
0090e2476ef0 Tests: support TLS 1.3 in ssl_certificates.t by preferring sigalgs.
Sergey Kandaurov <pluknet@nginx.com>
parents: 1224
diff changeset
25 eval {
0090e2476ef0 Tests: support TLS 1.3 in ssl_certificates.t by preferring sigalgs.
Sergey Kandaurov <pluknet@nginx.com>
parents: 1224
diff changeset
26 require Net::SSLeay;
0090e2476ef0 Tests: support TLS 1.3 in ssl_certificates.t by preferring sigalgs.
Sergey Kandaurov <pluknet@nginx.com>
parents: 1224
diff changeset
27 Net::SSLeay::load_error_strings();
0090e2476ef0 Tests: support TLS 1.3 in ssl_certificates.t by preferring sigalgs.
Sergey Kandaurov <pluknet@nginx.com>
parents: 1224
diff changeset
28 Net::SSLeay::SSLeay_add_ssl_algorithms();
0090e2476ef0 Tests: support TLS 1.3 in ssl_certificates.t by preferring sigalgs.
Sergey Kandaurov <pluknet@nginx.com>
parents: 1224
diff changeset
29 Net::SSLeay::randomize();
0090e2476ef0 Tests: support TLS 1.3 in ssl_certificates.t by preferring sigalgs.
Sergey Kandaurov <pluknet@nginx.com>
parents: 1224
diff changeset
30 Net::SSLeay::SSLeay();
0090e2476ef0 Tests: support TLS 1.3 in ssl_certificates.t by preferring sigalgs.
Sergey Kandaurov <pluknet@nginx.com>
parents: 1224
diff changeset
31 };
0090e2476ef0 Tests: support TLS 1.3 in ssl_certificates.t by preferring sigalgs.
Sergey Kandaurov <pluknet@nginx.com>
parents: 1224
diff changeset
32 plan(skip_all => 'Net::SSLeay not installed or too old') if $@;
930
183a6b1f3fa5 Tests: http ssl tests with multiple certificates (ticket #814).
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff changeset
33
183a6b1f3fa5 Tests: http ssl tests with multiple certificates (ticket #814).
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff changeset
34 my $t = Test::Nginx->new()->has(qw/http http_ssl/)->has_daemon('openssl');
183a6b1f3fa5 Tests: http ssl tests with multiple certificates (ticket #814).
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff changeset
35
1400
94bcad5611af Tests: skip OCSP stapling and multiple cert tests with BoringSSL.
Sergey Kandaurov <pluknet@nginx.com>
parents: 1397
diff changeset
36 plan(skip_all => 'no multiple certificates') if $t->has_module('BoringSSL');
94bcad5611af Tests: skip OCSP stapling and multiple cert tests with BoringSSL.
Sergey Kandaurov <pluknet@nginx.com>
parents: 1397
diff changeset
37
930
183a6b1f3fa5 Tests: http ssl tests with multiple certificates (ticket #814).
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff changeset
38 $t->write_file_expand('nginx.conf', <<'EOF');
183a6b1f3fa5 Tests: http ssl tests with multiple certificates (ticket #814).
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff changeset
39
183a6b1f3fa5 Tests: http ssl tests with multiple certificates (ticket #814).
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff changeset
40 %%TEST_GLOBALS%%
183a6b1f3fa5 Tests: http ssl tests with multiple certificates (ticket #814).
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff changeset
41
183a6b1f3fa5 Tests: http ssl tests with multiple certificates (ticket #814).
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff changeset
42 daemon off;
183a6b1f3fa5 Tests: http ssl tests with multiple certificates (ticket #814).
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff changeset
43
183a6b1f3fa5 Tests: http ssl tests with multiple certificates (ticket #814).
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff changeset
44 events {
183a6b1f3fa5 Tests: http ssl tests with multiple certificates (ticket #814).
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff changeset
45 }
183a6b1f3fa5 Tests: http ssl tests with multiple certificates (ticket #814).
