Mercurial > hg > nginx-tests
annotate stream_ssl_preread.t @ 1477:8b122b35703b
Tests: fixed session reuse tests in ssl_certificate.t with TLSv1.3.
Previously, session data was retrieved too early, before server passed
application data, which usually means NewSessionTicket is not yet sent.
The fix is to ask server for application data, then retrieve a session.
author | Sergey Kandaurov <pluknet@nginx.com> |
---|---|
date | Mon, 20 May 2019 16:00:40 +0300 |
parents | 4e48bf51714f |
children | dbce8fb5f5f8 |
rev | line source |
---|---|
1034
679cefd5896b
Tests: stream_ssl_preread module tests.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
1 #!/usr/bin/perl |
679cefd5896b
Tests: stream_ssl_preread module tests.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
2 |
679cefd5896b
Tests: stream_ssl_preread module tests.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
3 # (C) Sergey Kandaurov |
679cefd5896b
Tests: stream_ssl_preread module tests.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
4 # (C) Nginx, Inc. |
679cefd5896b
Tests: stream_ssl_preread module tests.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
5 |
679cefd5896b
Tests: stream_ssl_preread module tests.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
6 # Tests for stream_ssl_preread module. |
679cefd5896b
Tests: stream_ssl_preread module tests.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
7 |
679cefd5896b
Tests: stream_ssl_preread module tests.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
8 ############################################################################### |
679cefd5896b
Tests: stream_ssl_preread module tests.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
9 |
679cefd5896b
Tests: stream_ssl_preread module tests.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
10 use warnings; |
679cefd5896b
Tests: stream_ssl_preread module tests.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
11 use strict; |
679cefd5896b
Tests: stream_ssl_preread module tests.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
12 |
679cefd5896b
Tests: stream_ssl_preread module tests.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
13 use Test::More; |
679cefd5896b
Tests: stream_ssl_preread module tests.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
14 |
679cefd5896b
Tests: stream_ssl_preread module tests.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
15 BEGIN { use FindBin; chdir($FindBin::Bin); } |
679cefd5896b
Tests: stream_ssl_preread module tests.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
16 |
679cefd5896b
Tests: stream_ssl_preread module tests.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
17 use lib 'lib'; |
679cefd5896b
Tests: stream_ssl_preread module tests.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
18 use Test::Nginx; |
1198
cd153f1bbaad
Tests: simplified stream_ssl_preread.t by not using http backends.
Sergey Kandaurov <pluknet@nginx.com>
parents:
1118
diff
changeset
|
19 use Test::Nginx::Stream qw/ stream /; |
1034
679cefd5896b
Tests: stream_ssl_preread module tests.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
20 |
679cefd5896b
Tests: stream_ssl_preread module tests.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
21 ############################################################################### |
679cefd5896b
Tests: stream_ssl_preread module tests.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
22 |
679cefd5896b
Tests: stream_ssl_preread module tests.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
23 select STDERR; $| = 1; |
679cefd5896b
Tests: stream_ssl_preread module tests.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
24 select STDOUT; $| = 1; |
679cefd5896b
Tests: stream_ssl_preread module tests.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
25 |
679cefd5896b
Tests: stream_ssl_preread module tests.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
26 my $t = Test::Nginx->new()->has(qw/stream stream_map stream_ssl_preread/) |
1198
cd153f1bbaad
Tests: simplified stream_ssl_preread.t by not using http backends.
