Mercurial > hg > nginx-tests
annotate ssl_crl.t @ 1933:9bafe7cddd3c
Tests: improved QUIC key update tests with old keys.
On unsuccessful protection removal, it is now retried with old keys.
Otherwise, old keys are removed to ensure they're no longer in use.
| author | Sergey Kandaurov <pluknet@nginx.com> |
|---|---|
| date | Mon, 21 Aug 2023 17:26:47 +0400 |
| parents | a797d7428fa5 |
| children | 0b5ec15c62ed |
| rev | line source |
|---|---|
|
1125
97a6cb846926
Tests: basic ssl_crl tests.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
1 #!/usr/bin/perl |
|
97a6cb846926
Tests: basic ssl_crl tests.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
2 |
|
97a6cb846926
Tests: basic ssl_crl tests.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
3 # (C) Sergey Kandaurov |
|
97a6cb846926
Tests: basic ssl_crl tests.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
4 # (C) Nginx, Inc. |
|
97a6cb846926
Tests: basic ssl_crl tests.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
5 |
|
97a6cb846926
Tests: basic ssl_crl tests.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
6 # Tests for http ssl module, ssl_crl directive. |
|
97a6cb846926
Tests: basic ssl_crl tests.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
7 |
|
97a6cb846926
Tests: basic ssl_crl tests.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
8 ############################################################################### |
|
97a6cb846926
Tests: basic ssl_crl tests.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
9 |
|
97a6cb846926
Tests: basic ssl_crl tests.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
10 use warnings; |
|
97a6cb846926
Tests: basic ssl_crl tests.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
11 use strict; |
|
97a6cb846926
Tests: basic ssl_crl tests.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
12 |
|
97a6cb846926
Tests: basic ssl_crl tests.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
13 use Test::More; |
|
97a6cb846926
Tests: basic ssl_crl tests.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
14 |
|
97a6cb846926
Tests: basic ssl_crl tests.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
15 BEGIN { use FindBin; chdir($FindBin::Bin); } |
|
97a6cb846926
Tests: basic ssl_crl tests.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
16 |
|
97a6cb846926
Tests: basic ssl_crl tests.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
17 use lib 'lib'; |
|
97a6cb846926
Tests: basic ssl_crl tests.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
18 use Test::Nginx; |
|
97a6cb846926
Tests: basic ssl_crl tests.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
19 |
|
97a6cb846926
Tests: basic ssl_crl tests.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
20 ############################################################################### |
|
97a6cb846926
Tests: basic ssl_crl tests.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
21 |
|
97a6cb846926
Tests: basic ssl_crl tests.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
22 select STDERR; $| = 1; |
|
97a6cb846926
Tests: basic ssl_crl tests.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
23 select STDOUT; $| = 1; |
|
97a6cb846926
Tests: basic ssl_crl tests.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
24 |
|
1858
cdcd75657e52
Tests: added has_feature() tests for IO::Socket::SSL.
Maxim Dounin <mdounin@mdounin.ru>
parents:
1488
diff
changeset
|
25 my $t = Test::Nginx->new()->has(qw/http http_ssl socket_ssl/) |
|
1125
97a6cb846926
Tests: basic ssl_crl tests.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
26 ->has_daemon('openssl')->plan(3); |
|
97a6cb846926
Tests: basic ssl_crl tests.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
27 |
|
97a6cb846926
Tests: basic ssl_crl tests.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
28 $t->write_file_expand('nginx.conf', <<'EOF'); |
|
97a6cb846926
Tests: basic ssl_crl tests.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
29 |
|
97a6cb846926
Tests: basic ssl_crl tests.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
30 %%TEST_GLOBALS%% |
|
97a6cb846926
Tests: basic ssl_crl tests.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
31 |
|
97a6cb846926
Tests: basic ssl_crl tests.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
32 daemon off; |
|
97a6cb846926
Tests: basic ssl_crl tests.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
33 |
|
97a6cb846926
Tests: basic ssl_crl tests.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
34 events { |
|
97a6cb846926
Tests: basic ssl_crl tests.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
35 } |
|
97a6cb846926
Tests: basic ssl_crl tests.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
36 |
|
97a6cb846926
Tests: basic ssl_crl tests.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