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff changeset
46
183a6b1f3fa5 Tests: http ssl tests with multiple certificates (ticket #814).
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff changeset
47 http {
183a6b1f3fa5 Tests: http ssl tests with multiple certificates (ticket #814).
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff changeset
48 %%TEST_GLOBALS_HTTP%%
183a6b1f3fa5 Tests: http ssl tests with multiple certificates (ticket #814).
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff changeset
49
183a6b1f3fa5 Tests: http ssl tests with multiple certificates (ticket #814).
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff changeset
50 ssl_certificate_key rsa.key;
183a6b1f3fa5 Tests: http ssl tests with multiple certificates (ticket #814).
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff changeset
51 ssl_certificate rsa.crt;
1224
2ec9ce1bc820 Tests: fixed ssl_certificates.t for nginx built with OpenSSL 0.9.8.
Sergey Kandaurov <pluknet@nginx.com>
parents: 1220
diff changeset
52 ssl_ciphers DEFAULT:ECCdraft;
930
183a6b1f3fa5 Tests: http ssl tests with multiple certificates (ticket #814).
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff changeset
53
183a6b1f3fa5 Tests: http ssl tests with multiple certificates (ticket #814).
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff changeset
54 server {
974
882267679006 Tests: simplified parallel modifications in tests.
Andrey Zelenkov <zelenkov@nginx.com>
parents: 952
diff changeset
55 listen 127.0.0.1:8080 ssl;
930
183a6b1f3fa5 Tests: http ssl tests with multiple certificates (ticket #814).
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff changeset
56 server_name localhost;
183a6b1f3fa5 Tests: http ssl tests with multiple certificates (ticket #814).
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff changeset
57
1216
de7d3e249b35 Tests: switch from DSS to ECDSA in ssl_certificates.t.
Sergey Kandaurov <pluknet@nginx.com>
parents: 1140
diff changeset
58 ssl_certificate_key ec.key;
de7d3e249b35 Tests: switch from DSS to ECDSA in ssl_certificates.t.
Sergey Kandaurov <pluknet@nginx.com>
parents: 1140
diff changeset
59 ssl_certificate ec.crt;
930
183a6b1f3fa5 Tests: http ssl tests with multiple certificates (ticket #814).
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff changeset
60
183a6b1f3fa5 Tests: http ssl tests with multiple certificates (ticket #814).
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff changeset
61 ssl_certificate_key rsa.key;
183a6b1f3fa5 Tests: http ssl tests with multiple certificates (ticket #814).
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff changeset
62 ssl_certificate rsa.crt;
183a6b1f3fa5 Tests: http ssl tests with multiple certificates (ticket #814).
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff changeset
63
183a6b1f3fa5 Tests: http ssl tests with multiple certificates (ticket #814).
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff changeset
64 ssl_certificate_key rsa.key;
183a6b1f3fa5 Tests: http ssl tests with multiple certificates (ticket #814).
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff changeset
65 ssl_certificate rsa.crt;
183a6b1f3fa5 Tests: http ssl tests with multiple certificates (ticket #814).
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff changeset
66 }
183a6b1f3fa5 Tests: http ssl tests with multiple certificates (ticket #814).
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff changeset
67 }
183a6b1f3fa5 Tests: http ssl tests with multiple certificates (ticket #814).
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff changeset
68
183a6b1f3fa5 Tests: http ssl tests with multiple certificates (ticket #814).
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff changeset
69 EOF
183a6b1f3fa5 Tests: http ssl tests with multiple certificates (ticket #814).
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff changeset
70
183a6b1f3fa5 Tests: http ssl tests with multiple certificates (ticket #814).
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff changeset
71 $t->write_file('openssl.conf', <<EOF);
183a6b1f3fa5 Tests: http ssl tests with multiple certificates (ticket #814).
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff changeset
72 [ req ]
1488
dbce8fb5f5f8 Tests: align with OpenSSL security level 2.