Sergey Kandaurov <pluknet@nginx.com>
parents:
1118
diff
changeset
|
27 ->has(qw/stream_ssl stream_return/)->has_daemon('openssl') |
1034
679cefd5896b
Tests: stream_ssl_preread module tests.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
28 ->write_file_expand('nginx.conf', <<'EOF'); |
679cefd5896b
Tests: stream_ssl_preread module tests.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
29 |
679cefd5896b
Tests: stream_ssl_preread module tests.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
30 %%TEST_GLOBALS%% |
679cefd5896b
Tests: stream_ssl_preread module tests.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
31 |
679cefd5896b
Tests: stream_ssl_preread module tests.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
32 daemon off; |
679cefd5896b
Tests: stream_ssl_preread module tests.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
33 |
679cefd5896b
Tests: stream_ssl_preread module tests.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
34 events { |
679cefd5896b
Tests: stream_ssl_preread module tests.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
35 } |
679cefd5896b
Tests: stream_ssl_preread module tests.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
36 |
679cefd5896b
Tests: stream_ssl_preread module tests.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
37 stream { |
679cefd5896b
Tests: stream_ssl_preread module tests.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
38 log_format status $status; |
679cefd5896b
Tests: stream_ssl_preread module tests.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
39 |
679cefd5896b
Tests: stream_ssl_preread module tests.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
40 map $ssl_preread_server_name $name { |
679cefd5896b
Tests: stream_ssl_preread module tests.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
41 "" 127.0.0.1:8093; |
679cefd5896b
Tests: stream_ssl_preread module tests.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
42 default $ssl_preread_server_name; |
679cefd5896b
Tests: stream_ssl_preread module tests.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
43 } |
679cefd5896b
Tests: stream_ssl_preread module tests.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
44 |
679cefd5896b
Tests: stream_ssl_preread module tests.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
45 upstream foo { |
679cefd5896b
Tests: stream_ssl_preread module tests.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
46 server 127.0.0.1:8091; |
679cefd5896b
Tests: stream_ssl_preread module tests.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
47 } |
679cefd5896b
Tests: stream_ssl_preread module tests.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
48 |
679cefd5896b
Tests: stream_ssl_preread module tests.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
49 upstream bar { |
679cefd5896b
Tests: stream_ssl_preread module tests.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
50 server 127.0.0.1:8092; |
679cefd5896b
Tests: stream_ssl_preread module tests.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
51 } |
679cefd5896b
Tests: stream_ssl_preread module tests.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
52 |
1199
08f6eacf1cfe
Tests: stream proxy next upstream with ssl_preread (ticket #1317).
Andrey Zelenkov <zelenkov@nginx.com>
parents:
1198
diff
changeset
|
53 upstream next { |
08f6eacf1cfe
Tests: stream proxy next upstream with ssl_preread (ticket #1317).
Andrey Zelenkov <zelenkov@nginx.com>
parents:
1198
diff
changeset
|
54 server 127.0.0.1:8094; |
08f6eacf1cfe
Tests: stream proxy next upstream with ssl_preread (ticket #1317).
Andrey Zelenkov <zelenkov@nginx.com>
parents:
1198
diff
changeset
|
55 server 127.0.0.1:8080; |
08f6eacf1cfe
Tests: stream proxy next upstream with ssl_preread (ticket #1317).
Andrey Zelenkov <zelenkov@nginx.com>
parents:
1198
diff
changeset
|
56 } |
08f6eacf1cfe
Tests: stream proxy next upstream with ssl_preread (ticket #1317).
Andrey Zelenkov <zelenkov@nginx.com>
parents:
1198
diff
changeset
|
57 |
1034
679cefd5896b
Tests: stream_ssl_preread module tests.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
58 ssl_preread on; |
679cefd5896b
Tests: stream_ssl_preread module tests.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
59 |
679cefd5896b
Tests: stream_ssl_preread module tests.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
60 server { |
679cefd5896b
Tests: stream_ssl_preread module tests.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
61 listen 127.0.0.1:8080; |
1198
cd153f1bbaad
Tests: simplified stream_ssl_preread.t by not using http backends.
Sergey Kandaurov <pluknet@nginx.com>
parents:
1118
diff
changeset
|
62 return $name; |
1034
679cefd5896b
Tests: stream_ssl_preread module tests.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
63 } |
679cefd5896b
Tests: stream_ssl_preread module tests.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
64 |
679cefd5896b
Tests: stream_ssl_preread module tests.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
65 server { |
679cefd5896b
Tests: stream_ssl_preread module tests.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
66 listen 127.0.0.1:8081; |
679cefd5896b
Tests: stream_ssl_preread module tests.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
67 proxy_pass $name; |
679cefd5896b
Tests: stream_ssl_preread module tests.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
68 } |
679cefd5896b
Tests: stream_ssl_preread module tests.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
69 |
679cefd5896b
Tests: stream_ssl_preread module tests.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
70 server { |
1198
cd153f1bbaad
Tests: simplified stream_ssl_preread.t by not using http backends.
Sergey Kandaurov <pluknet@nginx.com>
parents:
1118
diff
changeset
|
71 listen 127.0.0.1:8082; |
1034
679cefd5896b
Tests: stream_ssl_preread module tests.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
72 proxy_pass $name; |
1198
cd153f1bbaad
Tests: simplified stream_ssl_preread.t by not using http backends.
