Mercurial > hg > nginx-tests
annotate proxy_ssl_verify.t @ 540:481d705b8610
Tests: SSL support in mail backends.
Socket is now embedded into every mail module.
Socket methods are wrapped where appropriate.
The new "SSL" extra flag specifies to accept connection over SSL.
author | Sergey Kandaurov <pluknet@nginx.com> |
---|---|
date | Fri, 03 Apr 2015 00:11:38 +0300 |
parents | 3c9aeeb09ac8 |
children | 907e89fba9c3 |
rev | line source |
---|---|
393
3c9aeeb09ac8
Tests: proxy_ssl_name and proxy_ssl_verify tests.
Maxim Dounin <mdounin@mdounin.ru>
parents:
diff
changeset
|
1 #!/usr/bin/perl |
3c9aeeb09ac8
Tests: proxy_ssl_name and proxy_ssl_verify tests.
Maxim Dounin <mdounin@mdounin.ru>
parents:
diff
changeset
|
2 |
3c9aeeb09ac8
Tests: proxy_ssl_name and proxy_ssl_verify tests.
Maxim Dounin <mdounin@mdounin.ru>
parents:
diff
changeset
|
3 # (C) Maxim Dounin |
3c9aeeb09ac8
Tests: proxy_ssl_name and proxy_ssl_verify tests.
Maxim Dounin <mdounin@mdounin.ru>
parents:
diff
changeset
|
4 # (C) Nginx, Inc. |
3c9aeeb09ac8
Tests: proxy_ssl_name and proxy_ssl_verify tests.
Maxim Dounin <mdounin@mdounin.ru>
parents:
diff
changeset
|
5 |
3c9aeeb09ac8
Tests: proxy_ssl_name and proxy_ssl_verify tests.
Maxim Dounin <mdounin@mdounin.ru>
parents:
diff
changeset
|
6 # Tests for proxy to ssl backend, backend certificate verification. |
3c9aeeb09ac8
Tests: proxy_ssl_name and proxy_ssl_verify tests.
Maxim Dounin <mdounin@mdounin.ru>
parents:
diff
changeset
|
7 |
3c9aeeb09ac8
Tests: proxy_ssl_name and proxy_ssl_verify tests.
Maxim Dounin <mdounin@mdounin.ru>
parents:
diff
changeset
|
8 ############################################################################### |
3c9aeeb09ac8
Tests: proxy_ssl_name and proxy_ssl_verify tests.
Maxim Dounin <mdounin@mdounin.ru>
parents:
diff
changeset
|
9 |
3c9aeeb09ac8
Tests: proxy_ssl_name and proxy_ssl_verify tests.
Maxim Dounin <mdounin@mdounin.ru>
parents:
diff
changeset
|
10 use warnings; |
3c9aeeb09ac8
Tests: proxy_ssl_name and proxy_ssl_verify tests.
Maxim Dounin <mdounin@mdounin.ru>
parents:
diff
changeset
|
11 use strict; |
3c9aeeb09ac8
Tests: proxy_ssl_name and proxy_ssl_verify tests.
Maxim Dounin <mdounin@mdounin.ru>
parents:
diff
changeset
|
12 |
3c9aeeb09ac8
Tests: proxy_ssl_name and proxy_ssl_verify tests.
Maxim Dounin <mdounin@mdounin.ru>
parents:
diff
changeset
|
13 use Test::More; |
3c9aeeb09ac8
Tests: proxy_ssl_name and proxy_ssl_verify tests.
Maxim Dounin <mdounin@mdounin.ru>
parents:
diff
changeset
|
14 |
3c9aeeb09ac8
Tests: proxy_ssl_name and proxy_ssl_verify tests.
Maxim Dounin <mdounin@mdounin.ru>
parents:
diff
changeset
|
15 BEGIN { use FindBin; chdir($FindBin::Bin); } |
3c9aeeb09ac8
Tests: proxy_ssl_name and proxy_ssl_verify tests.
Maxim Dounin <mdounin@mdounin.ru>
parents:
diff
changeset
|
16 |
3c9aeeb09ac8
Tests: proxy_ssl_name and proxy_ssl_verify tests.
Maxim Dounin <mdounin@mdounin.ru>
parents:
diff
changeset
|
17 use lib 'lib'; |
3c9aeeb09ac8
Tests: proxy_ssl_name and proxy_ssl_verify tests.
Maxim Dounin <mdounin@mdounin.ru>
parents:
diff
changeset
|
18 use Test::Nginx; |
3c9aeeb09ac8
Tests: proxy_ssl_name and proxy_ssl_verify tests.
Maxim Dounin <mdounin@mdounin.ru>
parents:
diff
changeset
|
19 |
3c9aeeb09ac8
Tests: proxy_ssl_name and proxy_ssl_verify tests.
