nginx-tests: ssl_certificate

annotate ssl_certificate_chain.t @ 1248:70192b1baf01

Tests: added exception test to stream_js.t using 'require'. The stream js tests introduced in edf5a3c9e36a fail on njs 0.1.14. It doesn't currently provide an easy way to check its version, whilst we are obligated to gracefully handle such cases somehow. With such an addition of 'require', now the tests are skipped instead on the previous versions.

author	Sergey Kandaurov <pluknet@nginx.com>
date	Tue, 21 Nov 2017 13:16:39 +0300
parents	0af58b78df35
children	8c764fd93b5e

rev	line source
686 0af386a519d2 Tests: tests for http ssl module with certificate chain. Sergey Kandaurov <pluknet@nginx.com> parents: diff changeset	1 #!/usr/bin/perl
0af386a519d2 Tests: tests for http ssl module with certificate chain. Sergey Kandaurov <pluknet@nginx.com> parents: diff changeset	2
0af386a519d2 Tests: tests for http ssl module with certificate chain. Sergey Kandaurov <pluknet@nginx.com> parents: diff changeset	3 # (C) Sergey Kandaurov
0af386a519d2 Tests: tests for http ssl module with certificate chain. Sergey Kandaurov <pluknet@nginx.com> parents: diff changeset	4 # (C) Nginx, Inc.
0af386a519d2 Tests: tests for http ssl module with certificate chain. Sergey Kandaurov <pluknet@nginx.com> parents: diff changeset	5
0af386a519d2 Tests: tests for http ssl module with certificate chain. Sergey Kandaurov <pluknet@nginx.com> parents: diff changeset	6 # Tests for http ssl module with certificate chain.
0af386a519d2 Tests: tests for http ssl module with certificate chain. Sergey Kandaurov <pluknet@nginx.com> parents: diff changeset	7
0af386a519d2 Tests: tests for http ssl module with certificate chain. Sergey Kandaurov <pluknet@nginx.com> parents: diff changeset	8 ###############################################################################
0af386a519d2 Tests: tests for http ssl module with certificate chain. Sergey Kandaurov <pluknet@nginx.com> parents: diff changeset	9
0af386a519d2 Tests: tests for http ssl module with certificate chain. Sergey Kandaurov <pluknet@nginx.com> parents: diff changeset	10 use warnings;
0af386a519d2 Tests: tests for http ssl module with certificate chain. Sergey Kandaurov <pluknet@nginx.com> parents: diff changeset	11 use strict;
0af386a519d2 Tests: tests for http ssl module with certificate chain. Sergey Kandaurov <pluknet@nginx.com> parents: diff changeset	12
0af386a519d2 Tests: tests for http ssl module with certificate chain. Sergey Kandaurov <pluknet@nginx.com> parents: diff changeset	13 use Test::More;
0af386a519d2 Tests: tests for http ssl module with certificate chain. Sergey Kandaurov <pluknet@nginx.com> parents: diff changeset	14
0af386a519d2 Tests: tests for http ssl module with certificate chain. Sergey Kandaurov <pluknet@nginx.com> parents: diff changeset	15 BEGIN { use FindBin; chdir($FindBin::Bin); }
0af386a519d2 Tests: tests for http ssl module with certificate chain. Sergey Kandaurov <pluknet@nginx.com> parents: diff changeset	16
0af386a519d2 Tests: tests for http ssl module with certificate chain. Sergey Kandaurov <pluknet@nginx.com> parents: diff changeset	17 use lib 'lib';
0af386a519d2 Tests: tests for http ssl module with certificate chain. Sergey Kandaurov <pluknet@nginx.com> parents: diff changeset	18 use Test::Nginx;
0af386a519d2 Tests: tests for http ssl module with certificate chain. Sergey Kandaurov <pluknet@nginx.com> parents: diff changeset	19
0af386a519d2 Tests: tests for http ssl module with certificate chain. Sergey Kandaurov <pluknet@nginx.com> parents: diff changeset	20 ###############################################################################
