nginx-tests: stream_ssl_certificate.t annotate

annotate stream_ssl_certificate.t @ 1477:8b122b35703b

Tests: fixed session reuse tests in ssl_certificate.t with TLSv1.3. Previously, session data was retrieved too early, before server passed application data, which usually means NewSessionTicket is not yet sent. The fix is to ask server for application data, then retrieve a session.

author	Sergey Kandaurov <pluknet@nginx.com>
date	Mon, 20 May 2019 16:00:40 +0300
parents	889283abadf8
children	dbce8fb5f5f8

rev	line source
1443 7c217d343d1e Tests: ssl tests with dynamic certificates. Sergey Kandaurov <pluknet@nginx.com> parents: diff changeset	1 #!/usr/bin/perl
7c217d343d1e Tests: ssl tests with dynamic certificates. Sergey Kandaurov <pluknet@nginx.com> parents: diff changeset	2
7c217d343d1e Tests: ssl tests with dynamic certificates. Sergey Kandaurov <pluknet@nginx.com> parents: diff changeset	3 # (C) Sergey Kandaurov
7c217d343d1e Tests: ssl tests with dynamic certificates. Sergey Kandaurov <pluknet@nginx.com> parents: diff changeset	4 # (C) Nginx, Inc.
7c217d343d1e Tests: ssl tests with dynamic certificates. Sergey Kandaurov <pluknet@nginx.com> parents: diff changeset	5
7c217d343d1e Tests: ssl tests with dynamic certificates. Sergey Kandaurov <pluknet@nginx.com> parents: diff changeset	6 # Tests for stream ssl module with dynamic certificates.
7c217d343d1e Tests: ssl tests with dynamic certificates. Sergey Kandaurov <pluknet@nginx.com> parents: diff changeset	7
7c217d343d1e Tests: ssl tests with dynamic certificates. Sergey Kandaurov <pluknet@nginx.com> parents: diff changeset	8 ###############################################################################
7c217d343d1e Tests: ssl tests with dynamic certificates. Sergey Kandaurov <pluknet@nginx.com> parents: diff changeset	9
7c217d343d1e Tests: ssl tests with dynamic certificates. Sergey Kandaurov <pluknet@nginx.com> parents: diff changeset	10 use warnings;
7c217d343d1e Tests: ssl tests with dynamic certificates. Sergey Kandaurov <pluknet@nginx.com> parents: diff changeset	11 use strict;
7c217d343d1e Tests: ssl tests with dynamic certificates. Sergey Kandaurov <pluknet@nginx.com> parents: diff changeset	12
7c217d343d1e Tests: ssl tests with dynamic certificates. Sergey Kandaurov <pluknet@nginx.com> parents: diff changeset	13 use Test::More;
7c217d343d1e Tests: ssl tests with dynamic certificates. Sergey Kandaurov <pluknet@nginx.com> parents: diff changeset	14
7c217d343d1e Tests: ssl tests with dynamic certificates. Sergey Kandaurov <pluknet@nginx.com> parents: diff changeset	15 use Socket qw/ :DEFAULT CRLF /;
7c217d343d1e Tests: ssl tests with dynamic certificates. Sergey Kandaurov <pluknet@nginx.com> parents: diff changeset	16
7c217d343d1e Tests: ssl tests with dynamic certificates. Sergey Kandaurov <pluknet@nginx.com> parents: diff changeset	17 BEGIN { use FindBin; chdir($FindBin::Bin); }
7c217d343d1e Tests: ssl tests with dynamic certificates. Sergey Kandaurov <pluknet@nginx.com> parents: diff changeset	18
7c217d343d1e Tests: ssl tests with dynamic certificates. Sergey Kandaurov <pluknet@nginx.com> parents: diff changeset	19 use lib 'lib';
7c217d343d1e Tests: ssl tests with dynamic certificates. Sergey Kandaurov <pluknet@nginx.com> parents: diff changeset	20 use Test::Nginx;
7c217d343d1e Tests: ssl tests with dynamic certificates. Sergey Kandaurov <pluknet@nginx.com> parents: diff changeset	21
7c217d343d1e Tests: ssl tests with dynamic certificates. Sergey Kandaurov <pluknet@nginx.com> parents: diff changeset	22 ###############################################################################
7c217d343d1e Tests: ssl tests with dynamic certificates. Sergey Kandaurov <pluknet@nginx.com> parents: diff changeset	23
7c217d343d1e Tests: ssl tests with dynamic certificates. Sergey Kandaurov <pluknet@nginx.com> parents: diff changeset	24 select STDERR; $\| = 1;
7c217d343d1e Tests: ssl tests with dynamic certificates. Sergey Kandaurov <pluknet@nginx.com> parents: diff changeset	25 select STDOUT; $\| = 1;