37 http { |
|
97a6cb846926
Tests: basic ssl_crl tests.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
38 %%TEST_GLOBALS_HTTP%% |
|
97a6cb846926
Tests: basic ssl_crl tests.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
39 |
|
97a6cb846926
Tests: basic ssl_crl tests.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
40 ssl_certificate_key localhost.key; |
|
97a6cb846926
Tests: basic ssl_crl tests.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
41 ssl_certificate localhost.crt; |
|
97a6cb846926
Tests: basic ssl_crl tests.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
42 |
|
97a6cb846926
Tests: basic ssl_crl tests.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
43 ssl_verify_client on; |
|
97a6cb846926
Tests: basic ssl_crl tests.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
44 ssl_client_certificate int-root.crt; |
|
97a6cb846926
Tests: basic ssl_crl tests.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
45 |
|
97a6cb846926
Tests: basic ssl_crl tests.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
46 add_header X-Verify $ssl_client_verify always; |
|
97a6cb846926
Tests: basic ssl_crl tests.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
47 |
|
97a6cb846926
Tests: basic ssl_crl tests.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
48 server { |
|
97a6cb846926
Tests: basic ssl_crl tests.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
49 listen 127.0.0.1:8080 ssl; |
|
97a6cb846926
Tests: basic ssl_crl tests.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
50 server_name localhost; |
|
97a6cb846926
Tests: basic ssl_crl tests.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
51 |
|
97a6cb846926
Tests: basic ssl_crl tests.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
52 ssl_client_certificate root.crt; |
|
97a6cb846926
Tests: basic ssl_crl tests.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
53 ssl_crl empty.crl; |
|
97a6cb846926
Tests: basic ssl_crl tests.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
54 } |
|
97a6cb846926
Tests: basic ssl_crl tests.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
55 |
|
97a6cb846926
Tests: basic ssl_crl tests.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
56 server { |
|
97a6cb846926
Tests: basic ssl_crl tests.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
57 listen 127.0.0.1:8081 ssl; |
|
97a6cb846926
Tests: basic ssl_crl tests.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
58 server_name localhost; |
|
97a6cb846926
Tests: basic ssl_crl tests.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
59 |
|
97a6cb846926
Tests: basic ssl_crl tests.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
60 ssl_client_certificate root.crt; |
|
97a6cb846926
Tests: basic ssl_crl tests.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
61 ssl_crl root.crl; |
|
97a6cb846926
Tests: basic ssl_crl tests.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
62 } |
|
97a6cb846926
Tests: basic ssl_crl tests.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
63 |
|
97a6cb846926
Tests: basic ssl_crl tests.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
64 server { |
|
97a6cb846926
Tests: basic ssl_crl tests.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
65 listen 127.0.0.1:8082 ssl; |
|
97a6cb846926
Tests: basic ssl_crl tests.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
66 server_name localhost; |
|
97a6cb846926
Tests: basic ssl_crl tests.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
67 |
|
97a6cb846926
Tests: basic ssl_crl tests.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
68 ssl_verify_depth 2; |
|
97a6cb846926
Tests: basic ssl_crl tests.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
69 ssl_crl root.crl; |
|
97a6cb846926
Tests: basic ssl_crl tests.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
70 } |
|
97a6cb846926
Tests: basic ssl_crl tests.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
71 } |
|
97a6cb846926
Tests: basic ssl_crl tests.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
72 |
|
97a6cb846926
Tests: basic ssl_crl tests.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
73 EOF |
|
97a6cb846926
Tests: basic ssl_crl tests.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
74 |
|
97a6cb846926
Tests: basic ssl_crl tests.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
75 my $d = $t->testdir(); |
|
97a6cb846926
Tests: basic ssl_crl tests.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
76 |
|
97a6cb846926
Tests: basic ssl_crl tests.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
77 $t->write_file('openssl.conf', <<EOF); |
|
97a6cb846926
Tests: basic ssl_crl tests.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
78 [ req ] |
|
1488
dbce8fb5f5f8
Tests: align with OpenSSL security level 2.