Maxim Dounin <mdounin@mdounin.ru>
parents:
diff
changeset
|
20 ############################################################################### |
3c9aeeb09ac8
Tests: proxy_ssl_name and proxy_ssl_verify tests.
Maxim Dounin <mdounin@mdounin.ru>
parents:
diff
changeset
|
21 |
3c9aeeb09ac8
Tests: proxy_ssl_name and proxy_ssl_verify tests.
Maxim Dounin <mdounin@mdounin.ru>
parents:
diff
changeset
|
22 select STDERR; $| = 1; |
3c9aeeb09ac8
Tests: proxy_ssl_name and proxy_ssl_verify tests.
Maxim Dounin <mdounin@mdounin.ru>
parents:
diff
changeset
|
23 select STDOUT; $| = 1; |
3c9aeeb09ac8
Tests: proxy_ssl_name and proxy_ssl_verify tests.
Maxim Dounin <mdounin@mdounin.ru>
parents:
diff
changeset
|
24 |
3c9aeeb09ac8
Tests: proxy_ssl_name and proxy_ssl_verify tests.
Maxim Dounin <mdounin@mdounin.ru>
parents:
diff
changeset
|
25 my $t = Test::Nginx->new()->has(qw/http http_ssl proxy/) |
3c9aeeb09ac8
Tests: proxy_ssl_name and proxy_ssl_verify tests.
Maxim Dounin <mdounin@mdounin.ru>
parents:
diff
changeset
|
26 ->has_daemon('openssl') |
3c9aeeb09ac8
Tests: proxy_ssl_name and proxy_ssl_verify tests.
Maxim Dounin <mdounin@mdounin.ru>
parents:
diff
changeset
|
27 ->write_file_expand('nginx.conf', <<'EOF'); |
3c9aeeb09ac8
Tests: proxy_ssl_name and proxy_ssl_verify tests.
Maxim Dounin <mdounin@mdounin.ru>
parents:
diff
changeset
|
28 |
3c9aeeb09ac8
Tests: proxy_ssl_name and proxy_ssl_verify tests.
Maxim Dounin <mdounin@mdounin.ru>
parents:
diff
changeset
|
29 %%TEST_GLOBALS%% |
3c9aeeb09ac8
Tests: proxy_ssl_name and proxy_ssl_verify tests.
Maxim Dounin <mdounin@mdounin.ru>
parents:
diff
changeset
|
30 |
3c9aeeb09ac8
Tests: proxy_ssl_name and proxy_ssl_verify tests.
Maxim Dounin <mdounin@mdounin.ru>
parents:
diff
changeset
|
31 daemon off; |
3c9aeeb09ac8
Tests: proxy_ssl_name and proxy_ssl_verify tests.
Maxim Dounin <mdounin@mdounin.ru>
parents:
diff
changeset
|
32 |
3c9aeeb09ac8
Tests: proxy_ssl_name and proxy_ssl_verify tests.
Maxim Dounin <mdounin@mdounin.ru>
parents:
diff
changeset
|
33 events { |
3c9aeeb09ac8
Tests: proxy_ssl_name and proxy_ssl_verify tests.
Maxim Dounin <mdounin@mdounin.ru>
parents:
diff
changeset
|
34 } |
3c9aeeb09ac8
Tests: proxy_ssl_name and proxy_ssl_verify tests.
Maxim Dounin <mdounin@mdounin.ru>
parents:
diff
changeset
|
35 |
3c9aeeb09ac8
Tests: proxy_ssl_name and proxy_ssl_verify tests.
Maxim Dounin <mdounin@mdounin.ru>
parents:
diff
changeset
|
36 http { |
3c9aeeb09ac8
Tests: proxy_ssl_name and proxy_ssl_verify tests.
Maxim Dounin <mdounin@mdounin.ru>
parents:
diff
changeset
|
37 %%TEST_GLOBALS_HTTP%% |
3c9aeeb09ac8
Tests: proxy_ssl_name and proxy_ssl_verify tests.
Maxim Dounin <mdounin@mdounin.ru>
parents:
diff
changeset
|
38 |
3c9aeeb09ac8
Tests: proxy_ssl_name and proxy_ssl_verify tests.
Maxim Dounin <mdounin@mdounin.ru>
parents:
diff
changeset
|
39 server { |
3c9aeeb09ac8
Tests: proxy_ssl_name and proxy_ssl_verify tests.
Maxim Dounin <mdounin@mdounin.ru>
parents:
diff
changeset
|
40 listen 127.0.0.1:8080; |
3c9aeeb09ac8
Tests: proxy_ssl_name and proxy_ssl_verify tests.