0af386a519d2 Tests: tests for http ssl module with certificate chain. Sergey Kandaurov <pluknet@nginx.com> parents: diff changeset	21
0af386a519d2 Tests: tests for http ssl module with certificate chain. Sergey Kandaurov <pluknet@nginx.com> parents: diff changeset	22 select STDERR; $\| = 1;
0af386a519d2 Tests: tests for http ssl module with certificate chain. Sergey Kandaurov <pluknet@nginx.com> parents: diff changeset	23 select STDOUT; $\| = 1;
0af386a519d2 Tests: tests for http ssl module with certificate chain. Sergey Kandaurov <pluknet@nginx.com> parents: diff changeset	24
0af386a519d2 Tests: tests for http ssl module with certificate chain. Sergey Kandaurov <pluknet@nginx.com> parents: diff changeset	25 eval { require IO::Socket::SSL; };
0af386a519d2 Tests: tests for http ssl module with certificate chain. Sergey Kandaurov <pluknet@nginx.com> parents: diff changeset	26 plan(skip_all => 'IO::Socket::SSL not installed') if $@;
0af386a519d2 Tests: tests for http ssl module with certificate chain. Sergey Kandaurov <pluknet@nginx.com> parents: diff changeset	27 eval { IO::Socket::SSL::SSL_VERIFY_NONE(); };
0af386a519d2 Tests: tests for http ssl module with certificate chain. Sergey Kandaurov <pluknet@nginx.com> parents: diff changeset	28 plan(skip_all => 'IO::Socket::SSL too old') if $@;
0af386a519d2 Tests: tests for http ssl module with certificate chain. Sergey Kandaurov <pluknet@nginx.com> parents: diff changeset	29
0af386a519d2 Tests: tests for http ssl module with certificate chain. Sergey Kandaurov <pluknet@nginx.com> parents: diff changeset	30 my $t = Test::Nginx->new()->has(qw/http http_ssl/)
0af386a519d2 Tests: tests for http ssl module with certificate chain. Sergey Kandaurov <pluknet@nginx.com> parents: diff changeset	31 ->has_daemon('openssl')->plan(3);
0af386a519d2 Tests: tests for http ssl module with certificate chain. Sergey Kandaurov <pluknet@nginx.com> parents: diff changeset	32
0af386a519d2 Tests: tests for http ssl module with certificate chain. Sergey Kandaurov <pluknet@nginx.com> parents: diff changeset	33 $t->write_file_expand('nginx.conf', <<'EOF');
0af386a519d2 Tests: tests for http ssl module with certificate chain. Sergey Kandaurov <pluknet@nginx.com> parents: diff changeset	34
0af386a519d2 Tests: tests for http ssl module with certificate chain. Sergey Kandaurov <pluknet@nginx.com> parents: diff changeset	35 %%TEST_GLOBALS%%
0af386a519d2 Tests: tests for http ssl module with certificate chain. Sergey Kandaurov <pluknet@nginx.com> parents: diff changeset	36
0af386a519d2 Tests: tests for http ssl module with certificate chain. Sergey Kandaurov <pluknet@nginx.com> parents: diff changeset	37 daemon off;
0af386a519d2 Tests: tests for http ssl module with certificate chain. Sergey Kandaurov <pluknet@nginx.com> parents: diff changeset	38
0af386a519d2 Tests: tests for http ssl module with certificate chain. Sergey Kandaurov <pluknet@nginx.com> parents: diff changeset	39 events {
0af386a519d2 Tests: tests for http ssl module with certificate chain. Sergey Kandaurov <pluknet@nginx.com> parents: diff changeset	40 }
0af386a519d2 Tests: tests for http ssl module with certificate chain. Sergey Kandaurov <pluknet@nginx.com> parents: diff changeset	41
0af386a519d2 Tests: tests for http ssl module with certificate chain. Sergey Kandaurov <pluknet@nginx.com> parents: diff changeset	42 http {
0af386a519d2 Tests: tests for http ssl module with certificate chain. Sergey Kandaurov <pluknet@nginx.com> parents: diff changeset	43 %%TEST_GLOBALS_HTTP%%
