Mercurial > hg > nginx-tests
annotate ssl.t @ 1828:835630547d35
Tests: dav tests with UTF-8.
author | Sergey Kandaurov <pluknet@nginx.com> |
---|---|
date | Tue, 21 Mar 2023 14:20:54 +0400 |
parents | 84b6bb8d74e5 |
children | a78c32419f02 |
rev | line source |
---|---|
370
74cfe56c7b83
Tests: simple https tests.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
1 #!/usr/bin/perl |
74cfe56c7b83
Tests: simple https tests.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
2 |
74cfe56c7b83
Tests: simple https tests.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
3 # (C) Sergey Kandaurov |
664
97660514e518
Tests: more http ssl tests.
Andrey Zelenkov <zelenkov@nginx.com>
parents:
503
diff
changeset
|
4 # (C) Andrey Zelenkov |
370
74cfe56c7b83
Tests: simple https tests.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
5 # (C) Nginx, Inc. |
74cfe56c7b83
Tests: simple https tests.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
6 |
74cfe56c7b83
Tests: simple https tests.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
7 # Tests for http ssl module. |
74cfe56c7b83
Tests: simple https tests.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
8 |
74cfe56c7b83
Tests: simple https tests.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
9 ############################################################################### |
74cfe56c7b83
Tests: simple https tests.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
10 |
74cfe56c7b83
Tests: simple https tests.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
11 use warnings; |
74cfe56c7b83
Tests: simple https tests.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
12 use strict; |
74cfe56c7b83
Tests: simple https tests.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
13 |
74cfe56c7b83
Tests: simple https tests.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
14 use Test::More; |
74cfe56c7b83
Tests: simple https tests.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
15 |
1325
f80176242a7e
Tests: c->read->ready handling in ngx_ssl_recv(), fixed in 1.5.8.
Sergey Kandaurov <pluknet@nginx.com>
parents:
1324
diff
changeset
|
16 use Socket qw/ CRLF /; |
f80176242a7e
Tests: c->read->ready handling in ngx_ssl_recv(), fixed in 1.5.8.
Sergey Kandaurov <pluknet@nginx.com>
parents:
1324
diff
changeset
|
17 |
370
74cfe56c7b83
Tests: simple https tests.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
18 BEGIN { use FindBin; chdir($FindBin::Bin); } |
74cfe56c7b83
Tests: simple https tests.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
19 |
74cfe56c7b83
Tests: simple https tests.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
20 use lib 'lib'; |
74cfe56c7b83
Tests: simple https tests.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
21 use Test::Nginx; |
74cfe56c7b83
Tests: simple https tests.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
22 |
74cfe56c7b83
Tests: simple https tests.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
23 ############################################################################### |
74cfe56c7b83
Tests: simple https tests.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
24 |
74cfe56c7b83
Tests: simple https tests.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
25 select STDERR; $| = 1; |
74cfe56c7b83
Tests: simple https tests.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
26 select STDOUT; $| = 1; |
74cfe56c7b83
Tests: simple https tests.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
27 |
430
a82b02635614
Tests: skip ssl tests with ancient IO::Socket::SSL.
Maxim Dounin <mdounin@mdounin.ru>
parents:
397
diff
changeset
|
28 eval { require IO::Socket::SSL; }; |
370
74cfe56c7b83
Tests: simple https tests.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
29 plan(skip_all => 'IO::Socket::SSL not installed') if $@; |
430
a82b02635614
Tests: skip ssl tests with ancient IO::Socket::SSL.
Maxim Dounin <mdounin@mdounin.ru>
parents:
397
diff
changeset
|
30 eval { IO::Socket::SSL::SSL_VERIFY_NONE(); }; |
a82b02635614
Tests: skip ssl tests with ancient IO::Socket::SSL.
Maxim Dounin <mdounin@mdounin.ru>
parents:
397
diff
changeset
|
31 plan(skip_all => 'IO::Socket::SSL too old') if $@; |
370
74cfe56c7b83
Tests: simple https tests.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
32 |
1325
f80176242a7e
Tests: c->read->ready handling in ngx_ssl_recv(), fixed in 1.5.8.
Sergey Kandaurov <pluknet@nginx.com>
parents:
1324
diff
changeset
|
33 my $t = Test::Nginx->new()->has(qw/http http_ssl rewrite proxy/) |
1723
3581dc3c1937
Tests: added ssl test for "unexpected eof while reading".
Sergey Kandaurov <pluknet@nginx.com>
parents:
1695
diff
changeset
|
34 ->has_daemon('openssl')->plan(28); |
370
74cfe56c7b83
Tests: simple https tests.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
35 |
1068
d0ec761774a5
Tests: client certificate issuer/subject variables.
Sergey Kandaurov <pluknet@nginx.com>
parents:
1067
diff
changeset
|
36 $t->write_file_expand('nginx.conf', <<'EOF'); |
370
74cfe56c7b83
Tests: simple https tests.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
37 |
74cfe56c7b83
Tests: simple https tests.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
38 %%TEST_GLOBALS%% |
74cfe56c7b83
Tests: simple https tests.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
39 |
74cfe56c7b83
Tests: simple https tests.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
40 daemon off; |
74cfe56c7b83
Tests: simple https tests.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
41 |
74cfe56c7b83
Tests: simple https tests.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
42 events { |
74cfe56c7b83
Tests: simple https tests.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
43 } |
74cfe56c7b83
Tests: simple https tests.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
44 |
74cfe56c7b83
Tests: simple https tests.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
45 http { |
74cfe56c7b83
Tests: simple https tests.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
46 %%TEST_GLOBALS_HTTP%% |
74cfe56c7b83
Tests: simple https tests.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
47 |
664
97660514e518
Tests: more http ssl tests.
Andrey Zelenkov <zelenkov@nginx.com>
parents:
503
diff
changeset
|
48 ssl_certificate_key localhost.key; |
97660514e518
Tests: more http ssl tests.
Andrey Zelenkov <zelenkov@nginx.com>
parents:
503
diff
changeset
|
49 ssl_certificate localhost.crt; |
97660514e518
Tests: more http ssl tests.
Andrey Zelenkov <zelenkov@nginx.com>
parents:
503
diff
changeset
|
50 ssl_session_tickets off; |
97660514e518
Tests: more http ssl tests.
Andrey Zelenkov <zelenkov@nginx.com>
parents:
503
diff
changeset
|
51 |
1675
0d1cec688111
Tests: logging ssl variables with lingering close.
Sergey Kandaurov <pluknet@nginx.com>
parents:
1655
diff
changeset
|
52 log_format ssl $ssl_protocol; |
0d1cec688111
Tests: logging ssl variables with lingering close.
Sergey Kandaurov <pluknet@nginx.com>
parents:
1655
diff
changeset
|
53 |
370
74cfe56c7b83
Tests: simple https tests.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
54 server { |
974
882267679006
Tests: simplified parallel modifications in tests.
Andrey Zelenkov <zelenkov@nginx.com>
parents:
952
diff
changeset
|
55 listen 127.0.0.1:8085 ssl; |
882267679006
Tests: simplified parallel modifications in tests.
Andrey Zelenkov <zelenkov@nginx.com>
parents:
952
diff
changeset
|
56 listen 127.0.0.1:8080; |
370
74cfe56c7b83
Tests: simple https tests.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
57 server_name localhost; |
74cfe56c7b83
Tests: simple https tests.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
58 |
664
97660514e518
Tests: more http ssl tests.
Andrey Zelenkov <zelenkov@nginx.com>
parents:
503
diff
changeset
|
59 ssl_certificate_key inner.key; |
97660514e518
Tests: more http ssl tests.
Andrey Zelenkov <zelenkov@nginx.com>
parents:
503
diff
changeset
|
60 ssl_certificate inner.crt; |
503
071e8941e3bf
Tests: reduce shared memory zone sizes.
Maxim Dounin <mdounin@mdounin.ru>
parents:
430
diff
changeset
|
61 ssl_session_cache shared:SSL:1m; |
1068
d0ec761774a5
Tests: client certificate issuer/subject variables.
Sergey Kandaurov <pluknet@nginx.com>
parents:
1067
diff
changeset
|
62 ssl_verify_client optional_no_ca; |
370
74cfe56c7b83
Tests: simple https tests.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
63 |
1552
3b6b2667ece9
Tests: added https test with pipelined requests.
Sergey Kandaurov <pluknet@nginx.com>
parents:
1514
diff
changeset
|
64 keepalive_requests 1000; |
3b6b2667ece9
Tests: added https test with pipelined requests.
Sergey Kandaurov <pluknet@nginx.com>
parents:
1514
diff
changeset
|
65 |
1514
c6f27bcdd9d9
Tests: revised ssl.t.
Sergey Kandaurov <pluknet@nginx.com>
parents:
1488
diff
changeset
|
66 location / { |
370
74cfe56c7b83
Tests: simple https tests.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
67 return 200 "body $ssl_session_reused"; |
74cfe56c7b83
Tests: simple https tests.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
68 } |
74cfe56c7b83
Tests: simple https tests.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
69 location /id { |
74cfe56c7b83
Tests: simple https tests.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
70 return 200 "body $ssl_session_id"; |
74cfe56c7b83
Tests: simple https tests.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
71 } |
664
97660514e518
Tests: more http ssl tests.
