Mercurial > hg > nginx-tests
annotate stream_proxy_ssl_verify.t @ 1477:8b122b35703b
Tests: fixed session reuse tests in ssl_certificate.t with TLSv1.3.
Previously, session data was retrieved too early, before server passed
application data, which usually means NewSessionTicket is not yet sent.
The fix is to ask server for application data, then retrieve a session.
| author | Sergey Kandaurov <pluknet@nginx.com> |
|---|---|
| date | Mon, 20 May 2019 16:00:40 +0300 |
| parents | 6f53ec0cf591 |
| children | dbce8fb5f5f8 |
| rev | line source |
|---|---|
|
559
9208d8243926
Tests: stream ssl and proxy ssl tests.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
1 #!/usr/bin/perl |
|
9208d8243926
Tests: stream ssl and proxy ssl tests.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
2 |
|
9208d8243926
Tests: stream ssl and proxy ssl tests.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
3 # (C) Sergey Kandaurov |
|
9208d8243926
Tests: stream ssl and proxy ssl tests.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
4 # (C) Nginx, Inc. |
|
9208d8243926
Tests: stream ssl and proxy ssl tests.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
5 |
|
9208d8243926
Tests: stream ssl and proxy ssl tests.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
6 # Stream tests for proxy to ssl backend, backend certificate verification. |
|
9208d8243926
Tests: stream ssl and proxy ssl tests.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
7 |
|
9208d8243926
Tests: stream ssl and proxy ssl tests.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
8 ############################################################################### |
|
9208d8243926
Tests: stream ssl and proxy ssl tests.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
9 |
|
9208d8243926
Tests: stream ssl and proxy ssl tests.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
10 use warnings; |
|
9208d8243926
Tests: stream ssl and proxy ssl tests.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
11 use strict; |
|
9208d8243926
Tests: stream ssl and proxy ssl tests.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
12 |
|
9208d8243926
Tests: stream ssl and proxy ssl tests.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
13 use Test::More; |
|
9208d8243926
Tests: stream ssl and proxy ssl tests.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
14 |
|
9208d8243926
Tests: stream ssl and proxy ssl tests.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
15 BEGIN { use FindBin; chdir($FindBin::Bin); } |
|
9208d8243926
Tests: stream ssl and proxy ssl tests.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
16 |
|
9208d8243926
Tests: stream ssl and proxy ssl tests.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
17 use lib 'lib'; |
|
9208d8243926
Tests: stream ssl and proxy ssl tests.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
18 use Test::Nginx; |
|
1453
6f53ec0cf591
Tests: simplified stream_proxy_ssl_verify.t using return directive.
Sergey Kandaurov <pluknet@nginx.com>
parents:
1260
diff
changeset
|
19 use Test::Nginx::Stream qw/ stream /; |
|
559
9208d8243926
Tests: stream ssl and proxy ssl tests.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
20 |
|
9208d8243926
Tests: stream ssl and proxy ssl tests.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
21 ############################################################################### |
|
9208d8243926
Tests: stream ssl and proxy ssl tests.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
22 |
|
9208d8243926
Tests: stream ssl and proxy ssl tests.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
23 select STDERR; $| = 1; |
|
9208d8243926
Tests: stream ssl and proxy ssl tests.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
24 select STDOUT; $| = 1; |
|
9208d8243926
Tests: stream ssl and proxy ssl tests.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
25 |
|
1453
6f53ec0cf591
Tests: simplified stream_proxy_ssl_verify.t using return directive.
Sergey Kandaurov <pluknet@nginx.com>
parents:
1260
diff
changeset
|
26 my $t = Test::Nginx->new()->has(qw/stream stream_ssl stream_return/) |
|
6f53ec0cf591
Tests: simplified stream_proxy_ssl_verify.t using return directive.
Sergey Kandaurov <pluknet@nginx.com>
parents:
1260
diff
changeset
|
27 ->has_daemon('openssl')->plan(6); |
|
559
9208d8243926
Tests: stream ssl and proxy ssl tests.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
28 |
|
1453
6f53ec0cf591
Tests: simplified stream_proxy_ssl_verify.t using return directive.
