Mercurial > hg > nginx-tests
annotate proxy_ssl_certificate_empty.t @ 1940:aec72dcee93b
Tests: unconditional QUIC datagram expansion with Initial packets.
Used to get rid of "quic UDP datagram is too small for initial packet" messages.
In future, we may need this to reconsider to allow mocking with custom padding,
but for now suppressing such messages is sufficiently good enough.
| author | Sergey Kandaurov <pluknet@nginx.com> |
|---|---|
| date | Mon, 11 Dec 2023 14:01:49 +0400 |
| parents | 2a0a6035a1af |
| children |
| rev | line source |
|---|---|
|
1799
29f4d48b5b31
Tests: proxy_ssl_certificate inheritance test with empty value.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
1 #!/usr/bin/perl |
|
29f4d48b5b31
Tests: proxy_ssl_certificate inheritance test with empty value.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
2 |
|
29f4d48b5b31
Tests: proxy_ssl_certificate inheritance test with empty value.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
3 # (C) Sergey Kandaurov |
|
29f4d48b5b31
Tests: proxy_ssl_certificate inheritance test with empty value.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
4 # (C) Nginx, Inc. |
|
29f4d48b5b31
Tests: proxy_ssl_certificate inheritance test with empty value.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
5 |
|
29f4d48b5b31
Tests: proxy_ssl_certificate inheritance test with empty value.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
6 # Tests for http proxy module with proxy certificate to ssl backend. |
|
29f4d48b5b31
Tests: proxy_ssl_certificate inheritance test with empty value.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
7 # The proxy_ssl_certificate directive empty value cancels inheritance. |
|
29f4d48b5b31
Tests: proxy_ssl_certificate inheritance test with empty value.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
8 |
|
29f4d48b5b31
Tests: proxy_ssl_certificate inheritance test with empty value.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
9 ############################################################################### |
|
29f4d48b5b31
Tests: proxy_ssl_certificate inheritance test with empty value.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
10 |
|
29f4d48b5b31
Tests: proxy_ssl_certificate inheritance test with empty value.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
11 use warnings; |
|
29f4d48b5b31
Tests: proxy_ssl_certificate inheritance test with empty value.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
12 use strict; |
|
29f4d48b5b31
Tests: proxy_ssl_certificate inheritance test with empty value.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
13 |
|
29f4d48b5b31
Tests: proxy_ssl_certificate inheritance test with empty value.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
14 use Test::More; |
|
29f4d48b5b31
Tests: proxy_ssl_certificate inheritance test with empty value.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
15 |
|
29f4d48b5b31
Tests: proxy_ssl_certificate inheritance test with empty value.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
16 BEGIN { use FindBin; chdir($FindBin::Bin); } |
|
29f4d48b5b31
Tests: proxy_ssl_certificate inheritance test with empty value.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
17 |
|
29f4d48b5b31
Tests: proxy_ssl_certificate inheritance test with empty value.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
18 use lib 'lib'; |
|
29f4d48b5b31
Tests: proxy_ssl_certificate inheritance test with empty value.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
19 use Test::Nginx; |
|
29f4d48b5b31
Tests: proxy_ssl_certificate inheritance test with empty value.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
20 |
|
29f4d48b5b31
Tests: proxy_ssl_certificate inheritance test with empty value.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
21 ############################################################################### |
|
29f4d48b5b31
Tests: proxy_ssl_certificate inheritance test with empty value.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
22 |
|
29f4d48b5b31
Tests: proxy_ssl_certificate inheritance test with empty value.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
23 select STDERR; $| = 1; |
|
29f4d48b5b31
Tests: proxy_ssl_certificate inheritance test with empty value.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
24 select STDOUT; $| = 1; |
|
29f4d48b5b31
Tests: proxy_ssl_certificate inheritance test with empty value.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
25 |
|
29f4d48b5b31
Tests: proxy_ssl_certificate inheritance test with empty value.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
26 my $t = Test::Nginx->new()->has(qw/http http_ssl proxy/) |
|
29f4d48b5b31
Tests: proxy_ssl_certificate inheritance test with empty value.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
27 ->has_daemon('openssl'); |
|
29f4d48b5b31
Tests: proxy_ssl_certificate inheritance test with empty value.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
28 |
|
29f4d48b5b31
Tests: proxy_ssl_certificate inheritance test with empty value.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
29 $t->write_file_expand('nginx.conf', <<'EOF'); |
|
29f4d48b5b31
Tests: proxy_ssl_certificate inheritance test with empty value.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
30 |
|
29f4d48b5b31
Tests: proxy_ssl_certificate inheritance test with empty value.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
31 %%TEST_GLOBALS%% |
|
29f4d48b5b31
Tests: proxy_ssl_certificate inheritance test with empty value.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
32 |
|
29f4d48b5b31
Tests: proxy_ssl_certificate inheritance test with empty value.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
33 daemon off; |
|
29f4d48b5b31
Tests: proxy_ssl_certificate inheritance test with empty value.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