Maxim Dounin <mdounin@mdounin.ru>
parents:
diff
changeset
|
41 server_name localhost; |
3c9aeeb09ac8
Tests: proxy_ssl_name and proxy_ssl_verify tests.
Maxim Dounin <mdounin@mdounin.ru>
parents:
diff
changeset
|
42 |
3c9aeeb09ac8
Tests: proxy_ssl_name and proxy_ssl_verify tests.
Maxim Dounin <mdounin@mdounin.ru>
parents:
diff
changeset
|
43 location /verify { |
3c9aeeb09ac8
Tests: proxy_ssl_name and proxy_ssl_verify tests.
Maxim Dounin <mdounin@mdounin.ru>
parents:
diff
changeset
|
44 proxy_pass https://127.0.0.1:8081/; |
3c9aeeb09ac8
Tests: proxy_ssl_name and proxy_ssl_verify tests.
Maxim Dounin <mdounin@mdounin.ru>
parents:
diff
changeset
|
45 proxy_ssl_name example.com; |
3c9aeeb09ac8
Tests: proxy_ssl_name and proxy_ssl_verify tests.
Maxim Dounin <mdounin@mdounin.ru>
parents:
diff
changeset
|
46 proxy_ssl_verify on; |
3c9aeeb09ac8
Tests: proxy_ssl_name and proxy_ssl_verify tests.
Maxim Dounin <mdounin@mdounin.ru>
parents:
diff
changeset
|
47 proxy_ssl_trusted_certificate 1.example.com.crt; |
3c9aeeb09ac8
Tests: proxy_ssl_name and proxy_ssl_verify tests.
Maxim Dounin <mdounin@mdounin.ru>
parents:
diff
changeset
|
48 } |
3c9aeeb09ac8
Tests: proxy_ssl_name and proxy_ssl_verify tests.
Maxim Dounin <mdounin@mdounin.ru>
parents:
diff
changeset
|
49 |
3c9aeeb09ac8
Tests: proxy_ssl_name and proxy_ssl_verify tests.
Maxim Dounin <mdounin@mdounin.ru>
parents:
diff
changeset
|
50 location /wildcard { |
3c9aeeb09ac8
Tests: proxy_ssl_name and proxy_ssl_verify tests.
Maxim Dounin <mdounin@mdounin.ru>
parents:
diff
changeset
|
51 proxy_pass https://127.0.0.1:8081/; |
3c9aeeb09ac8
Tests: proxy_ssl_name and proxy_ssl_verify tests.
Maxim Dounin <mdounin@mdounin.ru>
parents:
diff
changeset
|
52 proxy_ssl_name foo.example.com; |
3c9aeeb09ac8
Tests: proxy_ssl_name and proxy_ssl_verify tests.
Maxim Dounin <mdounin@mdounin.ru>
parents:
diff
changeset
|
53 proxy_ssl_verify on; |
3c9aeeb09ac8
Tests: proxy_ssl_name and proxy_ssl_verify tests.
Maxim Dounin <mdounin@mdounin.ru>
parents:
diff
changeset
|
54 proxy_ssl_trusted_certificate 1.example.com.crt; |
3c9aeeb09ac8
Tests: proxy_ssl_name and proxy_ssl_verify tests.
Maxim Dounin <mdounin@mdounin.ru>
parents:
diff
changeset
|
55 } |
3c9aeeb09ac8
Tests: proxy_ssl_name and proxy_ssl_verify tests.
Maxim Dounin <mdounin@mdounin.ru>
parents:
diff
changeset
|
56 |
3c9aeeb09ac8
Tests: proxy_ssl_name and proxy_ssl_verify tests.
Maxim Dounin <mdounin@mdounin.ru>
parents:
diff
changeset
|
57 location /fail { |
3c9aeeb09ac8
Tests: proxy_ssl_name and proxy_ssl_verify tests.
Maxim Dounin <mdounin@mdounin.ru>
parents:
diff
changeset
|
58 proxy_pass https://127.0.0.1:8081/; |
3c9aeeb09ac8
Tests: proxy_ssl_name and proxy_ssl_verify tests.
Maxim Dounin <mdounin@mdounin.ru>
parents:
diff
changeset
|
59 proxy_ssl_name no.match.example.com; |
3c9aeeb09ac8
Tests: proxy_ssl_name and proxy_ssl_verify tests.
Maxim Dounin <mdounin@mdounin.ru>
parents:
diff
changeset
|
60 proxy_ssl_verify on; |
3c9aeeb09ac8
Tests: proxy_ssl_name and proxy_ssl_verify tests.
Maxim Dounin <mdounin@mdounin.ru>
parents:
diff
changeset
|
61 proxy_ssl_trusted_certificate 1.example.com.crt; |
3c9aeeb09ac8
Tests: proxy_ssl_name and proxy_ssl_verify tests.