Sergey Kandaurov <pluknet@nginx.com>
parents:
1260
diff
changeset
|
29 $t->write_file_expand('nginx.conf', <<'EOF'); |
|
559
9208d8243926
Tests: stream ssl and proxy ssl tests.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
30 |
|
9208d8243926
Tests: stream ssl and proxy ssl tests.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
31 %%TEST_GLOBALS%% |
|
9208d8243926
Tests: stream ssl and proxy ssl tests.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
32 |
|
9208d8243926
Tests: stream ssl and proxy ssl tests.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
33 daemon off; |
|
9208d8243926
Tests: stream ssl and proxy ssl tests.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
34 |
|
9208d8243926
Tests: stream ssl and proxy ssl tests.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
35 events { |
|
9208d8243926
Tests: stream ssl and proxy ssl tests.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
36 } |
|
9208d8243926
Tests: stream ssl and proxy ssl tests.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
37 |
|
9208d8243926
Tests: stream ssl and proxy ssl tests.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
38 stream { |
|
9208d8243926
Tests: stream ssl and proxy ssl tests.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
39 proxy_ssl on; |
|
9208d8243926
Tests: stream ssl and proxy ssl tests.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
40 proxy_ssl_verify on; |
|
9208d8243926
Tests: stream ssl and proxy ssl tests.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
41 |
|
9208d8243926
Tests: stream ssl and proxy ssl tests.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
42 server { |
|
974
882267679006
Tests: simplified parallel modifications in tests.
Andrey Zelenkov <zelenkov@nginx.com>
parents:
952
diff
changeset
|
43 listen 127.0.0.1:8080; |
|
882267679006
Tests: simplified parallel modifications in tests.
Andrey Zelenkov <zelenkov@nginx.com>
parents:
952
diff
changeset
|
44 proxy_pass 127.0.0.1:8086; |
|
559
9208d8243926
Tests: stream ssl and proxy ssl tests.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
45 |
|
9208d8243926
Tests: stream ssl and proxy ssl tests.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
46 proxy_ssl_name example.com; |
|
9208d8243926
Tests: stream ssl and proxy ssl tests.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
47 proxy_ssl_trusted_certificate 1.example.com.crt; |
|
9208d8243926
Tests: stream ssl and proxy ssl tests.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
48 } |
|
9208d8243926
Tests: stream ssl and proxy ssl tests.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
49 |
|
9208d8243926
Tests: stream ssl and proxy ssl tests.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
50 server { |
|
974
882267679006
Tests: simplified parallel modifications in tests.
Andrey Zelenkov <zelenkov@nginx.com>
parents:
952
diff
changeset
|
51 listen 127.0.0.1:8081; |
|
882267679006
Tests: simplified parallel modifications in tests.
Andrey Zelenkov <zelenkov@nginx.com>
parents:
952
diff
changeset
|
52 proxy_pass 127.0.0.1:8086; |
|
559
9208d8243926
Tests: stream ssl and proxy ssl tests.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
53 |
|
9208d8243926
Tests: stream ssl and proxy ssl tests.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
54 proxy_ssl_name foo.example.com; |
|
9208d8243926
Tests: stream ssl and proxy ssl tests.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
55 proxy_ssl_trusted_certificate 1.example.com.crt; |
|
9208d8243926
Tests: stream ssl and proxy ssl tests.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
56 } |
|
9208d8243926
Tests: stream ssl and proxy ssl tests.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
57 |
|
9208d8243926
Tests: stream ssl and proxy ssl tests.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
58 server { |
|
974
882267679006
Tests: simplified parallel modifications in tests.
Andrey Zelenkov <zelenkov@nginx.com>
parents:
952
diff
changeset
|
59 listen 127.0.0.1:8082; |
|
882267679006
Tests: simplified parallel modifications in tests.
Andrey Zelenkov <zelenkov@nginx.com>
parents:
952
diff
changeset
|
60 proxy_pass 127.0.0.1:8086; |
|
559
9208d8243926
Tests: stream ssl and proxy ssl tests.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
61 |
|
9208d8243926
Tests: stream ssl and proxy ssl tests.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
62 proxy_ssl_name no.match.example.com; |
|
9208d8243926
Tests: stream ssl and proxy ssl tests.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
63 proxy_ssl_trusted_certificate 1.example.com.crt; |
|
9208d8243926
Tests: stream ssl and proxy ssl tests.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
64 } |
|
9208d8243926
Tests: stream ssl and proxy ssl tests.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
65 |
|
9208d8243926
Tests: stream ssl and proxy ssl tests.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
66 server { |
|
974
882267679006
Tests: simplified parallel modifications in tests.
Andrey Zelenkov <zelenkov@nginx.com>
parents:
952
diff
changeset
|
67 listen 127.0.0.1:8083; |
|
882267679006
Tests: simplified parallel modifications in tests.