Andrey Zelenkov <zelenkov@nginx.com>
parents:
503
diff
changeset
|
72 location /cipher { |
97660514e518
Tests: more http ssl tests.
Andrey Zelenkov <zelenkov@nginx.com>
parents:
503
diff
changeset
|
73 return 200 "body $ssl_cipher"; |
97660514e518
Tests: more http ssl tests.
Andrey Zelenkov <zelenkov@nginx.com>
parents:
503
diff
changeset
|
74 } |
1514
c6f27bcdd9d9
Tests: revised ssl.t.
Sergey Kandaurov <pluknet@nginx.com>
parents:
1488
diff
changeset
|
75 location /ciphers { |
c6f27bcdd9d9
Tests: revised ssl.t.
Sergey Kandaurov <pluknet@nginx.com>
parents:
1488
diff
changeset
|
76 return 200 "body $ssl_ciphers"; |
c6f27bcdd9d9
Tests: revised ssl.t.
Sergey Kandaurov <pluknet@nginx.com>
parents:
1488
diff
changeset
|
77 } |
664
97660514e518
Tests: more http ssl tests.
Andrey Zelenkov <zelenkov@nginx.com>
parents:
503
diff
changeset
|
78 location /client_verify { |
97660514e518
Tests: more http ssl tests.
Andrey Zelenkov <zelenkov@nginx.com>
parents:
503
diff
changeset
|
79 return 200 "body $ssl_client_verify"; |
97660514e518
Tests: more http ssl tests.
Andrey Zelenkov <zelenkov@nginx.com>
parents:
503
diff
changeset
|
80 } |
97660514e518
Tests: more http ssl tests.
Andrey Zelenkov <zelenkov@nginx.com>
parents:
503
diff
changeset
|
81 location /protocol { |
97660514e518
Tests: more http ssl tests.
Andrey Zelenkov <zelenkov@nginx.com>
parents:
503
diff
changeset
|
82 return 200 "body $ssl_protocol"; |
97660514e518
Tests: more http ssl tests.
Andrey Zelenkov <zelenkov@nginx.com>
parents:
503
diff
changeset
|
83 } |
1068
d0ec761774a5
Tests: client certificate issuer/subject variables.
Sergey Kandaurov <pluknet@nginx.com>
parents:
1067
diff
changeset
|
84 location /issuer { |
1382
cb1346b553aa
Tests: simple https tests merged back.
Sergey Kandaurov <pluknet@nginx.com>
parents:
1325
diff
changeset
|
85 return 200 "body $ssl_client_i_dn:$ssl_client_i_dn_legacy"; |
1068
d0ec761774a5
Tests: client certificate issuer/subject variables.
Sergey Kandaurov <pluknet@nginx.com>
parents:
1067
diff
changeset
|
86 } |
d0ec761774a5
Tests: client certificate issuer/subject variables.
Sergey Kandaurov <pluknet@nginx.com>
parents:
1067
diff
changeset
|
87 location /subject { |
1382
cb1346b553aa
Tests: simple https tests merged back.
Sergey Kandaurov <pluknet@nginx.com>
parents:
1325
diff
changeset
|
88 return 200 "body $ssl_client_s_dn:$ssl_client_s_dn_legacy"; |
cb1346b553aa
Tests: simple https tests merged back.
Sergey Kandaurov <pluknet@nginx.com>
parents:
1325
diff
changeset
|
89 } |
cb1346b553aa
Tests: simple https tests merged back.
Sergey Kandaurov <pluknet@nginx.com>
parents:
1325
diff
changeset
|
90 location /time { |
cb1346b553aa
Tests: simple https tests merged back.
Sergey Kandaurov <pluknet@nginx.com>
parents:
1325
diff
changeset
|
91 return 200 "body $ssl_client_v_start!$ssl_client_v_end!$ssl_client_v_remain"; |
1094
dd8f126afa32
Tests: client certificate time variables tests.
Andrey Zelenkov <zelenkov@nginx.com>
parents:
1093
diff
changeset
|
92 } |
1325
f80176242a7e
Tests: c->read->ready handling in ngx_ssl_recv(), fixed in 1.5.8.
Sergey Kandaurov <pluknet@nginx.com>
parents:
1324
diff
changeset
|
93 |
f80176242a7e
Tests: c->read->ready handling in ngx_ssl_recv(), fixed in 1.5.8.
Sergey Kandaurov <pluknet@nginx.com>
parents:
1324
diff
changeset
|
94 location /body { |
f80176242a7e
Tests: c->read->ready handling in ngx_ssl_recv(), fixed in 1.5.8.
Sergey Kandaurov <pluknet@nginx.com>
parents:
1324
diff
changeset
|
95 add_header X-Body $request_body always; |
f80176242a7e
Tests: c->read->ready handling in ngx_ssl_recv(), fixed in 1.5.8.
Sergey Kandaurov <pluknet@nginx.com>
parents:
1324
diff
changeset
|
96 proxy_pass http://127.0.0.1:8080/; |
1675
0d1cec688111
Tests: logging ssl variables with lingering close.
Sergey Kandaurov <pluknet@nginx.com>
parents:
1655
diff
changeset
|
97 |
0d1cec688111
Tests: logging ssl variables with lingering close.
Sergey Kandaurov <pluknet@nginx.com>
parents:
1655
diff
changeset
|
98 access_log %%TESTDIR%%/ssl.log ssl; |
1325
f80176242a7e
Tests: c->read->ready handling in ngx_ssl_recv(), fixed in 1.5.8.
Sergey Kandaurov <pluknet@nginx.com>
parents:
1324
diff
changeset
|
99 } |
664
97660514e518
Tests: more http ssl tests.
Andrey Zelenkov <zelenkov@nginx.com>
parents:
503
diff
changeset
|
100 } |
97660514e518
Tests: more http ssl tests.
Andrey Zelenkov <zelenkov@nginx.com>
parents:
503
diff
changeset
|
101 |
97660514e518
Tests: more http ssl tests.
Andrey Zelenkov <zelenkov@nginx.com>
parents:
503
diff
changeset
|
102 server { |
1276 | 103 listen 127.0.0.1:8081; |
664
97660514e518
Tests: more http ssl tests.
Andrey Zelenkov <zelenkov@nginx.com>
parents:
503
diff
changeset
|
104 server_name localhost; |
97660514e518
Tests: more http ssl tests.
Andrey Zelenkov <zelenkov@nginx.com>
parents:
503
diff
changeset
|
105 |
97660514e518
Tests: more http ssl tests.
Andrey Zelenkov <zelenkov@nginx.com>
parents:
503
diff
changeset
|
106 # Special case for enabled "ssl" directive. |
97660514e518
Tests: more http ssl tests.
Andrey Zelenkov <zelenkov@nginx.com>
parents:
503
diff
changeset
|
107 |
97660514e518
Tests: more http ssl tests.
Andrey Zelenkov <zelenkov@nginx.com>
parents:
503
diff
changeset
|
108 ssl on; |
97660514e518
Tests: more http ssl tests.
Andrey Zelenkov <zelenkov@nginx.com>
parents:
503
diff
changeset
|
109 ssl_session_cache builtin; |
97660514e518
Tests: more http ssl tests.
Andrey Zelenkov <zelenkov@nginx.com>
parents:
503
diff
changeset
|
110 |
97660514e518
Tests: more http ssl tests.
Andrey Zelenkov <zelenkov@nginx.com>
parents:
503
diff
changeset
|
111 location / { |
97660514e518
Tests: more http ssl tests.
Andrey Zelenkov <zelenkov@nginx.com>
parents:
503
diff
changeset
|
112 return 200 "body $ssl_session_reused"; |
97660514e518
Tests: more http ssl tests.
Andrey Zelenkov <zelenkov@nginx.com>
parents:
503
diff
changeset
|
113 } |
97660514e518
Tests: more http ssl tests.
Andrey Zelenkov <zelenkov@nginx.com>
parents:
503
diff
changeset
|
114 } |
97660514e518
Tests: more http ssl tests.
Andrey Zelenkov <zelenkov@nginx.com>
parents:
503
diff
changeset
|
115 |
97660514e518
Tests: more http ssl tests.
Andrey Zelenkov <zelenkov@nginx.com>
parents:
503
diff
changeset
|
116 server { |
1276 | 117 listen 127.0.0.1:8082 ssl; |
664
97660514e518
Tests: more http ssl tests.
Andrey Zelenkov <zelenkov@nginx.com>
parents:
503
diff
changeset
|
118 server_name localhost; |
97660514e518
Tests: more http ssl tests.
Andrey Zelenkov <zelenkov@nginx.com>
parents:
503
diff
changeset
|
119 |
97660514e518
Tests: more http ssl tests.
Andrey Zelenkov <zelenkov@nginx.com>
parents:
503
diff
changeset
|
120 ssl_session_cache builtin:1000; |
97660514e518
Tests: more http ssl tests.
Andrey Zelenkov <zelenkov@nginx.com>
parents:
503
diff
changeset
|
121 |
97660514e518
Tests: more http ssl tests.
