Mercurial > hg > nginx-tests
annotate stream_ssl_preread.t @ 1818:9a44d489966c
Tests: h2_limit_req.t cleanup.
Amended efc502e696b0 that removes checks used prior to body preread buffer.
While here, set a resonable commentary.
author | Sergey Kandaurov <pluknet@nginx.com> |
---|---|
date | Thu, 12 Jan 2023 22:09:35 +0400 |
parents | f3ba4c74de31 |
children | cdcd75657e52 |
rev | line source |
---|---|
1034
679cefd5896b
Tests: stream_ssl_preread module tests.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
1 #!/usr/bin/perl |
679cefd5896b
Tests: stream_ssl_preread module tests.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
2 |
679cefd5896b
Tests: stream_ssl_preread module tests.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
3 # (C) Sergey Kandaurov |
679cefd5896b
Tests: stream_ssl_preread module tests.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
4 # (C) Nginx, Inc. |
679cefd5896b
Tests: stream_ssl_preread module tests.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
5 |
679cefd5896b
Tests: stream_ssl_preread module tests.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
6 # Tests for stream_ssl_preread module. |
679cefd5896b
Tests: stream_ssl_preread module tests.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
7 |
679cefd5896b
Tests: stream_ssl_preread module tests.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
8 ############################################################################### |
679cefd5896b
Tests: stream_ssl_preread module tests.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
9 |
679cefd5896b
Tests: stream_ssl_preread module tests.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
10 use warnings; |
679cefd5896b
Tests: stream_ssl_preread module tests.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
11 use strict; |
679cefd5896b
Tests: stream_ssl_preread module tests.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
12 |
679cefd5896b
Tests: stream_ssl_preread module tests.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
13 use Test::More; |
679cefd5896b
Tests: stream_ssl_preread module tests.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
14 |
679cefd5896b
Tests: stream_ssl_preread module tests.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
15 BEGIN { use FindBin; chdir($FindBin::Bin); } |
679cefd5896b
Tests: stream_ssl_preread module tests.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
16 |
679cefd5896b
Tests: stream_ssl_preread module tests.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
17 use lib 'lib'; |
679cefd5896b
Tests: stream_ssl_preread module tests.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
18 use Test::Nginx; |
1198
cd153f1bbaad
Tests: simplified stream_ssl_preread.t by not using http backends.
Sergey Kandaurov <pluknet@nginx.com>
parents:
1118
diff
changeset
|
19 use Test::Nginx::Stream qw/ stream /; |
1034
679cefd5896b
Tests: stream_ssl_preread module tests.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
20 |
679cefd5896b
Tests: stream_ssl_preread module tests.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
21 ############################################################################### |
679cefd5896b
Tests: stream_ssl_preread module tests.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
22 |
679cefd5896b
Tests: stream_ssl_preread module tests.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
23 select STDERR; $| = 1; |
679cefd5896b
Tests: stream_ssl_preread module tests.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
24 select STDOUT; $| = 1; |
679cefd5896b
Tests: stream_ssl_preread module tests.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
25 |
679cefd5896b
Tests: stream_ssl_preread module tests.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
26 my $t = Test::Nginx->new()->has(qw/stream stream_map stream_ssl_preread/) |
1198
cd153f1bbaad
Tests: simplified stream_ssl_preread.t by not using http backends.
Sergey Kandaurov <pluknet@nginx.com>
parents:
1118
diff
changeset
|
27 ->has(qw/stream_ssl stream_return/)->has_daemon('openssl') |
1034
679cefd5896b
Tests: stream_ssl_preread module tests.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
28 ->write_file_expand('nginx.conf', <<'EOF'); |
679cefd5896b
Tests: stream_ssl_preread module tests.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
29 |
679cefd5896b
Tests: stream_ssl_preread module tests.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
30 %%TEST_GLOBALS%% |
679cefd5896b
Tests: stream_ssl_preread module tests.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
31 |
679cefd5896b
Tests: stream_ssl_preread module tests.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
32 daemon off; |
679cefd5896b
Tests: stream_ssl_preread module tests.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
33 |
679cefd5896b
Tests: stream_ssl_preread module tests.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
34 events { |
679cefd5896b
Tests: stream_ssl_preread module tests.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
35 } |
679cefd5896b
Tests: stream_ssl_preread module tests.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
36 |
679cefd5896b
Tests: stream_ssl_preread module tests.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
37 stream { |
1609
f3ba4c74de31
Tests: added TEST_GLOBALS_STREAM variable support.
Andrei Belov <defan@nginx.com>
parents:
1488
diff
changeset
|
38 %%TEST_GLOBALS_STREAM%% |
f3ba4c74de31
Tests: added TEST_GLOBALS_STREAM variable support.