Sergey Kandaurov <pluknet@nginx.com>
parents: 1421
diff changeset
73 default_bits = 2048
930
183a6b1f3fa5 Tests: http ssl tests with multiple certificates (ticket #814).
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff changeset
74 encrypt_key = no
183a6b1f3fa5 Tests: http ssl tests with multiple certificates (ticket #814).
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff changeset
75 distinguished_name = req_distinguished_name
183a6b1f3fa5 Tests: http ssl tests with multiple certificates (ticket #814).
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff changeset
76 [ req_distinguished_name ]
183a6b1f3fa5 Tests: http ssl tests with multiple certificates (ticket #814).
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff changeset
77 EOF
183a6b1f3fa5 Tests: http ssl tests with multiple certificates (ticket #814).
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff changeset
78
183a6b1f3fa5 Tests: http ssl tests with multiple certificates (ticket #814).
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff changeset
79 my $d = $t->testdir();
183a6b1f3fa5 Tests: http ssl tests with multiple certificates (ticket #814).
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff changeset
80
1220
0af58b78df35 Tests: removed single quotes from system() calls.
Sergey Kandaurov <pluknet@nginx.com>
parents: 1216
diff changeset
81 system("openssl ecparam -genkey -out $d/ec.key -name prime256v1 "
1216
de7d3e249b35 Tests: switch from DSS to ECDSA in ssl_certificates.t.
Sergey Kandaurov <pluknet@nginx.com>
parents: 1140
diff changeset
82 . ">>$d/openssl.out 2>&1") == 0 or die "Can't create EC pem: $!\n";
1488
dbce8fb5f5f8 Tests: align with OpenSSL security level 2.
Sergey Kandaurov <pluknet@nginx.com>
parents: 1421
diff changeset
83 system("openssl genrsa -out $d/rsa.key 2048 >>$d/openssl.out 2>&1") == 0
930
183a6b1f3fa5 Tests: http ssl tests with multiple certificates (ticket #814).
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff changeset
84 or die "Can't create RSA pem: $!\n";
183a6b1f3fa5 Tests: http ssl tests with multiple certificates (ticket #814).
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff changeset
85
1216
de7d3e249b35 Tests: switch from DSS to ECDSA in ssl_certificates.t.
Sergey Kandaurov <pluknet@nginx.com>
parents: 1140
diff changeset
86 foreach my $name ('ec', 'rsa') {
1220
0af58b78df35 Tests: removed single quotes from system() calls.
Sergey Kandaurov <pluknet@nginx.com>
parents: 1216
diff changeset
87 system("openssl req -x509 -new -key $d/$name.key "
0af58b78df35 Tests: removed single quotes from system() calls.
Sergey Kandaurov <pluknet@nginx.com>
parents: 1216
diff changeset
88 . "-config $d/openssl.conf -subj /CN=$name/ "
0af58b78df35 Tests: removed single quotes from system() calls.
Sergey Kandaurov <pluknet@nginx.com>
parents: 1216
diff changeset
89 . "-out $d/$name.crt -keyout $d/$name.key "
930
183a6b1f3fa5 Tests: http ssl tests with multiple certificates (ticket #814).
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff changeset
90 . ">>$d/openssl.out 2>&1") == 0
183a6b1f3fa5 Tests: http ssl tests with multiple certificates (ticket #814).
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff changeset
91 or die "Can't create certificate for $name: $!\n";
183a6b1f3fa5 Tests: http ssl tests with multiple certificates (ticket #814).
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff changeset
92 }
183a6b1f3fa5 Tests: http ssl tests with multiple certificates (ticket #814).
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff changeset
93
1216
de7d3e249b35 Tests: switch from DSS to ECDSA in ssl_certificates.t.
Sergey Kandaurov <pluknet@nginx.com>
parents: 1140
diff changeset
94 $t->run()->plan(2);
930
183a6b1f3fa5 Tests: http ssl tests with multiple certificates (ticket #814).