Maxim Dounin <mdounin@mdounin.ru>
parents:
diff
changeset
|
62 } |
3c9aeeb09ac8
Tests: proxy_ssl_name and proxy_ssl_verify tests.
Maxim Dounin <mdounin@mdounin.ru>
parents:
diff
changeset
|
63 |
3c9aeeb09ac8
Tests: proxy_ssl_name and proxy_ssl_verify tests.
Maxim Dounin <mdounin@mdounin.ru>
parents:
diff
changeset
|
64 location /cn { |
3c9aeeb09ac8
Tests: proxy_ssl_name and proxy_ssl_verify tests.
Maxim Dounin <mdounin@mdounin.ru>
parents:
diff
changeset
|
65 proxy_pass https://127.0.0.1:8082/; |
3c9aeeb09ac8
Tests: proxy_ssl_name and proxy_ssl_verify tests.
Maxim Dounin <mdounin@mdounin.ru>
parents:
diff
changeset
|
66 proxy_ssl_name 2.example.com; |
3c9aeeb09ac8
Tests: proxy_ssl_name and proxy_ssl_verify tests.
Maxim Dounin <mdounin@mdounin.ru>
parents:
diff
changeset
|
67 proxy_ssl_verify on; |
3c9aeeb09ac8
Tests: proxy_ssl_name and proxy_ssl_verify tests.
Maxim Dounin <mdounin@mdounin.ru>
parents:
diff
changeset
|
68 proxy_ssl_trusted_certificate 2.example.com.crt; |
3c9aeeb09ac8
Tests: proxy_ssl_name and proxy_ssl_verify tests.
Maxim Dounin <mdounin@mdounin.ru>
parents:
diff
changeset
|
69 } |
3c9aeeb09ac8
Tests: proxy_ssl_name and proxy_ssl_verify tests.
Maxim Dounin <mdounin@mdounin.ru>
parents:
diff
changeset
|
70 |
3c9aeeb09ac8
Tests: proxy_ssl_name and proxy_ssl_verify tests.
Maxim Dounin <mdounin@mdounin.ru>
parents:
diff
changeset
|
71 location /cn/fail { |
3c9aeeb09ac8
Tests: proxy_ssl_name and proxy_ssl_verify tests.
Maxim Dounin <mdounin@mdounin.ru>
parents:
diff
changeset
|
72 proxy_pass https://127.0.0.1:8082/; |
3c9aeeb09ac8
Tests: proxy_ssl_name and proxy_ssl_verify tests.
Maxim Dounin <mdounin@mdounin.ru>
parents:
diff
changeset
|
73 proxy_ssl_name bad.example.com; |
3c9aeeb09ac8
Tests: proxy_ssl_name and proxy_ssl_verify tests.
Maxim Dounin <mdounin@mdounin.ru>
parents:
diff
changeset
|
74 proxy_ssl_verify on; |
3c9aeeb09ac8
Tests: proxy_ssl_name and proxy_ssl_verify tests.
Maxim Dounin <mdounin@mdounin.ru>
parents:
diff
changeset
|
75 proxy_ssl_trusted_certificate 2.example.com.crt; |
3c9aeeb09ac8
Tests: proxy_ssl_name and proxy_ssl_verify tests.
Maxim Dounin <mdounin@mdounin.ru>
parents:
diff
changeset
|
76 } |
3c9aeeb09ac8
Tests: proxy_ssl_name and proxy_ssl_verify tests.
Maxim Dounin <mdounin@mdounin.ru>
parents:
diff
changeset
|
77 |
3c9aeeb09ac8
Tests: proxy_ssl_name and proxy_ssl_verify tests.
Maxim Dounin <mdounin@mdounin.ru>
parents:
diff
changeset
|
78 location /untrusted { |
3c9aeeb09ac8
Tests: proxy_ssl_name and proxy_ssl_verify tests.
Maxim Dounin <mdounin@mdounin.ru>
parents:
diff
changeset
|
79 proxy_pass https://127.0.0.1:8082/; |
3c9aeeb09ac8
Tests: proxy_ssl_name and proxy_ssl_verify tests.
Maxim Dounin <mdounin@mdounin.ru>
parents:
diff
changeset
|
80 proxy_ssl_verify on; |
3c9aeeb09ac8
Tests: proxy_ssl_name and proxy_ssl_verify tests.
Maxim Dounin <mdounin@mdounin.ru>
parents:
diff
changeset
|
81 proxy_ssl_trusted_certificate 1.example.com.crt; |
3c9aeeb09ac8
Tests: proxy_ssl_name and proxy_ssl_verify tests.