0af386a519d2 Tests: tests for http ssl module with certificate chain. Sergey Kandaurov <pluknet@nginx.com> parents: diff changeset	44
0af386a519d2 Tests: tests for http ssl module with certificate chain. Sergey Kandaurov <pluknet@nginx.com> parents: diff changeset	45 server {
974 882267679006 Tests: simplified parallel modifications in tests. Andrey Zelenkov <zelenkov@nginx.com> parents: 952 diff changeset	46 listen 127.0.0.1:8080 ssl;
686 0af386a519d2 Tests: tests for http ssl module with certificate chain. Sergey Kandaurov <pluknet@nginx.com> parents: diff changeset	47 server_name localhost;
0af386a519d2 Tests: tests for http ssl module with certificate chain. Sergey Kandaurov <pluknet@nginx.com> parents: diff changeset	48
0af386a519d2 Tests: tests for http ssl module with certificate chain. Sergey Kandaurov <pluknet@nginx.com> parents: diff changeset	49 ssl_certificate_key end.key;
0af386a519d2 Tests: tests for http ssl module with certificate chain. Sergey Kandaurov <pluknet@nginx.com> parents: diff changeset	50 ssl_certificate end.crt;
0af386a519d2 Tests: tests for http ssl module with certificate chain. Sergey Kandaurov <pluknet@nginx.com> parents: diff changeset	51 }
0af386a519d2 Tests: tests for http ssl module with certificate chain. Sergey Kandaurov <pluknet@nginx.com> parents: diff changeset	52
0af386a519d2 Tests: tests for http ssl module with certificate chain. Sergey Kandaurov <pluknet@nginx.com> parents: diff changeset	53 server {
974 882267679006 Tests: simplified parallel modifications in tests. Andrey Zelenkov <zelenkov@nginx.com> parents: 952 diff changeset	54 listen 127.0.0.1:8081 ssl;
686 0af386a519d2 Tests: tests for http ssl module with certificate chain. Sergey Kandaurov <pluknet@nginx.com> parents: diff changeset	55 server_name localhost;
0af386a519d2 Tests: tests for http ssl module with certificate chain. Sergey Kandaurov <pluknet@nginx.com> parents: diff changeset	56
0af386a519d2 Tests: tests for http ssl module with certificate chain. Sergey Kandaurov <pluknet@nginx.com> parents: diff changeset	57 ssl_certificate_key int.key;
0af386a519d2 Tests: tests for http ssl module with certificate chain. Sergey Kandaurov <pluknet@nginx.com> parents: diff changeset	58 ssl_certificate int.crt;
0af386a519d2 Tests: tests for http ssl module with certificate chain. Sergey Kandaurov <pluknet@nginx.com> parents: diff changeset	59 }
0af386a519d2 Tests: tests for http ssl module with certificate chain. Sergey Kandaurov <pluknet@nginx.com> parents: diff changeset	60
0af386a519d2 Tests: tests for http ssl module with certificate chain. Sergey Kandaurov <pluknet@nginx.com> parents: diff changeset	61 server {
974 882267679006 Tests: simplified parallel modifications in tests. Andrey Zelenkov <zelenkov@nginx.com> parents: 952 diff changeset	62 listen 127.0.0.1:8082 ssl;
686 0af386a519d2 Tests: tests for http ssl module with certificate chain. Sergey Kandaurov <pluknet@nginx.com> parents: diff changeset	63 server_name localhost;
0af386a519d2 Tests: tests for http ssl module with certificate chain. Sergey Kandaurov <pluknet@nginx.com> parents: diff changeset	64
0af386a519d2 Tests: tests for http ssl module with certificate chain. Sergey Kandaurov <pluknet@nginx.com> parents: diff changeset	65 ssl_certificate_key end.key;
0af386a519d2 Tests: tests for http ssl module with certificate chain. Sergey Kandaurov <pluknet@nginx.com> parents: diff changeset	66 ssl_certificate end-int.crt;