Sergey Kandaurov <pluknet@nginx.com>
parents:
1118
diff
changeset
|
73 ssl_preread off; |
1034
679cefd5896b
Tests: stream_ssl_preread module tests.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
74 } |
679cefd5896b
Tests: stream_ssl_preread module tests.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
75 |
679cefd5896b
Tests: stream_ssl_preread module tests.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
76 server { |
679cefd5896b
Tests: stream_ssl_preread module tests.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
77 listen 127.0.0.1:8083; |
679cefd5896b
Tests: stream_ssl_preread module tests.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
78 proxy_pass $name; |
679cefd5896b
Tests: stream_ssl_preread module tests.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
79 |
679cefd5896b
Tests: stream_ssl_preread module tests.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
80 preread_timeout 2s; |
679cefd5896b
Tests: stream_ssl_preread module tests.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
81 preread_buffer_size 42; |
679cefd5896b
Tests: stream_ssl_preread module tests.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
82 |
679cefd5896b
Tests: stream_ssl_preread module tests.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
83 access_log %%TESTDIR%%/status.log status; |
679cefd5896b
Tests: stream_ssl_preread module tests.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
84 } |
1099
dd3031bbc705
Tests: various stream_ssl_preread tests with ill-formed records.
Sergey Kandaurov <pluknet@nginx.com>
parents:
1034
diff
changeset
|
85 |
1199
08f6eacf1cfe
Tests: stream proxy next upstream with ssl_preread (ticket #1317).
Andrey Zelenkov <zelenkov@nginx.com>
parents:
1198
diff
changeset
|
86 server { |
08f6eacf1cfe
Tests: stream proxy next upstream with ssl_preread (ticket #1317).
Andrey Zelenkov <zelenkov@nginx.com>
parents:
1198
diff
changeset
|
87 listen 127.0.0.1:8084; |
08f6eacf1cfe
Tests: stream proxy next upstream with ssl_preread (ticket #1317).
Andrey Zelenkov <zelenkov@nginx.com>
parents:
1198
diff
changeset
|
88 proxy_pass next; |
08f6eacf1cfe
Tests: stream proxy next upstream with ssl_preread (ticket #1317).
Andrey Zelenkov <zelenkov@nginx.com>
parents:
1198
diff
changeset
|
89 |
08f6eacf1cfe
Tests: stream proxy next upstream with ssl_preread (ticket #1317).
Andrey Zelenkov <zelenkov@nginx.com>
parents:
1198
diff
changeset
|
90 proxy_connect_timeout 2s; |
08f6eacf1cfe
Tests: stream proxy next upstream with ssl_preread (ticket #1317).
Andrey Zelenkov <zelenkov@nginx.com>
parents:
1198
diff
changeset
|
91 preread_buffer_size 8; |
08f6eacf1cfe
Tests: stream proxy next upstream with ssl_preread (ticket #1317).
Andrey Zelenkov <zelenkov@nginx.com>
parents:
1198
diff
changeset
|
92 } |
08f6eacf1cfe
Tests: stream proxy next upstream with ssl_preread (ticket #1317).
Andrey Zelenkov <zelenkov@nginx.com>
parents:
1198
diff
changeset
|
93 |
1034
679cefd5896b
Tests: stream_ssl_preread module tests.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
94 ssl_certificate_key localhost.key; |
679cefd5896b
Tests: stream_ssl_preread module tests.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
95 ssl_certificate localhost.crt; |
679cefd5896b
Tests: stream_ssl_preread module tests.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
96 |
679cefd5896b
Tests: stream_ssl_preread module tests.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
97 server { |
679cefd5896b
Tests: stream_ssl_preread module tests.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
98 listen 127.0.0.1:8091 ssl; |
679cefd5896b
Tests: stream_ssl_preread module tests.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
99 listen 127.0.0.1:8092 ssl; |
679cefd5896b
Tests: stream_ssl_preread module tests.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
100 listen 127.0.0.1:8093 ssl; |
1198
cd153f1bbaad
Tests: simplified stream_ssl_preread.t by not using http backends.
Sergey Kandaurov <pluknet@nginx.com>
parents:
1118
diff
changeset
|
101 ssl_preread off; |
cd153f1bbaad
Tests: simplified stream_ssl_preread.t by not using http backends.
