Mercurial > hg > nginx-tests
annotate ssl_engine_keys.t @ 1752:ba6e24e38f03
Tests: improved stop_daemons() to send signal again.
As was observed, it's possible that a signal to complete a uwsgi daemon
can be ignored while it is starting up, which results in tests hang due
to eternal waiting on child processes termination. Notably, it is seen
when running tests with a high number of prove jobs on a low-profile VM
against nginx with broken modules and/or configuration. To reproduce:
$ TEST_NGINX_GLOBALS=ERROR prove -j16 uwsgi*.t
Inspecting uwsgi under ktrace on FreeBSD confirms that a SIGTERM signal
is ignored at the very beginning of uwsgi startup. It is then replaced
with a default action after listen(), thus waiting until uwsgi is ready
to accept new TCP connections doesn't completely solve the hang window.
The fix is to retry sending a signal some time after waitpid(WNOHANG)
continuously demonstrated no progress with reaping a signaled process.
It is modelled after f13ead27f89c that improved stop() for nginx.
| author | Sergey Kandaurov <pluknet@nginx.com> |
|---|---|
| date | Wed, 29 Dec 2021 22:29:23 +0300 |
| parents | 7f09d144d15c |
| children |
| rev | line source |
|---|---|
|
516
2bc470a58621
Tests: test for loading "engine:..." keys.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
1 #!/usr/bin/perl |
|
2bc470a58621
Tests: test for loading "engine:..." keys.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
2 |
|
2bc470a58621
Tests: test for loading "engine:..." keys.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
3 # (C) Sergey Kandaurov |
|
2bc470a58621
Tests: test for loading "engine:..." keys.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
4 # (C) Nginx, Inc. |
|
2bc470a58621
Tests: test for loading "engine:..." keys.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
5 |
|
2bc470a58621
Tests: test for loading "engine:..." keys.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
6 # Tests for http ssl module, loading "engine:..." keys. |
|
2bc470a58621
Tests: test for loading "engine:..." keys.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
7 |
|
2bc470a58621
Tests: test for loading "engine:..." keys.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
8 ############################################################################### |
|
2bc470a58621
Tests: test for loading "engine:..." keys.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
9 |
|
2bc470a58621
Tests: test for loading "engine:..." keys.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
10 use warnings; |
|
2bc470a58621
Tests: test for loading "engine:..." keys.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
11 use strict; |
|
2bc470a58621
Tests: test for loading "engine:..." keys.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
12 |
|
2bc470a58621
Tests: test for loading "engine:..." keys.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
13 use Test::More; |
|
2bc470a58621
Tests: test for loading "engine:..." keys.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
14 |
|
2bc470a58621
Tests: test for loading "engine:..." keys.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
15 BEGIN { use FindBin; chdir($FindBin::Bin); } |
|
2bc470a58621
Tests: test for loading "engine:..." keys.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
16 |
|
2bc470a58621
Tests: test for loading "engine:..." keys.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
17 use lib 'lib'; |
|
2bc470a58621
Tests: test for loading "engine:..." keys.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
18 use Test::Nginx; |
|
2bc470a58621
Tests: test for loading "engine:..." keys.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
19 |
|
2bc470a58621
Tests: test for loading "engine:..." keys.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
20 ############################################################################### |
|
2bc470a58621
Tests: test for loading "engine:..." keys.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
21 |
|
2bc470a58621
Tests: test for loading "engine:..." keys.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
22 select STDERR; $| = 1; |
|
2bc470a58621
Tests: test for loading "engine:..." keys.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
23 select STDOUT; $| = 1; |
|
2bc470a58621
Tests: test for loading "engine:..." keys.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
24 |
|
2bc470a58621
Tests: test for loading "engine:..." keys.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
25 plan(skip_all => 'win32') if $^O eq 'MSWin32'; |
|
2bc470a58621
Tests: test for loading "engine:..." keys.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
26 |
|
2bc470a58621
Tests: test for loading "engine:..." keys.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
27 plan(skip_all => 'may not work, leaves coredump') |
|
2bc470a58621
Tests: test for loading "engine:..." keys.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
28 unless $ENV{TEST_NGINX_UNSAFE}; |
|
2bc470a58621
Tests: test for loading "engine:..." keys.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
29 |
|
914
3ac4036b139d
Tests: fixed proxy prerequisites.