7c217d343d1e Tests: ssl tests with dynamic certificates. Sergey Kandaurov <pluknet@nginx.com> parents: diff changeset	26
7c217d343d1e Tests: ssl tests with dynamic certificates. Sergey Kandaurov <pluknet@nginx.com> parents: diff changeset	27 eval {
7c217d343d1e Tests: ssl tests with dynamic certificates. Sergey Kandaurov <pluknet@nginx.com> parents: diff changeset	28 require Net::SSLeay;
7c217d343d1e Tests: ssl tests with dynamic certificates. Sergey Kandaurov <pluknet@nginx.com> parents: diff changeset	29 Net::SSLeay::load_error_strings();
7c217d343d1e Tests: ssl tests with dynamic certificates. Sergey Kandaurov <pluknet@nginx.com> parents: diff changeset	30 Net::SSLeay::SSLeay_add_ssl_algorithms();
7c217d343d1e Tests: ssl tests with dynamic certificates. Sergey Kandaurov <pluknet@nginx.com> parents: diff changeset	31 Net::SSLeay::randomize();
7c217d343d1e Tests: ssl tests with dynamic certificates. Sergey Kandaurov <pluknet@nginx.com> parents: diff changeset	32 };
7c217d343d1e Tests: ssl tests with dynamic certificates. Sergey Kandaurov <pluknet@nginx.com> parents: diff changeset	33 plan(skip_all => 'Net::SSLeay not installed') if $@;
7c217d343d1e Tests: ssl tests with dynamic certificates. Sergey Kandaurov <pluknet@nginx.com> parents: diff changeset	34
7c217d343d1e Tests: ssl tests with dynamic certificates. Sergey Kandaurov <pluknet@nginx.com> parents: diff changeset	35 eval {
7c217d343d1e Tests: ssl tests with dynamic certificates. Sergey Kandaurov <pluknet@nginx.com> parents: diff changeset	36 my $ctx = Net::SSLeay::CTX_new() or die;
7c217d343d1e Tests: ssl tests with dynamic certificates. Sergey Kandaurov <pluknet@nginx.com> parents: diff changeset	37 my $ssl = Net::SSLeay::new($ctx) or die;
7c217d343d1e Tests: ssl tests with dynamic certificates. Sergey Kandaurov <pluknet@nginx.com> parents: diff changeset	38 Net::SSLeay::set_tlsext_host_name($ssl, 'example.org') == 1 or die;
7c217d343d1e Tests: ssl tests with dynamic certificates. Sergey Kandaurov <pluknet@nginx.com> parents: diff changeset	39 };
7c217d343d1e Tests: ssl tests with dynamic certificates. Sergey Kandaurov <pluknet@nginx.com> parents: diff changeset	40 plan(skip_all => 'Net::SSLeay with OpenSSL SNI support required') if $@;
7c217d343d1e Tests: ssl tests with dynamic certificates. Sergey Kandaurov <pluknet@nginx.com> parents: diff changeset	41
7c217d343d1e Tests: ssl tests with dynamic certificates. Sergey Kandaurov <pluknet@nginx.com> parents: diff changeset	42 my $t = Test::Nginx->new()->has(qw/stream stream_ssl stream_geo stream_return/)
7c217d343d1e Tests: ssl tests with dynamic certificates. Sergey Kandaurov <pluknet@nginx.com> parents: diff changeset	43 ->has_daemon('openssl');
7c217d343d1e Tests: ssl tests with dynamic certificates. Sergey Kandaurov <pluknet@nginx.com> parents: diff changeset	44
7c217d343d1e Tests: ssl tests with dynamic certificates. Sergey Kandaurov <pluknet@nginx.com> parents: diff changeset	45 $t->{_configure_args} =~ /OpenSSL ([\d\.]+)/;
7c217d343d1e Tests: ssl tests with dynamic certificates. Sergey Kandaurov <pluknet@nginx.com> parents: diff changeset	46 plan(skip_all => 'OpenSSL too old') unless defined $1 and $1 ge '1.0.2';
7c217d343d1e Tests: ssl tests with dynamic certificates. Sergey Kandaurov <pluknet@nginx.com> parents: diff changeset	47
7c217d343d1e Tests: ssl tests with dynamic certificates. Sergey Kandaurov <pluknet@nginx.com> parents: diff changeset	48 $t->write_file_expand('nginx.conf', <<'EOF');
7c217d343d1e Tests: ssl tests with dynamic certificates. Sergey Kandaurov <pluknet@nginx.com> parents: diff changeset	49
7c217d343d1e Tests: ssl tests with dynamic certificates. Sergey Kandaurov <pluknet@nginx.com> parents: diff changeset	50 %%TEST_GLOBALS%%
7c217d343d1e Tests: ssl tests with dynamic certificates. Sergey Kandaurov <pluknet@nginx.com> parents: diff changeset	51
7c217d343d1e Tests: ssl tests with dynamic certificates. Sergey Kandaurov <pluknet@nginx.com> parents: diff changeset	52 daemon off;
