Mercurial > hg > nginx-tests

annotate stream_ssl_verify_client.t @ 1111:6c2538ad642d

Find changesets by keywords (author, files, the commit message), revision number or hash, or revset expression.
Tests: auth external in mail is explicitly enabled since 1.11.9.
author Sergey Kandaurov <pluknet@nginx.com>
date Thu, 12 Jan 2017 19:23:14 +0300
parents b3d5a2f8a00b
children c5df4742ad40
Ignore whitespace changes - Everywhere: Within whitespace: At end of lines:
rev   line source
1104
b3d5a2f8a00b Tests: stream ssl_verify_client tests.
Andrey Zelenkov <zelenkov@nginx.com>
parents:
diff changeset
1 #!/usr/bin/perl
b3d5a2f8a00b Tests: stream ssl_verify_client tests.
Andrey Zelenkov <zelenkov@nginx.com>
parents:
diff changeset
2
b3d5a2f8a00b Tests: stream ssl_verify_client tests.
Andrey Zelenkov <zelenkov@nginx.com>
parents:
diff changeset
3 # (C) Sergey Kandaurov
b3d5a2f8a00b Tests: stream ssl_verify_client tests.
Andrey Zelenkov <zelenkov@nginx.com>
parents:
diff changeset
4 # (C) Andrey Zelenkov
b3d5a2f8a00b Tests: stream ssl_verify_client tests.
Andrey Zelenkov <zelenkov@nginx.com>
parents:
diff changeset
5 # (C) Nginx, Inc.
b3d5a2f8a00b Tests: stream ssl_verify_client tests.
Andrey Zelenkov <zelenkov@nginx.com>
parents:
diff changeset
6
b3d5a2f8a00b Tests: stream ssl_verify_client tests.
Andrey Zelenkov <zelenkov@nginx.com>
parents:
diff changeset
7 # Tests for stream ssl module, ssl_verify_client.
b3d5a2f8a00b Tests: stream ssl_verify_client tests.
Andrey Zelenkov <zelenkov@nginx.com>
parents:
diff changeset
8
b3d5a2f8a00b Tests: stream ssl_verify_client tests.
Andrey Zelenkov <zelenkov@nginx.com>
parents:
diff changeset
9 ###############################################################################
b3d5a2f8a00b Tests: stream ssl_verify_client tests.
Andrey Zelenkov <zelenkov@nginx.com>
parents:
diff changeset
10
b3d5a2f8a00b Tests: stream ssl_verify_client tests.
Andrey Zelenkov <zelenkov@nginx.com>
parents:
diff changeset
11 use warnings;
b3d5a2f8a00b Tests: stream ssl_verify_client tests.
Andrey Zelenkov <zelenkov@nginx.com>
parents:
diff changeset
12 use strict;
b3d5a2f8a00b Tests: stream ssl_verify_client tests.
Andrey Zelenkov <zelenkov@nginx.com>
parents:
diff changeset
13
b3d5a2f8a00b Tests: stream ssl_verify_client tests.
Andrey Zelenkov <zelenkov@nginx.com>
parents:
diff changeset
14 use Test::More;
b3d5a2f8a00b Tests: stream ssl_verify_client tests.
Andrey Zelenkov <zelenkov@nginx.com>
parents:
diff changeset
15
b3d5a2f8a00b Tests: stream ssl_verify_client tests.
Andrey Zelenkov <zelenkov@nginx.com>
parents:
diff changeset
16 use Socket;
b3d5a2f8a00b Tests: stream ssl_verify_client tests.
Andrey Zelenkov <zelenkov@nginx.com>
parents:
diff changeset
17
b3d5a2f8a00b Tests: stream ssl_verify_client tests.
Andrey Zelenkov <zelenkov@nginx.com>
parents:
diff changeset
18 BEGIN { use FindBin; chdir($FindBin::Bin); }
b3d5a2f8a00b Tests: stream ssl_verify_client tests.
Andrey Zelenkov <zelenkov@nginx.com>
parents:
diff changeset
19
b3d5a2f8a00b Tests: stream ssl_verify_client tests.
Andrey Zelenkov <zelenkov@nginx.com>
parents:
diff changeset
20 use lib 'lib';
b3d5a2f8a00b Tests: stream ssl_verify_client tests.
Andrey Zelenkov <zelenkov@nginx.com>
parents:
diff changeset
21 use Test::Nginx;
b3d5a2f8a00b Tests: stream ssl_verify_client tests.
Andrey Zelenkov <zelenkov@nginx.com>
parents:
diff changeset
22 use Test::Nginx::Stream qw/ stream /;
b3d5a2f8a00b Tests: stream ssl_verify_client tests.