Andrei Belov <defan@nginx.com>
parents:
1488
diff
changeset
|
39 |
1034
679cefd5896b
Tests: stream_ssl_preread module tests.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
40 log_format status $status; |
679cefd5896b
Tests: stream_ssl_preread module tests.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
41 |
679cefd5896b
Tests: stream_ssl_preread module tests.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
42 map $ssl_preread_server_name $name { |
679cefd5896b
Tests: stream_ssl_preread module tests.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
43 "" 127.0.0.1:8093; |
679cefd5896b
Tests: stream_ssl_preread module tests.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
44 default $ssl_preread_server_name; |
679cefd5896b
Tests: stream_ssl_preread module tests.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
45 } |
679cefd5896b
Tests: stream_ssl_preread module tests.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
46 |
679cefd5896b
Tests: stream_ssl_preread module tests.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
47 upstream foo { |
679cefd5896b
Tests: stream_ssl_preread module tests.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
48 server 127.0.0.1:8091; |
679cefd5896b
Tests: stream_ssl_preread module tests.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
49 } |
679cefd5896b
Tests: stream_ssl_preread module tests.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
50 |
679cefd5896b
Tests: stream_ssl_preread module tests.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
51 upstream bar { |
679cefd5896b
Tests: stream_ssl_preread module tests.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
52 server 127.0.0.1:8092; |
679cefd5896b
Tests: stream_ssl_preread module tests.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
53 } |
679cefd5896b
Tests: stream_ssl_preread module tests.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
54 |
1199
08f6eacf1cfe
Tests: stream proxy next upstream with ssl_preread (ticket #1317).
Andrey Zelenkov <zelenkov@nginx.com>
parents:
1198
diff
changeset
|
55 upstream next { |
08f6eacf1cfe
Tests: stream proxy next upstream with ssl_preread (ticket #1317).
Andrey Zelenkov <zelenkov@nginx.com>
parents:
1198
diff
changeset
|
56 server 127.0.0.1:8094; |
08f6eacf1cfe
Tests: stream proxy next upstream with ssl_preread (ticket #1317).
Andrey Zelenkov <zelenkov@nginx.com>
parents:
1198
diff
changeset
|
57 server 127.0.0.1:8080; |
08f6eacf1cfe
Tests: stream proxy next upstream with ssl_preread (ticket #1317).
Andrey Zelenkov <zelenkov@nginx.com>
parents:
1198
diff
changeset
|
58 } |
08f6eacf1cfe
Tests: stream proxy next upstream with ssl_preread (ticket #1317).
Andrey Zelenkov <zelenkov@nginx.com>
parents:
1198
diff
changeset
|
59 |
1034
679cefd5896b
Tests: stream_ssl_preread module tests.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
60 ssl_preread on; |
679cefd5896b
Tests: stream_ssl_preread module tests.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
61 |
679cefd5896b
Tests: stream_ssl_preread module tests.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
62 server { |
679cefd5896b
Tests: stream_ssl_preread module tests.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
63 listen 127.0.0.1:8080; |
1198
cd153f1bbaad
Tests: simplified stream_ssl_preread.t by not using http backends.
Sergey Kandaurov <pluknet@nginx.com>
parents:
1118
diff
changeset
|
64 return $name; |
1034
679cefd5896b
Tests: stream_ssl_preread module tests.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
65 } |
679cefd5896b
Tests: stream_ssl_preread module tests.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
66 |
679cefd5896b
Tests: stream_ssl_preread module tests.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
67 server { |
679cefd5896b
Tests: stream_ssl_preread module tests.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
68 listen 127.0.0.1:8081; |
679cefd5896b
Tests: stream_ssl_preread module tests.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
69 proxy_pass $name; |
679cefd5896b
Tests: stream_ssl_preread module tests.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
70 } |
679cefd5896b
Tests: stream_ssl_preread module tests.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
71 |
679cefd5896b
Tests: stream_ssl_preread module tests.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
72 server { |
1198
cd153f1bbaad
Tests: simplified stream_ssl_preread.t by not using http backends.
Sergey Kandaurov <pluknet@nginx.com>
parents:
1118
diff
changeset
|
73 listen 127.0.0.1:8082; |
1034
679cefd5896b
Tests: stream_ssl_preread module tests.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
74 proxy_pass $name; |
1198
cd153f1bbaad
Tests: simplified stream_ssl_preread.t by not using http backends.