0af386a519d2 Tests: tests for http ssl module with certificate chain. Sergey Kandaurov <pluknet@nginx.com> parents: diff changeset	67 }
0af386a519d2 Tests: tests for http ssl module with certificate chain. Sergey Kandaurov <pluknet@nginx.com> parents: diff changeset	68 }
0af386a519d2 Tests: tests for http ssl module with certificate chain. Sergey Kandaurov <pluknet@nginx.com> parents: diff changeset	69
0af386a519d2 Tests: tests for http ssl module with certificate chain. Sergey Kandaurov <pluknet@nginx.com> parents: diff changeset	70 EOF
0af386a519d2 Tests: tests for http ssl module with certificate chain. Sergey Kandaurov <pluknet@nginx.com> parents: diff changeset	71
0af386a519d2 Tests: tests for http ssl module with certificate chain. Sergey Kandaurov <pluknet@nginx.com> parents: diff changeset	72 my $d = $t->testdir();
0af386a519d2 Tests: tests for http ssl module with certificate chain. Sergey Kandaurov <pluknet@nginx.com> parents: diff changeset	73
0af386a519d2 Tests: tests for http ssl module with certificate chain. Sergey Kandaurov <pluknet@nginx.com> parents: diff changeset	74 $t->write_file('openssl.conf', <<EOF);
0af386a519d2 Tests: tests for http ssl module with certificate chain. Sergey Kandaurov <pluknet@nginx.com> parents: diff changeset	75 [ req ]
1116 8ef51dbb5d69 Tests: reduced OpenSSL default key length to 1024. Sergey Kandaurov <pluknet@nginx.com> parents: 974 diff changeset	76 default_bits = 1024
686 0af386a519d2 Tests: tests for http ssl module with certificate chain. Sergey Kandaurov <pluknet@nginx.com> parents: diff changeset	77 encrypt_key = no
0af386a519d2 Tests: tests for http ssl module with certificate chain. Sergey Kandaurov <pluknet@nginx.com> parents: diff changeset	78 distinguished_name = req_distinguished_name
0af386a519d2 Tests: tests for http ssl module with certificate chain. Sergey Kandaurov <pluknet@nginx.com> parents: diff changeset	79 [ req_distinguished_name ]
0af386a519d2 Tests: tests for http ssl module with certificate chain. Sergey Kandaurov <pluknet@nginx.com> parents: diff changeset	80 EOF
0af386a519d2 Tests: tests for http ssl module with certificate chain. Sergey Kandaurov <pluknet@nginx.com> parents: diff changeset	81
0af386a519d2 Tests: tests for http ssl module with certificate chain. Sergey Kandaurov <pluknet@nginx.com> parents: diff changeset	82 $t->write_file('ca.conf', <<EOF);
0af386a519d2 Tests: tests for http ssl module with certificate chain. Sergey Kandaurov <pluknet@nginx.com> parents: diff changeset	83 [ ca ]
0af386a519d2 Tests: tests for http ssl module with certificate chain. Sergey Kandaurov <pluknet@nginx.com> parents: diff changeset	84 default_ca = myca
0af386a519d2 Tests: tests for http ssl module with certificate chain. Sergey Kandaurov <pluknet@nginx.com> parents: diff changeset	85
0af386a519d2 Tests: tests for http ssl module with certificate chain. Sergey Kandaurov <pluknet@nginx.com> parents: diff changeset	86 [ myca ]
0af386a519d2 Tests: tests for http ssl module with certificate chain. Sergey Kandaurov <pluknet@nginx.com> parents: diff changeset	87 new_certs_dir = $d
0af386a519d2 Tests: tests for http ssl module with certificate chain. Sergey Kandaurov <pluknet@nginx.com> parents: diff changeset	88 database = $d/certindex
0af386a519d2 Tests: tests for http ssl module with certificate chain. Sergey Kandaurov <pluknet@nginx.com> parents: diff changeset	89 default_md = sha1
0af386a519d2 Tests: tests for http ssl module with certificate chain. Sergey Kandaurov <pluknet@nginx.com> parents: diff changeset	90 policy = myca_policy
