Mercurial > hg > nginx-tests
annotate ssl_proxy_protocol.t @ 1829:a78c32419f02
Tests: separate SSL session reuse tests.
Instead of being mixed with generic SSL tests, session reuse variants
are now tested in a separate file.
In the generic SSL tests only basic session reuse is now tested,
notably with session tickets enabled and a shared SSL session cache.
This should make it possible to reuse sessions in all cases (except
when it's not supported, such as with LibreSSL with TLSv1.3).
Note that session reuse with tickets implies that $ssl_session_id
is selected by the client and therefore is not available on the
initial connection. Relevant test is modified to handle this.
Further, BoringSSL does not use legacy session ID with TLSv1.3 even
if it is sent by the client. In contrast, OpenSSL always generates
an unique legacy session id, so it is available with TLSv1.3 even if
session resumption does not work (such as with old Net::SSLeay and
IO::Socket::SSL modules).
author | Maxim Dounin <mdounin@mdounin.ru> |
---|---|
date | Thu, 23 Mar 2023 19:49:47 +0300 |
parents | dbce8fb5f5f8 |
children | cdcd75657e52 |
rev | line source |
---|---|
603
cc722d0c557d
Tests: proxy_protocol ssl tests.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
1 #!/usr/bin/perl |
cc722d0c557d
Tests: proxy_protocol ssl tests.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
2 |
cc722d0c557d
Tests: proxy_protocol ssl tests.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
3 # (C) Sergey Kandaurov |
cc722d0c557d
Tests: proxy_protocol ssl tests.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
4 # (C) Nginx, Inc. |
cc722d0c557d
Tests: proxy_protocol ssl tests.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
5 |
cc722d0c557d
Tests: proxy_protocol ssl tests.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
6 # Tests for http ssl module with haproxy protocol. |
cc722d0c557d
Tests: proxy_protocol ssl tests.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
7 |
cc722d0c557d
Tests: proxy_protocol ssl tests.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
8 ############################################################################### |
cc722d0c557d
Tests: proxy_protocol ssl tests.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
9 |
cc722d0c557d
Tests: proxy_protocol ssl tests.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
10 use warnings; |
cc722d0c557d
Tests: proxy_protocol ssl tests.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
11 use strict; |
cc722d0c557d
Tests: proxy_protocol ssl tests.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
12 |
cc722d0c557d
Tests: proxy_protocol ssl tests.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
13 use Test::More; |
cc722d0c557d
Tests: proxy_protocol ssl tests.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
14 |
cc722d0c557d
Tests: proxy_protocol ssl tests.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
15 use Socket qw/ CRLF /; |
cc722d0c557d
Tests: proxy_protocol ssl tests.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
16 |
cc722d0c557d
Tests: proxy_protocol ssl tests.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
17 BEGIN { use FindBin; chdir($FindBin::Bin); } |
cc722d0c557d
Tests: proxy_protocol ssl tests.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
18 |
cc722d0c557d
Tests: proxy_protocol ssl tests.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
19 use lib 'lib'; |
cc722d0c557d
Tests: proxy_protocol ssl tests.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
20 use Test::Nginx; |
cc722d0c557d
Tests: proxy_protocol ssl tests.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
21 |
cc722d0c557d
Tests: proxy_protocol ssl tests.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
22 ############################################################################### |
cc722d0c557d
Tests: proxy_protocol ssl tests.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
23 |
cc722d0c557d
Tests: proxy_protocol ssl tests.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
24 select STDERR; $| = 1; |
cc722d0c557d
Tests: proxy_protocol ssl tests.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
25 select STDOUT; $| = 1; |
cc722d0c557d
Tests: proxy_protocol ssl tests.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
26 |
cc722d0c557d
Tests: proxy_protocol ssl tests.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
27 eval { require IO::Socket::SSL; }; |
cc722d0c557d
Tests: proxy_protocol ssl tests.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
28 plan(skip_all => 'IO::Socket::SSL not installed') if $@; |
cc722d0c557d
Tests: proxy_protocol ssl tests.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
29 eval { IO::Socket::SSL::SSL_VERIFY_NONE(); }; |
cc722d0c557d
Tests: proxy_protocol ssl tests.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
30 plan(skip_all => 'IO::Socket::SSL too old') if $@; |
cc722d0c557d
Tests: proxy_protocol ssl tests.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
31 |
1170
cf14cfe9ec8c
Tests: dropped obsolete ipv6 prerequisite.
