Mercurial > hg > nginx-tests

annotate ssl.t @ 540:481d705b8610

Find changesets by keywords (author, files, the commit message), revision number or hash, or revset expression.
Tests: SSL support in mail backends. Socket is now embedded into every mail module. Socket methods are wrapped where appropriate. The new "SSL" extra flag specifies to accept connection over SSL.
author Sergey Kandaurov <pluknet@nginx.com>
date Fri, 03 Apr 2015 00:11:38 +0300
parents 071e8941e3bf
children 97660514e518
Ignore whitespace changes - Everywhere: Within whitespace: At end of lines:
rev   line source
370
74cfe56c7b83 Tests: simple https tests.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff changeset
1 #!/usr/bin/perl
74cfe56c7b83 Tests: simple https tests.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff changeset
2
74cfe56c7b83 Tests: simple https tests.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff changeset
3 # (C) Sergey Kandaurov
74cfe56c7b83 Tests: simple https tests.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff changeset
4 # (C) Nginx, Inc.
74cfe56c7b83 Tests: simple https tests.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff changeset
5
74cfe56c7b83 Tests: simple https tests.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff changeset
6 # Tests for http ssl module.
74cfe56c7b83 Tests: simple https tests.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff changeset
7
74cfe56c7b83 Tests: simple https tests.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff changeset
8 ###############################################################################
74cfe56c7b83 Tests: simple https tests.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff changeset
9
74cfe56c7b83 Tests: simple https tests.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff changeset
10 use warnings;
74cfe56c7b83 Tests: simple https tests.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff changeset
11 use strict;
74cfe56c7b83 Tests: simple https tests.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff changeset
12
74cfe56c7b83 Tests: simple https tests.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff changeset
13 use Test::More;
74cfe56c7b83 Tests: simple https tests.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff changeset
14
74cfe56c7b83 Tests: simple https tests.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff changeset
15 BEGIN { use FindBin; chdir($FindBin::Bin); }
74cfe56c7b83 Tests: simple https tests.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff changeset
16
74cfe56c7b83 Tests: simple https tests.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff changeset
17 use lib 'lib';
74cfe56c7b83 Tests: simple https tests.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff changeset
18 use Test::Nginx;
74cfe56c7b83 Tests: simple https tests.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff changeset
19
74cfe56c7b83 Tests: simple https tests.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff changeset
20 ###############################################################################
74cfe56c7b83 Tests: simple https tests.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff changeset
21
74cfe56c7b83 Tests: simple https tests.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff changeset
22 select STDERR; $| = 1;
74cfe56c7b83 Tests: simple https tests.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff changeset
23 select STDOUT; $| = 1;
74cfe56c7b83 Tests: simple https tests.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff changeset
24
430
a82b02635614 Tests: skip ssl tests with ancient IO::Socket::SSL.
Maxim Dounin <mdounin@mdounin.ru>
parents: 397
diff changeset
25 eval { require IO::Socket::SSL; };
370
74cfe56c7b83 Tests: simple https tests.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff changeset
26 plan(skip_all => 'IO::Socket::SSL not installed') if $@;
430
a82b02635614 Tests: skip ssl tests with ancient IO::Socket::SSL.
Maxim Dounin <mdounin@mdounin.ru>
parents: 397
diff changeset
27 eval { IO::Socket::SSL::SSL_VERIFY_NONE(); };
a82b02635614 Tests: skip ssl tests with ancient IO::Socket::SSL.