0af386a519d2 Tests: tests for http ssl module with certificate chain. Sergey Kandaurov <pluknet@nginx.com> parents: diff changeset	91 serial = $d/certserial
0af386a519d2 Tests: tests for http ssl module with certificate chain. Sergey Kandaurov <pluknet@nginx.com> parents: diff changeset	92 default_days = 1
0af386a519d2 Tests: tests for http ssl module with certificate chain. Sergey Kandaurov <pluknet@nginx.com> parents: diff changeset	93 x509_extensions = myca_extensions
0af386a519d2 Tests: tests for http ssl module with certificate chain. Sergey Kandaurov <pluknet@nginx.com> parents: diff changeset	94
0af386a519d2 Tests: tests for http ssl module with certificate chain. Sergey Kandaurov <pluknet@nginx.com> parents: diff changeset	95 [ myca_policy ]
0af386a519d2 Tests: tests for http ssl module with certificate chain. Sergey Kandaurov <pluknet@nginx.com> parents: diff changeset	96 commonName = supplied
0af386a519d2 Tests: tests for http ssl module with certificate chain. Sergey Kandaurov <pluknet@nginx.com> parents: diff changeset	97
0af386a519d2 Tests: tests for http ssl module with certificate chain. Sergey Kandaurov <pluknet@nginx.com> parents: diff changeset	98 [ myca_extensions ]
0af386a519d2 Tests: tests for http ssl module with certificate chain. Sergey Kandaurov <pluknet@nginx.com> parents: diff changeset	99 basicConstraints = critical,CA:TRUE
0af386a519d2 Tests: tests for http ssl module with certificate chain. Sergey Kandaurov <pluknet@nginx.com> parents: diff changeset	100 EOF
0af386a519d2 Tests: tests for http ssl module with certificate chain. Sergey Kandaurov <pluknet@nginx.com> parents: diff changeset	101
0af386a519d2 Tests: tests for http ssl module with certificate chain. Sergey Kandaurov <pluknet@nginx.com> parents: diff changeset	102 foreach my $name ('root') {
0af386a519d2 Tests: tests for http ssl module with certificate chain. Sergey Kandaurov <pluknet@nginx.com> parents: diff changeset	103 system('openssl req -x509 -new '
1220 0af58b78df35 Tests: removed single quotes from system() calls. Sergey Kandaurov <pluknet@nginx.com> parents: 1116 diff changeset	104 . "-config $d/openssl.conf -subj /CN=$name/ "
0af58b78df35 Tests: removed single quotes from system() calls. Sergey Kandaurov <pluknet@nginx.com> parents: 1116 diff changeset	105 . "-out $d/$name.crt -keyout $d/$name.key "
686 0af386a519d2 Tests: tests for http ssl module with certificate chain. Sergey Kandaurov <pluknet@nginx.com> parents: diff changeset	106 . ">>$d/openssl.out 2>&1") == 0
0af386a519d2 Tests: tests for http ssl module with certificate chain. Sergey Kandaurov <pluknet@nginx.com> parents: diff changeset	107 or die "Can't create certificate for $name: $!\n";
0af386a519d2 Tests: tests for http ssl module with certificate chain. Sergey Kandaurov <pluknet@nginx.com> parents: diff changeset	108 }
0af386a519d2 Tests: tests for http ssl module with certificate chain. Sergey Kandaurov <pluknet@nginx.com> parents: diff changeset	109
0af386a519d2 Tests: tests for http ssl module with certificate chain. Sergey Kandaurov <pluknet@nginx.com> parents: diff changeset	110 foreach my $name ('int', 'end') {
0af386a519d2 Tests: tests for http ssl module with certificate chain. Sergey Kandaurov <pluknet@nginx.com> parents: diff changeset	111 system("openssl req -new "
1220 0af58b78df35 Tests: removed single quotes from system() calls. Sergey Kandaurov <pluknet@nginx.com> parents: 1116 diff changeset	112 . "-config $d/openssl.conf -subj /CN=$name/ "
0af58b78df35 Tests: removed single quotes from system() calls. Sergey Kandaurov <pluknet@nginx.com> parents: 1116 diff changeset	113 . "-out $d/$name.csr -keyout $d/$name.key "