7c217d343d1e Tests: ssl tests with dynamic certificates. Sergey Kandaurov <pluknet@nginx.com> parents: diff changeset	53
7c217d343d1e Tests: ssl tests with dynamic certificates. Sergey Kandaurov <pluknet@nginx.com> parents: diff changeset	54 events {
7c217d343d1e Tests: ssl tests with dynamic certificates. Sergey Kandaurov <pluknet@nginx.com> parents: diff changeset	55 }
7c217d343d1e Tests: ssl tests with dynamic certificates. Sergey Kandaurov <pluknet@nginx.com> parents: diff changeset	56
7c217d343d1e Tests: ssl tests with dynamic certificates. Sergey Kandaurov <pluknet@nginx.com> parents: diff changeset	57 stream {
7c217d343d1e Tests: ssl tests with dynamic certificates. Sergey Kandaurov <pluknet@nginx.com> parents: diff changeset	58 geo $one {
7c217d343d1e Tests: ssl tests with dynamic certificates. Sergey Kandaurov <pluknet@nginx.com> parents: diff changeset	59 default one;
7c217d343d1e Tests: ssl tests with dynamic certificates. Sergey Kandaurov <pluknet@nginx.com> parents: diff changeset	60 }
7c217d343d1e Tests: ssl tests with dynamic certificates. Sergey Kandaurov <pluknet@nginx.com> parents: diff changeset	61
7c217d343d1e Tests: ssl tests with dynamic certificates. Sergey Kandaurov <pluknet@nginx.com> parents: diff changeset	62 geo $two {
7c217d343d1e Tests: ssl tests with dynamic certificates. Sergey Kandaurov <pluknet@nginx.com> parents: diff changeset	63 default two;
7c217d343d1e Tests: ssl tests with dynamic certificates. Sergey Kandaurov <pluknet@nginx.com> parents: diff changeset	64 }
7c217d343d1e Tests: ssl tests with dynamic certificates. Sergey Kandaurov <pluknet@nginx.com> parents: diff changeset	65
7c217d343d1e Tests: ssl tests with dynamic certificates. Sergey Kandaurov <pluknet@nginx.com> parents: diff changeset	66 geo $pass {
7c217d343d1e Tests: ssl tests with dynamic certificates. Sergey Kandaurov <pluknet@nginx.com> parents: diff changeset	67 default pass;
7c217d343d1e Tests: ssl tests with dynamic certificates. Sergey Kandaurov <pluknet@nginx.com> parents: diff changeset	68 }
7c217d343d1e Tests: ssl tests with dynamic certificates. Sergey Kandaurov <pluknet@nginx.com> parents: diff changeset	69
7c217d343d1e Tests: ssl tests with dynamic certificates. Sergey Kandaurov <pluknet@nginx.com> parents: diff changeset	70 ssl_session_cache shared:SSL:1m;
7c217d343d1e Tests: ssl tests with dynamic certificates. Sergey Kandaurov <pluknet@nginx.com> parents: diff changeset	71 ssl_session_tickets off;
7c217d343d1e Tests: ssl tests with dynamic certificates. Sergey Kandaurov <pluknet@nginx.com> parents: diff changeset	72
7c217d343d1e Tests: ssl tests with dynamic certificates. Sergey Kandaurov <pluknet@nginx.com> parents: diff changeset	73 server {
7c217d343d1e Tests: ssl tests with dynamic certificates. Sergey Kandaurov <pluknet@nginx.com> parents: diff changeset	74 listen 127.0.0.1:8080 ssl;
7c217d343d1e Tests: ssl tests with dynamic certificates. Sergey Kandaurov <pluknet@nginx.com> parents: diff changeset	75 return $ssl_server_name:$ssl_session_reused;
7c217d343d1e Tests: ssl tests with dynamic certificates. Sergey Kandaurov <pluknet@nginx.com> parents: diff changeset	76
7c217d343d1e Tests: ssl tests with dynamic certificates. Sergey Kandaurov <pluknet@nginx.com> parents: diff changeset	77 ssl_certificate $one.crt;
7c217d343d1e Tests: ssl tests with dynamic certificates. Sergey Kandaurov <pluknet@nginx.com> parents: diff changeset	78 ssl_certificate_key $one.key;
7c217d343d1e Tests: ssl tests with dynamic certificates. Sergey Kandaurov <pluknet@nginx.com> parents: diff changeset	79 }
7c217d343d1e Tests: ssl tests with dynamic certificates. Sergey Kandaurov <pluknet@nginx.com> parents: diff changeset	80
7c217d343d1e Tests: ssl tests with dynamic certificates. Sergey Kandaurov <pluknet@nginx.com> parents: diff changeset	81 server {
7c217d343d1e Tests: ssl tests with dynamic certificates. Sergey Kandaurov <pluknet@nginx.com> parents: diff changeset	82 listen 127.0.0.1:8083 ssl;