Sergey Kandaurov <pluknet@nginx.com>
parents:
1118
diff
changeset
|
75 ssl_preread off; |
1034
679cefd5896b
Tests: stream_ssl_preread module tests.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
76 } |
679cefd5896b
Tests: stream_ssl_preread module tests.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
77 |
679cefd5896b
Tests: stream_ssl_preread module tests.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
78 server { |
679cefd5896b
Tests: stream_ssl_preread module tests.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
79 listen 127.0.0.1:8083; |
679cefd5896b
Tests: stream_ssl_preread module tests.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
80 proxy_pass $name; |
679cefd5896b
Tests: stream_ssl_preread module tests.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
81 |
679cefd5896b
Tests: stream_ssl_preread module tests.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
82 preread_timeout 2s; |
679cefd5896b
Tests: stream_ssl_preread module tests.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
83 preread_buffer_size 42; |
679cefd5896b
Tests: stream_ssl_preread module tests.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
84 |
679cefd5896b
Tests: stream_ssl_preread module tests.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
85 access_log %%TESTDIR%%/status.log status; |
679cefd5896b
Tests: stream_ssl_preread module tests.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
86 } |
1099
dd3031bbc705
Tests: various stream_ssl_preread tests with ill-formed records.
Sergey Kandaurov <pluknet@nginx.com>
parents:
1034
diff
changeset
|
87 |
1199
08f6eacf1cfe
Tests: stream proxy next upstream with ssl_preread (ticket #1317).
Andrey Zelenkov <zelenkov@nginx.com>
parents:
1198
diff
changeset
|
88 server { |
08f6eacf1cfe
Tests: stream proxy next upstream with ssl_preread (ticket #1317).
Andrey Zelenkov <zelenkov@nginx.com>
parents:
1198
diff
changeset
|
89 listen 127.0.0.1:8084; |
08f6eacf1cfe
Tests: stream proxy next upstream with ssl_preread (ticket #1317).
Andrey Zelenkov <zelenkov@nginx.com>
parents:
1198
diff
changeset
|
90 proxy_pass next; |
08f6eacf1cfe
Tests: stream proxy next upstream with ssl_preread (ticket #1317).
Andrey Zelenkov <zelenkov@nginx.com>
parents:
1198
diff
changeset
|
91 |
08f6eacf1cfe
Tests: stream proxy next upstream with ssl_preread (ticket #1317).
Andrey Zelenkov <zelenkov@nginx.com>
parents:
1198
diff
changeset
|
92 proxy_connect_timeout 2s; |
08f6eacf1cfe
Tests: stream proxy next upstream with ssl_preread (ticket #1317).
Andrey Zelenkov <zelenkov@nginx.com>
parents:
1198
diff
changeset
|
93 preread_buffer_size 8; |
08f6eacf1cfe
Tests: stream proxy next upstream with ssl_preread (ticket #1317).
Andrey Zelenkov <zelenkov@nginx.com>
parents:
1198
diff
changeset
|
94 } |
08f6eacf1cfe
Tests: stream proxy next upstream with ssl_preread (ticket #1317).
Andrey Zelenkov <zelenkov@nginx.com>
parents:
1198
diff
changeset
|
95 |
1034
679cefd5896b
Tests: stream_ssl_preread module tests.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
96 ssl_certificate_key localhost.key; |
679cefd5896b
Tests: stream_ssl_preread module tests.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
97 ssl_certificate localhost.crt; |
679cefd5896b
Tests: stream_ssl_preread module tests.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
98 |
679cefd5896b
Tests: stream_ssl_preread module tests.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
99 server { |
679cefd5896b
Tests: stream_ssl_preread module tests.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
100 listen 127.0.0.1:8091 ssl; |
679cefd5896b
Tests: stream_ssl_preread module tests.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
101 listen 127.0.0.1:8092 ssl; |
679cefd5896b
Tests: stream_ssl_preread module tests.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
102 listen 127.0.0.1:8093 ssl; |
1198
cd153f1bbaad
Tests: simplified stream_ssl_preread.t by not using http backends.
Sergey Kandaurov <pluknet@nginx.com>
parents:
1118
diff
changeset
|
103 ssl_preread off; |
cd153f1bbaad
Tests: simplified stream_ssl_preread.t by not using http backends.
