Mercurial > hg > nginx-tests
annotate proxy_ssl_conf_command.t @ 1728:6d5ecf445e57
Tests: added HTTP/2 test with big request body.
Notably, it is useful with body buffering in filters, in which case
the stream window is flow controlled based on the preread buffer.
| author | Sergey Kandaurov <pluknet@nginx.com> |
|---|---|
| date | Sat, 04 Sep 2021 14:50:02 +0300 |
| parents | 5386f4328b90 |
| children | 58951cf933e1 |
| rev | line source |
|---|---|
|
1604
4be791074207
Tests: proxy_ssl_conf_command tests.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
1 #!/usr/bin/perl |
|
4be791074207
Tests: proxy_ssl_conf_command tests.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
2 |
|
4be791074207
Tests: proxy_ssl_conf_command tests.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
3 # (C) Sergey Kandaurov |
|
4be791074207
Tests: proxy_ssl_conf_command tests.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
4 # (C) Nginx, Inc. |
|
4be791074207
Tests: proxy_ssl_conf_command tests.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
5 |
|
1697
5386f4328b90
Tests: added OpenSSL command tests for uwsgi and grpc backends.
Sergey Kandaurov <pluknet@nginx.com>
parents:
1696
diff
changeset
|
6 # Tests for proxy_ssl_conf_command and friends. |
|
1604
4be791074207
Tests: proxy_ssl_conf_command tests.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
7 |
|
4be791074207
Tests: proxy_ssl_conf_command tests.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
8 ############################################################################### |
|
4be791074207
Tests: proxy_ssl_conf_command tests.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
9 |
|
4be791074207
Tests: proxy_ssl_conf_command tests.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
10 use warnings; |
|
4be791074207
Tests: proxy_ssl_conf_command tests.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
11 use strict; |
|
4be791074207
Tests: proxy_ssl_conf_command tests.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
12 |
|
4be791074207
Tests: proxy_ssl_conf_command tests.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
13 use Test::More; |
|
4be791074207
Tests: proxy_ssl_conf_command tests.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
14 |
|
4be791074207
Tests: proxy_ssl_conf_command tests.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
15 BEGIN { use FindBin; chdir($FindBin::Bin); } |
|
4be791074207
Tests: proxy_ssl_conf_command tests.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
16 |
|
4be791074207
Tests: proxy_ssl_conf_command tests.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
17 use lib 'lib'; |
|
4be791074207
Tests: proxy_ssl_conf_command tests.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
18 use Test::Nginx; |
|
4be791074207
Tests: proxy_ssl_conf_command tests.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
19 |
|
4be791074207
Tests: proxy_ssl_conf_command tests.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
20 ############################################################################### |
|
4be791074207
Tests: proxy_ssl_conf_command tests.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
21 |
|
4be791074207
Tests: proxy_ssl_conf_command tests.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
22 select STDERR; $| = 1; |
|
4be791074207
Tests: proxy_ssl_conf_command tests.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
23 select STDOUT; $| = 1; |
|
4be791074207
Tests: proxy_ssl_conf_command tests.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
24 |
|
1697
5386f4328b90
Tests: added OpenSSL command tests for uwsgi and grpc backends.
Sergey Kandaurov <pluknet@nginx.com>
parents:
1696
diff
changeset
|
25 my $t = Test::Nginx->new()->has(qw/http http_ssl proxy uwsgi http_v2 grpc/) |
|
1604
4be791074207
Tests: proxy_ssl_conf_command tests.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
26 ->has_daemon('openssl'); |
|
4be791074207
Tests: proxy_ssl_conf_command tests.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
27 |
|
1692
f6795e2e6a4b
Tests: skip ssl_conf_command tests on too old OpenSSL explicitly.
Sergey Kandaurov <pluknet@nginx.com>
parents:
1604
diff
changeset
|
28 $t->{_configure_args} =~ /OpenSSL ([\d\.]+)/; |
|
f6795e2e6a4b
Tests: skip ssl_conf_command tests on too old OpenSSL explicitly.
Sergey Kandaurov <pluknet@nginx.com>
parents:
1604
diff
changeset
|
29 plan(skip_all => 'OpenSSL too old') unless defined $1 and $1 ge '1.0.2'; |
|
1696
4baeba0e0da2
Tests: skip ssl_conf_command tests with BoringSSL.
Sergey Kandaurov <pluknet@nginx.com>
parents:
1693
diff
changeset
|
30 plan(skip_all => 'no ssl_conf_command') if $t->has_module('BoringSSL'); |
|
1692
f6795e2e6a4b
Tests: skip ssl_conf_command tests on too old OpenSSL explicitly.