Sergey Kandaurov <pluknet@nginx.com>
parents:
1118
diff
changeset
|
102 return $server_port; |
1034
679cefd5896b
Tests: stream_ssl_preread module tests.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
103 } |
679cefd5896b
Tests: stream_ssl_preread module tests.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
104 } |
679cefd5896b
Tests: stream_ssl_preread module tests.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
105 |
679cefd5896b
Tests: stream_ssl_preread module tests.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
106 EOF |
679cefd5896b
Tests: stream_ssl_preread module tests.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
107 |
679cefd5896b
Tests: stream_ssl_preread module tests.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
108 eval { require IO::Socket::SSL; die if $IO::Socket::SSL::VERSION < 1.56; }; |
679cefd5896b
Tests: stream_ssl_preread module tests.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
109 plan(skip_all => 'IO::Socket::SSL version >= 1.56 required') if $@; |
679cefd5896b
Tests: stream_ssl_preread module tests.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
110 |
679cefd5896b
Tests: stream_ssl_preread module tests.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
111 eval { |
679cefd5896b
Tests: stream_ssl_preread module tests.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
112 if (IO::Socket::SSL->can('can_client_sni')) { |
679cefd5896b
Tests: stream_ssl_preread module tests.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
113 IO::Socket::SSL->can_client_sni() or die; |
679cefd5896b
Tests: stream_ssl_preread module tests.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
114 } |
679cefd5896b
Tests: stream_ssl_preread module tests.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
115 }; |
679cefd5896b
Tests: stream_ssl_preread module tests.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
116 plan(skip_all => 'IO::Socket::SSL with OpenSSL SNI support required') if $@; |
679cefd5896b
Tests: stream_ssl_preread module tests.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
117 |
679cefd5896b
Tests: stream_ssl_preread module tests.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
118 eval { |
679cefd5896b
Tests: stream_ssl_preread module tests.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
119 my $ctx = Net::SSLeay::CTX_new() or die; |
679cefd5896b
Tests: stream_ssl_preread module tests.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
120 my $ssl = Net::SSLeay::new($ctx) or die; |
679cefd5896b
Tests: stream_ssl_preread module tests.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
121 Net::SSLeay::set_tlsext_host_name($ssl, 'example.org') == 1 or die; |
679cefd5896b
Tests: stream_ssl_preread module tests.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
122 }; |
679cefd5896b
Tests: stream_ssl_preread module tests.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
123 plan(skip_all => 'Net::SSLeay with OpenSSL SNI support required') if $@; |
679cefd5896b
Tests: stream_ssl_preread module tests.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
124 |
1314
b6d941ff65f4
Tests: added stream ssl preread test for message fragmentation.
Sergey Kandaurov <pluknet@nginx.com>
parents:
1251
diff
changeset
|
125 $t->plan(13); |
1034
679cefd5896b
Tests: stream_ssl_preread module tests.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
126 |
679cefd5896b
Tests: stream_ssl_preread module tests.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
127 $t->write_file('openssl.conf', <<EOF); |
679cefd5896b
Tests: stream_ssl_preread module tests.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
128 [ req ] |
1116
8ef51dbb5d69
Tests: reduced OpenSSL default key length to 1024.
Sergey Kandaurov <pluknet@nginx.com>
parents:
1099
diff
changeset
|
129 default_bits = 1024 |
1034
679cefd5896b
Tests: stream_ssl_preread module tests.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
130 encrypt_key = no |
679cefd5896b
Tests: stream_ssl_preread module tests.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
131 distinguished_name = req_distinguished_name |
679cefd5896b
Tests: stream_ssl_preread module tests.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
132 [ req_distinguished_name ] |
679cefd5896b
Tests: stream_ssl_preread module tests.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
133 EOF |
679cefd5896b
Tests: stream_ssl_preread module tests.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
134 |
679cefd5896b
Tests: stream_ssl_preread module tests.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
135 my $d = $t->testdir(); |
679cefd5896b
Tests: stream_ssl_preread module tests.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
136 |
679cefd5896b
Tests: stream_ssl_preread module tests.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
137 foreach my $name ('localhost') { |
679cefd5896b
Tests: stream_ssl_preread module tests.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
138 system('openssl req -x509 -new ' |
1220
0af58b78df35
Tests: removed single quotes from system() calls.
Sergey Kandaurov <pluknet@nginx.com>
parents:
1219
diff
changeset
|
139 . "-config $d/openssl.conf -subj /CN=$name/ " |
0af58b78df35
Tests: removed single quotes from system() calls.
Sergey Kandaurov <pluknet@nginx.com>
parents:
1219
diff
changeset
|
140 . "-out $d/$name.crt -keyout $d/$name.key " |
1034
679cefd5896b
Tests: stream_ssl_preread module tests.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
141 . ">>$d/openssl.out 2>&1") == 0 |
679cefd5896b
Tests: stream_ssl_preread module tests.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
142 or die "Can't create certificate for $name: $!\n"; |
679cefd5896b
Tests: stream_ssl_preread module tests.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
143 } |
679cefd5896b
Tests: stream_ssl_preread module tests.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
144 |
679cefd5896b
Tests: stream_ssl_preread module tests.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
145 $t->run(); |
679cefd5896b
Tests: stream_ssl_preread module tests.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
146 |
679cefd5896b
Tests: stream_ssl_preread module tests.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
147 ############################################################################### |
679cefd5896b
Tests: stream_ssl_preread module tests.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
148 |
1199
08f6eacf1cfe
Tests: stream proxy next upstream with ssl_preread (ticket #1317).