Andrey Zelenkov <zelenkov@nginx.com>
parents:
503
diff
changeset
|
122 location / { |
97660514e518
Tests: more http ssl tests.
Andrey Zelenkov <zelenkov@nginx.com>
parents:
503
diff
changeset
|
123 return 200 "body $ssl_session_reused"; |
97660514e518
Tests: more http ssl tests.
Andrey Zelenkov <zelenkov@nginx.com>
parents:
503
diff
changeset
|
124 } |
97660514e518
Tests: more http ssl tests.
Andrey Zelenkov <zelenkov@nginx.com>
parents:
503
diff
changeset
|
125 } |
97660514e518
Tests: more http ssl tests.
Andrey Zelenkov <zelenkov@nginx.com>
parents:
503
diff
changeset
|
126 |
97660514e518
Tests: more http ssl tests.
Andrey Zelenkov <zelenkov@nginx.com>
parents:
503
diff
changeset
|
127 server { |
1276 | 128 listen 127.0.0.1:8083 ssl; |
664
97660514e518
Tests: more http ssl tests.
Andrey Zelenkov <zelenkov@nginx.com>
parents:
503
diff
changeset
|
129 server_name localhost; |
97660514e518
Tests: more http ssl tests.
Andrey Zelenkov <zelenkov@nginx.com>
parents:
503
diff
changeset
|
130 |
97660514e518
Tests: more http ssl tests.
Andrey Zelenkov <zelenkov@nginx.com>
parents:
503
diff
changeset
|
131 ssl_session_cache none; |
97660514e518
Tests: more http ssl tests.
Andrey Zelenkov <zelenkov@nginx.com>
parents:
503
diff
changeset
|
132 |
97660514e518
Tests: more http ssl tests.
Andrey Zelenkov <zelenkov@nginx.com>
parents:
503
diff
changeset
|
133 location / { |
97660514e518
Tests: more http ssl tests.
Andrey Zelenkov <zelenkov@nginx.com>
parents:
503
diff
changeset
|
134 return 200 "body $ssl_session_reused"; |
97660514e518
Tests: more http ssl tests.
Andrey Zelenkov <zelenkov@nginx.com>
parents:
503
diff
changeset
|
135 } |
97660514e518
Tests: more http ssl tests.
Andrey Zelenkov <zelenkov@nginx.com>
parents:
503
diff
changeset
|
136 } |
97660514e518
Tests: more http ssl tests.
Andrey Zelenkov <zelenkov@nginx.com>
parents:
503
diff
changeset
|
137 |
97660514e518
Tests: more http ssl tests.
Andrey Zelenkov <zelenkov@nginx.com>
parents:
503
diff
changeset
|
138 server { |
1276 | 139 listen 127.0.0.1:8084 ssl; |
664
97660514e518
Tests: more http ssl tests.
Andrey Zelenkov <zelenkov@nginx.com>
parents:
503
diff
changeset
|
140 server_name localhost; |
97660514e518
Tests: more http ssl tests.
Andrey Zelenkov <zelenkov@nginx.com>
parents:
503
diff
changeset
|
141 |
97660514e518
Tests: more http ssl tests.
Andrey Zelenkov <zelenkov@nginx.com>
parents:
503
diff
changeset
|
142 ssl_session_cache off; |
97660514e518
Tests: more http ssl tests.
Andrey Zelenkov <zelenkov@nginx.com>
parents:
503
diff
changeset
|
143 |
97660514e518
Tests: more http ssl tests.
Andrey Zelenkov <zelenkov@nginx.com>
parents:
503
diff
changeset
|
144 location / { |
97660514e518
Tests: more http ssl tests.
Andrey Zelenkov <zelenkov@nginx.com>
parents:
503
diff
changeset
|
145 return 200 "body $ssl_session_reused"; |
97660514e518
Tests: more http ssl tests.
Andrey Zelenkov <zelenkov@nginx.com>
parents:
503
diff
changeset
|
146 } |
370
74cfe56c7b83
Tests: simple https tests.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
147 } |
1655
666d54ab5036
Tests: ssl_session_timeout fixes.
Sergey Kandaurov <pluknet@nginx.com>
parents:
1608
diff
changeset
|
148 |
666d54ab5036
Tests: ssl_session_timeout fixes.
Sergey Kandaurov <pluknet@nginx.com>
parents:
1608
diff
changeset
|
149 server { |
666d54ab5036
Tests: ssl_session_timeout fixes.
Sergey Kandaurov <pluknet@nginx.com>
parents:
1608
diff
changeset
|
150 listen 127.0.0.1:8086 ssl; |
666d54ab5036
Tests: ssl_session_timeout fixes.
Sergey Kandaurov <pluknet@nginx.com>
parents:
1608
diff
changeset
|
151 server_name localhost; |
666d54ab5036
Tests: ssl_session_timeout fixes.
Sergey Kandaurov <pluknet@nginx.com>
parents:
1608
diff
changeset
|
152 |
666d54ab5036
Tests: ssl_session_timeout fixes.
Sergey Kandaurov <pluknet@nginx.com>
parents:
1608
diff
changeset
|
153 ssl_session_cache shared:SSL:1m; |
666d54ab5036
Tests: ssl_session_timeout fixes.
Sergey Kandaurov <pluknet@nginx.com>
parents:
1608
diff
changeset
|
154 ssl_session_timeout 1; |
666d54ab5036
Tests: ssl_session_timeout fixes.
Sergey Kandaurov <pluknet@nginx.com>
parents:
1608
diff
changeset
|
155 |
666d54ab5036
Tests: ssl_session_timeout fixes.
Sergey Kandaurov <pluknet@nginx.com>
parents:
1608
diff
changeset
|
156 location / { |
666d54ab5036
Tests: ssl_session_timeout fixes.
Sergey Kandaurov <pluknet@nginx.com>
parents:
1608
diff
changeset
|
157 return 200 "body $ssl_session_reused"; |
666d54ab5036
Tests: ssl_session_timeout fixes.
Sergey Kandaurov <pluknet@nginx.com>
parents:
1608
diff
changeset
|
158 } |
666d54ab5036
Tests: ssl_session_timeout fixes.
Sergey Kandaurov <pluknet@nginx.com>
parents:
1608
diff
changeset
|
159 } |
370
74cfe56c7b83
Tests: simple https tests.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
160 } |
74cfe56c7b83
Tests: simple https tests.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
161 |
74cfe56c7b83
Tests: simple https tests.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
162 EOF |
74cfe56c7b83
Tests: simple https tests.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
163 |
74cfe56c7b83
Tests: simple https tests.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
164 $t->write_file('openssl.conf', <<EOF); |
74cfe56c7b83
Tests: simple https tests.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
165 [ req ] |
1488
dbce8fb5f5f8
Tests: align with OpenSSL security level 2.
Sergey Kandaurov <pluknet@nginx.com>
parents:
1478
diff
changeset
|
166 default_bits = 2048 |
370
74cfe56c7b83
Tests: simple https tests.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
167 encrypt_key = no |
74cfe56c7b83
Tests: simple https tests.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
168 distinguished_name = req_distinguished_name |
74cfe56c7b83
Tests: simple https tests.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
169 [ req_distinguished_name ] |
74cfe56c7b83
Tests: simple https tests.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
170 EOF |
74cfe56c7b83
Tests: simple https tests.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
171 |
74cfe56c7b83
Tests: simple https tests.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
172 my $d = $t->testdir(); |
74cfe56c7b83
Tests: simple https tests.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
173 |
1068
d0ec761774a5
Tests: client certificate issuer/subject variables.
Sergey Kandaurov <pluknet@nginx.com>
parents:
1067
diff
changeset
|
174 $t->write_file('ca.conf', <<EOF); |
d0ec761774a5
Tests: client certificate issuer/subject variables.
Sergey Kandaurov <pluknet@nginx.com>
parents:
1067
diff
changeset
|
175 [ ca ] |
d0ec761774a5
Tests: client certificate issuer/subject variables.
Sergey Kandaurov <pluknet@nginx.com>
parents:
1067
diff
changeset
|
176 default_ca = myca |
d0ec761774a5
Tests: client certificate issuer/subject variables.
Sergey Kandaurov <pluknet@nginx.com>
parents:
1067
diff
changeset
|
177 |
d0ec761774a5
Tests: client certificate issuer/subject variables.
Sergey Kandaurov <pluknet@nginx.com>
parents:
1067
diff
changeset
|
178 [ myca ] |
d0ec761774a5
Tests: client certificate issuer/subject variables.
Sergey Kandaurov <pluknet@nginx.com>
parents:
1067
diff
changeset
|
179 new_certs_dir = $d |
d0ec761774a5
Tests: client certificate issuer/subject variables.
Sergey Kandaurov <pluknet@nginx.com>
parents:
1067
diff
changeset
|
180 database = $d/certindex |
1488
dbce8fb5f5f8
Tests: align with OpenSSL security level 2.
Sergey Kandaurov <pluknet@nginx.com>
parents:
1478
diff
changeset
|
181 default_md = sha256 |
1068
d0ec761774a5
Tests: client certificate issuer/subject variables.
Sergey Kandaurov <pluknet@nginx.com>
parents:
1067
diff
changeset
|
182 policy = myca_policy |
d0ec761774a5
Tests: client certificate issuer/subject variables.