Maxim Dounin <mdounin@mdounin.ru>
parents:
diff
changeset
|
82 proxy_ssl_session_reuse off; |
3c9aeeb09ac8
Tests: proxy_ssl_name and proxy_ssl_verify tests.
Maxim Dounin <mdounin@mdounin.ru>
parents:
diff
changeset
|
83 } |
3c9aeeb09ac8
Tests: proxy_ssl_name and proxy_ssl_verify tests.
Maxim Dounin <mdounin@mdounin.ru>
parents:
diff
changeset
|
84 } |
3c9aeeb09ac8
Tests: proxy_ssl_name and proxy_ssl_verify tests.
Maxim Dounin <mdounin@mdounin.ru>
parents:
diff
changeset
|
85 |
3c9aeeb09ac8
Tests: proxy_ssl_name and proxy_ssl_verify tests.
Maxim Dounin <mdounin@mdounin.ru>
parents:
diff
changeset
|
86 server { |
3c9aeeb09ac8
Tests: proxy_ssl_name and proxy_ssl_verify tests.
Maxim Dounin <mdounin@mdounin.ru>
parents:
diff
changeset
|
87 listen 127.0.0.1:8081 ssl; |
3c9aeeb09ac8
Tests: proxy_ssl_name and proxy_ssl_verify tests.
Maxim Dounin <mdounin@mdounin.ru>
parents:
diff
changeset
|
88 server_name 1.example.com; |
3c9aeeb09ac8
Tests: proxy_ssl_name and proxy_ssl_verify tests.
Maxim Dounin <mdounin@mdounin.ru>
parents:
diff
changeset
|
89 |
3c9aeeb09ac8
Tests: proxy_ssl_name and proxy_ssl_verify tests.
Maxim Dounin <mdounin@mdounin.ru>
parents:
diff
changeset
|
90 ssl_certificate 1.example.com.crt; |
3c9aeeb09ac8
Tests: proxy_ssl_name and proxy_ssl_verify tests.
Maxim Dounin <mdounin@mdounin.ru>
parents:
diff
changeset
|
91 ssl_certificate_key 1.example.com.key; |
3c9aeeb09ac8
Tests: proxy_ssl_name and proxy_ssl_verify tests.
Maxim Dounin <mdounin@mdounin.ru>
parents:
diff
changeset
|
92 |
3c9aeeb09ac8
Tests: proxy_ssl_name and proxy_ssl_verify tests.
Maxim Dounin <mdounin@mdounin.ru>
parents:
diff
changeset
|
93 add_header X-Name $ssl_server_name; |
3c9aeeb09ac8
Tests: proxy_ssl_name and proxy_ssl_verify tests.
Maxim Dounin <mdounin@mdounin.ru>
parents:
diff
changeset
|
94 } |
3c9aeeb09ac8
Tests: proxy_ssl_name and proxy_ssl_verify tests.
Maxim Dounin <mdounin@mdounin.ru>
parents:
diff
changeset
|
95 |
3c9aeeb09ac8
Tests: proxy_ssl_name and proxy_ssl_verify tests.
Maxim Dounin <mdounin@mdounin.ru>
parents:
diff
changeset
|
96 server { |
3c9aeeb09ac8
Tests: proxy_ssl_name and proxy_ssl_verify tests.
Maxim Dounin <mdounin@mdounin.ru>
parents:
diff
changeset
|
97 listen 127.0.0.1:8082 ssl; |
3c9aeeb09ac8
Tests: proxy_ssl_name and proxy_ssl_verify tests.
Maxim Dounin <mdounin@mdounin.ru>
parents:
diff
changeset
|
98 server_name 2.example.com; |
3c9aeeb09ac8
Tests: proxy_ssl_name and proxy_ssl_verify tests.
Maxim Dounin <mdounin@mdounin.ru>
parents:
diff
changeset
|
99 |
3c9aeeb09ac8
Tests: proxy_ssl_name and proxy_ssl_verify tests.
Maxim Dounin <mdounin@mdounin.ru>
parents:
diff
changeset
|
100 ssl_certificate 2.example.com.crt; |
3c9aeeb09ac8
Tests: proxy_ssl_name and proxy_ssl_verify tests.
Maxim Dounin <mdounin@mdounin.ru>
parents:
diff
changeset
|
101 ssl_certificate_key 2.example.com.key; |
3c9aeeb09ac8
Tests: proxy_ssl_name and proxy_ssl_verify tests.
Maxim Dounin <mdounin@mdounin.ru>
parents:
diff
changeset
|
102 |
3c9aeeb09ac8
Tests: proxy_ssl_name and proxy_ssl_verify tests.
Maxim Dounin <mdounin@mdounin.ru>
parents:
diff
changeset
|
103 add_header X-Name $ssl_server_name; |
3c9aeeb09ac8
Tests: proxy_ssl_name and proxy_ssl_verify tests.