7c217d343d1e Tests: ssl tests with dynamic certificates. Sergey Kandaurov <pluknet@nginx.com> parents: diff changeset	83 return $ssl_server_name:$ssl_session_reused;
7c217d343d1e Tests: ssl tests with dynamic certificates. Sergey Kandaurov <pluknet@nginx.com> parents: diff changeset	84
7c217d343d1e Tests: ssl tests with dynamic certificates. Sergey Kandaurov <pluknet@nginx.com> parents: diff changeset	85 # found in key
7c217d343d1e Tests: ssl tests with dynamic certificates. Sergey Kandaurov <pluknet@nginx.com> parents: diff changeset	86 ssl_certificate pass.crt;
7c217d343d1e Tests: ssl tests with dynamic certificates. Sergey Kandaurov <pluknet@nginx.com> parents: diff changeset	87 ssl_certificate_key $pass.key;
7c217d343d1e Tests: ssl tests with dynamic certificates. Sergey Kandaurov <pluknet@nginx.com> parents: diff changeset	88 ssl_password_file password_file;
7c217d343d1e Tests: ssl tests with dynamic certificates. Sergey Kandaurov <pluknet@nginx.com> parents: diff changeset	89 }
7c217d343d1e Tests: ssl tests with dynamic certificates. Sergey Kandaurov <pluknet@nginx.com> parents: diff changeset	90
7c217d343d1e Tests: ssl tests with dynamic certificates. Sergey Kandaurov <pluknet@nginx.com> parents: diff changeset	91 server {
7c217d343d1e Tests: ssl tests with dynamic certificates. Sergey Kandaurov <pluknet@nginx.com> parents: diff changeset	92 listen 127.0.0.1:8081 ssl;
7c217d343d1e Tests: ssl tests with dynamic certificates. Sergey Kandaurov <pluknet@nginx.com> parents: diff changeset	93 return $ssl_server_name:$ssl_session_reused;
7c217d343d1e Tests: ssl tests with dynamic certificates. Sergey Kandaurov <pluknet@nginx.com> parents: diff changeset	94
7c217d343d1e Tests: ssl tests with dynamic certificates. Sergey Kandaurov <pluknet@nginx.com> parents: diff changeset	95 ssl_certificate $one.crt;
7c217d343d1e Tests: ssl tests with dynamic certificates. Sergey Kandaurov <pluknet@nginx.com> parents: diff changeset	96 ssl_certificate_key $one.key;
7c217d343d1e Tests: ssl tests with dynamic certificates. Sergey Kandaurov <pluknet@nginx.com> parents: diff changeset	97 }
7c217d343d1e Tests: ssl tests with dynamic certificates. Sergey Kandaurov <pluknet@nginx.com> parents: diff changeset	98
7c217d343d1e Tests: ssl tests with dynamic certificates. Sergey Kandaurov <pluknet@nginx.com> parents: diff changeset	99 server {
7c217d343d1e Tests: ssl tests with dynamic certificates. Sergey Kandaurov <pluknet@nginx.com> parents: diff changeset	100 listen 127.0.0.1:8082 ssl;
7c217d343d1e Tests: ssl tests with dynamic certificates. Sergey Kandaurov <pluknet@nginx.com> parents: diff changeset	101 return $ssl_server_name:$ssl_session_reused;
7c217d343d1e Tests: ssl tests with dynamic certificates. Sergey Kandaurov <pluknet@nginx.com> parents: diff changeset	102
7c217d343d1e Tests: ssl tests with dynamic certificates. Sergey Kandaurov <pluknet@nginx.com> parents: diff changeset	103 ssl_certificate $two.crt;
7c217d343d1e Tests: ssl tests with dynamic certificates. Sergey Kandaurov <pluknet@nginx.com> parents: diff changeset	104 ssl_certificate_key $two.key;
7c217d343d1e Tests: ssl tests with dynamic certificates. Sergey Kandaurov <pluknet@nginx.com> parents: diff changeset	105 }
1445 889283abadf8 Tests: added basic ssl tests with dynamic certificate not found. Sergey Kandaurov <pluknet@nginx.com> parents: 1443 diff changeset	106
889283abadf8 Tests: added basic ssl tests with dynamic certificate not found. Sergey Kandaurov <pluknet@nginx.com> parents: 1443 diff changeset	107 server {
889283abadf8 Tests: added basic ssl tests with dynamic certificate not found. Sergey Kandaurov <pluknet@nginx.com> parents: 1443 diff changeset	108 listen 127.0.0.1:8084 ssl;
889283abadf8 Tests: added basic ssl tests with dynamic certificate not found. Sergey Kandaurov <pluknet@nginx.com> parents: 1443 diff changeset	109 return $ssl_server_name:$ssl_session_reused;
889283abadf8 Tests: added basic ssl tests with dynamic certificate not found. Sergey Kandaurov <pluknet@nginx.com> parents: 1443 diff changeset	110