Sergey Kandaurov <pluknet@nginx.com>
parents:
1118
diff
changeset
|
104 return $server_port; |
1034
679cefd5896b
Tests: stream_ssl_preread module tests.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
105 } |
679cefd5896b
Tests: stream_ssl_preread module tests.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
106 } |
679cefd5896b
Tests: stream_ssl_preread module tests.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
107 |
679cefd5896b
Tests: stream_ssl_preread module tests.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
108 EOF |
679cefd5896b
Tests: stream_ssl_preread module tests.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
109 |
679cefd5896b
Tests: stream_ssl_preread module tests.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
110 eval { require IO::Socket::SSL; die if $IO::Socket::SSL::VERSION < 1.56; }; |
679cefd5896b
Tests: stream_ssl_preread module tests.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
111 plan(skip_all => 'IO::Socket::SSL version >= 1.56 required') if $@; |
679cefd5896b
Tests: stream_ssl_preread module tests.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
112 |
679cefd5896b
Tests: stream_ssl_preread module tests.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
113 eval { |
679cefd5896b
Tests: stream_ssl_preread module tests.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
114 if (IO::Socket::SSL->can('can_client_sni')) { |
679cefd5896b
Tests: stream_ssl_preread module tests.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
115 IO::Socket::SSL->can_client_sni() or die; |
679cefd5896b
Tests: stream_ssl_preread module tests.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
116 } |
679cefd5896b
Tests: stream_ssl_preread module tests.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
117 }; |
679cefd5896b
Tests: stream_ssl_preread module tests.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
118 plan(skip_all => 'IO::Socket::SSL with OpenSSL SNI support required') if $@; |
679cefd5896b
Tests: stream_ssl_preread module tests.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
119 |
679cefd5896b
Tests: stream_ssl_preread module tests.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
120 eval { |
679cefd5896b
Tests: stream_ssl_preread module tests.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
121 my $ctx = Net::SSLeay::CTX_new() or die; |
679cefd5896b
Tests: stream_ssl_preread module tests.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
122 my $ssl = Net::SSLeay::new($ctx) or die; |
679cefd5896b
Tests: stream_ssl_preread module tests.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
123 Net::SSLeay::set_tlsext_host_name($ssl, 'example.org') == 1 or die; |
679cefd5896b
Tests: stream_ssl_preread module tests.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
124 }; |
679cefd5896b
Tests: stream_ssl_preread module tests.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
125 plan(skip_all => 'Net::SSLeay with OpenSSL SNI support required') if $@; |
679cefd5896b
Tests: stream_ssl_preread module tests.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
126 |
1314
b6d941ff65f4
Tests: added stream ssl preread test for message fragmentation.
Sergey Kandaurov <pluknet@nginx.com>
parents:
1251
diff
changeset
|
127 $t->plan(13); |
1034
679cefd5896b
Tests: stream_ssl_preread module tests.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
128 |
679cefd5896b
Tests: stream_ssl_preread module tests.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
129 $t->write_file('openssl.conf', <<EOF); |
679cefd5896b
Tests: stream_ssl_preread module tests.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
130 [ req ] |
1488
dbce8fb5f5f8
Tests: align with OpenSSL security level 2.
Sergey Kandaurov <pluknet@nginx.com>
parents:
1421
diff
changeset
|
131 default_bits = 2048 |
1034
679cefd5896b
Tests: stream_ssl_preread module tests.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
132 encrypt_key = no |
679cefd5896b
Tests: stream_ssl_preread module tests.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
133 distinguished_name = req_distinguished_name |
679cefd5896b
Tests: stream_ssl_preread module tests.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
134 [ req_distinguished_name ] |
679cefd5896b
Tests: stream_ssl_preread module tests.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
135 EOF |
679cefd5896b
Tests: stream_ssl_preread module tests.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
136 |
679cefd5896b
Tests: stream_ssl_preread module tests.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
137 my $d = $t->testdir(); |
679cefd5896b
Tests: stream_ssl_preread module tests.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
138 |
679cefd5896b
Tests: stream_ssl_preread module tests.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
139 foreach my $name ('localhost') { |
679cefd5896b
Tests: stream_ssl_preread module tests.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
140 system('openssl req -x509 -new ' |
1220
0af58b78df35
Tests: removed single quotes from system() calls.
Sergey Kandaurov <pluknet@nginx.com>
parents:
1219
diff
changeset
|
141 . "-config $d/openssl.conf -subj /CN=$name/ " |
0af58b78df35
Tests: removed single quotes from system() calls.
Sergey Kandaurov <pluknet@nginx.com>
parents:
1219
diff
changeset
|
142 . "-out $d/$name.crt -keyout $d/$name.key " |
1034
679cefd5896b
Tests: stream_ssl_preread module tests.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
143 . ">>$d/openssl.out 2>&1") == 0 |
679cefd5896b
Tests: stream_ssl_preread module tests.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
144 or die "Can't create certificate for $name: $!\n"; |
679cefd5896b
Tests: stream_ssl_preread module tests.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
145 } |
679cefd5896b
Tests: stream_ssl_preread module tests.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
146 |
679cefd5896b
Tests: stream_ssl_preread module tests.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
147 $t->run(); |
679cefd5896b
Tests: stream_ssl_preread module tests.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
148 |
679cefd5896b
Tests: stream_ssl_preread module tests.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
149 ############################################################################### |
679cefd5896b
Tests: stream_ssl_preread module tests.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
150 |
1199
08f6eacf1cfe
Tests: stream proxy next upstream with ssl_preread (ticket #1317).