Andrey Zelenkov <zelenkov@nginx.com>
parents:
1198
diff
changeset
|
149 my ($p1, $p2, $p3, $p4) = (port(8091), port(8092), port(8093), port(8084)); |
1034
679cefd5896b
Tests: stream_ssl_preread module tests.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
150 |
1198
cd153f1bbaad
Tests: simplified stream_ssl_preread.t by not using http backends.
Sergey Kandaurov <pluknet@nginx.com>
parents:
1118
diff
changeset
|
151 is(get_ssl('foo', 8081), $p1, 'sni'); |
cd153f1bbaad
Tests: simplified stream_ssl_preread.t by not using http backends.
Sergey Kandaurov <pluknet@nginx.com>
parents:
1118
diff
changeset
|
152 is(get_ssl('foo', 8081), $p1, 'sni again'); |
1034
679cefd5896b
Tests: stream_ssl_preread module tests.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
153 |
1198
cd153f1bbaad
Tests: simplified stream_ssl_preread.t by not using http backends.
Sergey Kandaurov <pluknet@nginx.com>
parents:
1118
diff
changeset
|
154 is(get_ssl('bar', 8081), $p2, 'sni 2'); |
cd153f1bbaad
Tests: simplified stream_ssl_preread.t by not using http backends.
Sergey Kandaurov <pluknet@nginx.com>
parents:
1118
diff
changeset
|
155 is(get_ssl('bar', 8081), $p2, 'sni 2 again'); |
1034
679cefd5896b
Tests: stream_ssl_preread module tests.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
156 |
679cefd5896b
Tests: stream_ssl_preread module tests.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
157 # fallback to an empty value for some reason |
679cefd5896b
Tests: stream_ssl_preread module tests.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
158 |
1198
cd153f1bbaad
Tests: simplified stream_ssl_preread.t by not using http backends.
Sergey Kandaurov <pluknet@nginx.com>
parents:
1118
diff
changeset
|
159 is(get_ssl('', 8081), $p3, 'no sni'); |
cd153f1bbaad
Tests: simplified stream_ssl_preread.t by not using http backends.
Sergey Kandaurov <pluknet@nginx.com>
parents:
1118
diff
changeset
|
160 is(get_ssl('foo', 8082), $p3, 'preread off'); |
cd153f1bbaad
Tests: simplified stream_ssl_preread.t by not using http backends.
Sergey Kandaurov <pluknet@nginx.com>
parents:
1118
diff
changeset
|
161 is(get_ssl('foo', 8083), undef, 'preread buffer full'); |
1235
3fc6817cd84a
Tests: explicit peer port in stream tests now required.
Andrey Zelenkov <zelenkov@nginx.com>
parents:
1232
diff
changeset
|
162 is(stream('127.0.0.1:' . port(8080))->io('x' x 1000), "127.0.0.1:$p3", |
3fc6817cd84a
Tests: explicit peer port in stream tests now required.
Andrey Zelenkov <zelenkov@nginx.com>
parents:
1232
diff
changeset
|
163 'not a handshake'); |
1034
679cefd5896b
Tests: stream_ssl_preread module tests.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
164 |
1232
a4a040b4e4dd
Tests: removed TODOs for fixes merged in 1.12.2.
Sergey Kandaurov <pluknet@nginx.com>
parents:
1220
diff
changeset
|
165 # ticket #1317 |
1199
08f6eacf1cfe
Tests: stream proxy next upstream with ssl_preread (ticket #1317).
Andrey Zelenkov <zelenkov@nginx.com>
parents:
1198
diff
changeset
|
166 |
08f6eacf1cfe
Tests: stream proxy next upstream with ssl_preread (ticket #1317).
Andrey Zelenkov <zelenkov@nginx.com>
parents:
1198
diff
changeset
|
167 is(stream("127.0.0.1:$p4")->io('x' x 16), "127.0.0.1:$p3", |
08f6eacf1cfe
Tests: stream proxy next upstream with ssl_preread (ticket #1317).
Andrey Zelenkov <zelenkov@nginx.com>
parents:
1198
diff
changeset
|
168 'pending buffers on next upstream'); |
08f6eacf1cfe
Tests: stream proxy next upstream with ssl_preread (ticket #1317).
Andrey Zelenkov <zelenkov@nginx.com>
parents:
1198
diff
changeset
|
169 |
1099
dd3031bbc705
Tests: various stream_ssl_preread tests with ill-formed records.