Sergey Kandaurov <pluknet@nginx.com>
parents:
1604
diff
changeset
|
31 |
|
1604
4be791074207
Tests: proxy_ssl_conf_command tests.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
32 $t->write_file_expand('nginx.conf', <<'EOF'); |
|
4be791074207
Tests: proxy_ssl_conf_command tests.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
33 |
|
4be791074207
Tests: proxy_ssl_conf_command tests.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
34 %%TEST_GLOBALS%% |
|
4be791074207
Tests: proxy_ssl_conf_command tests.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
35 |
|
4be791074207
Tests: proxy_ssl_conf_command tests.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
36 daemon off; |
|
4be791074207
Tests: proxy_ssl_conf_command tests.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
37 |
|
4be791074207
Tests: proxy_ssl_conf_command tests.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
38 events { |
|
4be791074207
Tests: proxy_ssl_conf_command tests.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
39 } |
|
4be791074207
Tests: proxy_ssl_conf_command tests.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
40 |
|
4be791074207
Tests: proxy_ssl_conf_command tests.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
41 http { |
|
4be791074207
Tests: proxy_ssl_conf_command tests.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
42 %%TEST_GLOBALS_HTTP%% |
|
4be791074207
Tests: proxy_ssl_conf_command tests.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
43 |
|
4be791074207
Tests: proxy_ssl_conf_command tests.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
44 server { |
|
4be791074207
Tests: proxy_ssl_conf_command tests.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
45 listen 127.0.0.1:8080; |
|
4be791074207
Tests: proxy_ssl_conf_command tests.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
46 server_name localhost; |
|
4be791074207
Tests: proxy_ssl_conf_command tests.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
47 |
|
1697
5386f4328b90
Tests: added OpenSSL command tests for uwsgi and grpc backends.
Sergey Kandaurov <pluknet@nginx.com>
parents:
1696
diff
changeset
|
48 location / { |
|
5386f4328b90
Tests: added OpenSSL command tests for uwsgi and grpc backends.
Sergey Kandaurov <pluknet@nginx.com>
parents:
1696
diff
changeset
|
49 proxy_ssl_certificate localhost.crt; |
|
5386f4328b90
Tests: added OpenSSL command tests for uwsgi and grpc backends.
Sergey Kandaurov <pluknet@nginx.com>
parents:
1696
diff
changeset
|
50 proxy_ssl_certificate_key localhost.key; |
|
5386f4328b90
Tests: added OpenSSL command tests for uwsgi and grpc backends.
Sergey Kandaurov <pluknet@nginx.com>
parents:
1696
diff
changeset
|
51 proxy_ssl_conf_command Certificate override.crt; |
|
5386f4328b90
Tests: added OpenSSL command tests for uwsgi and grpc backends.
Sergey Kandaurov <pluknet@nginx.com>
parents:
1696
diff
changeset
|
52 proxy_ssl_conf_command PrivateKey override.key; |
|
5386f4328b90
Tests: added OpenSSL command tests for uwsgi and grpc backends.
Sergey Kandaurov <pluknet@nginx.com>
parents:
1696
diff
changeset
|
53 proxy_pass https://127.0.0.1:8081; |
|
5386f4328b90
Tests: added OpenSSL command tests for uwsgi and grpc backends.
Sergey Kandaurov <pluknet@nginx.com>
parents:
1696
diff
changeset
|
54 } |
|
1604
4be791074207
Tests: proxy_ssl_conf_command tests.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
55 |
|
1697
5386f4328b90
Tests: added OpenSSL command tests for uwsgi and grpc backends.
Sergey Kandaurov <pluknet@nginx.com>
parents:
1696
diff
changeset
|
56 location /uwsgi { |
|
5386f4328b90
Tests: added OpenSSL command tests for uwsgi and grpc backends.
Sergey Kandaurov <pluknet@nginx.com>
parents:
1696
diff
changeset
|
57 uwsgi_ssl_certificate localhost.crt; |
|
5386f4328b90
Tests: added OpenSSL command tests for uwsgi and grpc backends.
Sergey Kandaurov <pluknet@nginx.com>
parents:
1696
diff
changeset
|
58 uwsgi_ssl_certificate_key localhost.key; |
|
5386f4328b90
Tests: added OpenSSL command tests for uwsgi and grpc backends.