Andrey Zelenkov <zelenkov@nginx.com>
parents:
1198
diff
changeset
|
151 my ($p1, $p2, $p3, $p4) = (port(8091), port(8092), port(8093), port(8084)); |
1034
679cefd5896b
Tests: stream_ssl_preread module tests.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
152 |
1198
cd153f1bbaad
Tests: simplified stream_ssl_preread.t by not using http backends.
Sergey Kandaurov <pluknet@nginx.com>
parents:
1118
diff
changeset
|
153 is(get_ssl('foo', 8081), $p1, 'sni'); |
cd153f1bbaad
Tests: simplified stream_ssl_preread.t by not using http backends.
Sergey Kandaurov <pluknet@nginx.com>
parents:
1118
diff
changeset
|
154 is(get_ssl('foo', 8081), $p1, 'sni again'); |
1034
679cefd5896b
Tests: stream_ssl_preread module tests.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
155 |
1198
cd153f1bbaad
Tests: simplified stream_ssl_preread.t by not using http backends.
Sergey Kandaurov <pluknet@nginx.com>
parents:
1118
diff
changeset
|
156 is(get_ssl('bar', 8081), $p2, 'sni 2'); |
cd153f1bbaad
Tests: simplified stream_ssl_preread.t by not using http backends.
Sergey Kandaurov <pluknet@nginx.com>
parents:
1118
diff
changeset
|
157 is(get_ssl('bar', 8081), $p2, 'sni 2 again'); |
1034
679cefd5896b
Tests: stream_ssl_preread module tests.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
158 |
679cefd5896b
Tests: stream_ssl_preread module tests.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
159 # fallback to an empty value for some reason |
679cefd5896b
Tests: stream_ssl_preread module tests.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
160 |
1198
cd153f1bbaad
Tests: simplified stream_ssl_preread.t by not using http backends.
Sergey Kandaurov <pluknet@nginx.com>
parents:
1118
diff
changeset
|
161 is(get_ssl('', 8081), $p3, 'no sni'); |
cd153f1bbaad
Tests: simplified stream_ssl_preread.t by not using http backends.
Sergey Kandaurov <pluknet@nginx.com>
parents:
1118
diff
changeset
|
162 is(get_ssl('foo', 8082), $p3, 'preread off'); |
cd153f1bbaad
Tests: simplified stream_ssl_preread.t by not using http backends.
Sergey Kandaurov <pluknet@nginx.com>
parents:
1118
diff
changeset
|
163 is(get_ssl('foo', 8083), undef, 'preread buffer full'); |
1235
3fc6817cd84a
Tests: explicit peer port in stream tests now required.
Andrey Zelenkov <zelenkov@nginx.com>
parents:
1232
diff
changeset
|
164 is(stream('127.0.0.1:' . port(8080))->io('x' x 1000), "127.0.0.1:$p3", |
3fc6817cd84a
Tests: explicit peer port in stream tests now required.
Andrey Zelenkov <zelenkov@nginx.com>
parents:
1232
diff
changeset
|
165 'not a handshake'); |
1034
679cefd5896b
Tests: stream_ssl_preread module tests.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
166 |
1232
a4a040b4e4dd
Tests: removed TODOs for fixes merged in 1.12.2.
Sergey Kandaurov <pluknet@nginx.com>
parents:
1220
diff
changeset
|
167 # ticket #1317 |
1199
08f6eacf1cfe
Tests: stream proxy next upstream with ssl_preread (ticket #1317).
Andrey Zelenkov <zelenkov@nginx.com>
parents:
1198
diff
changeset
|
168 |
08f6eacf1cfe
Tests: stream proxy next upstream with ssl_preread (ticket #1317).
Andrey Zelenkov <zelenkov@nginx.com>
parents:
1198
diff
changeset
|
169 is(stream("127.0.0.1:$p4")->io('x' x 16), "127.0.0.1:$p3", |
08f6eacf1cfe
Tests: stream proxy next upstream with ssl_preread (ticket #1317).
Andrey Zelenkov <zelenkov@nginx.com>
parents:
1198
diff
changeset
|
170 'pending buffers on next upstream'); |
08f6eacf1cfe
Tests: stream proxy next upstream with ssl_preread (ticket #1317).
Andrey Zelenkov <zelenkov@nginx.com>
parents:
1198
diff
changeset
|
171 |
1099
dd3031bbc705
Tests: various stream_ssl_preread tests with ill-formed records.