Sergey Kandaurov <pluknet@nginx.com>
parents:
1421
diff
changeset
|
79 default_bits = 2048 |
|
1125
97a6cb846926
Tests: basic ssl_crl tests.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
80 encrypt_key = no |
|
97a6cb846926
Tests: basic ssl_crl tests.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
81 distinguished_name = req_distinguished_name |
|
97a6cb846926
Tests: basic ssl_crl tests.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
82 [ req_distinguished_name ] |
|
97a6cb846926
Tests: basic ssl_crl tests.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
83 EOF |
|
97a6cb846926
Tests: basic ssl_crl tests.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
84 |
|
97a6cb846926
Tests: basic ssl_crl tests.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
85 $t->write_file('ca.conf', <<EOF); |
|
97a6cb846926
Tests: basic ssl_crl tests.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
86 [ ca ] |
|
97a6cb846926
Tests: basic ssl_crl tests.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
87 default_ca = myca |
|
97a6cb846926
Tests: basic ssl_crl tests.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
88 |
|
97a6cb846926
Tests: basic ssl_crl tests.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
89 [ myca ] |
|
97a6cb846926
Tests: basic ssl_crl tests.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
90 new_certs_dir = $d |
|
97a6cb846926
Tests: basic ssl_crl tests.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
91 database = $d/certindex |
|
1488
dbce8fb5f5f8
Tests: align with OpenSSL security level 2.
Sergey Kandaurov <pluknet@nginx.com>
parents:
1421
diff
changeset
|
92 default_md = sha256 |
|
1125
97a6cb846926
Tests: basic ssl_crl tests.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
93 policy = myca_policy |
|
97a6cb846926
Tests: basic ssl_crl tests.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
94 serial = $d/certserial |
|
97a6cb846926
Tests: basic ssl_crl tests.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
95 default_days = 1 |
|
97a6cb846926
Tests: basic ssl_crl tests.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
96 |
|
97a6cb846926
Tests: basic ssl_crl tests.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
97 [ myca_policy ] |
|
97a6cb846926
Tests: basic ssl_crl tests.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
98 commonName = supplied |
|
97a6cb846926
Tests: basic ssl_crl tests.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
99 EOF |
|
97a6cb846926
Tests: basic ssl_crl tests.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
100 |
|
97a6cb846926
Tests: basic ssl_crl tests.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
101 foreach my $name ('root', 'localhost') { |
|
97a6cb846926
Tests: basic ssl_crl tests.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
102 system('openssl req -x509 -new ' |
|
1220
0af58b78df35
Tests: removed single quotes from system() calls.
Sergey Kandaurov <pluknet@nginx.com>
parents:
1125
diff
changeset
|
103 . "-config $d/openssl.conf -subj /CN=$name/ " |
|
0af58b78df35
Tests: removed single quotes from system() calls.
Sergey Kandaurov <pluknet@nginx.com>
parents:
1125
diff
changeset
|
104 . "-out $d/$name.crt -keyout $d/$name.key " |
|
1125
97a6cb846926
Tests: basic ssl_crl tests.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
105 . ">>$d/openssl.out 2>&1") == 0 |
|
97a6cb846926
Tests: basic ssl_crl tests.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
106 or die "Can't create certificate for $name: $!\n"; |
|
97a6cb846926
Tests: basic ssl_crl tests.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
107 } |
|
97a6cb846926
Tests: basic ssl_crl tests.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
108 |
|
97a6cb846926
Tests: basic ssl_crl tests.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
109 foreach my $name ('int', 'end') { |
|
97a6cb846926
Tests: basic ssl_crl tests.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
110 system("openssl req -new " |
|
1220
0af58b78df35
Tests: removed single quotes from system() calls.
Sergey Kandaurov <pluknet@nginx.com>
parents:
1125
diff
changeset
|
111 . "-config $d/openssl.conf -subj /CN=$name/ " |
|
0af58b78df35
Tests: removed single quotes from system() calls.
Sergey Kandaurov <pluknet@nginx.com>
parents:
1125
diff
changeset
|
112 . "-out $d/$name.csr -keyout $d/$name.key " |
|
1125
97a6cb846926
Tests: basic ssl_crl tests.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
113 . ">>$d/openssl.out 2>&1") == 0 |
|
97a6cb846926
Tests: basic ssl_crl tests.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
114 or die "Can't create certificate for $name: $!\n"; |
|
97a6cb846926
Tests: basic ssl_crl tests.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
115 } |
|
97a6cb846926
Tests: basic ssl_crl tests.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
116 |
|
97a6cb846926
Tests: basic ssl_crl tests.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
117 $t->write_file('certserial', '1000'); |
|
97a6cb846926
Tests: basic ssl_crl tests.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
118 $t->write_file('certindex', ''); |
|
97a6cb846926
Tests: basic ssl_crl tests.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
119 |
|
1220
0af58b78df35
Tests: removed single quotes from system() calls.