Sergey Kandaurov <pluknet@nginx.com>
parents:
1168
diff
changeset
|
32 my $t = Test::Nginx->new()->has(qw/http http_ssl access realip/) |
603
cc722d0c557d
Tests: proxy_protocol ssl tests.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
33 ->has_daemon('openssl'); |
cc722d0c557d
Tests: proxy_protocol ssl tests.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
34 |
cc722d0c557d
Tests: proxy_protocol ssl tests.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
35 $t->write_file_expand('nginx.conf', <<'EOF')->plan(18); |
cc722d0c557d
Tests: proxy_protocol ssl tests.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
36 |
cc722d0c557d
Tests: proxy_protocol ssl tests.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
37 %%TEST_GLOBALS%% |
cc722d0c557d
Tests: proxy_protocol ssl tests.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
38 |
cc722d0c557d
Tests: proxy_protocol ssl tests.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
39 daemon off; |
cc722d0c557d
Tests: proxy_protocol ssl tests.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
40 |
cc722d0c557d
Tests: proxy_protocol ssl tests.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
41 events { |
cc722d0c557d
Tests: proxy_protocol ssl tests.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
42 } |
cc722d0c557d
Tests: proxy_protocol ssl tests.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
43 |
cc722d0c557d
Tests: proxy_protocol ssl tests.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
44 http { |
cc722d0c557d
Tests: proxy_protocol ssl tests.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
45 %%TEST_GLOBALS_HTTP%% |
cc722d0c557d
Tests: proxy_protocol ssl tests.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
46 |
cc722d0c557d
Tests: proxy_protocol ssl tests.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
47 log_format pp '$remote_addr $request'; |
cc722d0c557d
Tests: proxy_protocol ssl tests.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
48 |
cc722d0c557d
Tests: proxy_protocol ssl tests.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
49 server { |
974
882267679006
Tests: simplified parallel modifications in tests.
Andrey Zelenkov <zelenkov@nginx.com>
parents:
952
diff
changeset
|
50 listen 127.0.0.1:8080 proxy_protocol ssl; |
603
cc722d0c557d
Tests: proxy_protocol ssl tests.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
51 server_name localhost; |
cc722d0c557d
Tests: proxy_protocol ssl tests.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
52 |
cc722d0c557d
Tests: proxy_protocol ssl tests.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
53 ssl_certificate_key localhost.key; |
cc722d0c557d
Tests: proxy_protocol ssl tests.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
54 ssl_certificate localhost.crt; |
cc722d0c557d
Tests: proxy_protocol ssl tests.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
55 |
cc722d0c557d
Tests: proxy_protocol ssl tests.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
56 set_real_ip_from 127.0.0.1/32; |
cc722d0c557d
Tests: proxy_protocol ssl tests.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
57 add_header X-IP $remote_addr; |
cc722d0c557d
Tests: proxy_protocol ssl tests.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
58 add_header X-PP $proxy_protocol_addr; |
cc722d0c557d
Tests: proxy_protocol ssl tests.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
59 |
cc722d0c557d
Tests: proxy_protocol ssl tests.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
60 location /pp { |
cc722d0c557d
Tests: proxy_protocol ssl tests.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
61 real_ip_header proxy_protocol; |
cc722d0c557d
Tests: proxy_protocol ssl tests.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
62 error_page 404 =200 /t1; |
cc722d0c557d
Tests: proxy_protocol ssl tests.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
63 access_log %%TESTDIR%%/pp.log pp; |
cc722d0c557d
Tests: proxy_protocol ssl tests.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
64 |
cc722d0c557d
Tests: proxy_protocol ssl tests.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
65 location /pp_4 { |
cc722d0c557d
Tests: proxy_protocol ssl tests.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
66 deny 192.0.2.1/32; |
cc722d0c557d
Tests: proxy_protocol ssl tests.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
67 } |
cc722d0c557d
Tests: proxy_protocol ssl tests.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
68 location /pp_6 { |
cc722d0c557d
Tests: proxy_protocol ssl tests.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
69 deny 2001:DB8::1/128; |
cc722d0c557d
Tests: proxy_protocol ssl tests.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
70 } |
cc722d0c557d
Tests: proxy_protocol ssl tests.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
71 } |
cc722d0c557d
Tests: proxy_protocol ssl tests.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
72 } |
cc722d0c557d
Tests: proxy_protocol ssl tests.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
73 } |
cc722d0c557d
Tests: proxy_protocol ssl tests.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
74 |
cc722d0c557d
Tests: proxy_protocol ssl tests.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
75 EOF |
cc722d0c557d
Tests: proxy_protocol ssl tests.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
76 |
cc722d0c557d
Tests: proxy_protocol ssl tests.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
77 $t->write_file('openssl.conf', <<EOF); |
cc722d0c557d
Tests: proxy_protocol ssl tests.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
78 [ req ] |
1488
dbce8fb5f5f8
Tests: align with OpenSSL security level 2.