Sergey Kandaurov <pluknet@nginx.com>
parents:
1034
diff
changeset
|
172 # no junk in variable due to short ClientHello length value |
dd3031bbc705
Tests: various stream_ssl_preread tests with ill-formed records.
Sergey Kandaurov <pluknet@nginx.com>
parents:
1034
diff
changeset
|
173 |
1198
cd153f1bbaad
Tests: simplified stream_ssl_preread.t by not using http backends.
Sergey Kandaurov <pluknet@nginx.com>
parents:
1118
diff
changeset
|
174 is(get_short(), "127.0.0.1:$p3", 'short client hello'); |
1099
dd3031bbc705
Tests: various stream_ssl_preread tests with ill-formed records.
Sergey Kandaurov <pluknet@nginx.com>
parents:
1034
diff
changeset
|
175 |
dd3031bbc705
Tests: various stream_ssl_preread tests with ill-formed records.
Sergey Kandaurov <pluknet@nginx.com>
parents:
1034
diff
changeset
|
176 # allow record with older SSL version, such as 3.0 |
dd3031bbc705
Tests: various stream_ssl_preread tests with ill-formed records.
Sergey Kandaurov <pluknet@nginx.com>
parents:
1034
diff
changeset
|
177 |
dd3031bbc705
Tests: various stream_ssl_preread tests with ill-formed records.
Sergey Kandaurov <pluknet@nginx.com>
parents:
1034
diff
changeset
|
178 is(get_oldver(), 'foo', 'older version in ssl record'); |
dd3031bbc705
Tests: various stream_ssl_preread tests with ill-formed records.
Sergey Kandaurov <pluknet@nginx.com>
parents:
1034
diff
changeset
|
179 |
1314
b6d941ff65f4
Tests: added stream ssl preread test for message fragmentation.
Sergey Kandaurov <pluknet@nginx.com>
parents:
1251
diff
changeset
|
180 # SNI "foo|f" fragmented across TLS records |
b6d941ff65f4
Tests: added stream ssl preread test for message fragmentation.
Sergey Kandaurov <pluknet@nginx.com>
parents:
1251
diff
changeset
|
181 |
b6d941ff65f4
Tests: added stream ssl preread test for message fragmentation.
Sergey Kandaurov <pluknet@nginx.com>
parents:
1251
diff
changeset
|
182 is(get_frag(), 'foof', 'handshake fragment split on SNI'); |
b6d941ff65f4
Tests: added stream ssl preread test for message fragmentation.
Sergey Kandaurov <pluknet@nginx.com>
parents:
1251
diff
changeset
|
183 |
1034
679cefd5896b
Tests: stream_ssl_preread module tests.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
184 $t->stop(); |
679cefd5896b
Tests: stream_ssl_preread module tests.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
185 |
679cefd5896b
Tests: stream_ssl_preread module tests.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
186 is($t->read_file('status.log'), "400\n", 'preread buffer full - log'); |
679cefd5896b
Tests: stream_ssl_preread module tests.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
187 |
679cefd5896b
Tests: stream_ssl_preread module tests.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
188 ############################################################################### |
679cefd5896b
Tests: stream_ssl_preread module tests.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
189 |
1314
b6d941ff65f4
Tests: added stream ssl preread test for message fragmentation.
Sergey Kandaurov <pluknet@nginx.com>
parents:
1251
diff
changeset
|
190 sub get_frag { |
b6d941ff65f4
Tests: added stream ssl preread test for message fragmentation.
Sergey Kandaurov <pluknet@nginx.com>
parents:
1251
diff
changeset
|
191 my $r = pack("N*", 0x16030100, 0x3b010000, 0x380303ac, |
b6d941ff65f4
Tests: added stream ssl preread test for message fragmentation.
Sergey Kandaurov <pluknet@nginx.com>
parents:
1251
diff
changeset
|
192 0x8c8678a0, 0xaa1e7eed, 0x3644eed6, 0xc3bd2c69, |
b6d941ff65f4
Tests: added stream ssl preread test for message fragmentation.
Sergey Kandaurov <pluknet@nginx.com>
parents:
1251
diff
changeset
|
193 0x7bc7deda, 0x249db0e3, 0x0c339eba, 0xa80b7600, |
b6d941ff65f4
Tests: added stream ssl preread test for message fragmentation.
Sergey Kandaurov <pluknet@nginx.com>
parents:
1251
diff
changeset
|
194 0x00020000, 0x0100000d, 0x00000009, 0x00070000, |
b6d941ff65f4
Tests: added stream ssl preread test for message fragmentation.