Maxim Dounin <mdounin@mdounin.ru>
parents:
diff
changeset
|
104 } |
3c9aeeb09ac8
Tests: proxy_ssl_name and proxy_ssl_verify tests.
Maxim Dounin <mdounin@mdounin.ru>
parents:
diff
changeset
|
105 } |
3c9aeeb09ac8
Tests: proxy_ssl_name and proxy_ssl_verify tests.
Maxim Dounin <mdounin@mdounin.ru>
parents:
diff
changeset
|
106 |
3c9aeeb09ac8
Tests: proxy_ssl_name and proxy_ssl_verify tests.
Maxim Dounin <mdounin@mdounin.ru>
parents:
diff
changeset
|
107 EOF |
3c9aeeb09ac8
Tests: proxy_ssl_name and proxy_ssl_verify tests.
Maxim Dounin <mdounin@mdounin.ru>
parents:
diff
changeset
|
108 |
3c9aeeb09ac8
Tests: proxy_ssl_name and proxy_ssl_verify tests.
Maxim Dounin <mdounin@mdounin.ru>
parents:
diff
changeset
|
109 $t->write_file('openssl.1.example.com.conf', <<EOF); |
3c9aeeb09ac8
Tests: proxy_ssl_name and proxy_ssl_verify tests.
Maxim Dounin <mdounin@mdounin.ru>
parents:
diff
changeset
|
110 [ req ] |
3c9aeeb09ac8
Tests: proxy_ssl_name and proxy_ssl_verify tests.
Maxim Dounin <mdounin@mdounin.ru>
parents:
diff
changeset
|
111 prompt = no |
3c9aeeb09ac8
Tests: proxy_ssl_name and proxy_ssl_verify tests.
Maxim Dounin <mdounin@mdounin.ru>
parents:
diff
changeset
|
112 default_bits = 1024 |
3c9aeeb09ac8
Tests: proxy_ssl_name and proxy_ssl_verify tests.
Maxim Dounin <mdounin@mdounin.ru>
parents:
diff
changeset
|
113 encrypt_key = no |
3c9aeeb09ac8
Tests: proxy_ssl_name and proxy_ssl_verify tests.
Maxim Dounin <mdounin@mdounin.ru>
parents:
diff
changeset
|
114 distinguished_name = req_distinguished_name |
3c9aeeb09ac8
Tests: proxy_ssl_name and proxy_ssl_verify tests.
Maxim Dounin <mdounin@mdounin.ru>
parents:
diff
changeset
|
115 x509_extensions = v3_req |
3c9aeeb09ac8
Tests: proxy_ssl_name and proxy_ssl_verify tests.
Maxim Dounin <mdounin@mdounin.ru>
parents:
diff
changeset
|
116 |
3c9aeeb09ac8
Tests: proxy_ssl_name and proxy_ssl_verify tests.
Maxim Dounin <mdounin@mdounin.ru>
parents:
diff
changeset
|
117 [ req_distinguished_name ] |
3c9aeeb09ac8
Tests: proxy_ssl_name and proxy_ssl_verify tests.
Maxim Dounin <mdounin@mdounin.ru>
parents:
diff
changeset
|
118 commonName=no.match.example.com |
3c9aeeb09ac8
Tests: proxy_ssl_name and proxy_ssl_verify tests.
Maxim Dounin <mdounin@mdounin.ru>
parents:
diff
changeset
|
119 |
3c9aeeb09ac8
Tests: proxy_ssl_name and proxy_ssl_verify tests.
Maxim Dounin <mdounin@mdounin.ru>
parents:
diff
changeset
|
120 [ v3_req ] |
3c9aeeb09ac8
Tests: proxy_ssl_name and proxy_ssl_verify tests.
Maxim Dounin <mdounin@mdounin.ru>
parents:
diff
changeset
|
121 subjectAltName = DNS:example.com,DNS:*.example.com |
3c9aeeb09ac8
Tests: proxy_ssl_name and proxy_ssl_verify tests.
Maxim Dounin <mdounin@mdounin.ru>
parents:
diff
changeset
|
122 EOF |
3c9aeeb09ac8
Tests: proxy_ssl_name and proxy_ssl_verify tests.
Maxim Dounin <mdounin@mdounin.ru>
parents:
diff
changeset
|
123 |
3c9aeeb09ac8
Tests: proxy_ssl_name and proxy_ssl_verify tests.
Maxim Dounin <mdounin@mdounin.ru>
parents:
diff
changeset
|
124 $t->write_file('openssl.2.example.com.conf', <<EOF); |
3c9aeeb09ac8
Tests: proxy_ssl_name and proxy_ssl_verify tests.