Maxim Dounin <mdounin@mdounin.ru>
parents: 397
diff changeset
28 plan(skip_all => 'IO::Socket::SSL too old') if $@;
370
74cfe56c7b83 Tests: simple https tests.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff changeset
29
74cfe56c7b83 Tests: simple https tests.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff changeset
30 my $t = Test::Nginx->new()->has(qw/http http_ssl rewrite/)
74cfe56c7b83 Tests: simple https tests.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff changeset
31 ->has_daemon('openssl');
74cfe56c7b83 Tests: simple https tests.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff changeset
32
74cfe56c7b83 Tests: simple https tests.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff changeset
33 $t->plan(4)->write_file_expand('nginx.conf', <<'EOF');
74cfe56c7b83 Tests: simple https tests.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff changeset
34
74cfe56c7b83 Tests: simple https tests.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff changeset
35 %%TEST_GLOBALS%%
74cfe56c7b83 Tests: simple https tests.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff changeset
36
74cfe56c7b83 Tests: simple https tests.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff changeset
37 daemon off;
74cfe56c7b83 Tests: simple https tests.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff changeset
38
74cfe56c7b83 Tests: simple https tests.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff changeset
39 events {
74cfe56c7b83 Tests: simple https tests.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff changeset
40 }
74cfe56c7b83 Tests: simple https tests.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff changeset
41
74cfe56c7b83 Tests: simple https tests.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff changeset
42 http {
74cfe56c7b83 Tests: simple https tests.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff changeset
43 %%TEST_GLOBALS_HTTP%%
74cfe56c7b83 Tests: simple https tests.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff changeset
44
74cfe56c7b83 Tests: simple https tests.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff changeset
45 server {
74cfe56c7b83 Tests: simple https tests.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff changeset
46 listen 127.0.0.1:8443 ssl;
74cfe56c7b83 Tests: simple https tests.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff changeset
47 listen 127.0.0.1:8080;
74cfe56c7b83 Tests: simple https tests.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff changeset
48 server_name localhost;
74cfe56c7b83 Tests: simple https tests.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff changeset
49
74cfe56c7b83 Tests: simple https tests.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff changeset
50 ssl_certificate_key localhost.key;
74cfe56c7b83 Tests: simple https tests.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff changeset
51 ssl_certificate localhost.crt;
503
071e8941e3bf Tests: reduce shared memory zone sizes.
Maxim Dounin <mdounin@mdounin.ru>
parents: 430
diff changeset
52 ssl_session_cache shared:SSL:1m;
378
de2f7e86866e Tests: disabled session tickets.
Sergey Kandaurov <pluknet@nginx.com>
parents: 370
diff changeset
53 ssl_session_tickets off;
370
74cfe56c7b83 Tests: simple https tests.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff changeset
54
74cfe56c7b83 Tests: simple https tests.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff changeset
55 location /reuse {
74cfe56c7b83 Tests: simple https tests.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff changeset
56 return 200 "body $ssl_session_reused";
74cfe56c7b83 Tests: simple https tests.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff changeset
57 }
74cfe56c7b83 Tests: simple https tests.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff changeset
58 location /id {
74cfe56c7b83 Tests: simple https tests.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff changeset
59 return 200 "body $ssl_session_id";
74cfe56c7b83 Tests: simple https tests.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff changeset
60 }
74cfe56c7b83 Tests: simple https tests.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff changeset
61 }
74cfe56c7b83 Tests: simple https tests.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff changeset
62 }
74cfe56c7b83 Tests: simple https tests.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff changeset
63
74cfe56c7b83 Tests: simple https tests.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff changeset
64 EOF
74cfe56c7b83 Tests: simple https tests.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff changeset
65
74cfe56c7b83 Tests: simple https tests.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff changeset
66 $t->write_file('openssl.conf', <<EOF);
74cfe56c7b83 Tests: simple https tests.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff changeset
67 [ req ]
74cfe56c7b83 Tests: simple https tests.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff changeset
68 default_bits = 2048
74cfe56c7b83 Tests: simple https tests.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff changeset
69 encrypt_key = no
74cfe56c7b83 Tests: simple https tests.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff changeset
70 distinguished_name = req_distinguished_name
74cfe56c7b83 Tests: simple https tests.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff changeset
71 [ req_distinguished_name ]
74cfe56c7b83 Tests: simple https tests.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff changeset
72 EOF
74cfe56c7b83 Tests: simple https tests.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff changeset
73
74cfe56c7b83 Tests: simple https tests.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff changeset
74 my $d = $t->testdir();
74cfe56c7b83 Tests: simple https tests.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff changeset
75
74cfe56c7b83 Tests: simple https tests.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff changeset
76 foreach my $name ('localhost') {
74cfe56c7b83 Tests: simple https tests.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff changeset
77 system('openssl req -x509 -new '
74cfe56c7b83 Tests: simple https tests.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff changeset
78 . "-config '$d/openssl.conf' -subj '/CN=$name/' "
74cfe56c7b83 Tests: simple https tests.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff changeset
79 . "-out '$d/$name.crt' -keyout '$d/$name.key' "
74cfe56c7b83 Tests: simple https tests.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff changeset
80 . ">>$d/openssl.out 2>&1") == 0