Sergey Kandaurov <pluknet@nginx.com>
parents:
1034
diff
changeset
|
170 # no junk in variable due to short ClientHello length value |
dd3031bbc705
Tests: various stream_ssl_preread tests with ill-formed records.
Sergey Kandaurov <pluknet@nginx.com>
parents:
1034
diff
changeset
|
171 |
1198
cd153f1bbaad
Tests: simplified stream_ssl_preread.t by not using http backends.
Sergey Kandaurov <pluknet@nginx.com>
parents:
1118
diff
changeset
|
172 is(get_short(), "127.0.0.1:$p3", 'short client hello'); |
1099
dd3031bbc705
Tests: various stream_ssl_preread tests with ill-formed records.
Sergey Kandaurov <pluknet@nginx.com>
parents:
1034
diff
changeset
|
173 |
dd3031bbc705
Tests: various stream_ssl_preread tests with ill-formed records.
Sergey Kandaurov <pluknet@nginx.com>
parents:
1034
diff
changeset
|
174 # allow record with older SSL version, such as 3.0 |
dd3031bbc705
Tests: various stream_ssl_preread tests with ill-formed records.
Sergey Kandaurov <pluknet@nginx.com>
parents:
1034
diff
changeset
|
175 |
dd3031bbc705
Tests: various stream_ssl_preread tests with ill-formed records.
Sergey Kandaurov <pluknet@nginx.com>
parents:
1034
diff
changeset
|
176 is(get_oldver(), 'foo', 'older version in ssl record'); |
dd3031bbc705
Tests: various stream_ssl_preread tests with ill-formed records.
Sergey Kandaurov <pluknet@nginx.com>
parents:
1034
diff
changeset
|
177 |
1314
b6d941ff65f4
Tests: added stream ssl preread test for message fragmentation.
Sergey Kandaurov <pluknet@nginx.com>
parents:
1251
diff
changeset
|
178 # SNI "foo|f" fragmented across TLS records |
b6d941ff65f4
Tests: added stream ssl preread test for message fragmentation.
Sergey Kandaurov <pluknet@nginx.com>
parents:
1251
diff
changeset
|
179 |
b6d941ff65f4
Tests: added stream ssl preread test for message fragmentation.
Sergey Kandaurov <pluknet@nginx.com>
parents:
1251
diff
changeset
|
180 is(get_frag(), 'foof', 'handshake fragment split on SNI'); |
b6d941ff65f4
Tests: added stream ssl preread test for message fragmentation.
Sergey Kandaurov <pluknet@nginx.com>
parents:
1251
diff
changeset
|
181 |
1034
679cefd5896b
Tests: stream_ssl_preread module tests.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
182 $t->stop(); |
679cefd5896b
Tests: stream_ssl_preread module tests.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
183 |
679cefd5896b
Tests: stream_ssl_preread module tests.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
184 is($t->read_file('status.log'), "400\n", 'preread buffer full - log'); |
679cefd5896b
Tests: stream_ssl_preread module tests.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
185 |
679cefd5896b
Tests: stream_ssl_preread module tests.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
186 ############################################################################### |
679cefd5896b
Tests: stream_ssl_preread module tests.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
187 |
1314
b6d941ff65f4
Tests: added stream ssl preread test for message fragmentation.
Sergey Kandaurov <pluknet@nginx.com>
parents:
1251
diff
changeset
|
188 sub get_frag { |
b6d941ff65f4
Tests: added stream ssl preread test for message fragmentation.
Sergey Kandaurov <pluknet@nginx.com>
parents:
1251
diff
changeset
|
189 my $r = pack("N*", 0x16030100, 0x3b010000, 0x380303ac, |
b6d941ff65f4
Tests: added stream ssl preread test for message fragmentation.
Sergey Kandaurov <pluknet@nginx.com>
parents:
1251
diff
changeset
|
190 0x8c8678a0, 0xaa1e7eed, 0x3644eed6, 0xc3bd2c69, |
b6d941ff65f4
Tests: added stream ssl preread test for message fragmentation.
Sergey Kandaurov <pluknet@nginx.com>
parents:
1251
diff
changeset
|
191 0x7bc7deda, 0x249db0e3, 0x0c339eba, 0xa80b7600, |
b6d941ff65f4
Tests: added stream ssl preread test for message fragmentation.
Sergey Kandaurov <pluknet@nginx.com>
parents:
1251
diff
changeset
|
192 0x00020000, 0x0100000d, 0x00000009, 0x00070000, |
b6d941ff65f4
Tests: added stream ssl preread test for message fragmentation.