889283abadf8 Tests: added basic ssl tests with dynamic certificate not found. Sergey Kandaurov <pluknet@nginx.com> parents: 1443 diff changeset	111 ssl_certificate $ssl_server_name.crt;
889283abadf8 Tests: added basic ssl tests with dynamic certificate not found. Sergey Kandaurov <pluknet@nginx.com> parents: 1443 diff changeset	112 ssl_certificate_key $ssl_server_name.key;
889283abadf8 Tests: added basic ssl tests with dynamic certificate not found. Sergey Kandaurov <pluknet@nginx.com> parents: 1443 diff changeset	113 }
1443 7c217d343d1e Tests: ssl tests with dynamic certificates. Sergey Kandaurov <pluknet@nginx.com> parents: diff changeset	114 }
7c217d343d1e Tests: ssl tests with dynamic certificates. Sergey Kandaurov <pluknet@nginx.com> parents: diff changeset	115
7c217d343d1e Tests: ssl tests with dynamic certificates. Sergey Kandaurov <pluknet@nginx.com> parents: diff changeset	116 EOF
7c217d343d1e Tests: ssl tests with dynamic certificates. Sergey Kandaurov <pluknet@nginx.com> parents: diff changeset	117
7c217d343d1e Tests: ssl tests with dynamic certificates. Sergey Kandaurov <pluknet@nginx.com> parents: diff changeset	118 $t->write_file('openssl.conf', <<EOF);
7c217d343d1e Tests: ssl tests with dynamic certificates. Sergey Kandaurov <pluknet@nginx.com> parents: diff changeset	119 [ req ]
7c217d343d1e Tests: ssl tests with dynamic certificates. Sergey Kandaurov <pluknet@nginx.com> parents: diff changeset	120 default_bits = 1024
7c217d343d1e Tests: ssl tests with dynamic certificates. Sergey Kandaurov <pluknet@nginx.com> parents: diff changeset	121 encrypt_key = no
7c217d343d1e Tests: ssl tests with dynamic certificates. Sergey Kandaurov <pluknet@nginx.com> parents: diff changeset	122 distinguished_name = req_distinguished_name
7c217d343d1e Tests: ssl tests with dynamic certificates. Sergey Kandaurov <pluknet@nginx.com> parents: diff changeset	123 [ req_distinguished_name ]
7c217d343d1e Tests: ssl tests with dynamic certificates. Sergey Kandaurov <pluknet@nginx.com> parents: diff changeset	124 EOF
7c217d343d1e Tests: ssl tests with dynamic certificates. Sergey Kandaurov <pluknet@nginx.com> parents: diff changeset	125
7c217d343d1e Tests: ssl tests with dynamic certificates. Sergey Kandaurov <pluknet@nginx.com> parents: diff changeset	126 my $d = $t->testdir();
7c217d343d1e Tests: ssl tests with dynamic certificates. Sergey Kandaurov <pluknet@nginx.com> parents: diff changeset	127
7c217d343d1e Tests: ssl tests with dynamic certificates. Sergey Kandaurov <pluknet@nginx.com> parents: diff changeset	128 foreach my $name ('one', 'two') {
7c217d343d1e Tests: ssl tests with dynamic certificates. Sergey Kandaurov <pluknet@nginx.com> parents: diff changeset	129 system('openssl req -x509 -new '
7c217d343d1e Tests: ssl tests with dynamic certificates. Sergey Kandaurov <pluknet@nginx.com> parents: diff changeset	130 . "-config $d/openssl.conf -subj /CN=$name/ "
7c217d343d1e Tests: ssl tests with dynamic certificates. Sergey Kandaurov <pluknet@nginx.com> parents: diff changeset	131 . "-out $d/$name.crt -keyout $d/$name.key "
7c217d343d1e Tests: ssl tests with dynamic certificates. Sergey Kandaurov <pluknet@nginx.com> parents: diff changeset	132 . ">>$d/openssl.out 2>&1") == 0
7c217d343d1e Tests: ssl tests with dynamic certificates. Sergey Kandaurov <pluknet@nginx.com> parents: diff changeset	133 or die "Can't create certificate for $name: $!\n";
7c217d343d1e Tests: ssl tests with dynamic certificates. Sergey Kandaurov <pluknet@nginx.com> parents: diff changeset	134 }
7c217d343d1e Tests: ssl tests with dynamic certificates. Sergey Kandaurov <pluknet@nginx.com> parents: diff changeset	135
7c217d343d1e Tests: ssl tests with dynamic certificates. Sergey Kandaurov <pluknet@nginx.com> parents: diff changeset	136 foreach my $name ('pass') {
7c217d343d1e Tests: ssl tests with dynamic certificates. Sergey Kandaurov <pluknet@nginx.com> parents: diff changeset	137 system("openssl genrsa -out $d/$name.key -passout pass:pass "