Maxim Dounin <mdounin@mdounin.ru>
parents:
diff
changeset
|
125 [ req ] |
3c9aeeb09ac8
Tests: proxy_ssl_name and proxy_ssl_verify tests.
Maxim Dounin <mdounin@mdounin.ru>
parents:
diff
changeset
|
126 prompt = no |
3c9aeeb09ac8
Tests: proxy_ssl_name and proxy_ssl_verify tests.
Maxim Dounin <mdounin@mdounin.ru>
parents:
diff
changeset
|
127 default_bits = 1024 |
3c9aeeb09ac8
Tests: proxy_ssl_name and proxy_ssl_verify tests.
Maxim Dounin <mdounin@mdounin.ru>
parents:
diff
changeset
|
128 encrypt_key = no |
3c9aeeb09ac8
Tests: proxy_ssl_name and proxy_ssl_verify tests.
Maxim Dounin <mdounin@mdounin.ru>
parents:
diff
changeset
|
129 distinguished_name = req_distinguished_name |
3c9aeeb09ac8
Tests: proxy_ssl_name and proxy_ssl_verify tests.
Maxim Dounin <mdounin@mdounin.ru>
parents:
diff
changeset
|
130 |
3c9aeeb09ac8
Tests: proxy_ssl_name and proxy_ssl_verify tests.
Maxim Dounin <mdounin@mdounin.ru>
parents:
diff
changeset
|
131 [ req_distinguished_name ] |
3c9aeeb09ac8
Tests: proxy_ssl_name and proxy_ssl_verify tests.
Maxim Dounin <mdounin@mdounin.ru>
parents:
diff
changeset
|
132 commonName=2.example.com |
3c9aeeb09ac8
Tests: proxy_ssl_name and proxy_ssl_verify tests.
Maxim Dounin <mdounin@mdounin.ru>
parents:
diff
changeset
|
133 EOF |
3c9aeeb09ac8
Tests: proxy_ssl_name and proxy_ssl_verify tests.
Maxim Dounin <mdounin@mdounin.ru>
parents:
diff
changeset
|
134 |
3c9aeeb09ac8
Tests: proxy_ssl_name and proxy_ssl_verify tests.
Maxim Dounin <mdounin@mdounin.ru>
parents:
diff
changeset
|
135 my $d = $t->testdir(); |
3c9aeeb09ac8
Tests: proxy_ssl_name and proxy_ssl_verify tests.
Maxim Dounin <mdounin@mdounin.ru>
parents:
diff
changeset
|
136 |
3c9aeeb09ac8
Tests: proxy_ssl_name and proxy_ssl_verify tests.
Maxim Dounin <mdounin@mdounin.ru>
parents:
diff
changeset
|
137 foreach my $name ('1.example.com', '2.example.com') { |
3c9aeeb09ac8
Tests: proxy_ssl_name and proxy_ssl_verify tests.
Maxim Dounin <mdounin@mdounin.ru>
parents:
diff
changeset
|
138 system('openssl req -x509 -new ' |
3c9aeeb09ac8
Tests: proxy_ssl_name and proxy_ssl_verify tests.
Maxim Dounin <mdounin@mdounin.ru>
parents:
diff
changeset
|
139 . "-config '$d/openssl.$name.conf' " |
3c9aeeb09ac8
Tests: proxy_ssl_name and proxy_ssl_verify tests.
Maxim Dounin <mdounin@mdounin.ru>
parents:
diff
changeset
|
140 . "-out '$d/$name.crt' -keyout '$d/$name.key' " |
3c9aeeb09ac8
Tests: proxy_ssl_name and proxy_ssl_verify tests.
Maxim Dounin <mdounin@mdounin.ru>
parents:
diff
changeset
|
141 . ">>$d/openssl.out 2>&1") == 0 |
3c9aeeb09ac8
Tests: proxy_ssl_name and proxy_ssl_verify tests.
Maxim Dounin <mdounin@mdounin.ru>
parents:
diff
changeset
|
142 or die "Can't create certificate for $name: $!\n"; |
3c9aeeb09ac8
Tests: proxy_ssl_name and proxy_ssl_verify tests.
Maxim Dounin <mdounin@mdounin.ru>
parents:
diff
changeset
|
143 } |
3c9aeeb09ac8
Tests: proxy_ssl_name and proxy_ssl_verify tests.
Maxim Dounin <mdounin@mdounin.ru>
parents:
diff
changeset
|
144 |
3c9aeeb09ac8
Tests: proxy_ssl_name and proxy_ssl_verify tests.
Maxim Dounin <mdounin@mdounin.ru>
parents:
diff
changeset
|
145 $t->write_file('index.html', ''); |
3c9aeeb09ac8
Tests: proxy_ssl_name and proxy_ssl_verify tests.