Sergey Kandaurov <pluknet@nginx.com>
parents:
1067
diff
changeset
|
183 serial = $d/certserial |
1094
dd8f126afa32
Tests: client certificate time variables tests.
Andrey Zelenkov <zelenkov@nginx.com>
parents:
1093
diff
changeset
|
184 default_days = 3 |
1068
d0ec761774a5
Tests: client certificate issuer/subject variables.
Sergey Kandaurov <pluknet@nginx.com>
parents:
1067
diff
changeset
|
185 |
d0ec761774a5
Tests: client certificate issuer/subject variables.
Sergey Kandaurov <pluknet@nginx.com>
parents:
1067
diff
changeset
|
186 [ myca_policy ] |
d0ec761774a5
Tests: client certificate issuer/subject variables.
Sergey Kandaurov <pluknet@nginx.com>
parents:
1067
diff
changeset
|
187 commonName = supplied |
d0ec761774a5
Tests: client certificate issuer/subject variables.
Sergey Kandaurov <pluknet@nginx.com>
parents:
1067
diff
changeset
|
188 EOF |
d0ec761774a5
Tests: client certificate issuer/subject variables.
Sergey Kandaurov <pluknet@nginx.com>
parents:
1067
diff
changeset
|
189 |
d0ec761774a5
Tests: client certificate issuer/subject variables.
Sergey Kandaurov <pluknet@nginx.com>
parents:
1067
diff
changeset
|
190 $t->write_file('certserial', '1000'); |
d0ec761774a5
Tests: client certificate issuer/subject variables.
Sergey Kandaurov <pluknet@nginx.com>
parents:
1067
diff
changeset
|
191 $t->write_file('certindex', ''); |
d0ec761774a5
Tests: client certificate issuer/subject variables.
Sergey Kandaurov <pluknet@nginx.com>
parents:
1067
diff
changeset
|
192 |
d0ec761774a5
Tests: client certificate issuer/subject variables.
Sergey Kandaurov <pluknet@nginx.com>
parents:
1067
diff
changeset
|
193 system('openssl req -x509 -new ' |
1220
0af58b78df35
Tests: removed single quotes from system() calls.
Sergey Kandaurov <pluknet@nginx.com>
parents:
1139
diff
changeset
|
194 . "-config $d/openssl.conf -subj /CN=issuer/ " |
0af58b78df35
Tests: removed single quotes from system() calls.
Sergey Kandaurov <pluknet@nginx.com>
parents:
1139
diff
changeset
|
195 . "-out $d/issuer.crt -keyout $d/issuer.key " |
1068
d0ec761774a5
Tests: client certificate issuer/subject variables.
Sergey Kandaurov <pluknet@nginx.com>
parents:
1067
diff
changeset
|
196 . ">>$d/openssl.out 2>&1") == 0 |
d0ec761774a5
Tests: client certificate issuer/subject variables.
Sergey Kandaurov <pluknet@nginx.com>
parents:
1067
diff
changeset
|
197 or die "Can't create certificate for issuer: $!\n"; |
d0ec761774a5
Tests: client certificate issuer/subject variables.
Sergey Kandaurov <pluknet@nginx.com>
parents:
1067
diff
changeset
|
198 |
d0ec761774a5
Tests: client certificate issuer/subject variables.
Sergey Kandaurov <pluknet@nginx.com>
parents:
1067
diff
changeset
|
199 system("openssl req -new " |
1220
0af58b78df35
Tests: removed single quotes from system() calls.
Sergey Kandaurov <pluknet@nginx.com>
parents:
1139
diff
changeset
|
200 . "-config $d/openssl.conf -subj /CN=subject/ " |
0af58b78df35
Tests: removed single quotes from system() calls.
Sergey Kandaurov <pluknet@nginx.com>
parents:
1139
diff
changeset
|
201 . "-out $d/subject.csr -keyout $d/subject.key " |
1068
d0ec761774a5
Tests: client certificate issuer/subject variables.
Sergey Kandaurov <pluknet@nginx.com>
parents:
1067
diff
changeset
|
202 . ">>$d/openssl.out 2>&1") == 0 |
d0ec761774a5
Tests: client certificate issuer/subject variables.
Sergey Kandaurov <pluknet@nginx.com>
parents:
1067
diff
changeset
|
203 or die "Can't create certificate for subject: $!\n"; |
d0ec761774a5
Tests: client certificate issuer/subject variables.
Sergey Kandaurov <pluknet@nginx.com>
parents:
1067
diff
changeset
|
204 |
1220
0af58b78df35
Tests: removed single quotes from system() calls.
Sergey Kandaurov <pluknet@nginx.com>
parents:
1139
diff
changeset
|
205 system("openssl ca -batch -config $d/ca.conf " |
0af58b78df35
Tests: removed single quotes from system() calls.
Sergey Kandaurov <pluknet@nginx.com>
parents:
1139
diff
changeset
|
206 . "-keyfile $d/issuer.key -cert $d/issuer.crt " |
0af58b78df35
Tests: removed single quotes from system() calls.
Sergey Kandaurov <pluknet@nginx.com>
parents:
1139
diff
changeset
|
207 . "-subj /CN=subject/ -in $d/subject.csr -out $d/subject.crt " |
1068
d0ec761774a5
Tests: client certificate issuer/subject variables.
Sergey Kandaurov <pluknet@nginx.com>
parents:
1067
diff
changeset
|
208 . ">>$d/openssl.out 2>&1") == 0 |
d0ec761774a5
Tests: client certificate issuer/subject variables.
Sergey Kandaurov <pluknet@nginx.com>
parents:
1067
diff
changeset
|
209 or die "Can't sign certificate for subject: $!\n"; |
d0ec761774a5
Tests: client certificate issuer/subject variables.
Sergey Kandaurov <pluknet@nginx.com>
parents:
1067
diff
changeset
|
210 |
664
97660514e518
Tests: more http ssl tests.
Andrey Zelenkov <zelenkov@nginx.com>
parents:
503
diff
changeset
|
211 foreach my $name ('localhost', 'inner') { |
370
74cfe56c7b83
Tests: simple https tests.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
212 system('openssl req -x509 -new ' |
1220
0af58b78df35
Tests: removed single quotes from system() calls.
Sergey Kandaurov <pluknet@nginx.com>
parents:
1139
diff
changeset
|
213 . "-config $d/openssl.conf -subj /CN=$name/ " |
0af58b78df35
Tests: removed single quotes from system() calls.
Sergey Kandaurov <pluknet@nginx.com>
parents:
1139
diff
changeset
|
214 . "-out $d/$name.crt -keyout $d/$name.key " |
370
74cfe56c7b83
Tests: simple https tests.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
215 . ">>$d/openssl.out 2>&1") == 0 |
74cfe56c7b83
Tests: simple https tests.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
216 or die "Can't create certificate for $name: $!\n"; |
74cfe56c7b83
Tests: simple https tests.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
217 } |
74cfe56c7b83
Tests: simple https tests.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
218 |
1514
c6f27bcdd9d9
Tests: revised ssl.t.
Sergey Kandaurov <pluknet@nginx.com>
parents:
1488
diff
changeset
|
219 # suppress deprecation warning |
370
74cfe56c7b83
Tests: simple https tests.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
220 |
1324
918bf90466e0
Tests: hide startup warnings about deprecated ssl.
Sergey Kandaurov <pluknet@nginx.com>
parents:
1276
diff
changeset
|
221 open OLDERR, ">&", \*STDERR; close STDERR; |
1139
e7e968e3eb74
Tests: split ssl.t to run relevant tests on stable versions again.
Sergey Kandaurov <pluknet@nginx.com>
parents:
1132
diff
changeset
|
222 $t->run(); |
1324
918bf90466e0
Tests: hide startup warnings about deprecated ssl.
Sergey Kandaurov <pluknet@nginx.com>
parents:
1276
diff
changeset
|
223 open STDERR, ">&", \*OLDERR; |
370
74cfe56c7b83
Tests: simple https tests.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
224 |
74cfe56c7b83
Tests: simple https tests.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
225 ############################################################################### |
74cfe56c7b83
Tests: simple https tests.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
226 |
1514
c6f27bcdd9d9
Tests: revised ssl.t.
Sergey Kandaurov <pluknet@nginx.com>
parents:
1488
diff
changeset
|
227 my $ctx; |
664
97660514e518
Tests: more http ssl tests.
Andrey Zelenkov <zelenkov@nginx.com>
parents:
503
diff
changeset
|
228 |
1478
f9718a0773b9
Tests: skip TLS 1.3 session reuse tests with older Perl modules.
Sergey Kandaurov <pluknet@nginx.com>
parents:
1449
diff
changeset
|
229 SKIP: { |
1514
c6f27bcdd9d9
Tests: revised ssl.t.
Sergey Kandaurov <pluknet@nginx.com>
parents:
1488
diff
changeset
|
230 skip 'no TLS 1.3 sessions', 6 if get('/protocol', 8085) =~ /TLSv1.3/ |
1478
f9718a0773b9
Tests: skip TLS 1.3 session reuse tests with older Perl modules.
