nginx-tests: ssl_stapling.t annotate

annotate ssl_stapling.t @ 1842:af47a0b348a5

Tests: LibreSSL certificate negotiation with TLSv1.3. LibreSSL fails to negotiate certificates based on signature algorithms when using TLSv1.3, and fails with "missing rsa certificate" and "unknown pkey type" errors.

author	Maxim Dounin <mdounin@mdounin.ru>
date	Thu, 23 Mar 2023 19:50:17 +0300
parents	2d371452658c
children	0e1865aa9b33

rev	line source
1330 b82ed2061f65 Tests: OCSP stapling tests. Sergey Kandaurov <pluknet@nginx.com> parents: diff changeset	1 #!/usr/bin/perl
b82ed2061f65 Tests: OCSP stapling tests. Sergey Kandaurov <pluknet@nginx.com> parents: diff changeset	2
b82ed2061f65 Tests: OCSP stapling tests. Sergey Kandaurov <pluknet@nginx.com> parents: diff changeset	3 # (C) Sergey Kandaurov
b82ed2061f65 Tests: OCSP stapling tests. Sergey Kandaurov <pluknet@nginx.com> parents: diff changeset	4 # (C) Nginx, Inc.
b82ed2061f65 Tests: OCSP stapling tests. Sergey Kandaurov <pluknet@nginx.com> parents: diff changeset	5
b82ed2061f65 Tests: OCSP stapling tests. Sergey Kandaurov <pluknet@nginx.com> parents: diff changeset	6 # Tests for OCSP stapling.
b82ed2061f65 Tests: OCSP stapling tests. Sergey Kandaurov <pluknet@nginx.com> parents: diff changeset	7
b82ed2061f65 Tests: OCSP stapling tests. Sergey Kandaurov <pluknet@nginx.com> parents: diff changeset	8 ###############################################################################
b82ed2061f65 Tests: OCSP stapling tests. Sergey Kandaurov <pluknet@nginx.com> parents: diff changeset	9
b82ed2061f65 Tests: OCSP stapling tests. Sergey Kandaurov <pluknet@nginx.com> parents: diff changeset	10 use warnings;
b82ed2061f65 Tests: OCSP stapling tests. Sergey Kandaurov <pluknet@nginx.com> parents: diff changeset	11 use strict;
b82ed2061f65 Tests: OCSP stapling tests. Sergey Kandaurov <pluknet@nginx.com> parents: diff changeset	12
b82ed2061f65 Tests: OCSP stapling tests. Sergey Kandaurov <pluknet@nginx.com> parents: diff changeset	13 use Test::More;
b82ed2061f65 Tests: OCSP stapling tests. Sergey Kandaurov <pluknet@nginx.com> parents: diff changeset	14
b82ed2061f65 Tests: OCSP stapling tests. Sergey Kandaurov <pluknet@nginx.com> parents: diff changeset	15 use MIME::Base64 qw/ decode_base64 /;
b82ed2061f65 Tests: OCSP stapling tests. Sergey Kandaurov <pluknet@nginx.com> parents: diff changeset	16
b82ed2061f65 Tests: OCSP stapling tests. Sergey Kandaurov <pluknet@nginx.com> parents: diff changeset	17 BEGIN { use FindBin; chdir($FindBin::Bin); }
b82ed2061f65 Tests: OCSP stapling tests. Sergey Kandaurov <pluknet@nginx.com> parents: diff changeset	18
b82ed2061f65 Tests: OCSP stapling tests. Sergey Kandaurov <pluknet@nginx.com> parents: diff changeset	19 use lib 'lib';
b82ed2061f65 Tests: OCSP stapling tests. Sergey Kandaurov <pluknet@nginx.com> parents: diff changeset	20 use Test::Nginx;
b82ed2061f65 Tests: OCSP stapling tests. Sergey Kandaurov <pluknet@nginx.com> parents: diff changeset	21
b82ed2061f65 Tests: OCSP stapling tests. Sergey Kandaurov <pluknet@nginx.com> parents: diff changeset	22 ###############################################################################
b82ed2061f65 Tests: OCSP stapling tests. Sergey Kandaurov <pluknet@nginx.com> parents: diff changeset	23
b82ed2061f65 Tests: OCSP stapling tests. Sergey Kandaurov <pluknet@nginx.com> parents: diff changeset	24 select STDERR; $\| = 1;
b82ed2061f65 Tests: OCSP stapling tests. Sergey Kandaurov <pluknet@nginx.com> parents: diff changeset	25 select STDOUT; $\| = 1;
b82ed2061f65 Tests: OCSP stapling tests. Sergey Kandaurov <pluknet@nginx.com> parents: diff changeset	26
1389 73a9504ae6fd Tests: support TLS 1.3 in ssl_stapling.t by preferring sigalgs. Sergey Kandaurov <pluknet@nginx.com> parents: 1330 diff changeset	27 eval {
73a9504ae6fd Tests: support TLS 1.3 in ssl_stapling.t by preferring sigalgs. Sergey Kandaurov <pluknet@nginx.com> parents: 1330 diff changeset	28 require Net::SSLeay;
73a9504ae6fd Tests: support TLS 1.3 in ssl_stapling.t by preferring sigalgs. Sergey Kandaurov <pluknet@nginx.com> parents: 1330 diff changeset	29 Net::SSLeay::load_error_strings();
73a9504ae6fd Tests: support TLS 1.3 in ssl_stapling.t by preferring sigalgs. Sergey Kandaurov <pluknet@nginx.com> parents: 1330 diff changeset	30 Net::SSLeay::SSLeay_add_ssl_algorithms();
73a9504ae6fd Tests: support TLS 1.3 in ssl_stapling.t by preferring sigalgs. Sergey Kandaurov <pluknet@nginx.com> parents: 1330 diff changeset	31 Net::SSLeay::randomize();
73a9504ae6fd Tests: support TLS 1.3 in ssl_stapling.t by preferring sigalgs. Sergey Kandaurov <pluknet@nginx.com> parents: 1330 diff changeset	32 Net::SSLeay::SSLeay();
73a9504ae6fd Tests: support TLS 1.3 in ssl_stapling.t by preferring sigalgs. Sergey Kandaurov <pluknet@nginx.com> parents: 1330 diff changeset	33 defined &Net::SSLeay::set_tlsext_status_type or die;
73a9504ae6fd Tests: support TLS 1.3 in ssl_stapling.t by preferring sigalgs. Sergey Kandaurov <pluknet@nginx.com> parents: 1330 diff changeset	34 };
73a9504ae6fd Tests: support TLS 1.3 in ssl_stapling.t by preferring sigalgs. Sergey Kandaurov <pluknet@nginx.com> parents: 1330 diff changeset	35 plan(skip_all => 'Net::SSLeay not installed or too old') if $@;
1330 b82ed2061f65 Tests: OCSP stapling tests. Sergey Kandaurov <pluknet@nginx.com> parents: diff changeset	36
1400 94bcad5611af Tests: skip OCSP stapling and multiple cert tests with BoringSSL. Sergey Kandaurov <pluknet@nginx.com> parents: 1397 diff changeset	37 my $t = Test::Nginx->new()->has(qw/http http_ssl/)->has_daemon('openssl');
94bcad5611af Tests: skip OCSP stapling and multiple cert tests with BoringSSL. Sergey Kandaurov <pluknet@nginx.com> parents: 1397 diff changeset	38
94bcad5611af Tests: skip OCSP stapling and multiple cert tests with BoringSSL. Sergey Kandaurov <pluknet@nginx.com> parents: 1397 diff changeset	39 plan(skip_all => 'no OCSP stapling') if $t->has_module('BoringSSL');
94bcad5611af Tests: skip OCSP stapling and multiple cert tests with BoringSSL. Sergey Kandaurov <pluknet@nginx.com> parents: 1397 diff changeset	40
1842 af47a0b348a5 Tests: LibreSSL certificate negotiation with TLSv1.3. Maxim Dounin <mdounin@mdounin.ru> parents: 1636 diff changeset	41 $t->plan(10)->write_file_expand('nginx.conf', <<'EOF');
1330 b82ed2061f65 Tests: OCSP stapling tests. Sergey Kandaurov <pluknet@nginx.com> parents: diff changeset	42
b82ed2061f65 Tests: OCSP stapling tests. Sergey Kandaurov <pluknet@nginx.com> parents: diff changeset	43 %%TEST_GLOBALS%%
b82ed2061f65 Tests: OCSP stapling tests. Sergey Kandaurov <pluknet@nginx.com> parents: diff changeset	44
b82ed2061f65 Tests: OCSP stapling tests. Sergey Kandaurov <pluknet@nginx.com> parents: diff changeset	45 daemon off;
b82ed2061f65 Tests: OCSP stapling tests. Sergey Kandaurov <pluknet@nginx.com> parents: diff changeset	46
b82ed2061f65 Tests: OCSP stapling tests. Sergey Kandaurov <pluknet@nginx.com> parents: diff changeset	47 events {
b82ed2061f65 Tests: OCSP stapling tests. Sergey Kandaurov <pluknet@nginx.com> parents: diff changeset	48 }
b82ed2061f65 Tests: OCSP stapling tests. Sergey Kandaurov <pluknet@nginx.com> parents: diff changeset	49
b82ed2061f65 Tests: OCSP stapling tests. Sergey Kandaurov <pluknet@nginx.com> parents: diff changeset	50 http {
b82ed2061f65 Tests: OCSP stapling tests. Sergey Kandaurov <pluknet@nginx.com> parents: diff changeset	51 %%TEST_GLOBALS_HTTP%%
b82ed2061f65 Tests: OCSP stapling tests. Sergey Kandaurov <pluknet@nginx.com> parents: diff changeset	52
b82ed2061f65 Tests: OCSP stapling tests. Sergey Kandaurov <pluknet@nginx.com> parents: diff changeset	53 ssl_stapling on;