Sergey Kandaurov <pluknet@nginx.com>
parents:
1696
diff
changeset
|
59 uwsgi_ssl_conf_command Certificate override.crt; |
|
5386f4328b90
Tests: added OpenSSL command tests for uwsgi and grpc backends.
Sergey Kandaurov <pluknet@nginx.com>
parents:
1696
diff
changeset
|
60 uwsgi_ssl_conf_command PrivateKey override.key; |
|
5386f4328b90
Tests: added OpenSSL command tests for uwsgi and grpc backends.
Sergey Kandaurov <pluknet@nginx.com>
parents:
1696
diff
changeset
|
61 uwsgi_ssl_session_reuse off; |
|
5386f4328b90
Tests: added OpenSSL command tests for uwsgi and grpc backends.
Sergey Kandaurov <pluknet@nginx.com>
parents:
1696
diff
changeset
|
62 uwsgi_pass suwsgi://127.0.0.1:8081; |
|
5386f4328b90
Tests: added OpenSSL command tests for uwsgi and grpc backends.
Sergey Kandaurov <pluknet@nginx.com>
parents:
1696
diff
changeset
|
63 } |
|
5386f4328b90
Tests: added OpenSSL command tests for uwsgi and grpc backends.
Sergey Kandaurov <pluknet@nginx.com>
parents:
1696
diff
changeset
|
64 |
|
5386f4328b90
Tests: added OpenSSL command tests for uwsgi and grpc backends.
Sergey Kandaurov <pluknet@nginx.com>
parents:
1696
diff
changeset
|
65 location /grpc { |
|
5386f4328b90
Tests: added OpenSSL command tests for uwsgi and grpc backends.
Sergey Kandaurov <pluknet@nginx.com>
parents:
1696
diff
changeset
|
66 grpc_ssl_certificate localhost.crt; |
|
5386f4328b90
Tests: added OpenSSL command tests for uwsgi and grpc backends.
Sergey Kandaurov <pluknet@nginx.com>
parents:
1696
diff
changeset
|
67 grpc_ssl_certificate_key localhost.key; |
|
5386f4328b90
Tests: added OpenSSL command tests for uwsgi and grpc backends.
Sergey Kandaurov <pluknet@nginx.com>
parents:
1696
diff
changeset
|
68 grpc_ssl_conf_command Certificate override.crt; |
|
5386f4328b90
Tests: added OpenSSL command tests for uwsgi and grpc backends.
Sergey Kandaurov <pluknet@nginx.com>
parents:
1696
diff
changeset
|
69 grpc_ssl_conf_command PrivateKey override.key; |
|
5386f4328b90
Tests: added OpenSSL command tests for uwsgi and grpc backends.
Sergey Kandaurov <pluknet@nginx.com>
parents:
1696
diff
changeset
|
70 grpc_pass grpcs://127.0.0.1:8082; |
|
1604
4be791074207
Tests: proxy_ssl_conf_command tests.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
71 } |
|
4be791074207
Tests: proxy_ssl_conf_command tests.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
72 } |
|
4be791074207
Tests: proxy_ssl_conf_command tests.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
73 |
|
4be791074207
Tests: proxy_ssl_conf_command tests.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
74 server { |
|
4be791074207
Tests: proxy_ssl_conf_command tests.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
75 listen 127.0.0.1:8081 ssl; |
|
1697
5386f4328b90
Tests: added OpenSSL command tests for uwsgi and grpc backends.
Sergey Kandaurov <pluknet@nginx.com>
parents:
1696
diff
changeset
|
76 listen 127.0.0.1:8082 ssl http2; |
|
1604
4be791074207
Tests: proxy_ssl_conf_command tests.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
77 server_name localhost; |
|
4be791074207
Tests: proxy_ssl_conf_command tests.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
78 |
|
4be791074207
Tests: proxy_ssl_conf_command tests.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
79 ssl_certificate localhost.crt; |
|
4be791074207
Tests: proxy_ssl_conf_command tests.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
80 ssl_certificate_key localhost.key; |
|
4be791074207
Tests: proxy_ssl_conf_command tests.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
81 ssl_verify_client optional_no_ca; |
|
4be791074207
Tests: proxy_ssl_conf_command tests.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
82 |
|
1697
5386f4328b90
Tests: added OpenSSL command tests for uwsgi and grpc backends.
Sergey Kandaurov <pluknet@nginx.com>
parents:
1696
diff
changeset
|
83 # stub to implement SSL logic for tests |
|
5386f4328b90
Tests: added OpenSSL command tests for uwsgi and grpc backends.