34 |
|
29f4d48b5b31
Tests: proxy_ssl_certificate inheritance test with empty value.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
35 events { |
|
29f4d48b5b31
Tests: proxy_ssl_certificate inheritance test with empty value.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
36 } |
|
29f4d48b5b31
Tests: proxy_ssl_certificate inheritance test with empty value.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
37 |
|
29f4d48b5b31
Tests: proxy_ssl_certificate inheritance test with empty value.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
38 http { |
|
29f4d48b5b31
Tests: proxy_ssl_certificate inheritance test with empty value.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
39 %%TEST_GLOBALS_HTTP%% |
|
29f4d48b5b31
Tests: proxy_ssl_certificate inheritance test with empty value.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
40 |
|
29f4d48b5b31
Tests: proxy_ssl_certificate inheritance test with empty value.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
41 server { |
|
29f4d48b5b31
Tests: proxy_ssl_certificate inheritance test with empty value.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
42 listen 127.0.0.1:8080; |
|
29f4d48b5b31
Tests: proxy_ssl_certificate inheritance test with empty value.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
43 server_name localhost; |
|
29f4d48b5b31
Tests: proxy_ssl_certificate inheritance test with empty value.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
44 |
|
29f4d48b5b31
Tests: proxy_ssl_certificate inheritance test with empty value.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
45 proxy_ssl_session_reuse off; |
|
29f4d48b5b31
Tests: proxy_ssl_certificate inheritance test with empty value.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
46 |
|
29f4d48b5b31
Tests: proxy_ssl_certificate inheritance test with empty value.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
47 proxy_ssl_certificate 1.example.com.crt; |
|
29f4d48b5b31
Tests: proxy_ssl_certificate inheritance test with empty value.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
48 proxy_ssl_certificate_key 1.example.com.key; |
|
29f4d48b5b31
Tests: proxy_ssl_certificate inheritance test with empty value.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
49 |
|
29f4d48b5b31
Tests: proxy_ssl_certificate inheritance test with empty value.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
50 location /verify { |
|
29f4d48b5b31
Tests: proxy_ssl_certificate inheritance test with empty value.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
51 proxy_pass https://127.0.0.1:8081/; |
|
29f4d48b5b31
Tests: proxy_ssl_certificate inheritance test with empty value.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
52 } |
|
29f4d48b5b31
Tests: proxy_ssl_certificate inheritance test with empty value.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
53 |
|
29f4d48b5b31
Tests: proxy_ssl_certificate inheritance test with empty value.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
54 location /cancel { |
|
29f4d48b5b31
Tests: proxy_ssl_certificate inheritance test with empty value.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
55 proxy_pass https://127.0.0.1:8081/; |
|
29f4d48b5b31
Tests: proxy_ssl_certificate inheritance test with empty value.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
56 proxy_ssl_certificate ""; |
|
29f4d48b5b31
Tests: proxy_ssl_certificate inheritance test with empty value.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
57 proxy_ssl_certificate_key ""; |
|
29f4d48b5b31
Tests: proxy_ssl_certificate inheritance test with empty value.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
58 } |
|
29f4d48b5b31
Tests: proxy_ssl_certificate inheritance test with empty value.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
59 } |
|
29f4d48b5b31
Tests: proxy_ssl_certificate inheritance test with empty value.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
60 |
|
29f4d48b5b31
Tests: proxy_ssl_certificate inheritance test with empty value.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
61 server { |
|
29f4d48b5b31
Tests: proxy_ssl_certificate inheritance test with empty value.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
62 listen 127.0.0.1:8081 ssl; |
|
29f4d48b5b31
Tests: proxy_ssl_certificate inheritance test with empty value.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
63 server_name localhost; |
|
29f4d48b5b31
Tests: proxy_ssl_certificate inheritance test with empty value.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
64 |
|
29f4d48b5b31
Tests: proxy_ssl_certificate inheritance test with empty value.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
65 ssl_certificate 2.example.com.crt; |
|
29f4d48b5b31
Tests: proxy_ssl_certificate inheritance test with empty value.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
66 ssl_certificate_key 2.example.com.key; |
|
29f4d48b5b31
Tests: proxy_ssl_certificate inheritance test with empty value.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
67 |
|
29f4d48b5b31
Tests: proxy_ssl_certificate inheritance test with empty value.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
68 ssl_verify_client optional; |
|
29f4d48b5b31
Tests: proxy_ssl_certificate inheritance test with empty value.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
69 ssl_client_certificate 1.example.com.crt; |
|
29f4d48b5b31
Tests: proxy_ssl_certificate inheritance test with empty value.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
70 |
|
29f4d48b5b31
Tests: proxy_ssl_certificate inheritance test with empty value.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
71 location / { |
|
29f4d48b5b31
Tests: proxy_ssl_certificate inheritance test with empty value.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