7c217d343d1e Tests: ssl tests with dynamic certificates. Sergey Kandaurov <pluknet@nginx.com> parents: diff changeset	138 . "-aes128 1024 >>$d/openssl.out 2>&1") == 0
7c217d343d1e Tests: ssl tests with dynamic certificates. Sergey Kandaurov <pluknet@nginx.com> parents: diff changeset	139 or die "Can't create $name key: $!\n";
7c217d343d1e Tests: ssl tests with dynamic certificates. Sergey Kandaurov <pluknet@nginx.com> parents: diff changeset	140 system("openssl req -x509 -new -config $d/openssl.conf "
7c217d343d1e Tests: ssl tests with dynamic certificates. Sergey Kandaurov <pluknet@nginx.com> parents: diff changeset	141 . "-subj /CN=$name/ -out $d/$name.crt -key $d/$name.key "
7c217d343d1e Tests: ssl tests with dynamic certificates. Sergey Kandaurov <pluknet@nginx.com> parents: diff changeset	142 . "-passin pass:pass >>$d/openssl.out 2>&1") == 0
7c217d343d1e Tests: ssl tests with dynamic certificates. Sergey Kandaurov <pluknet@nginx.com> parents: diff changeset	143 or die "Can't create $name certificate: $!\n";
7c217d343d1e Tests: ssl tests with dynamic certificates. Sergey Kandaurov <pluknet@nginx.com> parents: diff changeset	144 }
7c217d343d1e Tests: ssl tests with dynamic certificates. Sergey Kandaurov <pluknet@nginx.com> parents: diff changeset	145
7c217d343d1e Tests: ssl tests with dynamic certificates. Sergey Kandaurov <pluknet@nginx.com> parents: diff changeset	146 $t->write_file('password_file', 'pass');
7c217d343d1e Tests: ssl tests with dynamic certificates. Sergey Kandaurov <pluknet@nginx.com> parents: diff changeset	147 $t->write_file('index.html', '');
7c217d343d1e Tests: ssl tests with dynamic certificates. Sergey Kandaurov <pluknet@nginx.com> parents: diff changeset	148
1445 889283abadf8 Tests: added basic ssl tests with dynamic certificate not found. Sergey Kandaurov <pluknet@nginx.com> parents: 1443 diff changeset	149 $t->try_run('no ssl_certificate variables')->plan(7);
1443 7c217d343d1e Tests: ssl tests with dynamic certificates. Sergey Kandaurov <pluknet@nginx.com> parents: diff changeset	150
7c217d343d1e Tests: ssl tests with dynamic certificates. Sergey Kandaurov <pluknet@nginx.com> parents: diff changeset	151 ###############################################################################
7c217d343d1e Tests: ssl tests with dynamic certificates. Sergey Kandaurov <pluknet@nginx.com> parents: diff changeset	152
7c217d343d1e Tests: ssl tests with dynamic certificates. Sergey Kandaurov <pluknet@nginx.com> parents: diff changeset	153 like(cert('default', 8080), qr/CN=one/, 'default certificate');
7c217d343d1e Tests: ssl tests with dynamic certificates. Sergey Kandaurov <pluknet@nginx.com> parents: diff changeset	154 like(get('default', 8080), qr/default/, 'default context');
7c217d343d1e Tests: ssl tests with dynamic certificates. Sergey Kandaurov <pluknet@nginx.com> parents: diff changeset	155
7c217d343d1e Tests: ssl tests with dynamic certificates. Sergey Kandaurov <pluknet@nginx.com> parents: diff changeset	156 like(get('password', 8083), qr/password/, 'ssl_password_file');
7c217d343d1e Tests: ssl tests with dynamic certificates. Sergey Kandaurov <pluknet@nginx.com> parents: diff changeset	157
7c217d343d1e Tests: ssl tests with dynamic certificates. Sergey Kandaurov <pluknet@nginx.com> parents: diff changeset	158 # session reuse
7c217d343d1e Tests: ssl tests with dynamic certificates. Sergey Kandaurov <pluknet@nginx.com> parents: diff changeset	159
7c217d343d1e Tests: ssl tests with dynamic certificates. Sergey Kandaurov <pluknet@nginx.com> parents: diff changeset	160 my ($s, $ssl) = get_ssl_socket('default', 8080);
7c217d343d1e Tests: ssl tests with dynamic certificates. Sergey Kandaurov <pluknet@nginx.com> parents: diff changeset	161 my $ses = Net::SSLeay::get_session($ssl);
7c217d343d1e Tests: ssl tests with dynamic certificates. Sergey Kandaurov <pluknet@nginx.com> parents: diff changeset	162