Sergey Kandaurov <pluknet@nginx.com>
parents:
1251
diff
changeset
|
195 0x04666f6f, 0x16030100); |
b6d941ff65f4
Tests: added stream ssl preread test for message fragmentation.
Sergey Kandaurov <pluknet@nginx.com>
parents:
1251
diff
changeset
|
196 $r .= pack("n", 0x0166); |
b6d941ff65f4
Tests: added stream ssl preread test for message fragmentation.
Sergey Kandaurov <pluknet@nginx.com>
parents:
1251
diff
changeset
|
197 |
b6d941ff65f4
Tests: added stream ssl preread test for message fragmentation.
Sergey Kandaurov <pluknet@nginx.com>
parents:
1251
diff
changeset
|
198 http($r); |
b6d941ff65f4
Tests: added stream ssl preread test for message fragmentation.
Sergey Kandaurov <pluknet@nginx.com>
parents:
1251
diff
changeset
|
199 } |
b6d941ff65f4
Tests: added stream ssl preread test for message fragmentation.
Sergey Kandaurov <pluknet@nginx.com>
parents:
1251
diff
changeset
|
200 |
1099
dd3031bbc705
Tests: various stream_ssl_preread tests with ill-formed records.
Sergey Kandaurov <pluknet@nginx.com>
parents:
1034
diff
changeset
|
201 sub get_short { |
dd3031bbc705
Tests: various stream_ssl_preread tests with ill-formed records.
Sergey Kandaurov <pluknet@nginx.com>
parents:
1034
diff
changeset
|
202 my $r = pack("N*", 0x16030100, 0x38010000, 0x330303eb); |
dd3031bbc705
Tests: various stream_ssl_preread tests with ill-formed records.
Sergey Kandaurov <pluknet@nginx.com>
parents:
1034
diff
changeset
|
203 $r .= pack("N*", 0x6357cdba, 0xa6b8d853, 0xf1f6ac0f); |
dd3031bbc705
Tests: various stream_ssl_preread tests with ill-formed records.
Sergey Kandaurov <pluknet@nginx.com>
parents:
1034
diff
changeset
|
204 $r .= pack("N*", 0xdf03178c, 0x0ae41824, 0xe7643682); |
dd3031bbc705
Tests: various stream_ssl_preread tests with ill-formed records.
Sergey Kandaurov <pluknet@nginx.com>
parents:
1034
diff
changeset
|
205 $r .= pack("N*", 0x3c1b273f, 0xbfde4b00, 0x00000000); |
dd3031bbc705
Tests: various stream_ssl_preread tests with ill-formed records.
Sergey Kandaurov <pluknet@nginx.com>
parents:
1034
diff
changeset
|
206 $r .= pack("CN3", 0x0c, 0x00000008, 0x00060000, 0x03666f6f); |
dd3031bbc705
Tests: various stream_ssl_preread tests with ill-formed records.
Sergey Kandaurov <pluknet@nginx.com>
parents:
1034
diff
changeset
|
207 |
1198
cd153f1bbaad
Tests: simplified stream_ssl_preread.t by not using http backends.
Sergey Kandaurov <pluknet@nginx.com>
parents:
1118
diff
changeset
|
208 http($r); |
1099
dd3031bbc705
Tests: various stream_ssl_preread tests with ill-formed records.
Sergey Kandaurov <pluknet@nginx.com>
parents:
1034
diff
changeset
|
209 } |
dd3031bbc705
Tests: various stream_ssl_preread tests with ill-formed records.
Sergey Kandaurov <pluknet@nginx.com>
parents:
1034
diff
changeset
|
210 |
dd3031bbc705
Tests: various stream_ssl_preread tests with ill-formed records.
Sergey Kandaurov <pluknet@nginx.com>
parents:
1034
diff
changeset
|
211 sub get_oldver { |
dd3031bbc705
Tests: various stream_ssl_preread tests with ill-formed records.
Sergey Kandaurov <pluknet@nginx.com>
parents:
1034
diff
changeset
|
212 my $r = pack("N*", 0x16030000, 0x38010000, 0x340303eb); |
dd3031bbc705
Tests: various stream_ssl_preread tests with ill-formed records.
Sergey Kandaurov <pluknet@nginx.com>
parents:
1034
diff
changeset
|
213 $r .= pack("N*", 0x6357cdba, 0xa6b8d853, 0xf1f6ac0f); |
dd3031bbc705
Tests: various stream_ssl_preread tests with ill-formed records.
Sergey Kandaurov <pluknet@nginx.com>
parents:
1034
diff
changeset
|
214 $r .= pack("N*", 0xdf03178c, 0x0ae41824, 0xe7643682); |
dd3031bbc705
Tests: various stream_ssl_preread tests with ill-formed records.