Andrey Zelenkov <zelenkov@nginx.com>
parents:
diff changeset
23
b3d5a2f8a00b Tests: stream ssl_verify_client tests.
Andrey Zelenkov <zelenkov@nginx.com>
parents:
diff changeset
24 ###############################################################################
b3d5a2f8a00b Tests: stream ssl_verify_client tests.
Andrey Zelenkov <zelenkov@nginx.com>
parents:
diff changeset
25
b3d5a2f8a00b Tests: stream ssl_verify_client tests.
Andrey Zelenkov <zelenkov@nginx.com>
parents:
diff changeset
26 select STDERR; $| = 1;
b3d5a2f8a00b Tests: stream ssl_verify_client tests.
Andrey Zelenkov <zelenkov@nginx.com>
parents:
diff changeset
27 select STDOUT; $| = 1;
b3d5a2f8a00b Tests: stream ssl_verify_client tests.
Andrey Zelenkov <zelenkov@nginx.com>
parents:
diff changeset
28
b3d5a2f8a00b Tests: stream ssl_verify_client tests.
Andrey Zelenkov <zelenkov@nginx.com>
parents:
diff changeset
29 eval {
b3d5a2f8a00b Tests: stream ssl_verify_client tests.
Andrey Zelenkov <zelenkov@nginx.com>
parents:
diff changeset
30 require Net::SSLeay;
b3d5a2f8a00b Tests: stream ssl_verify_client tests.
Andrey Zelenkov <zelenkov@nginx.com>
parents:
diff changeset
31 Net::SSLeay::load_error_strings();
b3d5a2f8a00b Tests: stream ssl_verify_client tests.
Andrey Zelenkov <zelenkov@nginx.com>
parents:
diff changeset
32 Net::SSLeay::SSLeay_add_ssl_algorithms();
b3d5a2f8a00b Tests: stream ssl_verify_client tests.
Andrey Zelenkov <zelenkov@nginx.com>
parents:
diff changeset
33 Net::SSLeay::randomize();
b3d5a2f8a00b Tests: stream ssl_verify_client tests.
Andrey Zelenkov <zelenkov@nginx.com>
parents:
diff changeset
34 };
b3d5a2f8a00b Tests: stream ssl_verify_client tests.
Andrey Zelenkov <zelenkov@nginx.com>
parents:
diff changeset
35 plan(skip_all => 'Net::SSLeay not installed') if $@;
b3d5a2f8a00b Tests: stream ssl_verify_client tests.
Andrey Zelenkov <zelenkov@nginx.com>
parents:
diff changeset
36
b3d5a2f8a00b Tests: stream ssl_verify_client tests.
Andrey Zelenkov <zelenkov@nginx.com>
parents:
diff changeset
37 my $t = Test::Nginx->new()->has(qw/stream stream_ssl stream_return/)
b3d5a2f8a00b Tests: stream ssl_verify_client tests.
Andrey Zelenkov <zelenkov@nginx.com>
parents:
diff changeset
38 ->has_daemon('openssl');
b3d5a2f8a00b Tests: stream ssl_verify_client tests.
Andrey Zelenkov <zelenkov@nginx.com>
parents:
diff changeset
39
b3d5a2f8a00b Tests: stream ssl_verify_client tests.
Andrey Zelenkov <zelenkov@nginx.com>
parents:
diff changeset
40 $t->write_file_expand('nginx.conf', <<'EOF');
b3d5a2f8a00b Tests: stream ssl_verify_client tests.
Andrey Zelenkov <zelenkov@nginx.com>
parents:
diff changeset
41
b3d5a2f8a00b Tests: stream ssl_verify_client tests.
Andrey Zelenkov <zelenkov@nginx.com>
parents:
diff changeset
42 %%TEST_GLOBALS%%
b3d5a2f8a00b Tests: stream ssl_verify_client tests.
Andrey Zelenkov <zelenkov@nginx.com>
parents:
diff changeset
43
b3d5a2f8a00b Tests: stream ssl_verify_client tests.
Andrey Zelenkov <zelenkov@nginx.com>
parents:
diff changeset
44 daemon off;
b3d5a2f8a00b Tests: stream ssl_verify_client tests.
Andrey Zelenkov <zelenkov@nginx.com>
parents:
diff changeset
45
b3d5a2f8a00b Tests: stream ssl_verify_client tests.
Andrey Zelenkov <zelenkov@nginx.com>
parents:
diff changeset
46 events {
b3d5a2f8a00b Tests: stream ssl_verify_client tests.