Sergey Kandaurov <pluknet@nginx.com>
parents:
1125
diff
changeset
|
120 system("openssl ca -batch -config $d/ca.conf " |
|
0af58b78df35
Tests: removed single quotes from system() calls.
Sergey Kandaurov <pluknet@nginx.com>
parents:
1125
diff
changeset
|
121 . "-keyfile $d/root.key -cert $d/root.crt " |
|
0af58b78df35
Tests: removed single quotes from system() calls.
Sergey Kandaurov <pluknet@nginx.com>
parents:
1125
diff
changeset
|
122 . "-subj /CN=int/ -in $d/int.csr -out $d/int.crt " |
|
1125
97a6cb846926
Tests: basic ssl_crl tests.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
123 . ">>$d/openssl.out 2>&1") == 0 |
|
97a6cb846926
Tests: basic ssl_crl tests.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
124 or die "Can't sign certificate for int: $!\n"; |
|
97a6cb846926
Tests: basic ssl_crl tests.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
125 |
|
1220
0af58b78df35
Tests: removed single quotes from system() calls.
Sergey Kandaurov <pluknet@nginx.com>
parents:
1125
diff
changeset
|
126 system("openssl ca -batch -config $d/ca.conf " |
|
0af58b78df35
Tests: removed single quotes from system() calls.
Sergey Kandaurov <pluknet@nginx.com>
parents:
1125
diff
changeset
|
127 . "-keyfile $d/int.key -cert $d/int.crt " |
|
0af58b78df35
Tests: removed single quotes from system() calls.
Sergey Kandaurov <pluknet@nginx.com>
parents:
1125
diff
changeset
|
128 . "-subj /CN=end/ -in $d/end.csr -out $d/end.crt " |
|
1125
97a6cb846926
Tests: basic ssl_crl tests.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
129 . ">>$d/openssl.out 2>&1") == 0 |
|
97a6cb846926
Tests: basic ssl_crl tests.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
130 or die "Can't sign certificate for end: $!\n"; |
|
97a6cb846926
Tests: basic ssl_crl tests.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
131 |
|
1220
0af58b78df35
Tests: removed single quotes from system() calls.
Sergey Kandaurov <pluknet@nginx.com>
parents:
1125
diff
changeset
|
132 system("openssl ca -gencrl -config $d/ca.conf " |
|
0af58b78df35
Tests: removed single quotes from system() calls.
Sergey Kandaurov <pluknet@nginx.com>
parents:
1125
diff
changeset
|
133 . "-keyfile $d/root.key -cert $d/root.crt " |
|
0af58b78df35
Tests: removed single quotes from system() calls.
Sergey Kandaurov <pluknet@nginx.com>
parents:
1125
diff
changeset
|
134 . "-out $d/empty.crl -crldays 1 " |
|
1125
97a6cb846926
Tests: basic ssl_crl tests.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
135 . ">>$d/openssl.out 2>&1") == 0 |
|
97a6cb846926
Tests: basic ssl_crl tests.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
136 or die "Can't create empty crl: $!\n"; |
|
97a6cb846926
Tests: basic ssl_crl tests.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
137 |
|
1220
0af58b78df35
Tests: removed single quotes from system() calls.
Sergey Kandaurov <pluknet@nginx.com>
parents:
1125
diff
changeset
|
138 system("openssl ca -config $d/ca.conf -revoke $d/int.crt " |
|
0af58b78df35
Tests: removed single quotes from system() calls.
Sergey Kandaurov <pluknet@nginx.com>
parents:
1125
diff
changeset
|
139 . "-keyfile $d/root.key -cert $d/root.crt " |
|
1125
97a6cb846926
Tests: basic ssl_crl tests.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
140 . ">>$d/openssl.out 2>&1") == 0 |
|
97a6cb846926
Tests: basic ssl_crl tests.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
141 or die "Can't revoke int.crt: $!\n"; |
|
97a6cb846926
Tests: basic ssl_crl tests.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
142 |
|
1220
0af58b78df35
Tests: removed single quotes from system() calls.