Sergey Kandaurov <pluknet@nginx.com>
parents:
1421
diff
changeset
|
79 default_bits = 2048 |
603
cc722d0c557d
Tests: proxy_protocol ssl tests.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
80 encrypt_key = no |
cc722d0c557d
Tests: proxy_protocol ssl tests.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
81 distinguished_name = req_distinguished_name |
cc722d0c557d
Tests: proxy_protocol ssl tests.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
82 [ req_distinguished_name ] |
cc722d0c557d
Tests: proxy_protocol ssl tests.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
83 EOF |
cc722d0c557d
Tests: proxy_protocol ssl tests.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
84 |
cc722d0c557d
Tests: proxy_protocol ssl tests.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
85 my $d = $t->testdir(); |
cc722d0c557d
Tests: proxy_protocol ssl tests.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
86 |
cc722d0c557d
Tests: proxy_protocol ssl tests.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
87 foreach my $name ('localhost') { |
cc722d0c557d
Tests: proxy_protocol ssl tests.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
88 system('openssl req -x509 -new ' |
1220
0af58b78df35
Tests: removed single quotes from system() calls.
Sergey Kandaurov <pluknet@nginx.com>
parents:
1170
diff
changeset
|
89 . "-config $d/openssl.conf -subj /CN=$name/ " |
0af58b78df35
Tests: removed single quotes from system() calls.
Sergey Kandaurov <pluknet@nginx.com>
parents:
1170
diff
changeset
|
90 . "-out $d/$name.crt -keyout $d/$name.key " |
603
cc722d0c557d
Tests: proxy_protocol ssl tests.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
91 . ">>$d/openssl.out 2>&1") == 0 |
cc722d0c557d
Tests: proxy_protocol ssl tests.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
92 or die "Can't create certificate for $name: $!\n"; |
cc722d0c557d
Tests: proxy_protocol ssl tests.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
93 } |
cc722d0c557d
Tests: proxy_protocol ssl tests.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
94 |
cc722d0c557d
Tests: proxy_protocol ssl tests.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
95 $t->write_file('t1', 'SEE-THIS'); |
cc722d0c557d
Tests: proxy_protocol ssl tests.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
96 $t->run(); |
cc722d0c557d
Tests: proxy_protocol ssl tests.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
97 |
cc722d0c557d
Tests: proxy_protocol ssl tests.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
98 ############################################################################### |
cc722d0c557d
Tests: proxy_protocol ssl tests.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
99 |
cc722d0c557d
Tests: proxy_protocol ssl tests.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
100 my $tcp4 = 'PROXY TCP4 192.0.2.1 192.0.2.2 1234 5678' . CRLF; |
cc722d0c557d
Tests: proxy_protocol ssl tests.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
101 my $tcp6 = 'PROXY TCP6 2001:Db8::1 2001:Db8::2 1234 5678' . CRLF; |
cc722d0c557d
Tests: proxy_protocol ssl tests.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
102 my $unk1 = 'PROXY UNKNOWN' . CRLF; |
cc722d0c557d
Tests: proxy_protocol ssl tests.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
103 my $unk2 = 'PROXY UNKNOWN 1 2 3 4 5 6' . CRLF; |
cc722d0c557d
Tests: proxy_protocol ssl tests.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
104 my $r; |
cc722d0c557d
Tests: proxy_protocol ssl tests.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
105 |
cc722d0c557d
Tests: proxy_protocol ssl tests.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
106 # no realip, just PROXY header parsing |
cc722d0c557d
Tests: proxy_protocol ssl tests.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
107 |
cc722d0c557d
Tests: proxy_protocol ssl tests.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
108 $r = pp_get('/t1', $tcp4); |
cc722d0c557d
Tests: proxy_protocol ssl tests.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
109 like($r, qr/SEE-THIS/, 'tcp4 request'); |
cc722d0c557d
Tests: proxy_protocol ssl tests.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
110 like($r, qr/X-PP: 192.0.2.1/, 'tcp4 proxy'); |
cc722d0c557d
Tests: proxy_protocol ssl tests.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
111 unlike($r, qr/X-IP: 192.0.2.1/, 'tcp4 client'); |
cc722d0c557d
Tests: proxy_protocol ssl tests.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
112 |
cc722d0c557d
Tests: proxy_protocol ssl tests.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
113 $r = pp_get('/t1', $tcp6); |
cc722d0c557d
Tests: proxy_protocol ssl tests.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
114 like($r, qr/SEE-THIS/, 'tcp6 request'); |
cc722d0c557d
Tests: proxy_protocol ssl tests.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
115 like($r, qr/X-PP: 2001:DB8::1/i, 'tcp6 proxy'); |
cc722d0c557d
Tests: proxy_protocol ssl tests.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
116 unlike($r, qr/X-IP: 2001:DB8::1/i, 'tcp6 client'); |
cc722d0c557d