Andrey Zelenkov <zelenkov@nginx.com>
parents:
diff changeset
47 }
b3d5a2f8a00b Tests: stream ssl_verify_client tests.
Andrey Zelenkov <zelenkov@nginx.com>
parents:
diff changeset
48
b3d5a2f8a00b Tests: stream ssl_verify_client tests.
Andrey Zelenkov <zelenkov@nginx.com>
parents:
diff changeset
49 stream {
b3d5a2f8a00b Tests: stream ssl_verify_client tests.
Andrey Zelenkov <zelenkov@nginx.com>
parents:
diff changeset
50 ssl_certificate_key localhost.key;
b3d5a2f8a00b Tests: stream ssl_verify_client tests.
Andrey Zelenkov <zelenkov@nginx.com>
parents:
diff changeset
51 ssl_certificate localhost.crt;
b3d5a2f8a00b Tests: stream ssl_verify_client tests.
Andrey Zelenkov <zelenkov@nginx.com>
parents:
diff changeset
52
b3d5a2f8a00b Tests: stream ssl_verify_client tests.
Andrey Zelenkov <zelenkov@nginx.com>
parents:
diff changeset
53 ssl_verify_client optional_no_ca;
b3d5a2f8a00b Tests: stream ssl_verify_client tests.
Andrey Zelenkov <zelenkov@nginx.com>
parents:
diff changeset
54
b3d5a2f8a00b Tests: stream ssl_verify_client tests.
Andrey Zelenkov <zelenkov@nginx.com>
parents:
diff changeset
55 server {
b3d5a2f8a00b Tests: stream ssl_verify_client tests.
Andrey Zelenkov <zelenkov@nginx.com>
parents:
diff changeset
56 listen 127.0.0.1:8080 ssl;
b3d5a2f8a00b Tests: stream ssl_verify_client tests.
Andrey Zelenkov <zelenkov@nginx.com>
parents:
diff changeset
57 return $ssl_client_verify;
b3d5a2f8a00b Tests: stream ssl_verify_client tests.
Andrey Zelenkov <zelenkov@nginx.com>
parents:
diff changeset
58
b3d5a2f8a00b Tests: stream ssl_verify_client tests.
Andrey Zelenkov <zelenkov@nginx.com>
parents:
diff changeset
59 ssl_client_certificate client.crt;
b3d5a2f8a00b Tests: stream ssl_verify_client tests.
Andrey Zelenkov <zelenkov@nginx.com>
parents:
diff changeset
60 }
b3d5a2f8a00b Tests: stream ssl_verify_client tests.
Andrey Zelenkov <zelenkov@nginx.com>
parents:
diff changeset
61
b3d5a2f8a00b Tests: stream ssl_verify_client tests.
Andrey Zelenkov <zelenkov@nginx.com>
parents:
diff changeset
62 server {
b3d5a2f8a00b Tests: stream ssl_verify_client tests.
Andrey Zelenkov <zelenkov@nginx.com>
parents:
diff changeset
63 listen 127.0.0.1:8081 ssl;
b3d5a2f8a00b Tests: stream ssl_verify_client tests.
Andrey Zelenkov <zelenkov@nginx.com>
parents:
diff changeset
64 return $ssl_client_verify;
b3d5a2f8a00b Tests: stream ssl_verify_client tests.
Andrey Zelenkov <zelenkov@nginx.com>
parents:
diff changeset
65 }
b3d5a2f8a00b Tests: stream ssl_verify_client tests.
Andrey Zelenkov <zelenkov@nginx.com>
parents:
diff changeset
66 }
b3d5a2f8a00b Tests: stream ssl_verify_client tests.
Andrey Zelenkov <zelenkov@nginx.com>
parents:
diff changeset
67
b3d5a2f8a00b Tests: stream ssl_verify_client tests.
Andrey Zelenkov <zelenkov@nginx.com>
parents:
diff changeset
68 EOF
b3d5a2f8a00b Tests: stream ssl_verify_client tests.
Andrey Zelenkov <zelenkov@nginx.com>
parents:
diff changeset
69
b3d5a2f8a00b Tests: stream ssl_verify_client tests.
Andrey Zelenkov <zelenkov@nginx.com>
parents:
diff changeset
70 my $d = $t->testdir();
b3d5a2f8a00b Tests: stream ssl_verify_client tests.
Andrey Zelenkov <zelenkov@nginx.com>
parents:
diff changeset
71
b3d5a2f8a00b Tests: stream ssl_verify_client tests.
Andrey Zelenkov <zelenkov@nginx.com>
parents:
diff changeset
72 $t->write_file('openssl.conf', <<EOF);
b3d5a2f8a00b Tests: stream ssl_verify_client tests.