Andrey Zelenkov <zelenkov@nginx.com>
parents:
952
diff
changeset
|
68 proxy_pass 127.0.0.1:8087; |
|
559
9208d8243926
Tests: stream ssl and proxy ssl tests.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
69 |
|
9208d8243926
Tests: stream ssl and proxy ssl tests.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
70 proxy_ssl_name 2.example.com; |
|
9208d8243926
Tests: stream ssl and proxy ssl tests.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
71 proxy_ssl_trusted_certificate 2.example.com.crt; |
|
9208d8243926
Tests: stream ssl and proxy ssl tests.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
72 } |
|
9208d8243926
Tests: stream ssl and proxy ssl tests.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
73 |
|
9208d8243926
Tests: stream ssl and proxy ssl tests.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
74 server { |
|
974
882267679006
Tests: simplified parallel modifications in tests.
Andrey Zelenkov <zelenkov@nginx.com>
parents:
952
diff
changeset
|
75 listen 127.0.0.1:8084; |
|
882267679006
Tests: simplified parallel modifications in tests.
Andrey Zelenkov <zelenkov@nginx.com>
parents:
952
diff
changeset
|
76 proxy_pass 127.0.0.1:8087; |
|
559
9208d8243926
Tests: stream ssl and proxy ssl tests.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
77 |
|
9208d8243926
Tests: stream ssl and proxy ssl tests.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
78 proxy_ssl_name bad.example.com; |
|
9208d8243926
Tests: stream ssl and proxy ssl tests.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
79 proxy_ssl_trusted_certificate 2.example.com.crt; |
|
9208d8243926
Tests: stream ssl and proxy ssl tests.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
80 } |
|
9208d8243926
Tests: stream ssl and proxy ssl tests.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
81 |
|
9208d8243926
Tests: stream ssl and proxy ssl tests.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
82 server { |
|
974
882267679006
Tests: simplified parallel modifications in tests.
Andrey Zelenkov <zelenkov@nginx.com>
parents:
952
diff
changeset
|
83 listen 127.0.0.1:8085; |
|
882267679006
Tests: simplified parallel modifications in tests.
Andrey Zelenkov <zelenkov@nginx.com>
parents:
952
diff
changeset
|
84 proxy_pass 127.0.0.1:8087; |
|
559
9208d8243926
Tests: stream ssl and proxy ssl tests.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
85 |
|
9208d8243926
Tests: stream ssl and proxy ssl tests.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
86 proxy_ssl_trusted_certificate 1.example.com.crt; |
|
9208d8243926
Tests: stream ssl and proxy ssl tests.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
87 proxy_ssl_session_reuse off; |
|
9208d8243926
Tests: stream ssl and proxy ssl tests.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
88 } |
|
9208d8243926
Tests: stream ssl and proxy ssl tests.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
89 |
|
9208d8243926
Tests: stream ssl and proxy ssl tests.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
90 server { |
|
974
882267679006
Tests: simplified parallel modifications in tests.
Andrey Zelenkov <zelenkov@nginx.com>
parents:
952
diff
changeset
|
91 listen 127.0.0.1:8086 ssl; |
|
610
936deb3c4727
Tests: combined multiple stream blocks being invalid since 1.9.3.
Sergey Kandaurov <pluknet@nginx.com>
parents:
598
diff
changeset
|
92 proxy_ssl off; |
|
1453
6f53ec0cf591
Tests: simplified stream_proxy_ssl_verify.t using return directive.
Sergey Kandaurov <pluknet@nginx.com>
parents:
1260
diff
changeset
|
93 return OK; |
|
559
9208d8243926
Tests: stream ssl and proxy ssl tests.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
94 |
|
9208d8243926
Tests: stream ssl and proxy ssl tests.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
95 ssl_certificate 1.example.com.crt; |
|
9208d8243926
Tests: stream ssl and proxy ssl tests.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
96 ssl_certificate_key 1.example.com.key; |
|
9208d8243926
Tests: stream ssl and proxy ssl tests.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
97 } |
|
9208d8243926
Tests: stream ssl and proxy ssl tests.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
98 |
|
9208d8243926
Tests: stream ssl and proxy ssl tests.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
99 server { |
|
974
882267679006
Tests: simplified parallel modifications in tests.
Andrey Zelenkov <zelenkov@nginx.com>
parents:
952
diff
changeset
|
100 listen 127.0.0.1:8087 ssl; |
|
610
936deb3c4727
Tests: combined multiple stream blocks being invalid since 1.9.3.
Sergey Kandaurov <pluknet@nginx.com>
parents:
598
diff
changeset
|
101 proxy_ssl off; |
|
1453
6f53ec0cf591
Tests: simplified stream_proxy_ssl_verify.t using return directive.