Tests: proxy_protocol ssl tests.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
117 |
cc722d0c557d
Tests: proxy_protocol ssl tests.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
118 like(pp_get('/t1', $unk1), qr/SEE-THIS/, 'unknown request 1'); |
cc722d0c557d
Tests: proxy_protocol ssl tests.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
119 like(pp_get('/t1', $unk2), qr/SEE-THIS/, 'unknown request 2'); |
cc722d0c557d
Tests: proxy_protocol ssl tests.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
120 |
cc722d0c557d
Tests: proxy_protocol ssl tests.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
121 # realip |
cc722d0c557d
Tests: proxy_protocol ssl tests.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
122 |
cc722d0c557d
Tests: proxy_protocol ssl tests.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
123 $r = pp_get('/pp', $tcp4); |
cc722d0c557d
Tests: proxy_protocol ssl tests.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
124 like($r, qr/SEE-THIS/, 'tcp4 request realip'); |
cc722d0c557d
Tests: proxy_protocol ssl tests.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
125 like($r, qr/X-PP: 192.0.2.1/, 'tcp4 proxy realip'); |
cc722d0c557d
Tests: proxy_protocol ssl tests.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
126 like($r, qr/X-IP: 192.0.2.1/, 'tcp4 client realip'); |
cc722d0c557d
Tests: proxy_protocol ssl tests.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
127 |
cc722d0c557d
Tests: proxy_protocol ssl tests.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
128 $r = pp_get('/pp', $tcp6); |
cc722d0c557d
Tests: proxy_protocol ssl tests.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
129 like($r, qr/SEE-THIS/, 'tcp6 request realip'); |
cc722d0c557d
Tests: proxy_protocol ssl tests.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
130 like($r, qr/X-PP: 2001:DB8::1/i, 'tcp6 proxy realip'); |
cc722d0c557d
Tests: proxy_protocol ssl tests.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
131 like($r, qr/X-IP: 2001:DB8::1/i, 'tcp6 client realip'); |
cc722d0c557d
Tests: proxy_protocol ssl tests.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
132 |
cc722d0c557d
Tests: proxy_protocol ssl tests.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
133 # access |
cc722d0c557d
Tests: proxy_protocol ssl tests.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
134 |
cc722d0c557d
Tests: proxy_protocol ssl tests.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
135 $r = pp_get('/pp_4', $tcp4); |
cc722d0c557d
Tests: proxy_protocol ssl tests.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
136 like($r, qr/403 Forbidden/, 'tcp4 access'); |
cc722d0c557d
Tests: proxy_protocol ssl tests.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
137 |
cc722d0c557d
Tests: proxy_protocol ssl tests.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
138 $r = pp_get('/pp_6', $tcp6); |
cc722d0c557d
Tests: proxy_protocol ssl tests.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
139 like($r, qr/403 Forbidden/, 'tcp6 access'); |
cc722d0c557d
Tests: proxy_protocol ssl tests.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
140 |
cc722d0c557d
Tests: proxy_protocol ssl tests.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
141 # client address in access.log |
cc722d0c557d
Tests: proxy_protocol ssl tests.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
142 |
cc722d0c557d
Tests: proxy_protocol ssl tests.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
143 $t->stop(); |
cc722d0c557d
Tests: proxy_protocol ssl tests.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
144 |
908
adf5671391ac
Tests: use read_file subroutine in several tests.
Andrey Zelenkov <zelenkov@nginx.com>
parents:
603
diff
changeset
|
145 my $log = $t->read_file('pp.log'); |
603
cc722d0c557d
Tests: proxy_protocol ssl tests.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
146 like($log, qr!^192\.0\.2\.1 GET /pp_4!m, 'tcp4 access log'); |
cc722d0c557d
Tests: proxy_protocol ssl tests.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
147 like($log, qr!^2001:DB8::1 GET /pp_6!mi, 'tcp6 access log'); |
cc722d0c557d
Tests: proxy_protocol ssl tests.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
148 |
cc722d0c557d
Tests: proxy_protocol ssl tests.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
149 ############################################################################### |
cc722d0c557d
Tests: proxy_protocol ssl tests.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
150 |
cc722d0c557d
Tests: proxy_protocol ssl tests.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
151 sub pp_get { |
cc722d0c557d
Tests: proxy_protocol ssl tests.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
152 my ($url, $proxy) = @_; |
cc722d0c557d
Tests: proxy_protocol ssl tests.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
153 |
cc722d0c557d
Tests: proxy_protocol ssl tests.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
154 my $s = http($proxy, start => 1); |
cc722d0c557d
Tests: proxy_protocol ssl tests.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
155 |
1168
8821e405b91e
Tests: handled SSL negotiation errors.