686 0af386a519d2 Tests: tests for http ssl module with certificate chain. Sergey Kandaurov <pluknet@nginx.com> parents: diff changeset	114 . ">>$d/openssl.out 2>&1") == 0
0af386a519d2 Tests: tests for http ssl module with certificate chain. Sergey Kandaurov <pluknet@nginx.com> parents: diff changeset	115 or die "Can't create certificate for $name: $!\n";
0af386a519d2 Tests: tests for http ssl module with certificate chain. Sergey Kandaurov <pluknet@nginx.com> parents: diff changeset	116 }
0af386a519d2 Tests: tests for http ssl module with certificate chain. Sergey Kandaurov <pluknet@nginx.com> parents: diff changeset	117
0af386a519d2 Tests: tests for http ssl module with certificate chain. Sergey Kandaurov <pluknet@nginx.com> parents: diff changeset	118 $t->write_file('certserial', '1000');
0af386a519d2 Tests: tests for http ssl module with certificate chain. Sergey Kandaurov <pluknet@nginx.com> parents: diff changeset	119 $t->write_file('certindex', '');
0af386a519d2 Tests: tests for http ssl module with certificate chain. Sergey Kandaurov <pluknet@nginx.com> parents: diff changeset	120
1220 0af58b78df35 Tests: removed single quotes from system() calls. Sergey Kandaurov <pluknet@nginx.com> parents: 1116 diff changeset	121 system("openssl ca -batch -config $d/ca.conf "
0af58b78df35 Tests: removed single quotes from system() calls. Sergey Kandaurov <pluknet@nginx.com> parents: 1116 diff changeset	122 . "-keyfile $d/root.key -cert $d/root.crt "
0af58b78df35 Tests: removed single quotes from system() calls. Sergey Kandaurov <pluknet@nginx.com> parents: 1116 diff changeset	123 . "-subj /CN=int/ -in $d/int.csr -out $d/int.crt "
686 0af386a519d2 Tests: tests for http ssl module with certificate chain. Sergey Kandaurov <pluknet@nginx.com> parents: diff changeset	124 . ">>$d/openssl.out 2>&1") == 0
0af386a519d2 Tests: tests for http ssl module with certificate chain. Sergey Kandaurov <pluknet@nginx.com> parents: diff changeset	125 or die "Can't sign certificate for int: $!\n";
0af386a519d2 Tests: tests for http ssl module with certificate chain. Sergey Kandaurov <pluknet@nginx.com> parents: diff changeset	126
1220 0af58b78df35 Tests: removed single quotes from system() calls. Sergey Kandaurov <pluknet@nginx.com> parents: 1116 diff changeset	127 system("openssl ca -batch -config $d/ca.conf "
0af58b78df35 Tests: removed single quotes from system() calls. Sergey Kandaurov <pluknet@nginx.com> parents: 1116 diff changeset	128 . "-keyfile $d/int.key -cert $d/int.crt "
0af58b78df35 Tests: removed single quotes from system() calls. Sergey Kandaurov <pluknet@nginx.com> parents: 1116 diff changeset	129 . "-subj /CN=end/ -in $d/end.csr -out $d/end.crt "
686 0af386a519d2 Tests: tests for http ssl module with certificate chain. Sergey Kandaurov <pluknet@nginx.com> parents: diff changeset	130 . ">>$d/openssl.out 2>&1") == 0
0af386a519d2 Tests: tests for http ssl module with certificate chain. Sergey Kandaurov <pluknet@nginx.com> parents: diff changeset	131 or die "Can't sign certificate for end: $!\n";
0af386a519d2 Tests: tests for http ssl module with certificate chain. Sergey Kandaurov <pluknet@nginx.com> parents: diff changeset	132
0af386a519d2 Tests: tests for http ssl module with certificate chain. Sergey Kandaurov <pluknet@nginx.com> parents: diff changeset	133 $t->write_file('end-int.crt',
0af386a519d2 Tests: tests for http ssl module with certificate chain. Sergey Kandaurov <pluknet@nginx.com> parents: diff changeset	134 $t->read_file('end.crt') . $t->read_file('int.crt'));