74cfe56c7b83 Tests: simple https tests.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff changeset
81 or die "Can't create certificate for $name: $!\n";
74cfe56c7b83 Tests: simple https tests.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff changeset
82 }
74cfe56c7b83 Tests: simple https tests.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff changeset
83
74cfe56c7b83 Tests: simple https tests.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff changeset
84 my $ctx = new IO::Socket::SSL::SSL_Context(
74cfe56c7b83 Tests: simple https tests.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff changeset
85 SSL_verify_mode => IO::Socket::SSL::SSL_VERIFY_NONE(),
74cfe56c7b83 Tests: simple https tests.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff changeset
86 SSL_session_cache_size => 100);
74cfe56c7b83 Tests: simple https tests.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff changeset
87
74cfe56c7b83 Tests: simple https tests.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff changeset
88 $t->run();
74cfe56c7b83 Tests: simple https tests.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff changeset
89
74cfe56c7b83 Tests: simple https tests.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff changeset
90 ###############################################################################
74cfe56c7b83 Tests: simple https tests.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff changeset
91
74cfe56c7b83 Tests: simple https tests.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff changeset
92 like(http_get('/reuse', socket => get_ssl_socket($ctx)), qr/^body \.$/m,
74cfe56c7b83 Tests: simple https tests.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff changeset
93 'initial session');
74cfe56c7b83 Tests: simple https tests.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff changeset
94 like(http_get('/reuse', socket => get_ssl_socket($ctx)), qr/^body r$/m,
74cfe56c7b83 Tests: simple https tests.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff changeset
95 'session reused');
74cfe56c7b83 Tests: simple https tests.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff changeset
96
74cfe56c7b83 Tests: simple https tests.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff changeset
97 my ($sid) = http_get('/id', socket => get_ssl_socket($ctx)) =~ /^body (\w+)$/m;
74cfe56c7b83 Tests: simple https tests.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff changeset
98 is(length $sid, 64, 'session id');
74cfe56c7b83 Tests: simple https tests.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff changeset
99
74cfe56c7b83 Tests: simple https tests.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff changeset
100 unlike(http_get('/id'), qr/body \w/, 'session id no ssl');
74cfe56c7b83 Tests: simple https tests.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff changeset
101
74cfe56c7b83 Tests: simple https tests.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff changeset
102 ###############################################################################
74cfe56c7b83 Tests: simple https tests.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff changeset
103
74cfe56c7b83 Tests: simple https tests.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff changeset
104 sub get_ssl_socket {
74cfe56c7b83 Tests: simple https tests.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff changeset
105 my ($ctx) = @_;
74cfe56c7b83 Tests: simple https tests.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff changeset
106 my $s;
74cfe56c7b83 Tests: simple https tests.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff changeset
107
74cfe56c7b83 Tests: simple https tests.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff changeset
108 eval {
74cfe56c7b83 Tests: simple https tests.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff changeset
109 local $SIG{ALRM} = sub { die "timeout\n" };
74cfe56c7b83 Tests: simple https tests.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff changeset
110 local $SIG{PIPE} = sub { die "sigpipe\n" };
74cfe56c7b83 Tests: simple https tests.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff changeset
111 alarm(2);
74cfe56c7b83 Tests: simple https tests.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff changeset
112 $s = IO::Socket::SSL->new(
74cfe56c7b83 Tests: simple https tests.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff changeset
113 Proto => 'tcp',
74cfe56c7b83 Tests: simple https tests.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff changeset
114 PeerAddr => '127.0.0.1:8443',
74cfe56c7b83 Tests: simple https tests.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff changeset
115 SSL_verify_mode => IO::Socket::SSL::SSL_VERIFY_NONE(),
74cfe56c7b83 Tests: simple https tests.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff changeset
116 SSL_reuse_ctx => $ctx,
74cfe56c7b83 Tests: simple https tests.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff changeset
117 SSL_error_trap => sub { die $_[1] }
74cfe56c7b83 Tests: simple https tests.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff changeset
118 );
74cfe56c7b83 Tests: simple https tests.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff changeset
119 alarm(0);
74cfe56c7b83 Tests: simple https tests.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff changeset
120 };
74cfe56c7b83 Tests: simple https tests.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff changeset
121 alarm(0);
74cfe56c7b83 Tests: simple https tests.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff changeset
122
74cfe56c7b83 Tests: simple https tests.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff changeset
123 if ($@) {
74cfe56c7b83 Tests: simple https tests.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff changeset
124 log_in("died: $@");
74cfe56c7b83 Tests: simple https tests.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff changeset
125 return undef;
74cfe56c7b83 Tests: simple https tests.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff changeset
126 }
74cfe56c7b83 Tests: simple https tests.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff changeset
127
74cfe56c7b83 Tests: simple https tests.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff changeset
128 return $s;
74cfe56c7b83 Tests: simple https tests.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff changeset
129 }
74cfe56c7b83 Tests: simple https tests.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff changeset
130
74cfe56c7b83 Tests: simple https tests.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff changeset
131 ###############################################################################