Mercurial > hg > nginx-tests
annotate uwsgi_ssl.t @ 1847:a9704b9ed7a2
Tests: removed multiple server certificates from ssl_ocsp.t.
Multiple server certificates are not needed to test OCSP verification of
client certificates (in contrast to OCSP stapling, where server certificates
are verified, and different staples should be correctly returned with
different server certificates). And using multiple server certificates
causes issues when testing with LibreSSL due to broken sigalgs-based
server certificate selection in LibreSSL with TLSv1.3.
Accordingly, the test is simplified to do not use multiple server
certificates.
author | Maxim Dounin <mdounin@mdounin.ru> |
---|---|
date | Thu, 23 Mar 2023 19:50:26 +0300 |
parents | 5ac6efbe5552 |
children | 1b9f21836f57 |
rev | line source |
---|---|
1575 | 1 #!/usr/bin/perl |
2 | |
3 # (C) Maxim Dounin | |
4 # (C) Nginx, Inc. | |
5 | |
6 # Test for uwsgi backend with SSL. | |
7 | |
8 ############################################################################### | |
9 | |
10 use warnings; | |
11 use strict; | |
12 | |
13 use Test::More; | |
14 use Socket qw/ CRLF /; | |
15 | |
16 BEGIN { use FindBin; chdir($FindBin::Bin); } | |
17 | |
18 use lib 'lib'; | |
19 use Test::Nginx; | |
20 | |
21 ############################################################################### | |
22 | |
23 select STDERR; $| = 1; | |
24 select STDOUT; $| = 1; | |
25 | |
26 my $t = Test::Nginx->new()->has(qw/http uwsgi http_ssl/) | |
27 ->has_daemon('uwsgi')->has_daemon('openssl')->plan(7) | |
28 ->write_file_expand('nginx.conf', <<'EOF'); | |
29 | |
30 %%TEST_GLOBALS%% | |
31 | |
32 daemon off; | |
33 | |
34 events { | |
35 } | |
36 | |
37 http { | |
38 %%TEST_GLOBALS_HTTP%% | |
39 | |
40 upstream u { | |
41 server 127.0.0.1:8081; | |
42 } | |
43 | |
44 server { | |
45 listen 127.0.0.1:8080; | |
46 server_name localhost; | |
47 | |
48 location / { | |
49 uwsgi_pass suwsgi://127.0.0.1:8081; | |
50 uwsgi_param SERVER_PROTOCOL $server_protocol; | |
51 uwsgi_param HTTP_X_BLAH "blah"; | |
52 uwsgi_pass_request_body off; | |
53 } | |
54 | |
55 location /var { | |
56 uwsgi_pass suwsgi://$arg_b; | |
57 uwsgi_param SERVER_PROTOCOL $server_protocol; | |
58 } | |
59 } | |
60 } | |
61 | |
62 EOF | |
63 | |
64 $t->write_file('openssl.conf', <<EOF); | |
65 [ req ] | |
66 default_bits = 2048 | |
67 encrypt_key = no | |
68 distinguished_name = req_distinguished_name | |
69 [ req_distinguished_name ] | |
70 EOF | |
71 | |
72 my $d = $t->testdir(); | |
73 my $crt = "$d/uwsgi.crt"; | |
74 my $key = "$d/uwsgi.key"; | |
75 | |
76 foreach my $name ('uwsgi') { | |
77 system('openssl req -x509 -new ' | |
78 . "-config $d/openssl.conf -subj /CN=$name/ " | |
79 . "-out $d/$name.crt -keyout $d/$name.key " | |
80 . ">>$d/openssl.out 2>&1") == 0 | |
81 or die "Can't create certificate for $name: $!\n"; | |
82 } | |
83 | |
84 $t->write_file('uwsgi_test_app.py', <<END); | |
85 | |
86 def application(env, start_response): | |
87 start_response('200 OK', [('Content-Type','text/plain')]) | |
88 return b"SEE-THIS" | |
89 | |
90 END | |
91 | |
92 my $uwsgihelp = `uwsgi -h`; | |
93 my @uwsgiopts = (); | |
94 | |
95 if ($uwsgihelp !~ /--wsgi-file/) { | |
96 # uwsgi has no python support, maybe plugin load is necessary | |
97 push @uwsgiopts, '--plugin', 'python'; | |
1598
f069dd7ba5a7
Tests: compatibility with uwsgi python package on Fedora Linux.