Sergey Kandaurov <pluknet@nginx.com>
parents:
1251
diff
changeset
|
193 0x04666f6f, 0x16030100); |
b6d941ff65f4
Tests: added stream ssl preread test for message fragmentation.
Sergey Kandaurov <pluknet@nginx.com>
parents:
1251
diff
changeset
|
194 $r .= pack("n", 0x0166); |
b6d941ff65f4
Tests: added stream ssl preread test for message fragmentation.
Sergey Kandaurov <pluknet@nginx.com>
parents:
1251
diff
changeset
|
195 |
b6d941ff65f4
Tests: added stream ssl preread test for message fragmentation.
Sergey Kandaurov <pluknet@nginx.com>
parents:
1251
diff
changeset
|
196 http($r); |
b6d941ff65f4
Tests: added stream ssl preread test for message fragmentation.
Sergey Kandaurov <pluknet@nginx.com>
parents:
1251
diff
changeset
|
197 } |
b6d941ff65f4
Tests: added stream ssl preread test for message fragmentation.
Sergey Kandaurov <pluknet@nginx.com>
parents:
1251
diff
changeset
|
198 |
1099
dd3031bbc705
Tests: various stream_ssl_preread tests with ill-formed records.
Sergey Kandaurov <pluknet@nginx.com>
parents:
1034
diff
changeset
|
199 sub get_short { |
dd3031bbc705
Tests: various stream_ssl_preread tests with ill-formed records.
Sergey Kandaurov <pluknet@nginx.com>
parents:
1034
diff
changeset
|
200 my $r = pack("N*", 0x16030100, 0x38010000, 0x330303eb); |
dd3031bbc705
Tests: various stream_ssl_preread tests with ill-formed records.
Sergey Kandaurov <pluknet@nginx.com>
parents:
1034
diff
changeset
|
201 $r .= pack("N*", 0x6357cdba, 0xa6b8d853, 0xf1f6ac0f); |
dd3031bbc705
Tests: various stream_ssl_preread tests with ill-formed records.
Sergey Kandaurov <pluknet@nginx.com>
parents:
1034
diff
changeset
|
202 $r .= pack("N*", 0xdf03178c, 0x0ae41824, 0xe7643682); |
dd3031bbc705
Tests: various stream_ssl_preread tests with ill-formed records.
Sergey Kandaurov <pluknet@nginx.com>
parents:
1034
diff
changeset
|
203 $r .= pack("N*", 0x3c1b273f, 0xbfde4b00, 0x00000000); |
dd3031bbc705
Tests: various stream_ssl_preread tests with ill-formed records.
Sergey Kandaurov <pluknet@nginx.com>
parents:
1034
diff
changeset
|
204 $r .= pack("CN3", 0x0c, 0x00000008, 0x00060000, 0x03666f6f); |
dd3031bbc705
Tests: various stream_ssl_preread tests with ill-formed records.
Sergey Kandaurov <pluknet@nginx.com>
parents:
1034
diff
changeset
|
205 |
1198
cd153f1bbaad
Tests: simplified stream_ssl_preread.t by not using http backends.
Sergey Kandaurov <pluknet@nginx.com>
parents:
1118
diff
changeset
|
206 http($r); |
1099
dd3031bbc705
Tests: various stream_ssl_preread tests with ill-formed records.
Sergey Kandaurov <pluknet@nginx.com>
parents:
1034
diff
changeset
|
207 } |
dd3031bbc705
Tests: various stream_ssl_preread tests with ill-formed records.
Sergey Kandaurov <pluknet@nginx.com>
parents:
1034
diff
changeset
|
208 |
dd3031bbc705
Tests: various stream_ssl_preread tests with ill-formed records.
Sergey Kandaurov <pluknet@nginx.com>
parents:
1034
diff
changeset
|
209 sub get_oldver { |
dd3031bbc705
Tests: various stream_ssl_preread tests with ill-formed records.
Sergey Kandaurov <pluknet@nginx.com>
parents:
1034
diff
changeset
|
210 my $r = pack("N*", 0x16030000, 0x38010000, 0x340303eb); |
dd3031bbc705
Tests: various stream_ssl_preread tests with ill-formed records.
Sergey Kandaurov <pluknet@nginx.com>
parents:
1034
diff
changeset
|
211 $r .= pack("N*", 0x6357cdba, 0xa6b8d853, 0xf1f6ac0f); |
dd3031bbc705
Tests: various stream_ssl_preread tests with ill-formed records.
Sergey Kandaurov <pluknet@nginx.com>
parents:
1034
diff
changeset
|
212 $r .= pack("N*", 0xdf03178c, 0x0ae41824, 0xe7643682); |
dd3031bbc705
Tests: various stream_ssl_preread tests with ill-formed records.