b82ed2061f65 Tests: OCSP stapling tests. Sergey Kandaurov <pluknet@nginx.com> parents: diff changeset	54 ssl_trusted_certificate trusted.crt;
b82ed2061f65 Tests: OCSP stapling tests. Sergey Kandaurov <pluknet@nginx.com> parents: diff changeset	55
b82ed2061f65 Tests: OCSP stapling tests. Sergey Kandaurov <pluknet@nginx.com> parents: diff changeset	56 ssl_certificate ec-end-int.crt;
b82ed2061f65 Tests: OCSP stapling tests. Sergey Kandaurov <pluknet@nginx.com> parents: diff changeset	57 ssl_certificate_key ec-end.key;
b82ed2061f65 Tests: OCSP stapling tests. Sergey Kandaurov <pluknet@nginx.com> parents: diff changeset	58
b82ed2061f65 Tests: OCSP stapling tests. Sergey Kandaurov <pluknet@nginx.com> parents: diff changeset	59 ssl_certificate end-int.crt;
b82ed2061f65 Tests: OCSP stapling tests. Sergey Kandaurov <pluknet@nginx.com> parents: diff changeset	60 ssl_certificate_key end.key;
b82ed2061f65 Tests: OCSP stapling tests. Sergey Kandaurov <pluknet@nginx.com> parents: diff changeset	61
1476 e8ba4ae5e3ac Tests: fixed ssl_stapling.t for nginx built with OpenSSL 0.9.8y+. Sergey Kandaurov <pluknet@nginx.com> parents: 1421 diff changeset	62 ssl_ciphers DEFAULT:ECCdraft;
e8ba4ae5e3ac Tests: fixed ssl_stapling.t for nginx built with OpenSSL 0.9.8y+. Sergey Kandaurov <pluknet@nginx.com> parents: 1421 diff changeset	63
1330 b82ed2061f65 Tests: OCSP stapling tests. Sergey Kandaurov <pluknet@nginx.com> parents: diff changeset	64 server {
b82ed2061f65 Tests: OCSP stapling tests. Sergey Kandaurov <pluknet@nginx.com> parents: diff changeset	65 listen 127.0.0.1:8443 ssl;
b82ed2061f65 Tests: OCSP stapling tests. Sergey Kandaurov <pluknet@nginx.com> parents: diff changeset	66 listen 127.0.0.1:8080;
b82ed2061f65 Tests: OCSP stapling tests. Sergey Kandaurov <pluknet@nginx.com> parents: diff changeset	67 server_name localhost;
b82ed2061f65 Tests: OCSP stapling tests. Sergey Kandaurov <pluknet@nginx.com> parents: diff changeset	68 }
b82ed2061f65 Tests: OCSP stapling tests. Sergey Kandaurov <pluknet@nginx.com> parents: diff changeset	69
b82ed2061f65 Tests: OCSP stapling tests. Sergey Kandaurov <pluknet@nginx.com> parents: diff changeset	70 server {
b82ed2061f65 Tests: OCSP stapling tests. Sergey Kandaurov <pluknet@nginx.com> parents: diff changeset	71 listen 127.0.0.1:8444 ssl;
b82ed2061f65 Tests: OCSP stapling tests. Sergey Kandaurov <pluknet@nginx.com> parents: diff changeset	72 server_name localhost;
b82ed2061f65 Tests: OCSP stapling tests. Sergey Kandaurov <pluknet@nginx.com> parents: diff changeset	73
b82ed2061f65 Tests: OCSP stapling tests. Sergey Kandaurov <pluknet@nginx.com> parents: diff changeset	74 ssl_stapling_responder http://127.0.0.1:8081/;
b82ed2061f65 Tests: OCSP stapling tests. Sergey Kandaurov <pluknet@nginx.com> parents: diff changeset	75 }
b82ed2061f65 Tests: OCSP stapling tests. Sergey Kandaurov <pluknet@nginx.com> parents: diff changeset	76
b82ed2061f65 Tests: OCSP stapling tests. Sergey Kandaurov <pluknet@nginx.com> parents: diff changeset	77 server {
b82ed2061f65 Tests: OCSP stapling tests. Sergey Kandaurov <pluknet@nginx.com> parents: diff changeset	78 listen 127.0.0.1:8445 ssl;
b82ed2061f65 Tests: OCSP stapling tests. Sergey Kandaurov <pluknet@nginx.com> parents: diff changeset	79 server_name localhost;
b82ed2061f65 Tests: OCSP stapling tests. Sergey Kandaurov <pluknet@nginx.com> parents: diff changeset	80
b82ed2061f65 Tests: OCSP stapling tests. Sergey Kandaurov <pluknet@nginx.com> parents: diff changeset	81 ssl_stapling_verify on;
b82ed2061f65 Tests: OCSP stapling tests. Sergey Kandaurov <pluknet@nginx.com> parents: diff changeset	82 }
b82ed2061f65 Tests: OCSP stapling tests. Sergey Kandaurov <pluknet@nginx.com> parents: diff changeset	83
b82ed2061f65 Tests: OCSP stapling tests. Sergey Kandaurov <pluknet@nginx.com> parents: diff changeset	84 server {
b82ed2061f65 Tests: OCSP stapling tests. Sergey Kandaurov <pluknet@nginx.com> parents: diff changeset	85 listen 127.0.0.1:8446 ssl;
b82ed2061f65 Tests: OCSP stapling tests. Sergey Kandaurov <pluknet@nginx.com> parents: diff changeset	86 server_name localhost;
b82ed2061f65 Tests: OCSP stapling tests. Sergey Kandaurov <pluknet@nginx.com> parents: diff changeset	87
b82ed2061f65 Tests: OCSP stapling tests. Sergey Kandaurov <pluknet@nginx.com> parents: diff changeset	88 ssl_certificate ec-end.crt;
b82ed2061f65 Tests: OCSP stapling tests. Sergey Kandaurov <pluknet@nginx.com> parents: diff changeset	89 ssl_certificate_key ec-end.key;
b82ed2061f65 Tests: OCSP stapling tests. Sergey Kandaurov <pluknet@nginx.com> parents: diff changeset	90 }
b82ed2061f65 Tests: OCSP stapling tests. Sergey Kandaurov <pluknet@nginx.com> parents: diff changeset	91
b82ed2061f65 Tests: OCSP stapling tests. Sergey Kandaurov <pluknet@nginx.com> parents: diff changeset	92 server {
b82ed2061f65 Tests: OCSP stapling tests. Sergey Kandaurov <pluknet@nginx.com> parents: diff changeset	93 listen 127.0.0.1:8447 ssl;
b82ed2061f65 Tests: OCSP stapling tests. Sergey Kandaurov <pluknet@nginx.com> parents: diff changeset	94 server_name localhost;
b82ed2061f65 Tests: OCSP stapling tests. Sergey Kandaurov <pluknet@nginx.com> parents: diff changeset	95
b82ed2061f65 Tests: OCSP stapling tests. Sergey Kandaurov <pluknet@nginx.com> parents: diff changeset	96 ssl_certificate end-int.crt;
b82ed2061f65 Tests: OCSP stapling tests. Sergey Kandaurov <pluknet@nginx.com> parents: diff changeset	97 ssl_certificate_key end.key;
b82ed2061f65 Tests: OCSP stapling tests. Sergey Kandaurov <pluknet@nginx.com> parents: diff changeset	98
b82ed2061f65 Tests: OCSP stapling tests. Sergey Kandaurov <pluknet@nginx.com> parents: diff changeset	99 ssl_stapling_file %%TESTDIR%%/resp.der;
b82ed2061f65 Tests: OCSP stapling tests. Sergey Kandaurov <pluknet@nginx.com> parents: diff changeset	100 }
b82ed2061f65 Tests: OCSP stapling tests. Sergey Kandaurov <pluknet@nginx.com> parents: diff changeset	101
b82ed2061f65 Tests: OCSP stapling tests. Sergey Kandaurov <pluknet@nginx.com> parents: diff changeset	102 server {
b82ed2061f65 Tests: OCSP stapling tests. Sergey Kandaurov <pluknet@nginx.com> parents: diff changeset	103 listen 127.0.0.1:8448 ssl;
b82ed2061f65 Tests: OCSP stapling tests. Sergey Kandaurov <pluknet@nginx.com> parents: diff changeset	104 server_name localhost;
b82ed2061f65 Tests: OCSP stapling tests. Sergey Kandaurov <pluknet@nginx.com> parents: diff changeset	105
b82ed2061f65 Tests: OCSP stapling tests. Sergey Kandaurov <pluknet@nginx.com> parents: diff changeset	106 ssl_certificate ec-end-int.crt;
b82ed2061f65 Tests: OCSP stapling tests. Sergey Kandaurov <pluknet@nginx.com> parents: diff changeset	107 ssl_certificate_key ec-end.key;
b82ed2061f65 Tests: OCSP stapling tests. Sergey Kandaurov <pluknet@nginx.com> parents: diff changeset	108
b82ed2061f65 Tests: OCSP stapling tests. Sergey Kandaurov <pluknet@nginx.com> parents: diff changeset	109 ssl_stapling_file %%TESTDIR%%/ec-resp.der;
b82ed2061f65 Tests: OCSP stapling tests. Sergey Kandaurov <pluknet@nginx.com> parents: diff changeset	110 }
b82ed2061f65 Tests: OCSP stapling tests. Sergey Kandaurov <pluknet@nginx.com> parents: diff changeset	111
b82ed2061f65 Tests: OCSP stapling tests. Sergey Kandaurov <pluknet@nginx.com> parents: diff changeset	112 server {
b82ed2061f65 Tests: OCSP stapling tests. Sergey Kandaurov <pluknet@nginx.com> parents: diff changeset	113 listen 127.0.0.1:8449 ssl;
b82ed2061f65 Tests: OCSP stapling tests. Sergey Kandaurov <pluknet@nginx.com> parents: diff changeset	114 server_name localhost;