Andrey Zelenkov <zelenkov@nginx.com>
parents:
diff changeset
73 [ req ]
b3d5a2f8a00b Tests: stream ssl_verify_client tests.
Andrey Zelenkov <zelenkov@nginx.com>
parents:
diff changeset
74 default_bits = 2048
b3d5a2f8a00b Tests: stream ssl_verify_client tests.
Andrey Zelenkov <zelenkov@nginx.com>
parents:
diff changeset
75 encrypt_key = no
b3d5a2f8a00b Tests: stream ssl_verify_client tests.
Andrey Zelenkov <zelenkov@nginx.com>
parents:
diff changeset
76 distinguished_name = req_distinguished_name
b3d5a2f8a00b Tests: stream ssl_verify_client tests.
Andrey Zelenkov <zelenkov@nginx.com>
parents:
diff changeset
77 [ req_distinguished_name ]
b3d5a2f8a00b Tests: stream ssl_verify_client tests.
Andrey Zelenkov <zelenkov@nginx.com>
parents:
diff changeset
78 EOF
b3d5a2f8a00b Tests: stream ssl_verify_client tests.
Andrey Zelenkov <zelenkov@nginx.com>
parents:
diff changeset
79
b3d5a2f8a00b Tests: stream ssl_verify_client tests.
Andrey Zelenkov <zelenkov@nginx.com>
parents:
diff changeset
80 foreach my $name ('localhost', 'client') {
b3d5a2f8a00b Tests: stream ssl_verify_client tests.
Andrey Zelenkov <zelenkov@nginx.com>
parents:
diff changeset
81 system('openssl req -x509 -new '
b3d5a2f8a00b Tests: stream ssl_verify_client tests.
Andrey Zelenkov <zelenkov@nginx.com>
parents:
diff changeset
82 . "-config '$d/openssl.conf' -subj '/CN=$name/' "
b3d5a2f8a00b Tests: stream ssl_verify_client tests.
Andrey Zelenkov <zelenkov@nginx.com>
parents:
diff changeset
83 . "-out '$d/$name.crt' -keyout '$d/$name.key' "
b3d5a2f8a00b Tests: stream ssl_verify_client tests.
Andrey Zelenkov <zelenkov@nginx.com>
parents:
diff changeset
84 . ">>$d/openssl.out 2>&1") == 0
b3d5a2f8a00b Tests: stream ssl_verify_client tests.
Andrey Zelenkov <zelenkov@nginx.com>
parents:
diff changeset
85 or die "Can't create certificate for $name: $!\n";
b3d5a2f8a00b Tests: stream ssl_verify_client tests.
Andrey Zelenkov <zelenkov@nginx.com>
parents:
diff changeset
86 }
b3d5a2f8a00b Tests: stream ssl_verify_client tests.
Andrey Zelenkov <zelenkov@nginx.com>
parents:
diff changeset
87
b3d5a2f8a00b Tests: stream ssl_verify_client tests.
Andrey Zelenkov <zelenkov@nginx.com>
parents:
diff changeset
88 my $ctx = Net::SSLeay::CTX_new() or die("Failed to create SSL_CTX $!");
b3d5a2f8a00b Tests: stream ssl_verify_client tests.
Andrey Zelenkov <zelenkov@nginx.com>
parents:
diff changeset
89 Net::SSLeay::set_cert_and_key($ctx, "$d/client.crt", "$d/client.key") or die;
b3d5a2f8a00b Tests: stream ssl_verify_client tests.
Andrey Zelenkov <zelenkov@nginx.com>
parents:
diff changeset
90
b3d5a2f8a00b Tests: stream ssl_verify_client tests.
Andrey Zelenkov <zelenkov@nginx.com>
parents:
diff changeset
91 $t->try_run('no ssl_verify_client')->plan(2);
b3d5a2f8a00b Tests: stream ssl_verify_client tests.
Andrey Zelenkov <zelenkov@nginx.com>
parents:
diff changeset
92
b3d5a2f8a00b Tests: stream ssl_verify_client tests.
Andrey Zelenkov <zelenkov@nginx.com>
parents:
diff changeset
93 ###############################################################################
b3d5a2f8a00b Tests: stream ssl_verify_client tests.
Andrey Zelenkov <zelenkov@nginx.com>
parents:
diff changeset
94
b3d5a2f8a00b Tests: stream ssl_verify_client tests.
Andrey Zelenkov <zelenkov@nginx.com>
parents:
diff changeset
95 my ($s, $ssl) = get_ssl_socket(port(8080));
b3d5a2f8a00b Tests: stream ssl_verify_client tests.