Sergey Kandaurov <pluknet@nginx.com>
parents:
1034
diff
changeset
|
213 $r .= pack("N*", 0x3c1b273f, 0xbfde4b00, 0x00000000); |
dd3031bbc705
Tests: various stream_ssl_preread tests with ill-formed records.
Sergey Kandaurov <pluknet@nginx.com>
parents:
1034
diff
changeset
|
214 $r .= pack("CN3", 0x0c, 0x00000008, 0x00060000, 0x03666f6f); |
dd3031bbc705
Tests: various stream_ssl_preread tests with ill-formed records.
Sergey Kandaurov <pluknet@nginx.com>
parents:
1034
diff
changeset
|
215 |
1198
cd153f1bbaad
Tests: simplified stream_ssl_preread.t by not using http backends.
Sergey Kandaurov <pluknet@nginx.com>
parents:
1118
diff
changeset
|
216 http($r); |
1099
dd3031bbc705
Tests: various stream_ssl_preread tests with ill-formed records.
Sergey Kandaurov <pluknet@nginx.com>
parents:
1034
diff
changeset
|
217 } |
dd3031bbc705
Tests: various stream_ssl_preread tests with ill-formed records.
Sergey Kandaurov <pluknet@nginx.com>
parents:
1034
diff
changeset
|
218 |
1198
cd153f1bbaad
Tests: simplified stream_ssl_preread.t by not using http backends.
Sergey Kandaurov <pluknet@nginx.com>
parents:
1118
diff
changeset
|
219 sub get_ssl { |
1034
679cefd5896b
Tests: stream_ssl_preread module tests.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
220 my ($host, $port) = @_; |
1202
cbda704b3093
Tests: fixed stream_ssl_preread.t when run in parallel.
Sergey Kandaurov <pluknet@nginx.com>
parents:
1199
diff
changeset
|
221 my $s = stream('127.0.0.1:' . port($port)); |
1034
679cefd5896b
Tests: stream_ssl_preread module tests.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
222 |
679cefd5896b
Tests: stream_ssl_preread module tests.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
223 eval { |
679cefd5896b
Tests: stream_ssl_preread module tests.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
224 local $SIG{ALRM} = sub { die "timeout\n" }; |
679cefd5896b
Tests: stream_ssl_preread module tests.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
225 local $SIG{PIPE} = sub { die "sigpipe\n" }; |
1421
4e48bf51714f
Tests: aligned various generic read timeouts to http_end().
Sergey Kandaurov <pluknet@nginx.com>
parents:
1407
diff
changeset
|
226 alarm(8); |
1198
cd153f1bbaad
Tests: simplified stream_ssl_preread.t by not using http backends.
Sergey Kandaurov <pluknet@nginx.com>
parents:
1118
diff
changeset
|
227 IO::Socket::SSL->start_SSL($s->{_socket}, |
1034
679cefd5896b
Tests: stream_ssl_preread module tests.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
228 SSL_hostname => $host, |
679cefd5896b
Tests: stream_ssl_preread module tests.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
229 SSL_verify_mode => IO::Socket::SSL::SSL_VERIFY_NONE(), |
679cefd5896b
Tests: stream_ssl_preread module tests.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
230 SSL_error_trap => sub { die $_[1] } |
679cefd5896b
Tests: stream_ssl_preread module tests.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
231 ); |
679cefd5896b
Tests: stream_ssl_preread module tests.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
232 alarm(0); |
679cefd5896b
Tests: stream_ssl_preread module tests.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
233 }; |
679cefd5896b
Tests: stream_ssl_preread module tests.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
234 alarm(0); |
679cefd5896b
Tests: stream_ssl_preread module tests.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
235 |
679cefd5896b
Tests: stream_ssl_preread module tests.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
236 if ($@) { |
679cefd5896b
Tests: stream_ssl_preread module tests.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
237 log_in("died: $@"); |
679cefd5896b
Tests: stream_ssl_preread module tests.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
238 return undef; |
679cefd5896b
Tests: stream_ssl_preread module tests.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
239 } |
679cefd5896b
Tests: stream_ssl_preread module tests.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
240 |
1198
cd153f1bbaad
Tests: simplified stream_ssl_preread.t by not using http backends.
Sergey Kandaurov <pluknet@nginx.com>
parents:
1118
diff
changeset
|
241 return $s->read(); |
1034
679cefd5896b
Tests: stream_ssl_preread module tests.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
242 } |
679cefd5896b
Tests: stream_ssl_preread module tests.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
243 |
679cefd5896b
Tests: stream_ssl_preread module tests.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
244 ############################################################################### |