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff changeset
95
183a6b1f3fa5 Tests: http ssl tests with multiple certificates (ticket #814).
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff changeset
96 ###############################################################################
183a6b1f3fa5 Tests: http ssl tests with multiple certificates (ticket #814).
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff changeset
97
183a6b1f3fa5 Tests: http ssl tests with multiple certificates (ticket #814).
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff changeset
98 like(get_cert('RSA'), qr/CN=rsa/, 'ssl cert RSA');
1216
de7d3e249b35 Tests: switch from DSS to ECDSA in ssl_certificates.t.
Sergey Kandaurov <pluknet@nginx.com>
parents: 1140
diff changeset
99 like(get_cert('ECDSA'), qr/CN=ec/, 'ssl cert ECDSA');
930
183a6b1f3fa5 Tests: http ssl tests with multiple certificates (ticket #814).
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff changeset
100
183a6b1f3fa5 Tests: http ssl tests with multiple certificates (ticket #814).
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff changeset
101 ###############################################################################
183a6b1f3fa5 Tests: http ssl tests with multiple certificates (ticket #814).
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff changeset
102
1388
0090e2476ef0 Tests: support TLS 1.3 in ssl_certificates.t by preferring sigalgs.
Sergey Kandaurov <pluknet@nginx.com>
parents: 1224
diff changeset
103 sub get_version {
0090e2476ef0 Tests: support TLS 1.3 in ssl_certificates.t by preferring sigalgs.
Sergey Kandaurov <pluknet@nginx.com>
parents: 1224
diff changeset
104 my ($s, $ssl) = get_ssl_socket();
0090e2476ef0 Tests: support TLS 1.3 in ssl_certificates.t by preferring sigalgs.
Sergey Kandaurov <pluknet@nginx.com>
parents: 1224
diff changeset
105 return Net::SSLeay::version($ssl);
0090e2476ef0 Tests: support TLS 1.3 in ssl_certificates.t by preferring sigalgs.
Sergey Kandaurov <pluknet@nginx.com>
parents: 1224
diff changeset
106 }
0090e2476ef0 Tests: support TLS 1.3 in ssl_certificates.t by preferring sigalgs.
Sergey Kandaurov <pluknet@nginx.com>
parents: 1224
diff changeset
107
930
183a6b1f3fa5 Tests: http ssl tests with multiple certificates (ticket #814).
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff changeset
108 sub get_cert {
1388
0090e2476ef0 Tests: support TLS 1.3 in ssl_certificates.t by preferring sigalgs.
Sergey Kandaurov <pluknet@nginx.com>
parents: 1224
diff changeset
109 my ($type) = @_;
0090e2476ef0 Tests: support TLS 1.3 in ssl_certificates.t by preferring sigalgs.
Sergey Kandaurov <pluknet@nginx.com>
parents: 1224
diff changeset
110 $type = 'PSS' if $type eq 'RSA' && get_version() > 0x0303;
0090e2476ef0 Tests: support TLS 1.3 in ssl_certificates.t by preferring sigalgs.
Sergey Kandaurov <pluknet@nginx.com>
parents: 1224
diff changeset
111 my ($s, $ssl) = get_ssl_socket($type);
0090e2476ef0 Tests: support TLS 1.3 in ssl_certificates.t by preferring sigalgs.
Sergey Kandaurov <pluknet@nginx.com>
parents: 1224
diff changeset
112 my $cipher = Net::SSLeay::get_cipher($ssl);
0090e2476ef0 Tests: support TLS 1.3 in ssl_certificates.t by preferring sigalgs.
Sergey Kandaurov <pluknet@nginx.com>
parents: 1224
diff changeset
113 Test::Nginx::log_core('||', "cipher: $cipher");
0090e2476ef0 Tests: support TLS 1.3 in ssl_certificates.t by preferring sigalgs.