b82ed2061f65 Tests: OCSP stapling tests. Sergey Kandaurov <pluknet@nginx.com> parents: diff changeset	115
b82ed2061f65 Tests: OCSP stapling tests. Sergey Kandaurov <pluknet@nginx.com> parents: diff changeset	116 ssl_stapling_responder http://127.0.0.1:8080/;
b82ed2061f65 Tests: OCSP stapling tests. Sergey Kandaurov <pluknet@nginx.com> parents: diff changeset	117 }
b82ed2061f65 Tests: OCSP stapling tests. Sergey Kandaurov <pluknet@nginx.com> parents: diff changeset	118 }
b82ed2061f65 Tests: OCSP stapling tests. Sergey Kandaurov <pluknet@nginx.com> parents: diff changeset	119
b82ed2061f65 Tests: OCSP stapling tests. Sergey Kandaurov <pluknet@nginx.com> parents: diff changeset	120 EOF
b82ed2061f65 Tests: OCSP stapling tests. Sergey Kandaurov <pluknet@nginx.com> parents: diff changeset	121
b82ed2061f65 Tests: OCSP stapling tests. Sergey Kandaurov <pluknet@nginx.com> parents: diff changeset	122 my $d = $t->testdir();
b82ed2061f65 Tests: OCSP stapling tests. Sergey Kandaurov <pluknet@nginx.com> parents: diff changeset	123 my $p = port(8081);
b82ed2061f65 Tests: OCSP stapling tests. Sergey Kandaurov <pluknet@nginx.com> parents: diff changeset	124
b82ed2061f65 Tests: OCSP stapling tests. Sergey Kandaurov <pluknet@nginx.com> parents: diff changeset	125 $t->write_file('openssl.conf', <<EOF);
b82ed2061f65 Tests: OCSP stapling tests. Sergey Kandaurov <pluknet@nginx.com> parents: diff changeset	126 [ req ]
1488 dbce8fb5f5f8 Tests: align with OpenSSL security level 2. Sergey Kandaurov <pluknet@nginx.com> parents: 1476 diff changeset	127 default_bits = 2048
1330 b82ed2061f65 Tests: OCSP stapling tests. Sergey Kandaurov <pluknet@nginx.com> parents: diff changeset	128 encrypt_key = no
b82ed2061f65 Tests: OCSP stapling tests. Sergey Kandaurov <pluknet@nginx.com> parents: diff changeset	129 distinguished_name = req_distinguished_name
b82ed2061f65 Tests: OCSP stapling tests. Sergey Kandaurov <pluknet@nginx.com> parents: diff changeset	130 [ req_distinguished_name ]
b82ed2061f65 Tests: OCSP stapling tests. Sergey Kandaurov <pluknet@nginx.com> parents: diff changeset	131 EOF
b82ed2061f65 Tests: OCSP stapling tests. Sergey Kandaurov <pluknet@nginx.com> parents: diff changeset	132
b82ed2061f65 Tests: OCSP stapling tests. Sergey Kandaurov <pluknet@nginx.com> parents: diff changeset	133 $t->write_file('ca.conf', <<EOF);
b82ed2061f65 Tests: OCSP stapling tests. Sergey Kandaurov <pluknet@nginx.com> parents: diff changeset	134 [ ca ]
b82ed2061f65 Tests: OCSP stapling tests. Sergey Kandaurov <pluknet@nginx.com> parents: diff changeset	135 default_ca = myca
b82ed2061f65 Tests: OCSP stapling tests. Sergey Kandaurov <pluknet@nginx.com> parents: diff changeset	136
b82ed2061f65 Tests: OCSP stapling tests. Sergey Kandaurov <pluknet@nginx.com> parents: diff changeset	137 [ myca ]
b82ed2061f65 Tests: OCSP stapling tests. Sergey Kandaurov <pluknet@nginx.com> parents: diff changeset	138 new_certs_dir = $d
b82ed2061f65 Tests: OCSP stapling tests. Sergey Kandaurov <pluknet@nginx.com> parents: diff changeset	139 database = $d/certindex
1488 dbce8fb5f5f8 Tests: align with OpenSSL security level 2. Sergey Kandaurov <pluknet@nginx.com> parents: 1476 diff changeset	140 default_md = sha256
1330 b82ed2061f65 Tests: OCSP stapling tests. Sergey Kandaurov <pluknet@nginx.com> parents: diff changeset	141 policy = myca_policy
b82ed2061f65 Tests: OCSP stapling tests. Sergey Kandaurov <pluknet@nginx.com> parents: diff changeset	142 serial = $d/certserial
b82ed2061f65 Tests: OCSP stapling tests. Sergey Kandaurov <pluknet@nginx.com> parents: diff changeset	143 default_days = 1
b82ed2061f65 Tests: OCSP stapling tests. Sergey Kandaurov <pluknet@nginx.com> parents: diff changeset	144 x509_extensions = myca_extensions
b82ed2061f65 Tests: OCSP stapling tests. Sergey Kandaurov <pluknet@nginx.com> parents: diff changeset	145
b82ed2061f65 Tests: OCSP stapling tests. Sergey Kandaurov <pluknet@nginx.com> parents: diff changeset	146 [ myca_policy ]
b82ed2061f65 Tests: OCSP stapling tests. Sergey Kandaurov <pluknet@nginx.com> parents: diff changeset	147 commonName = supplied
b82ed2061f65 Tests: OCSP stapling tests. Sergey Kandaurov <pluknet@nginx.com> parents: diff changeset	148
b82ed2061f65 Tests: OCSP stapling tests. Sergey Kandaurov <pluknet@nginx.com> parents: diff changeset	149 [ myca_extensions ]
b82ed2061f65 Tests: OCSP stapling tests. Sergey Kandaurov <pluknet@nginx.com> parents: diff changeset	150 basicConstraints = critical,CA:TRUE
b82ed2061f65 Tests: OCSP stapling tests. Sergey Kandaurov <pluknet@nginx.com> parents: diff changeset	151 authorityInfoAccess = OCSP;URI:http://127.0.0.1:$p
b82ed2061f65 Tests: OCSP stapling tests. Sergey Kandaurov <pluknet@nginx.com> parents: diff changeset	152 EOF
b82ed2061f65 Tests: OCSP stapling tests. Sergey Kandaurov <pluknet@nginx.com> parents: diff changeset	153
b82ed2061f65 Tests: OCSP stapling tests. Sergey Kandaurov <pluknet@nginx.com> parents: diff changeset	154 foreach my $name ('root') {
b82ed2061f65 Tests: OCSP stapling tests. Sergey Kandaurov <pluknet@nginx.com> parents: diff changeset	155 system('openssl req -x509 -new '
b82ed2061f65 Tests: OCSP stapling tests. Sergey Kandaurov <pluknet@nginx.com> parents: diff changeset	156 . "-config $d/openssl.conf -subj /CN=$name/ "
b82ed2061f65 Tests: OCSP stapling tests. Sergey Kandaurov <pluknet@nginx.com> parents: diff changeset	157 . "-out $d/$name.crt -keyout $d/$name.key "
b82ed2061f65 Tests: OCSP stapling tests. Sergey Kandaurov <pluknet@nginx.com> parents: diff changeset	158 . ">>$d/openssl.out 2>&1") == 0
b82ed2061f65 Tests: OCSP stapling tests. Sergey Kandaurov <pluknet@nginx.com> parents: diff changeset	159 or die "Can't create certificate for $name: $!\n";
b82ed2061f65 Tests: OCSP stapling tests. Sergey Kandaurov <pluknet@nginx.com> parents: diff changeset	160 }
b82ed2061f65 Tests: OCSP stapling tests. Sergey Kandaurov <pluknet@nginx.com> parents: diff changeset	161
b82ed2061f65 Tests: OCSP stapling tests. Sergey Kandaurov <pluknet@nginx.com> parents: diff changeset	162 foreach my $name ('int', 'end') {
b82ed2061f65 Tests: OCSP stapling tests. Sergey Kandaurov <pluknet@nginx.com> parents: diff changeset	163 system("openssl req -new "
b82ed2061f65 Tests: OCSP stapling tests. Sergey Kandaurov <pluknet@nginx.com> parents: diff changeset	164 . "-config $d/openssl.conf -subj /CN=$name/ "
b82ed2061f65 Tests: OCSP stapling tests. Sergey Kandaurov <pluknet@nginx.com> parents: diff changeset	165 . "-out $d/$name.csr -keyout $d/$name.key "
b82ed2061f65 Tests: OCSP stapling tests. Sergey Kandaurov <pluknet@nginx.com> parents: diff changeset	166 . ">>$d/openssl.out 2>&1") == 0
b82ed2061f65 Tests: OCSP stapling tests. Sergey Kandaurov <pluknet@nginx.com> parents: diff changeset	167 or die "Can't create certificate for $name: $!\n";
b82ed2061f65 Tests: OCSP stapling tests. Sergey Kandaurov <pluknet@nginx.com> parents: diff changeset	168 }
b82ed2061f65 Tests: OCSP stapling tests. Sergey Kandaurov <pluknet@nginx.com> parents: diff changeset	169
b82ed2061f65 Tests: OCSP stapling tests. Sergey Kandaurov <pluknet@nginx.com> parents: diff changeset	170 foreach my $name ('ec-end') {
b82ed2061f65 Tests: OCSP stapling tests. Sergey Kandaurov <pluknet@nginx.com> parents: diff changeset	171 system("openssl ecparam -genkey -out $d/$name.key -name prime256v1 "
b82ed2061f65 Tests: OCSP stapling tests. Sergey Kandaurov <pluknet@nginx.com> parents: diff changeset	172 . ">>$d/openssl.out 2>&1") == 0
b82ed2061f65 Tests: OCSP stapling tests. Sergey Kandaurov <pluknet@nginx.com> parents: diff changeset	173 or die "Can't create EC param: $!\n";