Maxim Dounin <mdounin@mdounin.ru>
parents:
diff
changeset
|
146 |
3c9aeeb09ac8
Tests: proxy_ssl_name and proxy_ssl_verify tests.
Maxim Dounin <mdounin@mdounin.ru>
parents:
diff
changeset
|
147 $t->try_run('no proxy_ssl_verify')->plan(6); |
3c9aeeb09ac8
Tests: proxy_ssl_name and proxy_ssl_verify tests.
Maxim Dounin <mdounin@mdounin.ru>
parents:
diff
changeset
|
148 |
3c9aeeb09ac8
Tests: proxy_ssl_name and proxy_ssl_verify tests.
Maxim Dounin <mdounin@mdounin.ru>
parents:
diff
changeset
|
149 ############################################################################### |
3c9aeeb09ac8
Tests: proxy_ssl_name and proxy_ssl_verify tests.
Maxim Dounin <mdounin@mdounin.ru>
parents:
diff
changeset
|
150 |
3c9aeeb09ac8
Tests: proxy_ssl_name and proxy_ssl_verify tests.
Maxim Dounin <mdounin@mdounin.ru>
parents:
diff
changeset
|
151 # subjectAltName |
3c9aeeb09ac8
Tests: proxy_ssl_name and proxy_ssl_verify tests.
Maxim Dounin <mdounin@mdounin.ru>
parents:
diff
changeset
|
152 |
3c9aeeb09ac8
Tests: proxy_ssl_name and proxy_ssl_verify tests.
Maxim Dounin <mdounin@mdounin.ru>
parents:
diff
changeset
|
153 like(http_get('/verify'), qr/200 OK/ms, 'verify'); |
3c9aeeb09ac8
Tests: proxy_ssl_name and proxy_ssl_verify tests.
Maxim Dounin <mdounin@mdounin.ru>
parents:
diff
changeset
|
154 like(http_get('/wildcard'), qr/200 OK/ms, 'verify wildcard'); |
3c9aeeb09ac8
Tests: proxy_ssl_name and proxy_ssl_verify tests.
Maxim Dounin <mdounin@mdounin.ru>
parents:
diff
changeset
|
155 like(http_get('/fail'), qr/502 Bad/ms, 'verify fail'); |
3c9aeeb09ac8
Tests: proxy_ssl_name and proxy_ssl_verify tests.
Maxim Dounin <mdounin@mdounin.ru>
parents:
diff
changeset
|
156 |
3c9aeeb09ac8
Tests: proxy_ssl_name and proxy_ssl_verify tests.
Maxim Dounin <mdounin@mdounin.ru>
parents:
diff
changeset
|
157 # commonName |
3c9aeeb09ac8
Tests: proxy_ssl_name and proxy_ssl_verify tests.
Maxim Dounin <mdounin@mdounin.ru>
parents:
diff
changeset
|
158 |
3c9aeeb09ac8
Tests: proxy_ssl_name and proxy_ssl_verify tests.
Maxim Dounin <mdounin@mdounin.ru>
parents:
diff
changeset
|
159 like(http_get('/cn'), qr/200 OK/ms, 'verify cn'); |
3c9aeeb09ac8
Tests: proxy_ssl_name and proxy_ssl_verify tests.
Maxim Dounin <mdounin@mdounin.ru>
parents:
diff
changeset
|
160 like(http_get('/cn/fail'), qr/502 Bad/ms, 'verify cn fail'); |
3c9aeeb09ac8
Tests: proxy_ssl_name and proxy_ssl_verify tests.
Maxim Dounin <mdounin@mdounin.ru>
parents:
diff
changeset
|
161 |
3c9aeeb09ac8
Tests: proxy_ssl_name and proxy_ssl_verify tests.
Maxim Dounin <mdounin@mdounin.ru>
parents:
diff
changeset
|
162 # untrusted |
3c9aeeb09ac8
Tests: proxy_ssl_name and proxy_ssl_verify tests.
Maxim Dounin <mdounin@mdounin.ru>
parents:
diff
changeset
|
163 |
3c9aeeb09ac8
Tests: proxy_ssl_name and proxy_ssl_verify tests.
Maxim Dounin <mdounin@mdounin.ru>
parents:
diff
changeset
|
164 like(http_get('/untrusted'), qr/502 Bad/ms, 'untrusted'); |
3c9aeeb09ac8
Tests: proxy_ssl_name and proxy_ssl_verify tests.
Maxim Dounin <mdounin@mdounin.ru>
parents:
diff
changeset
|
165 |
3c9aeeb09ac8
Tests: proxy_ssl_name and proxy_ssl_verify tests.
Maxim Dounin <mdounin@mdounin.ru>
parents:
diff
changeset
|
166 ############################################################################### |