Sergey Kandaurov <pluknet@nginx.com>
parents:
1449
diff
changeset
|
231 && ($Net::SSLeay::VERSION < 1.88 || $IO::Socket::SSL::VERSION < 2.061); |
f9718a0773b9
Tests: skip TLS 1.3 session reuse tests with older Perl modules.
Sergey Kandaurov <pluknet@nginx.com>
parents:
1449
diff
changeset
|
232 |
1514
c6f27bcdd9d9
Tests: revised ssl.t.
Sergey Kandaurov <pluknet@nginx.com>
parents:
1488
diff
changeset
|
233 $ctx = get_ssl_context(); |
c6f27bcdd9d9
Tests: revised ssl.t.
Sergey Kandaurov <pluknet@nginx.com>
parents:
1488
diff
changeset
|
234 |
c6f27bcdd9d9
Tests: revised ssl.t.
Sergey Kandaurov <pluknet@nginx.com>
parents:
1488
diff
changeset
|
235 like(get('/', 8085, $ctx), qr/^body \.$/m, 'cache shared'); |
c6f27bcdd9d9
Tests: revised ssl.t.
Sergey Kandaurov <pluknet@nginx.com>
parents:
1488
diff
changeset
|
236 like(get('/', 8085, $ctx), qr/^body r$/m, 'cache shared reused'); |
c6f27bcdd9d9
Tests: revised ssl.t.
Sergey Kandaurov <pluknet@nginx.com>
parents:
1488
diff
changeset
|
237 |
c6f27bcdd9d9
Tests: revised ssl.t.
Sergey Kandaurov <pluknet@nginx.com>
parents:
1488
diff
changeset
|
238 $ctx = get_ssl_context(); |
c6f27bcdd9d9
Tests: revised ssl.t.
Sergey Kandaurov <pluknet@nginx.com>
parents:
1488
diff
changeset
|
239 |
c6f27bcdd9d9
Tests: revised ssl.t.
Sergey Kandaurov <pluknet@nginx.com>
parents:
1488
diff
changeset
|
240 like(get('/', 8081, $ctx), qr/^body \.$/m, 'cache builtin'); |
c6f27bcdd9d9
Tests: revised ssl.t.
Sergey Kandaurov <pluknet@nginx.com>
parents:
1488
diff
changeset
|
241 like(get('/', 8081, $ctx), qr/^body r$/m, 'cache builtin reused'); |
c6f27bcdd9d9
Tests: revised ssl.t.
Sergey Kandaurov <pluknet@nginx.com>
parents:
1488
diff
changeset
|
242 |
c6f27bcdd9d9
Tests: revised ssl.t.
Sergey Kandaurov <pluknet@nginx.com>
parents:
1488
diff
changeset
|
243 $ctx = get_ssl_context(); |
c6f27bcdd9d9
Tests: revised ssl.t.
Sergey Kandaurov <pluknet@nginx.com>
parents:
1488
diff
changeset
|
244 |
c6f27bcdd9d9
Tests: revised ssl.t.
Sergey Kandaurov <pluknet@nginx.com>
parents:
1488
diff
changeset
|
245 like(get('/', 8082, $ctx), qr/^body \.$/m, 'cache builtin size'); |
c6f27bcdd9d9
Tests: revised ssl.t.
Sergey Kandaurov <pluknet@nginx.com>
parents:
1488
diff
changeset
|
246 like(get('/', 8082, $ctx), qr/^body r$/m, 'cache builtin size reused'); |
664
97660514e518
Tests: more http ssl tests.
Andrey Zelenkov <zelenkov@nginx.com>
parents:
503
diff
changeset
|
247 |
1478
f9718a0773b9
Tests: skip TLS 1.3 session reuse tests with older Perl modules.
Sergey Kandaurov <pluknet@nginx.com>
parents:
1449
diff
changeset
|
248 } |
664
97660514e518
Tests: more http ssl tests.
Andrey Zelenkov <zelenkov@nginx.com>
parents:
503
diff
changeset
|
249 |
1514
c6f27bcdd9d9
Tests: revised ssl.t.
Sergey Kandaurov <pluknet@nginx.com>
parents:
1488
diff
changeset
|
250 $ctx = get_ssl_context(); |
c6f27bcdd9d9
Tests: revised ssl.t.
Sergey Kandaurov <pluknet@nginx.com>
parents:
1488
diff
changeset
|
251 |
c6f27bcdd9d9
Tests: revised ssl.t.
Sergey Kandaurov <pluknet@nginx.com>
parents:
1488
diff
changeset
|
252 like(get('/', 8083, $ctx), qr/^body \.$/m, 'cache none'); |
c6f27bcdd9d9
Tests: revised ssl.t.
Sergey Kandaurov <pluknet@nginx.com>
parents:
1488
diff
changeset
|
253 like(get('/', 8083, $ctx), qr/^body \.$/m, 'cache none not reused'); |
664
97660514e518
Tests: more http ssl tests.
Andrey Zelenkov <zelenkov@nginx.com>
parents:
503
diff
changeset
|
254 |
1514
c6f27bcdd9d9
Tests: revised ssl.t.
Sergey Kandaurov <pluknet@nginx.com>
parents:
1488
diff
changeset
|
255 $ctx = get_ssl_context(); |
c6f27bcdd9d9
Tests: revised ssl.t.
Sergey Kandaurov <pluknet@nginx.com>
parents:
1488
diff
changeset
|
256 |
c6f27bcdd9d9
Tests: revised ssl.t.
Sergey Kandaurov <pluknet@nginx.com>
parents:
1488
diff
changeset
|
257 like(get('/', 8084, $ctx), qr/^body \.$/m, 'cache off'); |
c6f27bcdd9d9
Tests: revised ssl.t.
Sergey Kandaurov <pluknet@nginx.com>
parents:
1488
diff
changeset
|
258 like(get('/', 8084, $ctx), qr/^body \.$/m, 'cache off not reused'); |
664
97660514e518
Tests: more http ssl tests.
Andrey Zelenkov <zelenkov@nginx.com>
parents:
503
diff
changeset
|
259 |
97660514e518
Tests: more http ssl tests.
Andrey Zelenkov <zelenkov@nginx.com>
parents:
503
diff
changeset
|
260 # ssl certificate inheritance |
97660514e518
Tests: more http ssl tests.
Andrey Zelenkov <zelenkov@nginx.com>
parents:
503
diff
changeset
|
261 |
1514
c6f27bcdd9d9
Tests: revised ssl.t.
Sergey Kandaurov <pluknet@nginx.com>
parents:
1488
diff
changeset
|
262 my $s = get_ssl_socket(8081); |
664
97660514e518
Tests: more http ssl tests.
Andrey Zelenkov <zelenkov@nginx.com>
parents:
503
diff
changeset
|
263 like($s->dump_peer_certificate(), qr/CN=localhost/, 'CN'); |
97660514e518
Tests: more http ssl tests.
Andrey Zelenkov <zelenkov@nginx.com>
parents:
503
diff
changeset
|
264 |
97660514e518
Tests: more http ssl tests.
Andrey Zelenkov <zelenkov@nginx.com>
parents:
503
diff
changeset
|
265 $s->close(); |
97660514e518
Tests: more http ssl tests.
Andrey Zelenkov <zelenkov@nginx.com>
parents:
503
diff
changeset
|
266 |
1514
c6f27bcdd9d9
Tests: revised ssl.t.
Sergey Kandaurov <pluknet@nginx.com>
parents:
1488
diff
changeset
|
267 $s = get_ssl_socket(8085); |
664
97660514e518
Tests: more http ssl tests.
Andrey Zelenkov <zelenkov@nginx.com>
parents:
503
diff
changeset
|
268 like($s->dump_peer_certificate(), qr/CN=inner/, 'CN inner'); |
97660514e518
Tests: more http ssl tests.
Andrey Zelenkov <zelenkov@nginx.com>
parents:
503
diff
changeset
|
269 |
97660514e518
Tests: more http ssl tests.
Andrey Zelenkov <zelenkov@nginx.com>
parents:
503
diff
changeset
|
270 $s->close(); |
97660514e518
Tests: more http ssl tests.
Andrey Zelenkov <zelenkov@nginx.com>
parents:
503
diff
changeset
|
271 |
97660514e518
Tests: more http ssl tests.
Andrey Zelenkov <zelenkov@nginx.com>
parents:
503
diff
changeset
|
272 # session timeout |
97660514e518
Tests: more http ssl tests.
Andrey Zelenkov <zelenkov@nginx.com>
parents:
503
diff
changeset
|
273 |
1655
666d54ab5036
Tests: ssl_session_timeout fixes.
Sergey Kandaurov <pluknet@nginx.com>
parents:
1608
diff
changeset
|
274 $ctx = get_ssl_context(); |
666d54ab5036
Tests: ssl_session_timeout fixes.
Sergey Kandaurov <pluknet@nginx.com>
parents:
1608
diff
changeset
|
275 |
666d54ab5036
Tests: ssl_session_timeout fixes.
Sergey Kandaurov <pluknet@nginx.com>
parents:
1608
diff
changeset
|
276 get('/', 8086, $ctx); |
664
97660514e518
Tests: more http ssl tests.
Andrey Zelenkov <zelenkov@nginx.com>
parents:
503
diff
changeset
|
277 select undef, undef, undef, 2.1; |
97660514e518
Tests: more http ssl tests.