b82ed2061f65 Tests: OCSP stapling tests. Sergey Kandaurov <pluknet@nginx.com> parents: diff changeset	174 system("openssl req -new -key $d/$name.key "
b82ed2061f65 Tests: OCSP stapling tests. Sergey Kandaurov <pluknet@nginx.com> parents: diff changeset	175 . "-config $d/openssl.conf -subj /CN=$name/ "
b82ed2061f65 Tests: OCSP stapling tests. Sergey Kandaurov <pluknet@nginx.com> parents: diff changeset	176 . "-out $d/$name.csr "
b82ed2061f65 Tests: OCSP stapling tests. Sergey Kandaurov <pluknet@nginx.com> parents: diff changeset	177 . ">>$d/openssl.out 2>&1") == 0
b82ed2061f65 Tests: OCSP stapling tests. Sergey Kandaurov <pluknet@nginx.com> parents: diff changeset	178 or die "Can't create certificate for $name: $!\n";
b82ed2061f65 Tests: OCSP stapling tests. Sergey Kandaurov <pluknet@nginx.com> parents: diff changeset	179 }
b82ed2061f65 Tests: OCSP stapling tests. Sergey Kandaurov <pluknet@nginx.com> parents: diff changeset	180
b82ed2061f65 Tests: OCSP stapling tests. Sergey Kandaurov <pluknet@nginx.com> parents: diff changeset	181 $t->write_file('certserial', '1000');
b82ed2061f65 Tests: OCSP stapling tests. Sergey Kandaurov <pluknet@nginx.com> parents: diff changeset	182 $t->write_file('certindex', '');
b82ed2061f65 Tests: OCSP stapling tests. Sergey Kandaurov <pluknet@nginx.com> parents: diff changeset	183
b82ed2061f65 Tests: OCSP stapling tests. Sergey Kandaurov <pluknet@nginx.com> parents: diff changeset	184 system("openssl ca -batch -config $d/ca.conf "
b82ed2061f65 Tests: OCSP stapling tests. Sergey Kandaurov <pluknet@nginx.com> parents: diff changeset	185 . "-keyfile $d/root.key -cert $d/root.crt "
b82ed2061f65 Tests: OCSP stapling tests. Sergey Kandaurov <pluknet@nginx.com> parents: diff changeset	186 . "-subj /CN=int/ -in $d/int.csr -out $d/int.crt "
b82ed2061f65 Tests: OCSP stapling tests. Sergey Kandaurov <pluknet@nginx.com> parents: diff changeset	187 . ">>$d/openssl.out 2>&1") == 0
b82ed2061f65 Tests: OCSP stapling tests. Sergey Kandaurov <pluknet@nginx.com> parents: diff changeset	188 or die "Can't sign certificate for int: $!\n";
b82ed2061f65 Tests: OCSP stapling tests. Sergey Kandaurov <pluknet@nginx.com> parents: diff changeset	189
b82ed2061f65 Tests: OCSP stapling tests. Sergey Kandaurov <pluknet@nginx.com> parents: diff changeset	190 system("openssl ca -batch -config $d/ca.conf "
b82ed2061f65 Tests: OCSP stapling tests. Sergey Kandaurov <pluknet@nginx.com> parents: diff changeset	191 . "-keyfile $d/int.key -cert $d/int.crt "
b82ed2061f65 Tests: OCSP stapling tests. Sergey Kandaurov <pluknet@nginx.com> parents: diff changeset	192 . "-subj /CN=ec-end/ -in $d/ec-end.csr -out $d/ec-end.crt "
b82ed2061f65 Tests: OCSP stapling tests. Sergey Kandaurov <pluknet@nginx.com> parents: diff changeset	193 . ">>$d/openssl.out 2>&1") == 0
b82ed2061f65 Tests: OCSP stapling tests. Sergey Kandaurov <pluknet@nginx.com> parents: diff changeset	194 or die "Can't sign certificate for ec-end: $!\n";
b82ed2061f65 Tests: OCSP stapling tests. Sergey Kandaurov <pluknet@nginx.com> parents: diff changeset	195
b82ed2061f65 Tests: OCSP stapling tests. Sergey Kandaurov <pluknet@nginx.com> parents: diff changeset	196 system("openssl ca -batch -config $d/ca.conf "
b82ed2061f65 Tests: OCSP stapling tests. Sergey Kandaurov <pluknet@nginx.com> parents: diff changeset	197 . "-keyfile $d/int.key -cert $d/int.crt "
b82ed2061f65 Tests: OCSP stapling tests. Sergey Kandaurov <pluknet@nginx.com> parents: diff changeset	198 . "-subj /CN=end/ -in $d/end.csr -out $d/end.crt "
b82ed2061f65 Tests: OCSP stapling tests. Sergey Kandaurov <pluknet@nginx.com> parents: diff changeset	199 . ">>$d/openssl.out 2>&1") == 0
b82ed2061f65 Tests: OCSP stapling tests. Sergey Kandaurov <pluknet@nginx.com> parents: diff changeset	200 or die "Can't sign certificate for end: $!\n";
b82ed2061f65 Tests: OCSP stapling tests. Sergey Kandaurov <pluknet@nginx.com> parents: diff changeset	201
b82ed2061f65 Tests: OCSP stapling tests. Sergey Kandaurov <pluknet@nginx.com> parents: diff changeset	202 # RFC 6960, serialNumber
b82ed2061f65 Tests: OCSP stapling tests. Sergey Kandaurov <pluknet@nginx.com> parents: diff changeset	203
b82ed2061f65 Tests: OCSP stapling tests. Sergey Kandaurov <pluknet@nginx.com> parents: diff changeset	204 system("openssl x509 -in $d/end.crt -serial -noout "
b82ed2061f65 Tests: OCSP stapling tests. Sergey Kandaurov <pluknet@nginx.com> parents: diff changeset	205 . ">>$d/serial 2>>$d/openssl.out") == 0
b82ed2061f65 Tests: OCSP stapling tests. Sergey Kandaurov <pluknet@nginx.com> parents: diff changeset	206 or die "Can't obtain serial for end: $!\n";
b82ed2061f65 Tests: OCSP stapling tests. Sergey Kandaurov <pluknet@nginx.com> parents: diff changeset	207
b82ed2061f65 Tests: OCSP stapling tests. Sergey Kandaurov <pluknet@nginx.com> parents: diff changeset	208 my $serial = pack("n2", 0x0202, hex $1) if $t->read_file('serial') =~ /(\d+)/;
b82ed2061f65 Tests: OCSP stapling tests. Sergey Kandaurov <pluknet@nginx.com> parents: diff changeset	209
b82ed2061f65 Tests: OCSP stapling tests. Sergey Kandaurov <pluknet@nginx.com> parents: diff changeset	210 system("openssl ca -config $d/ca.conf -revoke $d/end.crt "
b82ed2061f65 Tests: OCSP stapling tests. Sergey Kandaurov <pluknet@nginx.com> parents: diff changeset	211 . "-keyfile $d/root.key -cert $d/root.crt "
b82ed2061f65 Tests: OCSP stapling tests. Sergey Kandaurov <pluknet@nginx.com> parents: diff changeset	212 . ">>$d/openssl.out 2>&1") == 0
b82ed2061f65 Tests: OCSP stapling tests. Sergey Kandaurov <pluknet@nginx.com> parents: diff changeset	213 or die "Can't revoke end.crt: $!\n";
b82ed2061f65 Tests: OCSP stapling tests. Sergey Kandaurov <pluknet@nginx.com> parents: diff changeset	214
b82ed2061f65 Tests: OCSP stapling tests. Sergey Kandaurov <pluknet@nginx.com> parents: diff changeset	215 system("openssl ocsp -issuer $d/int.crt -cert $d/end.crt "
b82ed2061f65 Tests: OCSP stapling tests. Sergey Kandaurov <pluknet@nginx.com> parents: diff changeset	216 . "-reqout $d/req.der >>$d/openssl.out 2>&1") == 0
b82ed2061f65 Tests: OCSP stapling tests. Sergey Kandaurov <pluknet@nginx.com> parents: diff changeset	217 or die "Can't create OCSP request: $!\n";
b82ed2061f65 Tests: OCSP stapling tests. Sergey Kandaurov <pluknet@nginx.com> parents: diff changeset	218
b82ed2061f65 Tests: OCSP stapling tests. Sergey Kandaurov <pluknet@nginx.com> parents: diff changeset	219 system("openssl ocsp -index $d/certindex -CA $d/int.crt "
b82ed2061f65 Tests: OCSP stapling tests. Sergey Kandaurov <pluknet@nginx.com> parents: diff changeset	220 . "-rsigner $d/root.crt -rkey $d/root.key "
b82ed2061f65 Tests: OCSP stapling tests. Sergey Kandaurov <pluknet@nginx.com> parents: diff changeset	221 . "-reqin $d/req.der -respout $d/resp.der -ndays 1 "
b82ed2061f65 Tests: OCSP stapling tests. Sergey Kandaurov <pluknet@nginx.com> parents: diff changeset	222 . ">>$d/openssl.out 2>&1") == 0
b82ed2061f65 Tests: OCSP stapling tests. Sergey Kandaurov <pluknet@nginx.com> parents: diff changeset	223 or die "Can't create OCSP response: $!\n";
b82ed2061f65 Tests: OCSP stapling tests. Sergey Kandaurov <pluknet@nginx.com> parents: diff changeset	224
b82ed2061f65 Tests: OCSP stapling tests. Sergey Kandaurov <pluknet@nginx.com> parents: diff changeset	225 system("openssl ocsp -issuer $d/int.crt -cert $d/ec-end.crt "
b82ed2061f65 Tests: OCSP stapling tests. Sergey Kandaurov <pluknet@nginx.com> parents: diff changeset	226 . "-reqout $d/ec-req.der >>$d/openssl.out 2>&1") == 0
b82ed2061f65 Tests: OCSP stapling tests. Sergey Kandaurov <pluknet@nginx.com> parents: diff changeset	227 or die "Can't create EC OCSP request: $!\n";