Sergey Kandaurov <pluknet@nginx.com>
parents:
1260
diff
changeset
|
102 return OK; |
|
559
9208d8243926
Tests: stream ssl and proxy ssl tests.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
103 |
|
9208d8243926
Tests: stream ssl and proxy ssl tests.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
104 ssl_certificate 2.example.com.crt; |
|
9208d8243926
Tests: stream ssl and proxy ssl tests.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
105 ssl_certificate_key 2.example.com.key; |
|
9208d8243926
Tests: stream ssl and proxy ssl tests.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
106 } |
|
9208d8243926
Tests: stream ssl and proxy ssl tests.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
107 } |
|
9208d8243926
Tests: stream ssl and proxy ssl tests.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
108 |
|
9208d8243926
Tests: stream ssl and proxy ssl tests.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
109 EOF |
|
9208d8243926
Tests: stream ssl and proxy ssl tests.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
110 |
|
9208d8243926
Tests: stream ssl and proxy ssl tests.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
111 $t->write_file('openssl.1.example.com.conf', <<EOF); |
|
9208d8243926
Tests: stream ssl and proxy ssl tests.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
112 [ req ] |
|
9208d8243926
Tests: stream ssl and proxy ssl tests.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
113 prompt = no |
|
9208d8243926
Tests: stream ssl and proxy ssl tests.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
114 default_bits = 1024 |
|
9208d8243926
Tests: stream ssl and proxy ssl tests.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
115 encrypt_key = no |
|
9208d8243926
Tests: stream ssl and proxy ssl tests.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
116 distinguished_name = req_distinguished_name |
|
9208d8243926
Tests: stream ssl and proxy ssl tests.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
117 x509_extensions = v3_req |
|
9208d8243926
Tests: stream ssl and proxy ssl tests.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
118 |
|
9208d8243926
Tests: stream ssl and proxy ssl tests.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
119 [ req_distinguished_name ] |
|
9208d8243926
Tests: stream ssl and proxy ssl tests.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
120 commonName=no.match.example.com |
|
9208d8243926
Tests: stream ssl and proxy ssl tests.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
121 |
|
9208d8243926
Tests: stream ssl and proxy ssl tests.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
122 [ v3_req ] |
|
9208d8243926
Tests: stream ssl and proxy ssl tests.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
123 subjectAltName = DNS:example.com,DNS:*.example.com |
|
9208d8243926
Tests: stream ssl and proxy ssl tests.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
124 EOF |
|
9208d8243926
Tests: stream ssl and proxy ssl tests.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
125 |
|
9208d8243926
Tests: stream ssl and proxy ssl tests.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
126 $t->write_file('openssl.2.example.com.conf', <<EOF); |
|
9208d8243926
Tests: stream ssl and proxy ssl tests.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
127 [ req ] |
|
9208d8243926
Tests: stream ssl and proxy ssl tests.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
128 prompt = no |
|
9208d8243926
Tests: stream ssl and proxy ssl tests.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
129 default_bits = 1024 |
|
9208d8243926
Tests: stream ssl and proxy ssl tests.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
130 encrypt_key = no |
|
9208d8243926
Tests: stream ssl and proxy ssl tests.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
131 distinguished_name = req_distinguished_name |
|
9208d8243926
Tests: stream ssl and proxy ssl tests.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
132 |
|
9208d8243926
Tests: stream ssl and proxy ssl tests.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
133 [ req_distinguished_name ] |
|
9208d8243926
Tests: stream ssl and proxy ssl tests.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
134 commonName=2.example.com |
|
9208d8243926
Tests: stream ssl and proxy ssl tests.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
135 EOF |
|
9208d8243926
Tests: stream ssl and proxy ssl tests.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
136 |
|
9208d8243926
Tests: stream ssl and proxy ssl tests.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
137 my $d = $t->testdir(); |
|
9208d8243926
Tests: stream ssl and proxy ssl tests.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
138 |
|
9208d8243926
Tests: stream ssl and proxy ssl tests.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
139 foreach my $name ('1.example.com', '2.example.com') { |
|
9208d8243926
Tests: stream ssl and proxy ssl tests.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
140 system('openssl req -x509 -new ' |
|
1220
0af58b78df35
Tests: removed single quotes from system() calls.
Sergey Kandaurov <pluknet@nginx.com>
parents:
974
diff
changeset
|
141 . "-config $d/openssl.$name.conf " |
|
0af58b78df35
Tests: removed single quotes from system() calls.