Andrey Zelenkov <zelenkov@nginx.com>
parents:
503
diff
changeset
|
278 |
1655
666d54ab5036
Tests: ssl_session_timeout fixes.
Sergey Kandaurov <pluknet@nginx.com>
parents:
1608
diff
changeset
|
279 like(get('/', 8086, $ctx), qr/^body \.$/m, 'session timeout'); |
664
97660514e518
Tests: more http ssl tests.
Andrey Zelenkov <zelenkov@nginx.com>
parents:
503
diff
changeset
|
280 |
97660514e518
Tests: more http ssl tests.
Andrey Zelenkov <zelenkov@nginx.com>
parents:
503
diff
changeset
|
281 # embedded variables |
370
74cfe56c7b83
Tests: simple https tests.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
282 |
1067
4606a2ec3d7c
Tests: ssl.t cleanup, no functional changes.
Sergey Kandaurov <pluknet@nginx.com>
parents:
974
diff
changeset
|
283 like(get('/id', 8085), qr/^body \w{64}$/m, 'session id'); |
370
74cfe56c7b83
Tests: simple https tests.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
284 unlike(http_get('/id'), qr/body \w/, 'session id no ssl'); |
1067
4606a2ec3d7c
Tests: ssl.t cleanup, no functional changes.
Sergey Kandaurov <pluknet@nginx.com>
parents:
974
diff
changeset
|
285 like(get('/cipher', 8085), qr/^body [\w-]+$/m, 'cipher'); |
1514
c6f27bcdd9d9
Tests: revised ssl.t.
Sergey Kandaurov <pluknet@nginx.com>
parents:
1488
diff
changeset
|
286 |
c6f27bcdd9d9
Tests: revised ssl.t.
Sergey Kandaurov <pluknet@nginx.com>
parents:
1488
diff
changeset
|
287 SKIP: { |
c6f27bcdd9d9
Tests: revised ssl.t.
Sergey Kandaurov <pluknet@nginx.com>
parents:
1488
diff
changeset
|
288 skip 'BoringSSL', 1 if $t->has_module('BoringSSL'); |
c6f27bcdd9d9
Tests: revised ssl.t.
Sergey Kandaurov <pluknet@nginx.com>
parents:
1488
diff
changeset
|
289 |
c6f27bcdd9d9
Tests: revised ssl.t.
Sergey Kandaurov <pluknet@nginx.com>
parents:
1488
diff
changeset
|
290 like(get('/ciphers', 8085), qr/^body [:\w-]+$/m, 'ciphers'); |
c6f27bcdd9d9
Tests: revised ssl.t.
Sergey Kandaurov <pluknet@nginx.com>
parents:
1488
diff
changeset
|
291 |
c6f27bcdd9d9
Tests: revised ssl.t.
Sergey Kandaurov <pluknet@nginx.com>
parents:
1488
diff
changeset
|
292 } |
c6f27bcdd9d9
Tests: revised ssl.t.
Sergey Kandaurov <pluknet@nginx.com>
parents:
1488
diff
changeset
|
293 |
1067
4606a2ec3d7c
Tests: ssl.t cleanup, no functional changes.
Sergey Kandaurov <pluknet@nginx.com>
parents:
974
diff
changeset
|
294 like(get('/client_verify', 8085), qr/^body NONE$/m, 'client verify'); |
4606a2ec3d7c
Tests: ssl.t cleanup, no functional changes.
Sergey Kandaurov <pluknet@nginx.com>
parents:
974
diff
changeset
|
295 like(get('/protocol', 8085), qr/^body (TLS|SSL)v(\d|\.)+$/m, 'protocol'); |
1382
cb1346b553aa
Tests: simple https tests merged back.
Sergey Kandaurov <pluknet@nginx.com>
parents:
1325
diff
changeset
|
296 like(cert('/issuer', 8085), qr!^body CN=issuer:/CN=issuer$!m, 'issuer'); |
cb1346b553aa
Tests: simple https tests merged back.
Sergey Kandaurov <pluknet@nginx.com>
parents:
1325
diff
changeset
|
297 like(cert('/subject', 8085), qr!^body CN=subject:/CN=subject$!m, 'subject'); |
cb1346b553aa
Tests: simple https tests merged back.
Sergey Kandaurov <pluknet@nginx.com>
parents:
1325
diff
changeset
|
298 like(cert('/time', 8085), qr/^body [:\s\w]+![:\s\w]+![23]$/m, 'time'); |
1139
e7e968e3eb74
Tests: split ssl.t to run relevant tests on stable versions again.
Sergey Kandaurov <pluknet@nginx.com>
parents:
1132
diff
changeset
|
299 |
1325
f80176242a7e
Tests: c->read->ready handling in ngx_ssl_recv(), fixed in 1.5.8.
Sergey Kandaurov <pluknet@nginx.com>
parents:
1324
diff
changeset
|
300 # c->read->ready handling bug in ngx_ssl_recv(), triggered with chunked body |
f80176242a7e
Tests: c->read->ready handling in ngx_ssl_recv(), fixed in 1.5.8.
Sergey Kandaurov <pluknet@nginx.com>
parents:
1324
diff
changeset
|
301 |
f80176242a7e
Tests: c->read->ready handling in ngx_ssl_recv(), fixed in 1.5.8.
Sergey Kandaurov <pluknet@nginx.com>
parents:
1324
diff
changeset
|
302 like(get_body('/body', '0123456789', 20, 5), qr/X-Body: (0123456789){100}/, |
f80176242a7e
Tests: c->read->ready handling in ngx_ssl_recv(), fixed in 1.5.8.
Sergey Kandaurov <pluknet@nginx.com>
parents:
1324
diff
changeset
|
303 'request body chunked'); |
f80176242a7e
Tests: c->read->ready handling in ngx_ssl_recv(), fixed in 1.5.8.
Sergey Kandaurov <pluknet@nginx.com>
parents:
1324
diff
changeset
|
304 |
1552
3b6b2667ece9
Tests: added https test with pipelined requests.
Sergey Kandaurov <pluknet@nginx.com>
parents:
1514
diff
changeset
|
305 # pipelined requests |
3b6b2667ece9
Tests: added https test with pipelined requests.
Sergey Kandaurov <pluknet@nginx.com>
parents:
1514
diff
changeset
|
306 |
3b6b2667ece9
Tests: added https test with pipelined requests.
Sergey Kandaurov <pluknet@nginx.com>
parents:
1514
diff
changeset
|
307 $s = get_ssl_socket(8085); |
3b6b2667ece9
Tests: added https test with pipelined requests.
Sergey Kandaurov <pluknet@nginx.com>
parents:
1514
diff
changeset
|
308 my $req = <<EOF; |
3b6b2667ece9
Tests: added https test with pipelined requests.
Sergey Kandaurov <pluknet@nginx.com>
parents:
1514
diff
changeset
|
309 GET / HTTP/1.1 |
3b6b2667ece9
Tests: added https test with pipelined requests.
Sergey Kandaurov <pluknet@nginx.com>
parents:
1514
diff
changeset
|
310 Host: localhost |
3b6b2667ece9
Tests: added https test with pipelined requests.
Sergey Kandaurov <pluknet@nginx.com>
parents:
1514
diff
changeset
|
311 |
3b6b2667ece9
Tests: added https test with pipelined requests.
Sergey Kandaurov <pluknet@nginx.com>
parents:
1514
diff
changeset
|
312 EOF |
3b6b2667ece9
Tests: added https test with pipelined requests.
Sergey Kandaurov <pluknet@nginx.com>
parents:
1514
diff
changeset
|
313 |
3b6b2667ece9
Tests: added https test with pipelined requests.
Sergey Kandaurov <pluknet@nginx.com>
parents:
1514
diff
changeset
|
314 $req x= 1000; |
3b6b2667ece9
Tests: added https test with pipelined requests.
Sergey Kandaurov <pluknet@nginx.com>
parents:
1514
diff
changeset
|
315 |
3b6b2667ece9
Tests: added https test with pipelined requests.
Sergey Kandaurov <pluknet@nginx.com>
parents:
1514
diff
changeset
|
316 my $r = http($req, socket => $s) || ""; |
1820
84b6bb8d74e5
Tests: speedup lingering close with request pipelining.
Sergey Kandaurov <pluknet@nginx.com>
parents:
1748
diff
changeset
|
317 $s = undef; |
1552
3b6b2667ece9
Tests: added https test with pipelined requests.
Sergey Kandaurov <pluknet@nginx.com>
parents:
1514
diff
changeset
|
318 is(() = $r =~ /(200 OK)/g, 1000, 'pipelined requests'); |
3b6b2667ece9
Tests: added https test with pipelined requests.
Sergey Kandaurov <pluknet@nginx.com>
parents:
1514
diff
changeset
|
319 |
1723
3581dc3c1937
Tests: added ssl test for "unexpected eof while reading".
Sergey Kandaurov <pluknet@nginx.com>
parents:
1695
diff
changeset
|
320 # OpenSSL 3.0 error "unexpected eof while reading" seen as a critical error |
3581dc3c1937
Tests: added ssl test for "unexpected eof while reading".