0af386a519d2 Tests: tests for http ssl module with certificate chain. Sergey Kandaurov <pluknet@nginx.com> parents: diff changeset	135
0af386a519d2 Tests: tests for http ssl module with certificate chain. Sergey Kandaurov <pluknet@nginx.com> parents: diff changeset	136 $t->run();
0af386a519d2 Tests: tests for http ssl module with certificate chain. Sergey Kandaurov <pluknet@nginx.com> parents: diff changeset	137
0af386a519d2 Tests: tests for http ssl module with certificate chain. Sergey Kandaurov <pluknet@nginx.com> parents: diff changeset	138 ###############################################################################
0af386a519d2 Tests: tests for http ssl module with certificate chain. Sergey Kandaurov <pluknet@nginx.com> parents: diff changeset	139
974 882267679006 Tests: simplified parallel modifications in tests. Andrey Zelenkov <zelenkov@nginx.com> parents: 952 diff changeset	140 is(get_ssl_socket(port(8080)), undef, 'incomplete chain');
882267679006 Tests: simplified parallel modifications in tests. Andrey Zelenkov <zelenkov@nginx.com> parents: 952 diff changeset	141 ok(get_ssl_socket(port(8081)), 'intermediate');
882267679006 Tests: simplified parallel modifications in tests. Andrey Zelenkov <zelenkov@nginx.com> parents: 952 diff changeset	142 ok(get_ssl_socket(port(8082)), 'intermediate server');
686 0af386a519d2 Tests: tests for http ssl module with certificate chain. Sergey Kandaurov <pluknet@nginx.com> parents: diff changeset	143
0af386a519d2 Tests: tests for http ssl module with certificate chain. Sergey Kandaurov <pluknet@nginx.com> parents: diff changeset	144 ###############################################################################
0af386a519d2 Tests: tests for http ssl module with certificate chain. Sergey Kandaurov <pluknet@nginx.com> parents: diff changeset	145
0af386a519d2 Tests: tests for http ssl module with certificate chain. Sergey Kandaurov <pluknet@nginx.com> parents: diff changeset	146 sub get_ssl_socket {
0af386a519d2 Tests: tests for http ssl module with certificate chain. Sergey Kandaurov <pluknet@nginx.com> parents: diff changeset	147 my ($port) = @_;
0af386a519d2 Tests: tests for http ssl module with certificate chain. Sergey Kandaurov <pluknet@nginx.com> parents: diff changeset	148 my ($s, $verify);
0af386a519d2 Tests: tests for http ssl module with certificate chain. Sergey Kandaurov <pluknet@nginx.com> parents: diff changeset	149
0af386a519d2 Tests: tests for http ssl module with certificate chain. Sergey Kandaurov <pluknet@nginx.com> parents: diff changeset	150 eval {
0af386a519d2 Tests: tests for http ssl module with certificate chain. Sergey Kandaurov <pluknet@nginx.com> parents: diff changeset	151 local $SIG{ALRM} = sub { die "timeout\n" };
0af386a519d2 Tests: tests for http ssl module with certificate chain. Sergey Kandaurov <pluknet@nginx.com> parents: diff changeset	152 local $SIG{PIPE} = sub { die "sigpipe\n" };
0af386a519d2 Tests: tests for http ssl module with certificate chain. Sergey Kandaurov <pluknet@nginx.com> parents: diff changeset	153 alarm(2);
0af386a519d2 Tests: tests for http ssl module with certificate chain. Sergey Kandaurov <pluknet@nginx.com> parents: diff changeset	154 $s = IO::Socket::SSL->new(
0af386a519d2 Tests: tests for http ssl module with certificate chain. Sergey Kandaurov <pluknet@nginx.com> parents: diff changeset	155 Proto => 'tcp',
0af386a519d2 Tests: tests for http ssl module with certificate chain. Sergey Kandaurov <pluknet@nginx.com> parents: diff changeset	156 PeerAddr => '127.0.0.1',