b82ed2061f65 Tests: OCSP stapling tests. Sergey Kandaurov <pluknet@nginx.com> parents: diff changeset	228
b82ed2061f65 Tests: OCSP stapling tests. Sergey Kandaurov <pluknet@nginx.com> parents: diff changeset	229 system("openssl ocsp -index $d/certindex -CA $d/int.crt "
b82ed2061f65 Tests: OCSP stapling tests. Sergey Kandaurov <pluknet@nginx.com> parents: diff changeset	230 . "-rsigner $d/root.crt -rkey $d/root.key "
b82ed2061f65 Tests: OCSP stapling tests. Sergey Kandaurov <pluknet@nginx.com> parents: diff changeset	231 . "-reqin $d/ec-req.der -respout $d/ec-resp.der -ndays 1 "
b82ed2061f65 Tests: OCSP stapling tests. Sergey Kandaurov <pluknet@nginx.com> parents: diff changeset	232 . ">>$d/openssl.out 2>&1") == 0
b82ed2061f65 Tests: OCSP stapling tests. Sergey Kandaurov <pluknet@nginx.com> parents: diff changeset	233 or die "Can't create EC OCSP response: $!\n";
b82ed2061f65 Tests: OCSP stapling tests. Sergey Kandaurov <pluknet@nginx.com> parents: diff changeset	234
b82ed2061f65 Tests: OCSP stapling tests. Sergey Kandaurov <pluknet@nginx.com> parents: diff changeset	235 $t->write_file('trusted.crt',
b82ed2061f65 Tests: OCSP stapling tests. Sergey Kandaurov <pluknet@nginx.com> parents: diff changeset	236 $t->read_file('int.crt') . $t->read_file('root.crt'));
b82ed2061f65 Tests: OCSP stapling tests. Sergey Kandaurov <pluknet@nginx.com> parents: diff changeset	237 $t->write_file('end-int.crt',
b82ed2061f65 Tests: OCSP stapling tests. Sergey Kandaurov <pluknet@nginx.com> parents: diff changeset	238 $t->read_file('end.crt') . $t->read_file('int.crt'));
b82ed2061f65 Tests: OCSP stapling tests. Sergey Kandaurov <pluknet@nginx.com> parents: diff changeset	239 $t->write_file('ec-end-int.crt',
b82ed2061f65 Tests: OCSP stapling tests. Sergey Kandaurov <pluknet@nginx.com> parents: diff changeset	240 $t->read_file('ec-end.crt') . $t->read_file('int.crt'));
b82ed2061f65 Tests: OCSP stapling tests. Sergey Kandaurov <pluknet@nginx.com> parents: diff changeset	241
b82ed2061f65 Tests: OCSP stapling tests. Sergey Kandaurov <pluknet@nginx.com> parents: diff changeset	242 $t->run_daemon(\&http_daemon, $t);
b82ed2061f65 Tests: OCSP stapling tests. Sergey Kandaurov <pluknet@nginx.com> parents: diff changeset	243 $t->run();
b82ed2061f65 Tests: OCSP stapling tests. Sergey Kandaurov <pluknet@nginx.com> parents: diff changeset	244
b82ed2061f65 Tests: OCSP stapling tests. Sergey Kandaurov <pluknet@nginx.com> parents: diff changeset	245 $t->waitforsocket("127.0.0.1:" . port(8081));
b82ed2061f65 Tests: OCSP stapling tests. Sergey Kandaurov <pluknet@nginx.com> parents: diff changeset	246
b82ed2061f65 Tests: OCSP stapling tests. Sergey Kandaurov <pluknet@nginx.com> parents: diff changeset	247 ###############################################################################
b82ed2061f65 Tests: OCSP stapling tests. Sergey Kandaurov <pluknet@nginx.com> parents: diff changeset	248
1389 73a9504ae6fd Tests: support TLS 1.3 in ssl_stapling.t by preferring sigalgs. Sergey Kandaurov <pluknet@nginx.com> parents: 1330 diff changeset	249 my $version = get_version();
73a9504ae6fd Tests: support TLS 1.3 in ssl_stapling.t by preferring sigalgs. Sergey Kandaurov <pluknet@nginx.com> parents: 1330 diff changeset	250
1330 b82ed2061f65 Tests: OCSP stapling tests. Sergey Kandaurov <pluknet@nginx.com> parents: diff changeset	251 staple(8443, 'RSA');
b82ed2061f65 Tests: OCSP stapling tests. Sergey Kandaurov <pluknet@nginx.com> parents: diff changeset	252 staple(8443, 'ECDSA');
b82ed2061f65 Tests: OCSP stapling tests. Sergey Kandaurov <pluknet@nginx.com> parents: diff changeset	253 staple(8444, 'RSA');
b82ed2061f65 Tests: OCSP stapling tests. Sergey Kandaurov <pluknet@nginx.com> parents: diff changeset	254 staple(8444, 'ECDSA');
b82ed2061f65 Tests: OCSP stapling tests. Sergey Kandaurov <pluknet@nginx.com> parents: diff changeset	255 staple(8445, 'ECDSA');
b82ed2061f65 Tests: OCSP stapling tests. Sergey Kandaurov <pluknet@nginx.com> parents: diff changeset	256 staple(8446, 'ECDSA');
b82ed2061f65 Tests: OCSP stapling tests. Sergey Kandaurov <pluknet@nginx.com> parents: diff changeset	257 staple(8449, 'ECDSA');
b82ed2061f65 Tests: OCSP stapling tests. Sergey Kandaurov <pluknet@nginx.com> parents: diff changeset	258
b82ed2061f65 Tests: OCSP stapling tests. Sergey Kandaurov <pluknet@nginx.com> parents: diff changeset	259 sleep 1;
b82ed2061f65 Tests: OCSP stapling tests. Sergey Kandaurov <pluknet@nginx.com> parents: diff changeset	260
b82ed2061f65 Tests: OCSP stapling tests. Sergey Kandaurov <pluknet@nginx.com> parents: diff changeset	261 ok(!staple(8443, 'RSA'), 'staple revoked');
1842 af47a0b348a5 Tests: LibreSSL certificate negotiation with TLSv1.3. Maxim Dounin <mdounin@mdounin.ru> parents: 1636 diff changeset	262
af47a0b348a5 Tests: LibreSSL certificate negotiation with TLSv1.3. Maxim Dounin <mdounin@mdounin.ru> parents: 1636 diff changeset	263 TODO: {
af47a0b348a5 Tests: LibreSSL certificate negotiation with TLSv1.3. Maxim Dounin <mdounin@mdounin.ru> parents: 1636 diff changeset	264 local $TODO = 'broken TLSv1.3 sigalgs in LibreSSL'
af47a0b348a5 Tests: LibreSSL certificate negotiation with TLSv1.3. Maxim Dounin <mdounin@mdounin.ru> parents: 1636 diff changeset	265 if $t->has_module('LibreSSL') && $version > 0x303;
af47a0b348a5 Tests: LibreSSL certificate negotiation with TLSv1.3. Maxim Dounin <mdounin@mdounin.ru> parents: 1636 diff changeset	266
1330 b82ed2061f65 Tests: OCSP stapling tests. Sergey Kandaurov <pluknet@nginx.com> parents: diff changeset	267 ok(staple(8443, 'ECDSA'), 'staple success');
b82ed2061f65 Tests: OCSP stapling tests. Sergey Kandaurov <pluknet@nginx.com> parents: diff changeset	268
1842 af47a0b348a5 Tests: LibreSSL certificate negotiation with TLSv1.3. Maxim Dounin <mdounin@mdounin.ru> parents: 1636 diff changeset	269 }
af47a0b348a5 Tests: LibreSSL certificate negotiation with TLSv1.3. Maxim Dounin <mdounin@mdounin.ru> parents: 1636 diff changeset	270
1330 b82ed2061f65 Tests: OCSP stapling tests. Sergey Kandaurov <pluknet@nginx.com> parents: diff changeset	271 ok(!staple(8444, 'RSA'), 'responder revoked');
1842 af47a0b348a5 Tests: LibreSSL certificate negotiation with TLSv1.3. Maxim Dounin <mdounin@mdounin.ru> parents: 1636 diff changeset	272
af47a0b348a5 Tests: LibreSSL certificate negotiation with TLSv1.3. Maxim Dounin <mdounin@mdounin.ru> parents: 1636 diff changeset	273 TODO: {
af47a0b348a5 Tests: LibreSSL certificate negotiation with TLSv1.3. Maxim Dounin <mdounin@mdounin.ru> parents: 1636 diff changeset	274 local $TODO = 'broken TLSv1.3 sigalgs in LibreSSL'
af47a0b348a5 Tests: LibreSSL certificate negotiation with TLSv1.3. Maxim Dounin <mdounin@mdounin.ru> parents: 1636 diff changeset	275 if $t->has_module('LibreSSL') && $version > 0x303;
af47a0b348a5 Tests: LibreSSL certificate negotiation with TLSv1.3. Maxim Dounin <mdounin@mdounin.ru> parents: 1636 diff changeset	276
1330 b82ed2061f65 Tests: OCSP stapling tests. Sergey Kandaurov <pluknet@nginx.com> parents: diff changeset	277 ok(staple(8444, 'ECDSA'), 'responder success');
b82ed2061f65 Tests: OCSP stapling tests. Sergey Kandaurov <pluknet@nginx.com> parents: diff changeset	278
1842 af47a0b348a5 Tests: LibreSSL certificate negotiation with TLSv1.3. Maxim Dounin <mdounin@mdounin.ru> parents: 1636 diff changeset	279 }
af47a0b348a5 Tests: LibreSSL certificate negotiation with TLSv1.3. Maxim Dounin <mdounin@mdounin.ru> parents: 1636 diff changeset	280
1330 b82ed2061f65 Tests: OCSP stapling tests. Sergey Kandaurov <pluknet@nginx.com> parents: diff changeset	281 ok(!staple(8445, 'ECDSA'), 'verify - root not trusted');