Sergey Kandaurov <pluknet@nginx.com>
parents:
1695
diff
changeset
|
321 |
3581dc3c1937
Tests: added ssl test for "unexpected eof while reading".
Sergey Kandaurov <pluknet@nginx.com>
parents:
1695
diff
changeset
|
322 ok(get_ssl_socket(8085), 'ssl unexpected eof'); |
3581dc3c1937
Tests: added ssl test for "unexpected eof while reading".
Sergey Kandaurov <pluknet@nginx.com>
parents:
1695
diff
changeset
|
323 |
1608
2f00ed2e0d1a
Tests: added test for SSL shutdown on lingering close.
Sergey Kandaurov <pluknet@nginx.com>
parents:
1552
diff
changeset
|
324 # close_notify is sent before lingering close |
2f00ed2e0d1a
Tests: added test for SSL shutdown on lingering close.
Sergey Kandaurov <pluknet@nginx.com>
parents:
1552
diff
changeset
|
325 |
2f00ed2e0d1a
Tests: added test for SSL shutdown on lingering close.
Sergey Kandaurov <pluknet@nginx.com>
parents:
1552
diff
changeset
|
326 is(get_ssl_shutdown(8085), 1, 'ssl shutdown on lingering close'); |
2f00ed2e0d1a
Tests: added test for SSL shutdown on lingering close.
Sergey Kandaurov <pluknet@nginx.com>
parents:
1552
diff
changeset
|
327 |
1675
0d1cec688111
Tests: logging ssl variables with lingering close.
Sergey Kandaurov <pluknet@nginx.com>
parents:
1655
diff
changeset
|
328 $t->stop(); |
0d1cec688111
Tests: logging ssl variables with lingering close.
Sergey Kandaurov <pluknet@nginx.com>
parents:
1655
diff
changeset
|
329 |
0d1cec688111
Tests: logging ssl variables with lingering close.
Sergey Kandaurov <pluknet@nginx.com>
parents:
1655
diff
changeset
|
330 like($t->read_file('ssl.log'), qr/^(TLS|SSL)v(\d|\.)+$/m, |
0d1cec688111
Tests: logging ssl variables with lingering close.
Sergey Kandaurov <pluknet@nginx.com>
parents:
1655
diff
changeset
|
331 'log ssl variable on lingering close'); |
0d1cec688111
Tests: logging ssl variables with lingering close.
Sergey Kandaurov <pluknet@nginx.com>
parents:
1655
diff
changeset
|
332 |
1723
3581dc3c1937
Tests: added ssl test for "unexpected eof while reading".
Sergey Kandaurov <pluknet@nginx.com>
parents:
1695
diff
changeset
|
333 like(`grep -F '[crit]' ${\($t->testdir())}/error.log`, qr/^$/s, 'no crit'); |
3581dc3c1937
Tests: added ssl test for "unexpected eof while reading".
Sergey Kandaurov <pluknet@nginx.com>
parents:
1695
diff
changeset
|
334 |
370
74cfe56c7b83
Tests: simple https tests.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
335 ############################################################################### |
74cfe56c7b83
Tests: simple https tests.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
336 |
1067
4606a2ec3d7c
Tests: ssl.t cleanup, no functional changes.
Sergey Kandaurov <pluknet@nginx.com>
parents:
974
diff
changeset
|
337 sub get { |
1514
c6f27bcdd9d9
Tests: revised ssl.t.
Sergey Kandaurov <pluknet@nginx.com>
parents:
1488
diff
changeset
|
338 my ($uri, $port, $ctx) = @_; |
c6f27bcdd9d9
Tests: revised ssl.t.
Sergey Kandaurov <pluknet@nginx.com>
parents:
1488
diff
changeset
|
339 my $s = get_ssl_socket($port, $ctx) or return; |
1132
3d312b6a1a19
Tests: avoid $ssl_session_reused tests failure with OpenSSL 1.1.0.
Sergey Kandaurov <pluknet@nginx.com>
parents:
1116
diff
changeset
|
340 my $r = http_get($uri, socket => $s); |
3d312b6a1a19
Tests: avoid $ssl_session_reused tests failure with OpenSSL 1.1.0.
Sergey Kandaurov <pluknet@nginx.com>
parents:
1116
diff
changeset
|
341 $s->close(); |
3d312b6a1a19
Tests: avoid $ssl_session_reused tests failure with OpenSSL 1.1.0.
Sergey Kandaurov <pluknet@nginx.com>
parents:
1116
diff
changeset
|
342 return $r; |
1067
4606a2ec3d7c
Tests: ssl.t cleanup, no functional changes.
Sergey Kandaurov <pluknet@nginx.com>
parents:
974
diff
changeset
|
343 } |
4606a2ec3d7c
Tests: ssl.t cleanup, no functional changes.
Sergey Kandaurov <pluknet@nginx.com>
parents:
974
diff
changeset
|
344 |
1325
f80176242a7e
Tests: c->read->ready handling in ngx_ssl_recv(), fixed in 1.5.8.
Sergey Kandaurov <pluknet@nginx.com>
parents:
1324
diff
changeset
|
345 sub get_body { |
f80176242a7e
Tests: c->read->ready handling in ngx_ssl_recv(), fixed in 1.5.8.
Sergey Kandaurov <pluknet@nginx.com>
parents:
1324
diff
changeset
|
346 my ($uri, $body, $len, $n) = @_; |
1514
c6f27bcdd9d9
Tests: revised ssl.t.
Sergey Kandaurov <pluknet@nginx.com>
parents:
1488
diff
changeset
|
347 my $s = get_ssl_socket(8085) or return; |
1325
f80176242a7e
Tests: c->read->ready handling in ngx_ssl_recv(), fixed in 1.5.8.
Sergey Kandaurov <pluknet@nginx.com>
parents:
1324
diff
changeset
|
348 http("GET /body HTTP/1.1" . CRLF |
f80176242a7e
Tests: c->read->ready handling in ngx_ssl_recv(), fixed in 1.5.8.
Sergey Kandaurov <pluknet@nginx.com>
parents:
1324
diff
changeset
|
349 . "Host: localhost" . CRLF |
f80176242a7e
Tests: c->read->ready handling in ngx_ssl_recv(), fixed in 1.5.8.
Sergey Kandaurov <pluknet@nginx.com>
parents:
1324
diff
changeset
|
350 . "Connection: close" . CRLF |
f80176242a7e
Tests: c->read->ready handling in ngx_ssl_recv(), fixed in 1.5.8.
Sergey Kandaurov <pluknet@nginx.com>
parents:
1324
diff
changeset
|
351 . "Transfer-Encoding: chunked" . CRLF . CRLF, |
f80176242a7e
Tests: c->read->ready handling in ngx_ssl_recv(), fixed in 1.5.8.
Sergey Kandaurov <pluknet@nginx.com>
parents:
1324
diff
changeset
|
352 socket => $s, start => 1); |
1514
c6f27bcdd9d9
Tests: revised ssl.t.
Sergey Kandaurov <pluknet@nginx.com>
parents:
1488
diff
changeset
|
353 my $chs = unpack("H*", pack("C", length($body) * $len)); |
c6f27bcdd9d9
Tests: revised ssl.t.
Sergey Kandaurov <pluknet@nginx.com>
parents:
1488
diff
changeset
|
354 http($chs . CRLF . $body x $len . CRLF, socket => $s, start => 1) |
1325
f80176242a7e
Tests: c->read->ready handling in ngx_ssl_recv(), fixed in 1.5.8.
Sergey Kandaurov <pluknet@nginx.com>
parents:
1324
diff
changeset
|
355 for 1 .. $n; |
f80176242a7e
Tests: c->read->ready handling in ngx_ssl_recv(), fixed in 1.5.8.
Sergey Kandaurov <pluknet@nginx.com>
parents:
1324
diff
changeset
|
356 my $r = http("0" . CRLF . CRLF, socket => $s); |
f80176242a7e
Tests: c->read->ready handling in ngx_ssl_recv(), fixed in 1.5.8.
Sergey Kandaurov <pluknet@nginx.com>
parents:
1324
diff
changeset
|
357 $s->close(); |
f80176242a7e
Tests: c->read->ready handling in ngx_ssl_recv(), fixed in 1.5.8.
Sergey Kandaurov <pluknet@nginx.com>
parents:
1324
diff
changeset
|
358 return $r; |
f80176242a7e
Tests: c->read->ready handling in ngx_ssl_recv(), fixed in 1.5.8.
Sergey Kandaurov <pluknet@nginx.com>
parents:
1324
diff
changeset
|
359 } |
f80176242a7e
Tests: c->read->ready handling in ngx_ssl_recv(), fixed in 1.5.8.
Sergey Kandaurov <pluknet@nginx.com>
parents:
1324
diff
changeset
|
360 |
1068
d0ec761774a5
Tests: client certificate issuer/subject variables.
Sergey Kandaurov <pluknet@nginx.com>
parents:
1067
diff
changeset
|
361 sub cert { |
d0ec761774a5
Tests: client certificate issuer/subject variables.
Sergey Kandaurov <pluknet@nginx.com>
parents:
1067
diff
changeset
|
362 my ($uri, $port) = @_; |
1514
c6f27bcdd9d9
Tests: revised ssl.t.