0af386a519d2 Tests: tests for http ssl module with certificate chain. Sergey Kandaurov <pluknet@nginx.com> parents: diff changeset	157 PeerPort => $port,
0af386a519d2 Tests: tests for http ssl module with certificate chain. Sergey Kandaurov <pluknet@nginx.com> parents: diff changeset	158 SSL_verify_mode => IO::Socket::SSL::SSL_VERIFY_PEER(),
0af386a519d2 Tests: tests for http ssl module with certificate chain. Sergey Kandaurov <pluknet@nginx.com> parents: diff changeset	159 SSL_ca_file => "$d/root.crt",
0af386a519d2 Tests: tests for http ssl module with certificate chain. Sergey Kandaurov <pluknet@nginx.com> parents: diff changeset	160 SSL_verify_callback => sub {
0af386a519d2 Tests: tests for http ssl module with certificate chain. Sergey Kandaurov <pluknet@nginx.com> parents: diff changeset	161 my ($ok) = @_;
0af386a519d2 Tests: tests for http ssl module with certificate chain. Sergey Kandaurov <pluknet@nginx.com> parents: diff changeset	162 $verify = $ok;
0af386a519d2 Tests: tests for http ssl module with certificate chain. Sergey Kandaurov <pluknet@nginx.com> parents: diff changeset	163 return $ok;
0af386a519d2 Tests: tests for http ssl module with certificate chain. Sergey Kandaurov <pluknet@nginx.com> parents: diff changeset	164 },
0af386a519d2 Tests: tests for http ssl module with certificate chain. Sergey Kandaurov <pluknet@nginx.com> parents: diff changeset	165 SSL_error_trap => sub { die $_[1] }
0af386a519d2 Tests: tests for http ssl module with certificate chain. Sergey Kandaurov <pluknet@nginx.com> parents: diff changeset	166 );
0af386a519d2 Tests: tests for http ssl module with certificate chain. Sergey Kandaurov <pluknet@nginx.com> parents: diff changeset	167 alarm(0);
0af386a519d2 Tests: tests for http ssl module with certificate chain. Sergey Kandaurov <pluknet@nginx.com> parents: diff changeset	168 };
0af386a519d2 Tests: tests for http ssl module with certificate chain. Sergey Kandaurov <pluknet@nginx.com> parents: diff changeset	169 alarm(0);
0af386a519d2 Tests: tests for http ssl module with certificate chain. Sergey Kandaurov <pluknet@nginx.com> parents: diff changeset	170
0af386a519d2 Tests: tests for http ssl module with certificate chain. Sergey Kandaurov <pluknet@nginx.com> parents: diff changeset	171 if ($@) {
0af386a519d2 Tests: tests for http ssl module with certificate chain. Sergey Kandaurov <pluknet@nginx.com> parents: diff changeset	172 log_in("died: $@");
0af386a519d2 Tests: tests for http ssl module with certificate chain. Sergey Kandaurov <pluknet@nginx.com> parents: diff changeset	173 return undef;
0af386a519d2 Tests: tests for http ssl module with certificate chain. Sergey Kandaurov <pluknet@nginx.com> parents: diff changeset	174 }
0af386a519d2 Tests: tests for http ssl module with certificate chain. Sergey Kandaurov <pluknet@nginx.com> parents: diff changeset	175
0af386a519d2 Tests: tests for http ssl module with certificate chain. Sergey Kandaurov <pluknet@nginx.com> parents: diff changeset	176 return $verify;
0af386a519d2 Tests: tests for http ssl module with certificate chain. Sergey Kandaurov <pluknet@nginx.com> parents: diff changeset	177 }
0af386a519d2 Tests: tests for http ssl module with certificate chain. Sergey Kandaurov <pluknet@nginx.com> parents: diff changeset	178
0af386a519d2 Tests: tests for http ssl module with certificate chain. Sergey Kandaurov <pluknet@nginx.com> parents: diff changeset	179 ###############################################################################

Mercurial > hg > nginx-tests

annotate ssl_certificate_chain.t @ 1248:70192b1baf01