b82ed2061f65 Tests: OCSP stapling tests. Sergey Kandaurov <pluknet@nginx.com> parents: diff changeset	282
b82ed2061f65 Tests: OCSP stapling tests. Sergey Kandaurov <pluknet@nginx.com> parents: diff changeset	283 ok(staple(8446, 'ECDSA', "$d/int.crt"), 'cert store');
b82ed2061f65 Tests: OCSP stapling tests. Sergey Kandaurov <pluknet@nginx.com> parents: diff changeset	284
b82ed2061f65 Tests: OCSP stapling tests. Sergey Kandaurov <pluknet@nginx.com> parents: diff changeset	285 is(staple(8447, 'RSA'), '1 1', 'file revoked');
b82ed2061f65 Tests: OCSP stapling tests. Sergey Kandaurov <pluknet@nginx.com> parents: diff changeset	286 is(staple(8448, 'ECDSA'), '1 0', 'file success');
b82ed2061f65 Tests: OCSP stapling tests. Sergey Kandaurov <pluknet@nginx.com> parents: diff changeset	287
b82ed2061f65 Tests: OCSP stapling tests. Sergey Kandaurov <pluknet@nginx.com> parents: diff changeset	288 ok(!staple(8449, 'ECDSA'), 'ocsp error');
b82ed2061f65 Tests: OCSP stapling tests. Sergey Kandaurov <pluknet@nginx.com> parents: diff changeset	289
1842 af47a0b348a5 Tests: LibreSSL certificate negotiation with TLSv1.3. Maxim Dounin <mdounin@mdounin.ru> parents: 1636 diff changeset	290 TODO: {
af47a0b348a5 Tests: LibreSSL certificate negotiation with TLSv1.3. Maxim Dounin <mdounin@mdounin.ru> parents: 1636 diff changeset	291 local $TODO = 'broken TLSv1.3 sigalgs in LibreSSL'
af47a0b348a5 Tests: LibreSSL certificate negotiation with TLSv1.3. Maxim Dounin <mdounin@mdounin.ru> parents: 1636 diff changeset	292 if $t->has_module('LibreSSL') && $version > 0x303;
af47a0b348a5 Tests: LibreSSL certificate negotiation with TLSv1.3. Maxim Dounin <mdounin@mdounin.ru> parents: 1636 diff changeset	293
af47a0b348a5 Tests: LibreSSL certificate negotiation with TLSv1.3. Maxim Dounin <mdounin@mdounin.ru> parents: 1636 diff changeset	294 like(`grep -F '[crit]' ${\($t->testdir())}/error.log`, qr/^$/s, 'no crit');
af47a0b348a5 Tests: LibreSSL certificate negotiation with TLSv1.3. Maxim Dounin <mdounin@mdounin.ru> parents: 1636 diff changeset	295
af47a0b348a5 Tests: LibreSSL certificate negotiation with TLSv1.3. Maxim Dounin <mdounin@mdounin.ru> parents: 1636 diff changeset	296 }
af47a0b348a5 Tests: LibreSSL certificate negotiation with TLSv1.3. Maxim Dounin <mdounin@mdounin.ru> parents: 1636 diff changeset	297
1330 b82ed2061f65 Tests: OCSP stapling tests. Sergey Kandaurov <pluknet@nginx.com> parents: diff changeset	298 ###############################################################################
b82ed2061f65 Tests: OCSP stapling tests. Sergey Kandaurov <pluknet@nginx.com> parents: diff changeset	299
b82ed2061f65 Tests: OCSP stapling tests. Sergey Kandaurov <pluknet@nginx.com> parents: diff changeset	300 sub staple {
b82ed2061f65 Tests: OCSP stapling tests. Sergey Kandaurov <pluknet@nginx.com> parents: diff changeset	301 my ($port, $ciphers, $ca) = @_;
b82ed2061f65 Tests: OCSP stapling tests. Sergey Kandaurov <pluknet@nginx.com> parents: diff changeset	302 my (@resp);
b82ed2061f65 Tests: OCSP stapling tests. Sergey Kandaurov <pluknet@nginx.com> parents: diff changeset	303
b82ed2061f65 Tests: OCSP stapling tests. Sergey Kandaurov <pluknet@nginx.com> parents: diff changeset	304 my $staple_cb = sub {
b82ed2061f65 Tests: OCSP stapling tests. Sergey Kandaurov <pluknet@nginx.com> parents: diff changeset	305 my ($ssl, $resp) = @_;
b82ed2061f65 Tests: OCSP stapling tests. Sergey Kandaurov <pluknet@nginx.com> parents: diff changeset	306 push @resp, !!$resp;
b82ed2061f65 Tests: OCSP stapling tests. Sergey Kandaurov <pluknet@nginx.com> parents: diff changeset	307 return 1 unless $resp;
1389 73a9504ae6fd Tests: support TLS 1.3 in ssl_stapling.t by preferring sigalgs. Sergey Kandaurov <pluknet@nginx.com> parents: 1330 diff changeset	308 my $cert = Net::SSLeay::get_peer_certificate($ssl);
73a9504ae6fd Tests: support TLS 1.3 in ssl_stapling.t by preferring sigalgs. Sergey Kandaurov <pluknet@nginx.com> parents: 1330 diff changeset	309 my $certid = eval { Net::SSLeay::OCSP_cert2ids($ssl, $cert) }
1330 b82ed2061f65 Tests: OCSP stapling tests. Sergey Kandaurov <pluknet@nginx.com> parents: diff changeset	310 or do { die "no OCSP_CERTID for certificate: $@"; };
b82ed2061f65 Tests: OCSP stapling tests. Sergey Kandaurov <pluknet@nginx.com> parents: diff changeset	311
b82ed2061f65 Tests: OCSP stapling tests. Sergey Kandaurov <pluknet@nginx.com> parents: diff changeset	312 my @res = Net::SSLeay::OCSP_response_results($resp, $certid);
b82ed2061f65 Tests: OCSP stapling tests. Sergey Kandaurov <pluknet@nginx.com> parents: diff changeset	313 push @resp, $res[0][2]->{'statusType'};
b82ed2061f65 Tests: OCSP stapling tests. Sergey Kandaurov <pluknet@nginx.com> parents: diff changeset	314 };
b82ed2061f65 Tests: OCSP stapling tests. Sergey Kandaurov <pluknet@nginx.com> parents: diff changeset	315
1389 73a9504ae6fd Tests: support TLS 1.3 in ssl_stapling.t by preferring sigalgs. Sergey Kandaurov <pluknet@nginx.com> parents: 1330 diff changeset	316 my $s;
73a9504ae6fd Tests: support TLS 1.3 in ssl_stapling.t by preferring sigalgs. Sergey Kandaurov <pluknet@nginx.com> parents: 1330 diff changeset	317
1330 b82ed2061f65 Tests: OCSP stapling tests. Sergey Kandaurov <pluknet@nginx.com> parents: diff changeset	318 eval {
b82ed2061f65 Tests: OCSP stapling tests. Sergey Kandaurov <pluknet@nginx.com> parents: diff changeset	319 local $SIG{ALRM} = sub { die "timeout\n" };
b82ed2061f65 Tests: OCSP stapling tests. Sergey Kandaurov <pluknet@nginx.com> parents: diff changeset	320 local $SIG{PIPE} = sub { die "sigpipe\n" };
1421 4e48bf51714f Tests: aligned various generic read timeouts to http_end(). Sergey Kandaurov <pluknet@nginx.com> parents: 1407 diff changeset	321 alarm(8);
1389 73a9504ae6fd Tests: support TLS 1.3 in ssl_stapling.t by preferring sigalgs. Sergey Kandaurov <pluknet@nginx.com> parents: 1330 diff changeset	322 $s = IO::Socket::INET->new('127.0.0.1:' . port($port));
1330 b82ed2061f65 Tests: OCSP stapling tests. Sergey Kandaurov <pluknet@nginx.com> parents: diff changeset	323 alarm(0);
b82ed2061f65 Tests: OCSP stapling tests. Sergey Kandaurov <pluknet@nginx.com> parents: diff changeset	324 };
b82ed2061f65 Tests: OCSP stapling tests. Sergey Kandaurov <pluknet@nginx.com> parents: diff changeset	325 alarm(0);
b82ed2061f65 Tests: OCSP stapling tests. Sergey Kandaurov <pluknet@nginx.com> parents: diff changeset	326
b82ed2061f65 Tests: OCSP stapling tests. Sergey Kandaurov <pluknet@nginx.com> parents: diff changeset	327 if ($@) {
b82ed2061f65 Tests: OCSP stapling tests. Sergey Kandaurov <pluknet@nginx.com> parents: diff changeset	328 log_in("died: $@");
b82ed2061f65 Tests: OCSP stapling tests. Sergey Kandaurov <pluknet@nginx.com> parents: diff changeset	329 return undef;
b82ed2061f65 Tests: OCSP stapling tests. Sergey Kandaurov <pluknet@nginx.com> parents: diff changeset	330 }
b82ed2061f65 Tests: OCSP stapling tests. Sergey Kandaurov <pluknet@nginx.com> parents: diff changeset	331
1389 73a9504ae6fd Tests: support TLS 1.3 in ssl_stapling.t by preferring sigalgs. Sergey Kandaurov <pluknet@nginx.com> parents: 1330 diff changeset	332 my $ctx = Net::SSLeay::CTX_new() or die("Failed to create SSL_CTX $!");
73a9504ae6fd Tests: support TLS 1.3 in ssl_stapling.t by preferring sigalgs. Sergey Kandaurov <pluknet@nginx.com> parents: 1330 diff changeset	333
1397 d3d2aabe16dd Tests: LibreSSL client detection in multiple certificate tests. Sergey Kandaurov <pluknet@nginx.com> parents: 1389 diff changeset	334 my $ssleay = Net::SSLeay::SSLeay();