Sergey Kandaurov <pluknet@nginx.com>
parents:
1488
diff
changeset
|
363 my $s = get_ssl_socket($port, undef, |
1068
d0ec761774a5
Tests: client certificate issuer/subject variables.
Sergey Kandaurov <pluknet@nginx.com>
parents:
1067
diff
changeset
|
364 SSL_cert_file => "$d/subject.crt", |
d0ec761774a5
Tests: client certificate issuer/subject variables.
Sergey Kandaurov <pluknet@nginx.com>
parents:
1067
diff
changeset
|
365 SSL_key_file => "$d/subject.key") or return; |
d0ec761774a5
Tests: client certificate issuer/subject variables.
Sergey Kandaurov <pluknet@nginx.com>
parents:
1067
diff
changeset
|
366 http_get($uri, socket => $s); |
d0ec761774a5
Tests: client certificate issuer/subject variables.
Sergey Kandaurov <pluknet@nginx.com>
parents:
1067
diff
changeset
|
367 } |
d0ec761774a5
Tests: client certificate issuer/subject variables.
Sergey Kandaurov <pluknet@nginx.com>
parents:
1067
diff
changeset
|
368 |
1514
c6f27bcdd9d9
Tests: revised ssl.t.
Sergey Kandaurov <pluknet@nginx.com>
parents:
1488
diff
changeset
|
369 sub get_ssl_context { |
c6f27bcdd9d9
Tests: revised ssl.t.
Sergey Kandaurov <pluknet@nginx.com>
parents:
1488
diff
changeset
|
370 return IO::Socket::SSL::SSL_Context->new( |
c6f27bcdd9d9
Tests: revised ssl.t.
Sergey Kandaurov <pluknet@nginx.com>
parents:
1488
diff
changeset
|
371 SSL_verify_mode => IO::Socket::SSL::SSL_VERIFY_NONE(), |
c6f27bcdd9d9
Tests: revised ssl.t.
Sergey Kandaurov <pluknet@nginx.com>
parents:
1488
diff
changeset
|
372 SSL_session_cache_size => 100 |
c6f27bcdd9d9
Tests: revised ssl.t.
Sergey Kandaurov <pluknet@nginx.com>
parents:
1488
diff
changeset
|
373 ); |
c6f27bcdd9d9
Tests: revised ssl.t.
Sergey Kandaurov <pluknet@nginx.com>
parents:
1488
diff
changeset
|
374 } |
c6f27bcdd9d9
Tests: revised ssl.t.
Sergey Kandaurov <pluknet@nginx.com>
parents:
1488
diff
changeset
|
375 |
370
74cfe56c7b83
Tests: simple https tests.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
376 sub get_ssl_socket { |
1514
c6f27bcdd9d9
Tests: revised ssl.t.
Sergey Kandaurov <pluknet@nginx.com>
parents:
1488
diff
changeset
|
377 my ($port, $ctx, %extra) = @_; |
370
74cfe56c7b83
Tests: simple https tests.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
378 my $s; |
74cfe56c7b83
Tests: simple https tests.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
379 |
74cfe56c7b83
Tests: simple https tests.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
380 eval { |
74cfe56c7b83
Tests: simple https tests.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
381 local $SIG{ALRM} = sub { die "timeout\n" }; |
74cfe56c7b83
Tests: simple https tests.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
382 local $SIG{PIPE} = sub { die "sigpipe\n" }; |
1421
4e48bf51714f
Tests: aligned various generic read timeouts to http_end().
Sergey Kandaurov <pluknet@nginx.com>
parents:
1407
diff
changeset
|
383 alarm(8); |
370
74cfe56c7b83
Tests: simple https tests.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
384 $s = IO::Socket::SSL->new( |
74cfe56c7b83
Tests: simple https tests.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
385 Proto => 'tcp', |
664
97660514e518
Tests: more http ssl tests.
Andrey Zelenkov <zelenkov@nginx.com>
parents:
503
diff
changeset
|
386 PeerAddr => '127.0.0.1', |
1514
c6f27bcdd9d9
Tests: revised ssl.t.
Sergey Kandaurov <pluknet@nginx.com>
parents:
1488
diff
changeset
|
387 PeerPort => port($port), |
370
74cfe56c7b83
Tests: simple https tests.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
388 SSL_verify_mode => IO::Socket::SSL::SSL_VERIFY_NONE(), |
74cfe56c7b83
Tests: simple https tests.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
389 SSL_reuse_ctx => $ctx, |
1068
d0ec761774a5
Tests: client certificate issuer/subject variables.
Sergey Kandaurov <pluknet@nginx.com>
parents:
1067
diff
changeset
|
390 SSL_error_trap => sub { die $_[1] }, |
d0ec761774a5
Tests: client certificate issuer/subject variables.
Sergey Kandaurov <pluknet@nginx.com>
parents:
1067
diff
changeset
|
391 %extra |
370
74cfe56c7b83
Tests: simple https tests.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
392 ); |
74cfe56c7b83
Tests: simple https tests.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
393 alarm(0); |
74cfe56c7b83
Tests: simple https tests.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
394 }; |
74cfe56c7b83
Tests: simple https tests.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
395 alarm(0); |
74cfe56c7b83
Tests: simple https tests.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
396 |
74cfe56c7b83
Tests: simple https tests.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
397 if ($@) { |
74cfe56c7b83
Tests: simple https tests.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
398 log_in("died: $@"); |
74cfe56c7b83
Tests: simple https tests.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
399 return undef; |
74cfe56c7b83
Tests: simple https tests.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
400 } |
74cfe56c7b83
Tests: simple https tests.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
401 |
74cfe56c7b83
Tests: simple https tests.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
402 return $s; |
74cfe56c7b83
Tests: simple https tests.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
403 } |
74cfe56c7b83
Tests: simple https tests.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
404 |
1608
2f00ed2e0d1a
Tests: added test for SSL shutdown on lingering close.
Sergey Kandaurov <pluknet@nginx.com>
parents:
1552
diff
changeset
|
405 sub get_ssl_shutdown { |
2f00ed2e0d1a
Tests: added test for SSL shutdown on lingering close.
Sergey Kandaurov <pluknet@nginx.com>
parents:
1552
diff
changeset
|
406 my ($port) = @_; |
2f00ed2e0d1a
Tests: added test for SSL shutdown on lingering close.
Sergey Kandaurov <pluknet@nginx.com>
parents:
1552
diff
changeset
|
407 |
2f00ed2e0d1a
Tests: added test for SSL shutdown on lingering close.
Sergey Kandaurov <pluknet@nginx.com>
parents:
1552
diff
changeset
|
408 my $s = IO::Socket::INET->new('127.0.0.1:' . port($port)); |
2f00ed2e0d1a
Tests: added test for SSL shutdown on lingering close.
Sergey Kandaurov <pluknet@nginx.com>
parents:
1552
diff
changeset
|
409 my $ctx = Net::SSLeay::CTX_new() or die("Failed to create SSL_CTX $!"); |
2f00ed2e0d1a
Tests: added test for SSL shutdown on lingering close.
Sergey Kandaurov <pluknet@nginx.com>
parents:
1552
diff
changeset
|
410 my $ssl = Net::SSLeay::new($ctx) or die("Failed to create SSL $!"); |
2f00ed2e0d1a
Tests: added test for SSL shutdown on lingering close.
Sergey Kandaurov <pluknet@nginx.com>
parents:
1552
diff
changeset
|
411 Net::SSLeay::set_fd($ssl, fileno($s)); |
2f00ed2e0d1a
Tests: added test for SSL shutdown on lingering close.
Sergey Kandaurov <pluknet@nginx.com>
parents:
1552
diff
changeset
|
412 Net::SSLeay::connect($ssl) or die("ssl connect"); |
2f00ed2e0d1a
Tests: added test for SSL shutdown on lingering close.
Sergey Kandaurov <pluknet@nginx.com>
parents:
1552
diff
changeset
|
413 Net::SSLeay::write($ssl, 'GET /' . CRLF . 'extra'); |
2f00ed2e0d1a
Tests: added test for SSL shutdown on lingering close.
Sergey Kandaurov <pluknet@nginx.com>
parents:
1552
diff
changeset
|
414 Net::SSLeay::read($ssl); |
2f00ed2e0d1a
Tests: added test for SSL shutdown on lingering close.
Sergey Kandaurov <pluknet@nginx.com>
parents:
1552
diff
changeset
|
415 Net::SSLeay::set_shutdown($ssl, 1); |
2f00ed2e0d1a
Tests: added test for SSL shutdown on lingering close.
Sergey Kandaurov <pluknet@nginx.com>
parents:
1552
diff
changeset
|
416 Net::SSLeay::shutdown($ssl); |
2f00ed2e0d1a
Tests: added test for SSL shutdown on lingering close.
Sergey Kandaurov <pluknet@nginx.com>
parents:
1552
diff
changeset
|
417 } |
2f00ed2e0d1a
Tests: added test for SSL shutdown on lingering close.
Sergey Kandaurov <pluknet@nginx.com>
parents:
1552
diff
changeset
|
418 |
370
74cfe56c7b83
Tests: simple https tests.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
419 ############################################################################### |