Sergey Kandaurov <pluknet@nginx.com>
parents:
1696
diff
changeset
|
84 |
|
5386f4328b90
Tests: added OpenSSL command tests for uwsgi and grpc backends.
Sergey Kandaurov <pluknet@nginx.com>
parents:
1696
diff
changeset
|
85 add_header X-Cert $ssl_client_s_dn always; |
|
1604
4be791074207
Tests: proxy_ssl_conf_command tests.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
86 } |
|
4be791074207
Tests: proxy_ssl_conf_command tests.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
87 } |
|
4be791074207
Tests: proxy_ssl_conf_command tests.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
88 |
|
4be791074207
Tests: proxy_ssl_conf_command tests.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
89 EOF |
|
4be791074207
Tests: proxy_ssl_conf_command tests.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
90 |
|
4be791074207
Tests: proxy_ssl_conf_command tests.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
91 $t->write_file('openssl.conf', <<EOF); |
|
4be791074207
Tests: proxy_ssl_conf_command tests.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
92 [ req ] |
|
4be791074207
Tests: proxy_ssl_conf_command tests.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
93 default_bits = 2048 |
|
4be791074207
Tests: proxy_ssl_conf_command tests.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
94 encrypt_key = no |
|
4be791074207
Tests: proxy_ssl_conf_command tests.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
95 distinguished_name = req_distinguished_name |
|
4be791074207
Tests: proxy_ssl_conf_command tests.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
96 [ req_distinguished_name ] |
|
4be791074207
Tests: proxy_ssl_conf_command tests.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
97 EOF |
|
4be791074207
Tests: proxy_ssl_conf_command tests.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
98 |
|
4be791074207
Tests: proxy_ssl_conf_command tests.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
99 my $d = $t->testdir(); |
|
4be791074207
Tests: proxy_ssl_conf_command tests.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
100 |
|
4be791074207
Tests: proxy_ssl_conf_command tests.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
101 foreach my $name ('localhost', 'override') { |
|
4be791074207
Tests: proxy_ssl_conf_command tests.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
102 system('openssl req -x509 -new ' |
|
4be791074207
Tests: proxy_ssl_conf_command tests.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
103 . "-config $d/openssl.conf -subj /CN=$name/ " |
|
4be791074207
Tests: proxy_ssl_conf_command tests.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
104 . "-out $d/$name.crt -keyout $d/$name.key " |
|
4be791074207
Tests: proxy_ssl_conf_command tests.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
105 . ">>$d/openssl.out 2>&1") == 0 |
|
4be791074207
Tests: proxy_ssl_conf_command tests.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
106 or die "Can't create certificate for $name: $!\n"; |
|
4be791074207
Tests: proxy_ssl_conf_command tests.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
107 } |
|
4be791074207
Tests: proxy_ssl_conf_command tests.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
108 |
|
4be791074207
Tests: proxy_ssl_conf_command tests.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
109 $t->write_file('index.html', ''); |
|
1697
5386f4328b90
Tests: added OpenSSL command tests for uwsgi and grpc backends.
Sergey Kandaurov <pluknet@nginx.com>
parents:
1696
diff
changeset
|
110 $t->run()->plan(3); |
|
1604
4be791074207
Tests: proxy_ssl_conf_command tests.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
111 |
|
4be791074207
Tests: proxy_ssl_conf_command tests.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
112 ############################################################################### |
|
4be791074207
Tests: proxy_ssl_conf_command tests.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
113 |
|
1697
5386f4328b90
Tests: added OpenSSL command tests for uwsgi and grpc backends.
Sergey Kandaurov <pluknet@nginx.com>
parents:
1696
diff
changeset
|
114 like(http_get('/'), qr/CN=override/, 'proxy_ssl_conf_command'); |
|
5386f4328b90
Tests: added OpenSSL command tests for uwsgi and grpc backends.
Sergey Kandaurov <pluknet@nginx.com>
parents:
1696
diff
changeset
|
115 like(http_get('/uwsgi'), qr/CN=override/, 'uwsgi_ssl_conf_command'); |
|
5386f4328b90
Tests: added OpenSSL command tests for uwsgi and grpc backends.
Sergey Kandaurov <pluknet@nginx.com>
parents:
1696
diff
changeset
|
116 like(http_get('/grpc'), qr/CN=override/, 'grpc_ssl_conf_command'); |
|
1604
4be791074207
Tests: proxy_ssl_conf_command tests.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
117 |
|
4be791074207
Tests: proxy_ssl_conf_command tests.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
118 ############################################################################### |