72 add_header X-Verify $ssl_client_verify; |
|
29f4d48b5b31
Tests: proxy_ssl_certificate inheritance test with empty value.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
73 } |
|
29f4d48b5b31
Tests: proxy_ssl_certificate inheritance test with empty value.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
74 } |
|
29f4d48b5b31
Tests: proxy_ssl_certificate inheritance test with empty value.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
75 } |
|
29f4d48b5b31
Tests: proxy_ssl_certificate inheritance test with empty value.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
76 |
|
29f4d48b5b31
Tests: proxy_ssl_certificate inheritance test with empty value.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
77 EOF |
|
29f4d48b5b31
Tests: proxy_ssl_certificate inheritance test with empty value.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
78 |
|
29f4d48b5b31
Tests: proxy_ssl_certificate inheritance test with empty value.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
79 $t->write_file('openssl.conf', <<EOF); |
|
29f4d48b5b31
Tests: proxy_ssl_certificate inheritance test with empty value.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
80 [ req ] |
|
29f4d48b5b31
Tests: proxy_ssl_certificate inheritance test with empty value.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
81 default_bits = 2048 |
|
29f4d48b5b31
Tests: proxy_ssl_certificate inheritance test with empty value.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
82 encrypt_key = no |
|
29f4d48b5b31
Tests: proxy_ssl_certificate inheritance test with empty value.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
83 distinguished_name = req_distinguished_name |
|
29f4d48b5b31
Tests: proxy_ssl_certificate inheritance test with empty value.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
84 [ req_distinguished_name ] |
|
29f4d48b5b31
Tests: proxy_ssl_certificate inheritance test with empty value.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
85 EOF |
|
29f4d48b5b31
Tests: proxy_ssl_certificate inheritance test with empty value.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
86 |
|
29f4d48b5b31
Tests: proxy_ssl_certificate inheritance test with empty value.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
87 my $d = $t->testdir(); |
|
29f4d48b5b31
Tests: proxy_ssl_certificate inheritance test with empty value.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
88 |
|
29f4d48b5b31
Tests: proxy_ssl_certificate inheritance test with empty value.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
89 foreach my $name ('1.example.com', '2.example.com') { |
|
29f4d48b5b31
Tests: proxy_ssl_certificate inheritance test with empty value.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
90 system('openssl req -x509 -new ' |
|
29f4d48b5b31
Tests: proxy_ssl_certificate inheritance test with empty value.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
91 . "-config $d/openssl.conf -subj /CN=$name/ " |
|
29f4d48b5b31
Tests: proxy_ssl_certificate inheritance test with empty value.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
92 . "-out $d/$name.crt -keyout $d/$name.key " |
|
29f4d48b5b31
Tests: proxy_ssl_certificate inheritance test with empty value.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
93 . ">>$d/openssl.out 2>&1") == 0 |
|
29f4d48b5b31
Tests: proxy_ssl_certificate inheritance test with empty value.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
94 or die "Can't create certificate for $name: $!\n"; |
|
29f4d48b5b31
Tests: proxy_ssl_certificate inheritance test with empty value.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
95 } |
|
29f4d48b5b31
Tests: proxy_ssl_certificate inheritance test with empty value.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
96 |
|
29f4d48b5b31
Tests: proxy_ssl_certificate inheritance test with empty value.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
97 sleep 1 if $^O eq 'MSWin32'; |
|
29f4d48b5b31
Tests: proxy_ssl_certificate inheritance test with empty value.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
98 |
|
29f4d48b5b31
Tests: proxy_ssl_certificate inheritance test with empty value.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
99 $t->write_file('index.html', ''); |
|
29f4d48b5b31
Tests: proxy_ssl_certificate inheritance test with empty value.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
100 |
|
1937
2a0a6035a1af
Tests: removed TODO and try_run() checks for legacy versions.
Sergey Kandaurov <pluknet@nginx.com>
parents:
1799
diff
changeset
|
101 $t->run()->plan(2); |
|
1799
29f4d48b5b31
Tests: proxy_ssl_certificate inheritance test with empty value.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
102 |
|
29f4d48b5b31
Tests: proxy_ssl_certificate inheritance test with empty value.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
103 ############################################################################### |
|
29f4d48b5b31
Tests: proxy_ssl_certificate inheritance test with empty value.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
104 |
|
29f4d48b5b31
Tests: proxy_ssl_certificate inheritance test with empty value.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
105 like(http_get('/verify'), qr/X-Verify: SUCCESS/ms, 'verify certificate'); |
|
29f4d48b5b31
Tests: proxy_ssl_certificate inheritance test with empty value.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
106 like(http_get('/cancel'), qr/X-Verify: NONE/ms, 'cancel certificate'); |
|
29f4d48b5b31
Tests: proxy_ssl_certificate inheritance test with empty value.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
107 |
|
29f4d48b5b31
Tests: proxy_ssl_certificate inheritance test with empty value.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
108 ############################################################################### |