Andrey Zelenkov <zelenkov@nginx.com>
parents:
diff changeset
96 is(Net::SSLeay::read($ssl), 'SUCCESS', 'success');
b3d5a2f8a00b Tests: stream ssl_verify_client tests.
Andrey Zelenkov <zelenkov@nginx.com>
parents:
diff changeset
97
b3d5a2f8a00b Tests: stream ssl_verify_client tests.
Andrey Zelenkov <zelenkov@nginx.com>
parents:
diff changeset
98 ($s, $ssl) = get_ssl_socket(port(8081));
b3d5a2f8a00b Tests: stream ssl_verify_client tests.
Andrey Zelenkov <zelenkov@nginx.com>
parents:
diff changeset
99 like(Net::SSLeay::read($ssl), qr/FAILED/, 'failed');
b3d5a2f8a00b Tests: stream ssl_verify_client tests.
Andrey Zelenkov <zelenkov@nginx.com>
parents:
diff changeset
100
b3d5a2f8a00b Tests: stream ssl_verify_client tests.
Andrey Zelenkov <zelenkov@nginx.com>
parents:
diff changeset
101 ###############################################################################
b3d5a2f8a00b Tests: stream ssl_verify_client tests.
Andrey Zelenkov <zelenkov@nginx.com>
parents:
diff changeset
102
b3d5a2f8a00b Tests: stream ssl_verify_client tests.
Andrey Zelenkov <zelenkov@nginx.com>
parents:
diff changeset
103 sub get_ssl_socket {
b3d5a2f8a00b Tests: stream ssl_verify_client tests.
Andrey Zelenkov <zelenkov@nginx.com>
parents:
diff changeset
104 my ($port) = @_;
b3d5a2f8a00b Tests: stream ssl_verify_client tests.
Andrey Zelenkov <zelenkov@nginx.com>
parents:
diff changeset
105
b3d5a2f8a00b Tests: stream ssl_verify_client tests.
Andrey Zelenkov <zelenkov@nginx.com>
parents:
diff changeset
106 my $dest_ip = inet_aton('127.0.0.1');
b3d5a2f8a00b Tests: stream ssl_verify_client tests.
Andrey Zelenkov <zelenkov@nginx.com>
parents:
diff changeset
107 my $dest_serv_params = sockaddr_in($port, $dest_ip);
b3d5a2f8a00b Tests: stream ssl_verify_client tests.
Andrey Zelenkov <zelenkov@nginx.com>
parents:
diff changeset
108
b3d5a2f8a00b Tests: stream ssl_verify_client tests.
Andrey Zelenkov <zelenkov@nginx.com>
parents:
diff changeset
109 socket(my $s, &AF_INET, &SOCK_STREAM, 0) or die "socket: $!";
b3d5a2f8a00b Tests: stream ssl_verify_client tests.
Andrey Zelenkov <zelenkov@nginx.com>
parents:
diff changeset
110 connect($s, $dest_serv_params) or die "connect: $!";
b3d5a2f8a00b Tests: stream ssl_verify_client tests.
Andrey Zelenkov <zelenkov@nginx.com>
parents:
diff changeset
111
b3d5a2f8a00b Tests: stream ssl_verify_client tests.
Andrey Zelenkov <zelenkov@nginx.com>
parents:
diff changeset
112 my $ssl = Net::SSLeay::new($ctx) or die("Failed to create SSL $!");
b3d5a2f8a00b Tests: stream ssl_verify_client tests.
Andrey Zelenkov <zelenkov@nginx.com>
parents:
diff changeset
113 Net::SSLeay::set_fd($ssl, fileno($s));
b3d5a2f8a00b Tests: stream ssl_verify_client tests.
Andrey Zelenkov <zelenkov@nginx.com>
parents:
diff changeset
114 Net::SSLeay::connect($ssl) or die("ssl connect");
b3d5a2f8a00b Tests: stream ssl_verify_client tests.
Andrey Zelenkov <zelenkov@nginx.com>
parents:
diff changeset
115 return ($s, $ssl);
b3d5a2f8a00b Tests: stream ssl_verify_client tests.
Andrey Zelenkov <zelenkov@nginx.com>
parents:
diff changeset
116 }
b3d5a2f8a00b Tests: stream ssl_verify_client tests.
Andrey Zelenkov <zelenkov@nginx.com>
parents:
diff changeset
117
b3d5a2f8a00b Tests: stream ssl_verify_client tests.
Andrey Zelenkov <zelenkov@nginx.com>
parents:
diff changeset
118 ###############################################################################