Sergey Kandaurov <pluknet@nginx.com>
parents:
1125
diff
changeset
|
143 system("openssl ca -gencrl -config $d/ca.conf " |
|
0af58b78df35
Tests: removed single quotes from system() calls.
Sergey Kandaurov <pluknet@nginx.com>
parents:
1125
diff
changeset
|
144 . "-keyfile $d/root.key -cert $d/root.crt " |
|
0af58b78df35
Tests: removed single quotes from system() calls.
Sergey Kandaurov <pluknet@nginx.com>
parents:
1125
diff
changeset
|
145 . "-out $d/root.crl -crldays 1 " |
|
1125
97a6cb846926
Tests: basic ssl_crl tests.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
146 . ">>$d/openssl.out 2>&1") == 0 |
|
97a6cb846926
Tests: basic ssl_crl tests.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
147 or die "Can't update crl: $!\n"; |
|
97a6cb846926
Tests: basic ssl_crl tests.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
148 |
|
97a6cb846926
Tests: basic ssl_crl tests.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
149 $t->write_file('int-root.crt', |
|
97a6cb846926
Tests: basic ssl_crl tests.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
150 $t->read_file('int.crt') . $t->read_file('root.crt')); |
|
97a6cb846926
Tests: basic ssl_crl tests.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
151 |
|
97a6cb846926
Tests: basic ssl_crl tests.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
152 $t->write_file('t', ''); |
|
97a6cb846926
Tests: basic ssl_crl tests.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
153 $t->run(); |
|
97a6cb846926
Tests: basic ssl_crl tests.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
154 |
|
97a6cb846926
Tests: basic ssl_crl tests.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
155 ############################################################################### |
|
97a6cb846926
Tests: basic ssl_crl tests.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
156 |
|
97a6cb846926
Tests: basic ssl_crl tests.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
157 like(get(8080, 'int'), qr/SUCCESS/, 'crl - no revoked certs'); |
|
97a6cb846926
Tests: basic ssl_crl tests.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
158 like(get(8081, 'int'), qr/FAILED/, 'crl - client cert revoked'); |
|
97a6cb846926
Tests: basic ssl_crl tests.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
159 like(get(8082, 'end'), qr/FAILED/, 'crl - intermediate cert revoked'); |
|
97a6cb846926
Tests: basic ssl_crl tests.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
160 |
|
97a6cb846926
Tests: basic ssl_crl tests.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
161 ############################################################################### |
|
97a6cb846926
Tests: basic ssl_crl tests.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
162 |
|
97a6cb846926
Tests: basic ssl_crl tests.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
163 sub get { |
|
97a6cb846926
Tests: basic ssl_crl tests.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
164 my ($port, $cert) = @_; |
|
1866
a797d7428fa5
Tests: simplified http SSL tests with IO::Socket::SSL.
Maxim Dounin <mdounin@mdounin.ru>
parents:
1858
diff
changeset
|
165 http_get( |
|
a797d7428fa5
Tests: simplified http SSL tests with IO::Socket::SSL.
Maxim Dounin <mdounin@mdounin.ru>
parents:
1858
diff
changeset
|
166 '/t', PeerAddr => '127.0.0.1:' . port($port), |
|
a797d7428fa5
Tests: simplified http SSL tests with IO::Socket::SSL.
Maxim Dounin <mdounin@mdounin.ru>
parents:
1858
diff
changeset
|
167 SSL => 1, |
|
a797d7428fa5
Tests: simplified http SSL tests with IO::Socket::SSL.
Maxim Dounin <mdounin@mdounin.ru>
parents:
1858
diff
changeset
|
168 SSL_cert_file => "$d/$cert.crt", |
|
a797d7428fa5
Tests: simplified http SSL tests with IO::Socket::SSL.
Maxim Dounin <mdounin@mdounin.ru>
parents:
1858
diff
changeset
|
169 SSL_key_file => "$d/$cert.key" |
|
a797d7428fa5
Tests: simplified http SSL tests with IO::Socket::SSL.
Maxim Dounin <mdounin@mdounin.ru>
parents:
1858
diff
changeset
|
170 ); |
|
1125
97a6cb846926
Tests: basic ssl_crl tests.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
171 } |
|
97a6cb846926
Tests: basic ssl_crl tests.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
172 |
|
97a6cb846926
Tests: basic ssl_crl tests.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
173 ############################################################################### |