7c217d343d1e Tests: ssl tests with dynamic certificates. Sergey Kandaurov <pluknet@nginx.com> parents: diff changeset	163 like(get('default', 8080, $ses), qr/:r/, 'session reused');
7c217d343d1e Tests: ssl tests with dynamic certificates. Sergey Kandaurov <pluknet@nginx.com> parents: diff changeset	164
7c217d343d1e Tests: ssl tests with dynamic certificates. Sergey Kandaurov <pluknet@nginx.com> parents: diff changeset	165 # do not check $ssl_server_name, since stream doesn't install SNI callback
7c217d343d1e Tests: ssl tests with dynamic certificates. Sergey Kandaurov <pluknet@nginx.com> parents: diff changeset	166 # see for more details: https://github.com/openssl/openssl/issues/7014
7c217d343d1e Tests: ssl tests with dynamic certificates. Sergey Kandaurov <pluknet@nginx.com> parents: diff changeset	167
7c217d343d1e Tests: ssl tests with dynamic certificates. Sergey Kandaurov <pluknet@nginx.com> parents: diff changeset	168 like(get('default', 8081, $ses), qr/:r/, 'session id context match');
7c217d343d1e Tests: ssl tests with dynamic certificates. Sergey Kandaurov <pluknet@nginx.com> parents: diff changeset	169 like(get('default', 8082, $ses), qr/:\./, 'session id context distinct');
7c217d343d1e Tests: ssl tests with dynamic certificates. Sergey Kandaurov <pluknet@nginx.com> parents: diff changeset	170
1445 889283abadf8 Tests: added basic ssl tests with dynamic certificate not found. Sergey Kandaurov <pluknet@nginx.com> parents: 1443 diff changeset	171 # errors
889283abadf8 Tests: added basic ssl tests with dynamic certificate not found. Sergey Kandaurov <pluknet@nginx.com> parents: 1443 diff changeset	172
889283abadf8 Tests: added basic ssl tests with dynamic certificate not found. Sergey Kandaurov <pluknet@nginx.com> parents: 1443 diff changeset	173 Net::SSLeay::ERR_clear_error();
889283abadf8 Tests: added basic ssl tests with dynamic certificate not found. Sergey Kandaurov <pluknet@nginx.com> parents: 1443 diff changeset	174 get_ssl_socket('nx', 8084);
889283abadf8 Tests: added basic ssl tests with dynamic certificate not found. Sergey Kandaurov <pluknet@nginx.com> parents: 1443 diff changeset	175 ok(Net::SSLeay::ERR_peek_error(), 'no certificate');
889283abadf8 Tests: added basic ssl tests with dynamic certificate not found. Sergey Kandaurov <pluknet@nginx.com> parents: 1443 diff changeset	176
1443 7c217d343d1e Tests: ssl tests with dynamic certificates. Sergey Kandaurov <pluknet@nginx.com> parents: diff changeset	177 ###############################################################################
7c217d343d1e Tests: ssl tests with dynamic certificates. Sergey Kandaurov <pluknet@nginx.com> parents: diff changeset	178
7c217d343d1e Tests: ssl tests with dynamic certificates. Sergey Kandaurov <pluknet@nginx.com> parents: diff changeset	179 sub get {
7c217d343d1e Tests: ssl tests with dynamic certificates. Sergey Kandaurov <pluknet@nginx.com> parents: diff changeset	180 my ($host, $port, $ctx) = @_;
7c217d343d1e Tests: ssl tests with dynamic certificates. Sergey Kandaurov <pluknet@nginx.com> parents: diff changeset	181 my ($s, $ssl) = get_ssl_socket($host, $port, $ctx) or return;
7c217d343d1e Tests: ssl tests with dynamic certificates. Sergey Kandaurov <pluknet@nginx.com> parents: diff changeset	182 my $r = Net::SSLeay::read($ssl);
7c217d343d1e Tests: ssl tests with dynamic certificates. Sergey Kandaurov <pluknet@nginx.com> parents: diff changeset	183 $s->close();
7c217d343d1e Tests: ssl tests with dynamic certificates. Sergey Kandaurov <pluknet@nginx.com> parents: diff changeset	184 return $r;
7c217d343d1e Tests: ssl tests with dynamic certificates. Sergey Kandaurov <pluknet@nginx.com> parents: diff changeset	185 }
7c217d343d1e Tests: ssl tests with dynamic certificates. Sergey Kandaurov <pluknet@nginx.com> parents: diff changeset	186
7c217d343d1e Tests: ssl tests with dynamic certificates. Sergey Kandaurov <pluknet@nginx.com> parents: diff changeset	187 sub cert {
7c217d343d1e Tests: ssl tests with dynamic certificates. Sergey Kandaurov <pluknet@nginx.com> parents: diff changeset	188 my ($host, $port, $ctx) = @_;