Sergey Kandaurov <pluknet@nginx.com>
parents: 1224
diff changeset
114 return Net::SSLeay::dump_peer_certificate($ssl);
0090e2476ef0 Tests: support TLS 1.3 in ssl_certificates.t by preferring sigalgs.
Sergey Kandaurov <pluknet@nginx.com>
parents: 1224
diff changeset
115 }
0090e2476ef0 Tests: support TLS 1.3 in ssl_certificates.t by preferring sigalgs.
Sergey Kandaurov <pluknet@nginx.com>
parents: 1224
diff changeset
116
0090e2476ef0 Tests: support TLS 1.3 in ssl_certificates.t by preferring sigalgs.
Sergey Kandaurov <pluknet@nginx.com>
parents: 1224
diff changeset
117 sub get_ssl_socket {
0090e2476ef0 Tests: support TLS 1.3 in ssl_certificates.t by preferring sigalgs.
Sergey Kandaurov <pluknet@nginx.com>
parents: 1224
diff changeset
118 my ($type) = @_;
930
183a6b1f3fa5 Tests: http ssl tests with multiple certificates (ticket #814).
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff changeset
119 my $s;
183a6b1f3fa5 Tests: http ssl tests with multiple certificates (ticket #814).
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff changeset
120
183a6b1f3fa5 Tests: http ssl tests with multiple certificates (ticket #814).
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff changeset
121 eval {
183a6b1f3fa5 Tests: http ssl tests with multiple certificates (ticket #814).
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff changeset
122 local $SIG{ALRM} = sub { die "timeout\n" };
183a6b1f3fa5 Tests: http ssl tests with multiple certificates (ticket #814).
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff changeset
123 local $SIG{PIPE} = sub { die "sigpipe\n" };
1421
4e48bf51714f Tests: aligned various generic read timeouts to http_end().
Sergey Kandaurov <pluknet@nginx.com>
parents: 1407
diff changeset
124 alarm(8);
1388
0090e2476ef0 Tests: support TLS 1.3 in ssl_certificates.t by preferring sigalgs.
Sergey Kandaurov <pluknet@nginx.com>
parents: 1224
diff changeset
125 $s = IO::Socket::INET->new('127.0.0.1:' . port(8080));
930
183a6b1f3fa5 Tests: http ssl tests with multiple certificates (ticket #814).
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff changeset
126 alarm(0);
183a6b1f3fa5 Tests: http ssl tests with multiple certificates (ticket #814).
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff changeset
127 };
183a6b1f3fa5 Tests: http ssl tests with multiple certificates (ticket #814).
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff changeset
128 alarm(0);
183a6b1f3fa5 Tests: http ssl tests with multiple certificates (ticket #814).
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff changeset
129
183a6b1f3fa5 Tests: http ssl tests with multiple certificates (ticket #814).
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff changeset
130 if ($@) {
183a6b1f3fa5 Tests: http ssl tests with multiple certificates (ticket #814).
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff changeset
131 log_in("died: $@");
183a6b1f3fa5 Tests: http ssl tests with multiple certificates (ticket #814).
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff changeset
132 return undef;
183a6b1f3fa5 Tests: http ssl tests with multiple certificates (ticket #814).
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff changeset
133 }
183a6b1f3fa5 Tests: http ssl tests with multiple certificates (ticket #814).
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff changeset
134
1388
0090e2476ef0 Tests: support TLS 1.3 in ssl_certificates.t by preferring sigalgs.
Sergey Kandaurov <pluknet@nginx.com>
parents: 1224
diff changeset
135 my $ctx = Net::SSLeay::CTX_new() or die("Failed to create SSL_CTX $!");
930
183a6b1f3fa5 Tests: http ssl tests with multiple certificates (ticket #814).
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff changeset
136
1388
0090e2476ef0 Tests: support TLS 1.3 in ssl_certificates.t by preferring sigalgs.
Sergey Kandaurov <pluknet@nginx.com>
parents: 1224
diff changeset
137 if (defined $type) {
1397
d3d2aabe16dd Tests: LibreSSL client detection in multiple certificate tests.