Sergey Kandaurov <pluknet@nginx.com>
parents:
974
diff
changeset
|
142 . "-out $d/$name.crt -keyout $d/$name.key " |
|
559
9208d8243926
Tests: stream ssl and proxy ssl tests.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
143 . ">>$d/openssl.out 2>&1") == 0 |
|
9208d8243926
Tests: stream ssl and proxy ssl tests.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
144 or die "Can't create certificate for $name: $!\n"; |
|
9208d8243926
Tests: stream ssl and proxy ssl tests.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
145 } |
|
9208d8243926
Tests: stream ssl and proxy ssl tests.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
146 |
|
1260
eadd24ccfda1
Tests: postponed startup in certain ssl certificate tests on win32.
Sergey Kandaurov <pluknet@nginx.com>
parents:
1220
diff
changeset
|
147 sleep 1 if $^O eq 'MSWin32'; |
|
eadd24ccfda1
Tests: postponed startup in certain ssl certificate tests on win32.
Sergey Kandaurov <pluknet@nginx.com>
parents:
1220
diff
changeset
|
148 |
|
559
9208d8243926
Tests: stream ssl and proxy ssl tests.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
149 $t->run(); |
|
9208d8243926
Tests: stream ssl and proxy ssl tests.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
150 |
|
9208d8243926
Tests: stream ssl and proxy ssl tests.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
151 ############################################################################### |
|
9208d8243926
Tests: stream ssl and proxy ssl tests.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
152 |
|
9208d8243926
Tests: stream ssl and proxy ssl tests.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
153 # subjectAltName |
|
9208d8243926
Tests: stream ssl and proxy ssl tests.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
154 |
|
1453
6f53ec0cf591
Tests: simplified stream_proxy_ssl_verify.t using return directive.
Sergey Kandaurov <pluknet@nginx.com>
parents:
1260
diff
changeset
|
155 is(get(8080), 'OK', 'verify'); |
|
6f53ec0cf591
Tests: simplified stream_proxy_ssl_verify.t using return directive.
Sergey Kandaurov <pluknet@nginx.com>
parents:
1260
diff
changeset
|
156 is(get(8081), 'OK', 'verify wildcard'); |
|
6f53ec0cf591
Tests: simplified stream_proxy_ssl_verify.t using return directive.
Sergey Kandaurov <pluknet@nginx.com>
parents:
1260
diff
changeset
|
157 isnt(get(8082), 'OK', 'verify fail'); |
|
559
9208d8243926
Tests: stream ssl and proxy ssl tests.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
158 |
|
9208d8243926
Tests: stream ssl and proxy ssl tests.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
159 # commonName |
|
9208d8243926
Tests: stream ssl and proxy ssl tests.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
160 |
|
1453
6f53ec0cf591
Tests: simplified stream_proxy_ssl_verify.t using return directive.
Sergey Kandaurov <pluknet@nginx.com>
parents:
1260
diff
changeset
|
161 is(get(8083), 'OK', 'verify cn'); |
|
6f53ec0cf591
Tests: simplified stream_proxy_ssl_verify.t using return directive.
Sergey Kandaurov <pluknet@nginx.com>
parents:
1260
diff
changeset
|
162 isnt(get(8084), 'OK', 'verify cn fail'); |
|
559
9208d8243926
Tests: stream ssl and proxy ssl tests.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
163 |
|
9208d8243926
Tests: stream ssl and proxy ssl tests.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
164 # untrusted |
|
9208d8243926
Tests: stream ssl and proxy ssl tests.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
165 |
|
1453
6f53ec0cf591
Tests: simplified stream_proxy_ssl_verify.t using return directive.
Sergey Kandaurov <pluknet@nginx.com>
parents:
1260
diff
changeset
|
166 isnt(get(8085), 'OK', 'untrusted'); |
|
559
9208d8243926
Tests: stream ssl and proxy ssl tests.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
167 |
|
9208d8243926
Tests: stream ssl and proxy ssl tests.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
168 ############################################################################### |
|
9208d8243926
Tests: stream ssl and proxy ssl tests.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
169 |
|
892
0c64f87aa689
Tests: guard stream_proxy_ssl_verify.t tests against undef.
Sergey Kandaurov <pluknet@nginx.com>
parents:
891
diff
changeset
|
170 sub get { |
|
1453
6f53ec0cf591
Tests: simplified stream_proxy_ssl_verify.t using return directive.
Sergey Kandaurov <pluknet@nginx.com>
parents:
1260
diff
changeset
|
171 stream('127.0.0.1:' . port(shift))->read(); |
|
559
9208d8243926
Tests: stream ssl and proxy ssl tests.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
172 } |
|
9208d8243926
Tests: stream ssl and proxy ssl tests.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
173 |
|
9208d8243926
Tests: stream ssl and proxy ssl tests.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
174 ############################################################################### |