Sergey Kandaurov <pluknet@nginx.com>
parents:
1575
diff
changeset
|
98 push @uwsgiopts, '--plugin', 'python3'; |
1575 | 99 } |
100 | |
1598
f069dd7ba5a7
Tests: compatibility with uwsgi python package on Fedora Linux.
Sergey Kandaurov <pluknet@nginx.com>
parents:
1575
diff
changeset
|
101 open OLDERR, ">&", \*STDERR; close STDERR; |
1575 | 102 $t->run_daemon('uwsgi', @uwsgiopts, |
103 '--ssl-socket', '127.0.0.1:' . port(8081) . ",$crt,$key", | |
104 '--wsgi-file', $d . '/uwsgi_test_app.py', | |
105 '--logto', $d . '/uwsgi_log'); | |
1598
f069dd7ba5a7
Tests: compatibility with uwsgi python package on Fedora Linux.
Sergey Kandaurov <pluknet@nginx.com>
parents:
1575
diff
changeset
|
106 open STDERR, ">&", \*OLDERR; |
1575 | 107 |
108 $t->run(); | |
109 | |
110 $t->waitforsocket('127.0.0.1:' . port(8081)) | |
111 or die "Can't start uwsgi"; | |
112 | |
113 ############################################################################### | |
114 | |
115 like(http_get('/'), qr/SEE-THIS/, 'uwsgi request'); | |
116 like(http_head('/head'), qr/200 OK(?!.*SEE-THIS)/s, 'no data in HEAD'); | |
117 | |
118 like(http_get_headers('/headers'), qr/SEE-THIS/, | |
119 'uwsgi request with many ignored headers'); | |
120 | |
121 like(http_get('/var?b=127.0.0.1:' . port(8081)), qr/SEE-THIS/, | |
122 'uwsgi with variables'); | |
123 like(http_get('/var?b=u'), qr/SEE-THIS/, 'uwsgi with variables to upstream'); | |
124 | |
125 like(http_post('/'), qr/SEE-THIS/, 'uwsgi post'); | |
126 like(http_post_big('/'), qr/SEE-THIS/, 'uwsgi big post'); | |
127 | |
128 ############################################################################### | |
129 | |
130 sub http_get_headers { | |
131 my ($url, %extra) = @_; | |
132 return http(<<EOF, %extra); | |
133 GET $url HTTP/1.0 | |
134 Host: localhost | |
135 X-Blah: ignored header | |
136 X-Blah: ignored header | |
137 X-Blah: ignored header | |
138 X-Blah: ignored header | |
139 X-Blah: ignored header | |
140 X-Blah: ignored header | |
141 X-Blah: ignored header | |
142 X-Blah: ignored header | |
143 X-Blah: ignored header | |
144 X-Blah: ignored header | |
145 X-Blah: ignored header | |
146 X-Blah: ignored header | |
147 X-Blah: ignored header | |
148 X-Blah: ignored header | |
149 X-Blah: ignored header | |
150 X-Blah: ignored header | |
151 X-Blah: ignored header | |
152 X-Blah: ignored header | |
153 X-Blah: ignored header | |
154 | |
155 EOF | |
156 } | |
157 | |
158 sub http_post { | |
159 my ($url, %extra) = @_; | |
160 | |
161 my $p = "POST $url HTTP/1.0" . CRLF . | |
162 "Host: localhost" . CRLF . | |
163 "Content-Length: 10" . CRLF . | |
164 CRLF . | |
165 "1234567890"; | |
166 | |
167 return http($p, %extra); | |
168 } | |
169 | |
170 sub http_post_big { | |
171 my ($url, %extra) = @_; | |
172 | |
173 my $p = "POST $url HTTP/1.0" . CRLF . | |
174 "Host: localhost" . CRLF . | |
175 "Content-Length: 10240" . CRLF . | |
176 CRLF . | |
177 ("1234567890" x 1024); | |
178 | |
179 return http($p, %extra); | |
180 } | |
181 | |
182 ############################################################################### |