d3d2aabe16dd Tests: LibreSSL client detection in multiple certificate tests. Sergey Kandaurov <pluknet@nginx.com> parents: 1389 diff changeset	335 if ($ssleay < 0x1000200f \|\| $ssleay == 0x20000000) {
1389 73a9504ae6fd Tests: support TLS 1.3 in ssl_stapling.t by preferring sigalgs. Sergey Kandaurov <pluknet@nginx.com> parents: 1330 diff changeset	336 Net::SSLeay::CTX_set_cipher_list($ctx, $ciphers)
73a9504ae6fd Tests: support TLS 1.3 in ssl_stapling.t by preferring sigalgs. Sergey Kandaurov <pluknet@nginx.com> parents: 1330 diff changeset	337 or die("Failed to set cipher list");
73a9504ae6fd Tests: support TLS 1.3 in ssl_stapling.t by preferring sigalgs. Sergey Kandaurov <pluknet@nginx.com> parents: 1330 diff changeset	338 } else {
73a9504ae6fd Tests: support TLS 1.3 in ssl_stapling.t by preferring sigalgs. Sergey Kandaurov <pluknet@nginx.com> parents: 1330 diff changeset	339 # SSL_CTRL_SET_SIGALGS_LIST
73a9504ae6fd Tests: support TLS 1.3 in ssl_stapling.t by preferring sigalgs. Sergey Kandaurov <pluknet@nginx.com> parents: 1330 diff changeset	340 $ciphers = 'PSS' if $ciphers eq 'RSA' && $version > 0x0303;
73a9504ae6fd Tests: support TLS 1.3 in ssl_stapling.t by preferring sigalgs. Sergey Kandaurov <pluknet@nginx.com> parents: 1330 diff changeset	341 Net::SSLeay::CTX_ctrl($ctx, 98, 0, $ciphers . '+SHA256')
73a9504ae6fd Tests: support TLS 1.3 in ssl_stapling.t by preferring sigalgs. Sergey Kandaurov <pluknet@nginx.com> parents: 1330 diff changeset	342 or die("Failed to set sigalgs");
73a9504ae6fd Tests: support TLS 1.3 in ssl_stapling.t by preferring sigalgs. Sergey Kandaurov <pluknet@nginx.com> parents: 1330 diff changeset	343 }
73a9504ae6fd Tests: support TLS 1.3 in ssl_stapling.t by preferring sigalgs. Sergey Kandaurov <pluknet@nginx.com> parents: 1330 diff changeset	344
73a9504ae6fd Tests: support TLS 1.3 in ssl_stapling.t by preferring sigalgs. Sergey Kandaurov <pluknet@nginx.com> parents: 1330 diff changeset	345 Net::SSLeay::CTX_load_verify_locations($ctx, $ca \|\| '', '');
73a9504ae6fd Tests: support TLS 1.3 in ssl_stapling.t by preferring sigalgs. Sergey Kandaurov <pluknet@nginx.com> parents: 1330 diff changeset	346 Net::SSLeay::CTX_set_tlsext_status_cb($ctx, $staple_cb);
73a9504ae6fd Tests: support TLS 1.3 in ssl_stapling.t by preferring sigalgs. Sergey Kandaurov <pluknet@nginx.com> parents: 1330 diff changeset	347 my $ssl = Net::SSLeay::new($ctx) or die("Failed to create SSL $!");
73a9504ae6fd Tests: support TLS 1.3 in ssl_stapling.t by preferring sigalgs. Sergey Kandaurov <pluknet@nginx.com> parents: 1330 diff changeset	348 Net::SSLeay::set_tlsext_status_type($ssl,
73a9504ae6fd Tests: support TLS 1.3 in ssl_stapling.t by preferring sigalgs. Sergey Kandaurov <pluknet@nginx.com> parents: 1330 diff changeset	349 Net::SSLeay::TLSEXT_STATUSTYPE_ocsp());
73a9504ae6fd Tests: support TLS 1.3 in ssl_stapling.t by preferring sigalgs. Sergey Kandaurov <pluknet@nginx.com> parents: 1330 diff changeset	350 Net::SSLeay::set_fd($ssl, fileno($s));
73a9504ae6fd Tests: support TLS 1.3 in ssl_stapling.t by preferring sigalgs. Sergey Kandaurov <pluknet@nginx.com> parents: 1330 diff changeset	351 Net::SSLeay::connect($ssl) or die("ssl connect");
73a9504ae6fd Tests: support TLS 1.3 in ssl_stapling.t by preferring sigalgs. Sergey Kandaurov <pluknet@nginx.com> parents: 1330 diff changeset	352
1330 b82ed2061f65 Tests: OCSP stapling tests. Sergey Kandaurov <pluknet@nginx.com> parents: diff changeset	353 return join ' ', @resp;
b82ed2061f65 Tests: OCSP stapling tests. Sergey Kandaurov <pluknet@nginx.com> parents: diff changeset	354 }
b82ed2061f65 Tests: OCSP stapling tests. Sergey Kandaurov <pluknet@nginx.com> parents: diff changeset	355
1389 73a9504ae6fd Tests: support TLS 1.3 in ssl_stapling.t by preferring sigalgs. Sergey Kandaurov <pluknet@nginx.com> parents: 1330 diff changeset	356 sub get_version {
73a9504ae6fd Tests: support TLS 1.3 in ssl_stapling.t by preferring sigalgs. Sergey Kandaurov <pluknet@nginx.com> parents: 1330 diff changeset	357 my $s;
73a9504ae6fd Tests: support TLS 1.3 in ssl_stapling.t by preferring sigalgs. Sergey Kandaurov <pluknet@nginx.com> parents: 1330 diff changeset	358
73a9504ae6fd Tests: support TLS 1.3 in ssl_stapling.t by preferring sigalgs. Sergey Kandaurov <pluknet@nginx.com> parents: 1330 diff changeset	359 eval {
73a9504ae6fd Tests: support TLS 1.3 in ssl_stapling.t by preferring sigalgs. Sergey Kandaurov <pluknet@nginx.com> parents: 1330 diff changeset	360 local $SIG{ALRM} = sub { die "timeout\n" };
73a9504ae6fd Tests: support TLS 1.3 in ssl_stapling.t by preferring sigalgs. Sergey Kandaurov <pluknet@nginx.com> parents: 1330 diff changeset	361 local $SIG{PIPE} = sub { die "sigpipe\n" };
1421 4e48bf51714f Tests: aligned various generic read timeouts to http_end(). Sergey Kandaurov <pluknet@nginx.com> parents: 1407 diff changeset	362 alarm(8);
1389 73a9504ae6fd Tests: support TLS 1.3 in ssl_stapling.t by preferring sigalgs. Sergey Kandaurov <pluknet@nginx.com> parents: 1330 diff changeset	363 $s = IO::Socket::INET->new('127.0.0.1:' . port(8443));
73a9504ae6fd Tests: support TLS 1.3 in ssl_stapling.t by preferring sigalgs. Sergey Kandaurov <pluknet@nginx.com> parents: 1330 diff changeset	364 alarm(0);
73a9504ae6fd Tests: support TLS 1.3 in ssl_stapling.t by preferring sigalgs. Sergey Kandaurov <pluknet@nginx.com> parents: 1330 diff changeset	365 };
73a9504ae6fd Tests: support TLS 1.3 in ssl_stapling.t by preferring sigalgs. Sergey Kandaurov <pluknet@nginx.com> parents: 1330 diff changeset	366 alarm(0);
73a9504ae6fd Tests: support TLS 1.3 in ssl_stapling.t by preferring sigalgs. Sergey Kandaurov <pluknet@nginx.com> parents: 1330 diff changeset	367
73a9504ae6fd Tests: support TLS 1.3 in ssl_stapling.t by preferring sigalgs. Sergey Kandaurov <pluknet@nginx.com> parents: 1330 diff changeset	368 if ($@) {
73a9504ae6fd Tests: support TLS 1.3 in ssl_stapling.t by preferring sigalgs. Sergey Kandaurov <pluknet@nginx.com> parents: 1330 diff changeset	369 log_in("died: $@");
73a9504ae6fd Tests: support TLS 1.3 in ssl_stapling.t by preferring sigalgs. Sergey Kandaurov <pluknet@nginx.com> parents: 1330 diff changeset	370 return undef;
73a9504ae6fd Tests: support TLS 1.3 in ssl_stapling.t by preferring sigalgs. Sergey Kandaurov <pluknet@nginx.com> parents: 1330 diff changeset	371 }
73a9504ae6fd Tests: support TLS 1.3 in ssl_stapling.t by preferring sigalgs. Sergey Kandaurov <pluknet@nginx.com> parents: 1330 diff changeset	372
73a9504ae6fd Tests: support TLS 1.3 in ssl_stapling.t by preferring sigalgs. Sergey Kandaurov <pluknet@nginx.com> parents: 1330 diff changeset	373 my $ctx = Net::SSLeay::CTX_new() or die("Failed to create SSL_CTX $!");
73a9504ae6fd Tests: support TLS 1.3 in ssl_stapling.t by preferring sigalgs. Sergey Kandaurov <pluknet@nginx.com> parents: 1330 diff changeset	374 my $ssl = Net::SSLeay::new($ctx) or die("Failed to create SSL $!");
73a9504ae6fd Tests: support TLS 1.3 in ssl_stapling.t by preferring sigalgs. Sergey Kandaurov <pluknet@nginx.com> parents: 1330 diff changeset	375 Net::SSLeay::set_fd($ssl, fileno($s));
73a9504ae6fd Tests: support TLS 1.3 in ssl_stapling.t by preferring sigalgs. Sergey Kandaurov <pluknet@nginx.com> parents: 1330 diff changeset	376 Net::SSLeay::connect($ssl) or die("ssl connect");
73a9504ae6fd Tests: support TLS 1.3 in ssl_stapling.t by preferring sigalgs. Sergey Kandaurov <pluknet@nginx.com> parents: 1330 diff changeset	377
73a9504ae6fd Tests: support TLS 1.3 in ssl_stapling.t by preferring sigalgs. Sergey Kandaurov <pluknet@nginx.com> parents: 1330 diff changeset	378 Net::SSLeay::version($ssl);