Sergey Kandaurov <pluknet@nginx.com>
parents:
1034
diff
changeset
|
215 $r .= pack("N*", 0x3c1b273f, 0xbfde4b00, 0x00000000); |
dd3031bbc705
Tests: various stream_ssl_preread tests with ill-formed records.
Sergey Kandaurov <pluknet@nginx.com>
parents:
1034
diff
changeset
|
216 $r .= pack("CN3", 0x0c, 0x00000008, 0x00060000, 0x03666f6f); |
dd3031bbc705
Tests: various stream_ssl_preread tests with ill-formed records.
Sergey Kandaurov <pluknet@nginx.com>
parents:
1034
diff
changeset
|
217 |
1198
cd153f1bbaad
Tests: simplified stream_ssl_preread.t by not using http backends.
Sergey Kandaurov <pluknet@nginx.com>
parents:
1118
diff
changeset
|
218 http($r); |
1099
dd3031bbc705
Tests: various stream_ssl_preread tests with ill-formed records.
Sergey Kandaurov <pluknet@nginx.com>
parents:
1034
diff
changeset
|
219 } |
dd3031bbc705
Tests: various stream_ssl_preread tests with ill-formed records.
Sergey Kandaurov <pluknet@nginx.com>
parents:
1034
diff
changeset
|
220 |
1198
cd153f1bbaad
Tests: simplified stream_ssl_preread.t by not using http backends.
Sergey Kandaurov <pluknet@nginx.com>
parents:
1118
diff
changeset
|
221 sub get_ssl { |
1034
679cefd5896b
Tests: stream_ssl_preread module tests.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
222 my ($host, $port) = @_; |
1202
cbda704b3093
Tests: fixed stream_ssl_preread.t when run in parallel.
Sergey Kandaurov <pluknet@nginx.com>
parents:
1199
diff
changeset
|
223 my $s = stream('127.0.0.1:' . port($port)); |
1034
679cefd5896b
Tests: stream_ssl_preread module tests.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
224 |
679cefd5896b
Tests: stream_ssl_preread module tests.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
225 eval { |
679cefd5896b
Tests: stream_ssl_preread module tests.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
226 local $SIG{ALRM} = sub { die "timeout\n" }; |
679cefd5896b
Tests: stream_ssl_preread module tests.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
227 local $SIG{PIPE} = sub { die "sigpipe\n" }; |
1421
4e48bf51714f
Tests: aligned various generic read timeouts to http_end().
Sergey Kandaurov <pluknet@nginx.com>
parents:
1407
diff
changeset
|
228 alarm(8); |
1198
cd153f1bbaad
Tests: simplified stream_ssl_preread.t by not using http backends.
Sergey Kandaurov <pluknet@nginx.com>
parents:
1118
diff
changeset
|
229 IO::Socket::SSL->start_SSL($s->{_socket}, |
1034
679cefd5896b
Tests: stream_ssl_preread module tests.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
230 SSL_hostname => $host, |
679cefd5896b
Tests: stream_ssl_preread module tests.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
231 SSL_verify_mode => IO::Socket::SSL::SSL_VERIFY_NONE(), |
679cefd5896b
Tests: stream_ssl_preread module tests.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
232 SSL_error_trap => sub { die $_[1] } |
679cefd5896b
Tests: stream_ssl_preread module tests.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
233 ); |
679cefd5896b
Tests: stream_ssl_preread module tests.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
234 alarm(0); |
679cefd5896b
Tests: stream_ssl_preread module tests.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
235 }; |
679cefd5896b
Tests: stream_ssl_preread module tests.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
236 alarm(0); |
679cefd5896b
Tests: stream_ssl_preread module tests.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
237 |
679cefd5896b
Tests: stream_ssl_preread module tests.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
238 if ($@) { |
679cefd5896b
Tests: stream_ssl_preread module tests.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
239 log_in("died: $@"); |
679cefd5896b
Tests: stream_ssl_preread module tests.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
240 return undef; |
679cefd5896b
Tests: stream_ssl_preread module tests.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
241 } |
679cefd5896b
Tests: stream_ssl_preread module tests.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
242 |
1198
cd153f1bbaad
Tests: simplified stream_ssl_preread.t by not using http backends.
Sergey Kandaurov <pluknet@nginx.com>
parents:
1118
diff
changeset
|
243 return $s->read(); |
1034
679cefd5896b
Tests: stream_ssl_preread module tests.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
244 } |
679cefd5896b
Tests: stream_ssl_preread module tests.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
245 |
679cefd5896b
Tests: stream_ssl_preread module tests.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
246 ############################################################################### |