Sergey Kandaurov <pluknet@nginx.com>
parents: 1388
diff changeset
138 my $ssleay = Net::SSLeay::SSLeay();
d3d2aabe16dd Tests: LibreSSL client detection in multiple certificate tests.
Sergey Kandaurov <pluknet@nginx.com>
parents: 1388
diff changeset
139 if ($ssleay < 0x1000200f || $ssleay == 0x20000000) {
1388
0090e2476ef0 Tests: support TLS 1.3 in ssl_certificates.t by preferring sigalgs.
Sergey Kandaurov <pluknet@nginx.com>
parents: 1224
diff changeset
140 Net::SSLeay::CTX_set_cipher_list($ctx, $type)
0090e2476ef0 Tests: support TLS 1.3 in ssl_certificates.t by preferring sigalgs.
Sergey Kandaurov <pluknet@nginx.com>
parents: 1224
diff changeset
141 or die("Failed to set cipher list");
0090e2476ef0 Tests: support TLS 1.3 in ssl_certificates.t by preferring sigalgs.
Sergey Kandaurov <pluknet@nginx.com>
parents: 1224
diff changeset
142 } else {
0090e2476ef0 Tests: support TLS 1.3 in ssl_certificates.t by preferring sigalgs.
Sergey Kandaurov <pluknet@nginx.com>
parents: 1224
diff changeset
143 # SSL_CTRL_SET_SIGALGS_LIST
0090e2476ef0 Tests: support TLS 1.3 in ssl_certificates.t by preferring sigalgs.
Sergey Kandaurov <pluknet@nginx.com>
parents: 1224
diff changeset
144 Net::SSLeay::CTX_ctrl($ctx, 98, 0, $type . '+SHA256')
0090e2476ef0 Tests: support TLS 1.3 in ssl_certificates.t by preferring sigalgs.
Sergey Kandaurov <pluknet@nginx.com>
parents: 1224
diff changeset
145 or die("Failed to set sigalgs");
0090e2476ef0 Tests: support TLS 1.3 in ssl_certificates.t by preferring sigalgs.
Sergey Kandaurov <pluknet@nginx.com>
parents: 1224
diff changeset
146 }
0090e2476ef0 Tests: support TLS 1.3 in ssl_certificates.t by preferring sigalgs.
Sergey Kandaurov <pluknet@nginx.com>
parents: 1224
diff changeset
147 }
930
183a6b1f3fa5 Tests: http ssl tests with multiple certificates (ticket #814).
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff changeset
148
1388
0090e2476ef0 Tests: support TLS 1.3 in ssl_certificates.t by preferring sigalgs.
Sergey Kandaurov <pluknet@nginx.com>
parents: 1224
diff changeset
149 my $ssl = Net::SSLeay::new($ctx) or die("Failed to create SSL $!");
0090e2476ef0 Tests: support TLS 1.3 in ssl_certificates.t by preferring sigalgs.
Sergey Kandaurov <pluknet@nginx.com>
parents: 1224
diff changeset
150 Net::SSLeay::set_fd($ssl, fileno($s));
0090e2476ef0 Tests: support TLS 1.3 in ssl_certificates.t by preferring sigalgs.
Sergey Kandaurov <pluknet@nginx.com>
parents: 1224
diff changeset
151 Net::SSLeay::connect($ssl) or die("ssl connect");
0090e2476ef0 Tests: support TLS 1.3 in ssl_certificates.t by preferring sigalgs.
Sergey Kandaurov <pluknet@nginx.com>
parents: 1224
diff changeset
152 return ($s, $ssl);
930
183a6b1f3fa5 Tests: http ssl tests with multiple certificates (ticket #814).
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff changeset
153 }
183a6b1f3fa5 Tests: http ssl tests with multiple certificates (ticket #814).
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff changeset
154
183a6b1f3fa5 Tests: http ssl tests with multiple certificates (ticket #814).
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff changeset
155 ###############################################################################