73a9504ae6fd Tests: support TLS 1.3 in ssl_stapling.t by preferring sigalgs. Sergey Kandaurov <pluknet@nginx.com> parents: 1330 diff changeset	379 }
73a9504ae6fd Tests: support TLS 1.3 in ssl_stapling.t by preferring sigalgs. Sergey Kandaurov <pluknet@nginx.com> parents: 1330 diff changeset	380
1330 b82ed2061f65 Tests: OCSP stapling tests. Sergey Kandaurov <pluknet@nginx.com> parents: diff changeset	381 ###############################################################################
b82ed2061f65 Tests: OCSP stapling tests. Sergey Kandaurov <pluknet@nginx.com> parents: diff changeset	382
b82ed2061f65 Tests: OCSP stapling tests. Sergey Kandaurov <pluknet@nginx.com> parents: diff changeset	383 sub http_daemon {
b82ed2061f65 Tests: OCSP stapling tests. Sergey Kandaurov <pluknet@nginx.com> parents: diff changeset	384 my ($t) = shift;
b82ed2061f65 Tests: OCSP stapling tests. Sergey Kandaurov <pluknet@nginx.com> parents: diff changeset	385 my $server = IO::Socket::INET->new(
b82ed2061f65 Tests: OCSP stapling tests. Sergey Kandaurov <pluknet@nginx.com> parents: diff changeset	386 Proto => 'tcp',
b82ed2061f65 Tests: OCSP stapling tests. Sergey Kandaurov <pluknet@nginx.com> parents: diff changeset	387 LocalHost => "127.0.0.1:" . port(8081),
b82ed2061f65 Tests: OCSP stapling tests. Sergey Kandaurov <pluknet@nginx.com> parents: diff changeset	388 Listen => 5,
b82ed2061f65 Tests: OCSP stapling tests. Sergey Kandaurov <pluknet@nginx.com> parents: diff changeset	389 Reuse => 1
b82ed2061f65 Tests: OCSP stapling tests. Sergey Kandaurov <pluknet@nginx.com> parents: diff changeset	390 )
b82ed2061f65 Tests: OCSP stapling tests. Sergey Kandaurov <pluknet@nginx.com> parents: diff changeset	391 or die "Can't create listening socket: $!\n";
b82ed2061f65 Tests: OCSP stapling tests. Sergey Kandaurov <pluknet@nginx.com> parents: diff changeset	392
b82ed2061f65 Tests: OCSP stapling tests. Sergey Kandaurov <pluknet@nginx.com> parents: diff changeset	393 local $SIG{PIPE} = 'IGNORE';
b82ed2061f65 Tests: OCSP stapling tests. Sergey Kandaurov <pluknet@nginx.com> parents: diff changeset	394
b82ed2061f65 Tests: OCSP stapling tests. Sergey Kandaurov <pluknet@nginx.com> parents: diff changeset	395 while (my $client = $server->accept()) {
b82ed2061f65 Tests: OCSP stapling tests. Sergey Kandaurov <pluknet@nginx.com> parents: diff changeset	396 $client->autoflush(1);
b82ed2061f65 Tests: OCSP stapling tests. Sergey Kandaurov <pluknet@nginx.com> parents: diff changeset	397
b82ed2061f65 Tests: OCSP stapling tests. Sergey Kandaurov <pluknet@nginx.com> parents: diff changeset	398 my $headers = '';
b82ed2061f65 Tests: OCSP stapling tests. Sergey Kandaurov <pluknet@nginx.com> parents: diff changeset	399 my $uri = '';
b82ed2061f65 Tests: OCSP stapling tests. Sergey Kandaurov <pluknet@nginx.com> parents: diff changeset	400
b82ed2061f65 Tests: OCSP stapling tests. Sergey Kandaurov <pluknet@nginx.com> parents: diff changeset	401 while (<$client>) {
b82ed2061f65 Tests: OCSP stapling tests. Sergey Kandaurov <pluknet@nginx.com> parents: diff changeset	402 $headers .= $_;
b82ed2061f65 Tests: OCSP stapling tests. Sergey Kandaurov <pluknet@nginx.com> parents: diff changeset	403 last if (/^\x0d?\x0a?$/);
b82ed2061f65 Tests: OCSP stapling tests. Sergey Kandaurov <pluknet@nginx.com> parents: diff changeset	404 }
b82ed2061f65 Tests: OCSP stapling tests. Sergey Kandaurov <pluknet@nginx.com> parents: diff changeset	405
b82ed2061f65 Tests: OCSP stapling tests. Sergey Kandaurov <pluknet@nginx.com> parents: diff changeset	406 $uri = $1 if $headers =~ /^\S+\s+\/([^ ]+)\s+HTTP/i;
b82ed2061f65 Tests: OCSP stapling tests. Sergey Kandaurov <pluknet@nginx.com> parents: diff changeset	407 next unless $uri;
b82ed2061f65 Tests: OCSP stapling tests. Sergey Kandaurov <pluknet@nginx.com> parents: diff changeset	408
b82ed2061f65 Tests: OCSP stapling tests. Sergey Kandaurov <pluknet@nginx.com> parents: diff changeset	409 $uri =~ s/%([0-9A-Fa-f]{2})/chr(hex($1))/eg;
b82ed2061f65 Tests: OCSP stapling tests. Sergey Kandaurov <pluknet@nginx.com> parents: diff changeset	410 my $req = decode_base64($uri);
b82ed2061f65 Tests: OCSP stapling tests. Sergey Kandaurov <pluknet@nginx.com> parents: diff changeset	411 my $resp = index($req, $serial) > 0 ? 'resp' : 'ec-resp';
b82ed2061f65 Tests: OCSP stapling tests. Sergey Kandaurov <pluknet@nginx.com> parents: diff changeset	412
b82ed2061f65 Tests: OCSP stapling tests. Sergey Kandaurov <pluknet@nginx.com> parents: diff changeset	413 # ocsp dummy handler
b82ed2061f65 Tests: OCSP stapling tests. Sergey Kandaurov <pluknet@nginx.com> parents: diff changeset	414
b82ed2061f65 Tests: OCSP stapling tests. Sergey Kandaurov <pluknet@nginx.com> parents: diff changeset	415 select undef, undef, undef, 0.02;
b82ed2061f65 Tests: OCSP stapling tests. Sergey Kandaurov <pluknet@nginx.com> parents: diff changeset	416
b82ed2061f65 Tests: OCSP stapling tests. Sergey Kandaurov <pluknet@nginx.com> parents: diff changeset	417 $headers = <<"EOF";
b82ed2061f65 Tests: OCSP stapling tests. Sergey Kandaurov <pluknet@nginx.com> parents: diff changeset	418 HTTP/1.1 200 OK
b82ed2061f65 Tests: OCSP stapling tests. Sergey Kandaurov <pluknet@nginx.com> parents: diff changeset	419 Connection: close
b82ed2061f65 Tests: OCSP stapling tests. Sergey Kandaurov <pluknet@nginx.com> parents: diff changeset	420 Content-Type: application/ocsp-response
b82ed2061f65 Tests: OCSP stapling tests. Sergey Kandaurov <pluknet@nginx.com> parents: diff changeset	421
b82ed2061f65 Tests: OCSP stapling tests. Sergey Kandaurov <pluknet@nginx.com> parents: diff changeset	422 EOF
b82ed2061f65 Tests: OCSP stapling tests. Sergey Kandaurov <pluknet@nginx.com> parents: diff changeset	423
1636 2d371452658c Tests: fixed serving binary OCSP responses on win32. Sergey Kandaurov <pluknet@nginx.com> parents: 1488 diff changeset	424 local $/;
2d371452658c Tests: fixed serving binary OCSP responses on win32. Sergey Kandaurov <pluknet@nginx.com> parents: 1488 diff changeset	425 open my $fh, '<', "$d/$resp.der"
2d371452658c Tests: fixed serving binary OCSP responses on win32. Sergey Kandaurov <pluknet@nginx.com> parents: 1488 diff changeset	426 or die "Can't open $resp.der: $!";
2d371452658c Tests: fixed serving binary OCSP responses on win32. Sergey Kandaurov <pluknet@nginx.com> parents: 1488 diff changeset	427 binmode $fh;
2d371452658c Tests: fixed serving binary OCSP responses on win32. Sergey Kandaurov <pluknet@nginx.com> parents: 1488 diff changeset	428 my $content = <$fh>;
2d371452658c Tests: fixed serving binary OCSP responses on win32. Sergey Kandaurov <pluknet@nginx.com> parents: 1488 diff changeset	429 close $fh;
2d371452658c Tests: fixed serving binary OCSP responses on win32. Sergey Kandaurov <pluknet@nginx.com> parents: 1488 diff changeset	430
2d371452658c Tests: fixed serving binary OCSP responses on win32. Sergey Kandaurov <pluknet@nginx.com> parents: 1488 diff changeset	431 print $client $headers . $content;
1330 b82ed2061f65 Tests: OCSP stapling tests. Sergey Kandaurov <pluknet@nginx.com> parents: diff changeset	432 }
b82ed2061f65 Tests: OCSP stapling tests. Sergey Kandaurov <pluknet@nginx.com> parents: diff changeset	433 }
b82ed2061f65 Tests: OCSP stapling tests. Sergey Kandaurov <pluknet@nginx.com> parents: diff changeset	434
b82ed2061f65 Tests: OCSP stapling tests. Sergey Kandaurov <pluknet@nginx.com> parents: diff changeset	435 ###############################################################################

Mercurial > hg > nginx-tests

annotate ssl_stapling.t @ 1842:af47a0b348a5