7c217d343d1e Tests: ssl tests with dynamic certificates. Sergey Kandaurov <pluknet@nginx.com> parents: diff changeset	189 my ($s, $ssl) = get_ssl_socket($host, $port, $ctx) or return;
7c217d343d1e Tests: ssl tests with dynamic certificates. Sergey Kandaurov <pluknet@nginx.com> parents: diff changeset	190 Net::SSLeay::dump_peer_certificate($ssl);
7c217d343d1e Tests: ssl tests with dynamic certificates. Sergey Kandaurov <pluknet@nginx.com> parents: diff changeset	191 }
7c217d343d1e Tests: ssl tests with dynamic certificates. Sergey Kandaurov <pluknet@nginx.com> parents: diff changeset	192
7c217d343d1e Tests: ssl tests with dynamic certificates. Sergey Kandaurov <pluknet@nginx.com> parents: diff changeset	193 sub get_ssl_socket {
7c217d343d1e Tests: ssl tests with dynamic certificates. Sergey Kandaurov <pluknet@nginx.com> parents: diff changeset	194 my ($host, $port, $ses) = @_;
7c217d343d1e Tests: ssl tests with dynamic certificates. Sergey Kandaurov <pluknet@nginx.com> parents: diff changeset	195 my $s;
7c217d343d1e Tests: ssl tests with dynamic certificates. Sergey Kandaurov <pluknet@nginx.com> parents: diff changeset	196
7c217d343d1e Tests: ssl tests with dynamic certificates. Sergey Kandaurov <pluknet@nginx.com> parents: diff changeset	197 my $dest_ip = inet_aton('127.0.0.1');
7c217d343d1e Tests: ssl tests with dynamic certificates. Sergey Kandaurov <pluknet@nginx.com> parents: diff changeset	198 $port = port($port);
7c217d343d1e Tests: ssl tests with dynamic certificates. Sergey Kandaurov <pluknet@nginx.com> parents: diff changeset	199 my $dest_serv_params = sockaddr_in($port, $dest_ip);
7c217d343d1e Tests: ssl tests with dynamic certificates. Sergey Kandaurov <pluknet@nginx.com> parents: diff changeset	200
7c217d343d1e Tests: ssl tests with dynamic certificates. Sergey Kandaurov <pluknet@nginx.com> parents: diff changeset	201 socket($s, &AF_INET, &SOCK_STREAM, 0) or die "socket: $!";
7c217d343d1e Tests: ssl tests with dynamic certificates. Sergey Kandaurov <pluknet@nginx.com> parents: diff changeset	202 connect($s, $dest_serv_params) or die "connect: $!";
7c217d343d1e Tests: ssl tests with dynamic certificates. Sergey Kandaurov <pluknet@nginx.com> parents: diff changeset	203
7c217d343d1e Tests: ssl tests with dynamic certificates. Sergey Kandaurov <pluknet@nginx.com> parents: diff changeset	204 my $ctx = Net::SSLeay::CTX_new() or die("Failed to create SSL_CTX $!");
7c217d343d1e Tests: ssl tests with dynamic certificates. Sergey Kandaurov <pluknet@nginx.com> parents: diff changeset	205 my $ssl = Net::SSLeay::new($ctx) or die("Failed to create SSL $!");
7c217d343d1e Tests: ssl tests with dynamic certificates. Sergey Kandaurov <pluknet@nginx.com> parents: diff changeset	206 Net::SSLeay::set_tlsext_host_name($ssl, $host);
7c217d343d1e Tests: ssl tests with dynamic certificates. Sergey Kandaurov <pluknet@nginx.com> parents: diff changeset	207 Net::SSLeay::set_session($ssl, $ses) if defined $ses;
7c217d343d1e Tests: ssl tests with dynamic certificates. Sergey Kandaurov <pluknet@nginx.com> parents: diff changeset	208 Net::SSLeay::set_fd($ssl, fileno($s));
7c217d343d1e Tests: ssl tests with dynamic certificates. Sergey Kandaurov <pluknet@nginx.com> parents: diff changeset	209 Net::SSLeay::connect($ssl) or die("ssl connect");
7c217d343d1e Tests: ssl tests with dynamic certificates. Sergey Kandaurov <pluknet@nginx.com> parents: diff changeset	210 return ($s, $ssl);
7c217d343d1e Tests: ssl tests with dynamic certificates. Sergey Kandaurov <pluknet@nginx.com> parents: diff changeset	211 }
7c217d343d1e Tests: ssl tests with dynamic certificates. Sergey Kandaurov <pluknet@nginx.com> parents: diff changeset	212
7c217d343d1e Tests: ssl tests with dynamic certificates. Sergey Kandaurov <pluknet@nginx.com> parents: diff changeset	213 ###############################################################################

Mercurial > hg > nginx-tests

annotate stream_ssl_certificate.t @ 1477:8b122b35703b