Sergey Kandaurov <pluknet@nginx.com>
parents:
1116
diff
changeset
|
156 eval { |
8821e405b91e
Tests: handled SSL negotiation errors.
Sergey Kandaurov <pluknet@nginx.com>
parents:
1116
diff
changeset
|
157 local $SIG{ALRM} = sub { die "timeout\n" }; |
8821e405b91e
Tests: handled SSL negotiation errors.
Sergey Kandaurov <pluknet@nginx.com>
parents:
1116
diff
changeset
|
158 local $SIG{PIPE} = sub { die "sigpipe\n" }; |
1421
4e48bf51714f
Tests: aligned various generic read timeouts to http_end().
Sergey Kandaurov <pluknet@nginx.com>
parents:
1407
diff
changeset
|
159 alarm(8); |
1168
8821e405b91e
Tests: handled SSL negotiation errors.
Sergey Kandaurov <pluknet@nginx.com>
parents:
1116
diff
changeset
|
160 IO::Socket::SSL->start_SSL($s, |
8821e405b91e
Tests: handled SSL negotiation errors.
Sergey Kandaurov <pluknet@nginx.com>
parents:
1116
diff
changeset
|
161 SSL_verify_mode => IO::Socket::SSL::SSL_VERIFY_NONE(), |
8821e405b91e
Tests: handled SSL negotiation errors.
Sergey Kandaurov <pluknet@nginx.com>
parents:
1116
diff
changeset
|
162 SSL_error_trap => sub { die $_[1] } |
8821e405b91e
Tests: handled SSL negotiation errors.
Sergey Kandaurov <pluknet@nginx.com>
parents:
1116
diff
changeset
|
163 ); |
8821e405b91e
Tests: handled SSL negotiation errors.
Sergey Kandaurov <pluknet@nginx.com>
parents:
1116
diff
changeset
|
164 alarm(0); |
8821e405b91e
Tests: handled SSL negotiation errors.
Sergey Kandaurov <pluknet@nginx.com>
parents:
1116
diff
changeset
|
165 }; |
8821e405b91e
Tests: handled SSL negotiation errors.
Sergey Kandaurov <pluknet@nginx.com>
parents:
1116
diff
changeset
|
166 alarm(0); |
8821e405b91e
Tests: handled SSL negotiation errors.
Sergey Kandaurov <pluknet@nginx.com>
parents:
1116
diff
changeset
|
167 |
8821e405b91e
Tests: handled SSL negotiation errors.
Sergey Kandaurov <pluknet@nginx.com>
parents:
1116
diff
changeset
|
168 if ($@) { |
8821e405b91e
Tests: handled SSL negotiation errors.
Sergey Kandaurov <pluknet@nginx.com>
parents:
1116
diff
changeset
|
169 log_in("died: $@"); |
8821e405b91e
Tests: handled SSL negotiation errors.
Sergey Kandaurov <pluknet@nginx.com>
parents:
1116
diff
changeset
|
170 return undef; |
8821e405b91e
Tests: handled SSL negotiation errors.
Sergey Kandaurov <pluknet@nginx.com>
parents:
1116
diff
changeset
|
171 } |
603
cc722d0c557d
Tests: proxy_protocol ssl tests.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
172 |
cc722d0c557d
Tests: proxy_protocol ssl tests.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
173 return http(<<EOF, socket => $s); |
cc722d0c557d
Tests: proxy_protocol ssl tests.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
174 GET $url HTTP/1.0 |
cc722d0c557d
Tests: proxy_protocol ssl tests.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
175 Host: localhost |
cc722d0c557d
Tests: proxy_protocol ssl tests.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
176 |
cc722d0c557d
Tests: proxy_protocol ssl tests.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
177 EOF |
cc722d0c557d
Tests: proxy_protocol ssl tests.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
178 } |
cc722d0c557d
Tests: proxy_protocol ssl tests.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
179 |
cc722d0c557d
Tests: proxy_protocol ssl tests.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
180 ############################################################################### |