Sergey Kandaurov <pluknet@nginx.com>
parents:
568
diff
changeset
|
30 my $t = Test::Nginx->new()->has(qw/http proxy http_ssl/)->has_daemon('openssl') |
|
1747
7f09d144d15c
Tests: updated ssl_engine_keys.t test to use SoftHSM v2.
Maxim Dounin <mdounin@mdounin.ru>
parents:
1535
diff
changeset
|
31 ->has_daemon('softhsm2-util')->has_daemon('pkcs11-tool')->plan(2); |
|
516
2bc470a58621
Tests: test for loading "engine:..." keys.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
32 |
|
2bc470a58621
Tests: test for loading "engine:..." keys.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
33 $t->write_file_expand('nginx.conf', <<'EOF'); |
|
2bc470a58621
Tests: test for loading "engine:..." keys.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
34 |
|
2bc470a58621
Tests: test for loading "engine:..." keys.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
35 %%TEST_GLOBALS%% |
|
2bc470a58621
Tests: test for loading "engine:..." keys.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
36 |
|
2bc470a58621
Tests: test for loading "engine:..." keys.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
37 daemon off; |
|
2bc470a58621
Tests: test for loading "engine:..." keys.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
38 |
|
2bc470a58621
Tests: test for loading "engine:..." keys.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
39 events { |
|
2bc470a58621
Tests: test for loading "engine:..." keys.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
40 } |
|
2bc470a58621
Tests: test for loading "engine:..." keys.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
41 |
|
2bc470a58621
Tests: test for loading "engine:..." keys.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
42 http { |
|
2bc470a58621
Tests: test for loading "engine:..." keys.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
43 %%TEST_GLOBALS_HTTP%% |
|
2bc470a58621
Tests: test for loading "engine:..." keys.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
44 |
|
2bc470a58621
Tests: test for loading "engine:..." keys.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
45 server { |
|
974
882267679006
Tests: simplified parallel modifications in tests.
Andrey Zelenkov <zelenkov@nginx.com>
parents:
952
diff
changeset
|
46 listen 127.0.0.1:8081 ssl; |
|
882267679006
Tests: simplified parallel modifications in tests.
Andrey Zelenkov <zelenkov@nginx.com>
parents:
952
diff
changeset
|
47 listen 127.0.0.1:8080; |
|
516
2bc470a58621
Tests: test for loading "engine:..." keys.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
48 server_name localhost; |
|
2bc470a58621
Tests: test for loading "engine:..." keys.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
49 |
|
1328
a682c219af45
Tests: updated ssl_engine_keys.t test.
Maxim Dounin <mdounin@mdounin.ru>
parents:
1220
diff
changeset
|
50 ssl_certificate localhost.crt; |
|
1747
7f09d144d15c
Tests: updated ssl_engine_keys.t test to use SoftHSM v2.
Maxim Dounin <mdounin@mdounin.ru>
parents:
1535
diff
changeset
|
51 ssl_certificate_key engine:pkcs11:id_00; |
|
516
2bc470a58621
Tests: test for loading "engine:..." keys.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
52 |
|
2bc470a58621
Tests: test for loading "engine:..." keys.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
53 location / { |
|
2bc470a58621
Tests: test for loading "engine:..." keys.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
54 # index index.html by default |
|
2bc470a58621
Tests: test for loading "engine:..." keys.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
55 } |
|
1446
44973a23b031
Tests: loading "engine:..." keys with certificate variable.
Sergey Kandaurov <pluknet@nginx.com>
parents:
1328
diff
changeset
|
56 |
|
516
2bc470a58621
Tests: test for loading "engine:..." keys.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
57 location /proxy { |
|
974
882267679006
Tests: simplified parallel modifications in tests.
Andrey Zelenkov <zelenkov@nginx.com>
parents:
952
diff
changeset
|
58 proxy_pass https://127.0.0.1:8081/; |
|
516
2bc470a58621
Tests: test for loading "engine:..." keys.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
59 } |
|
1446
44973a23b031
Tests: loading "engine:..." keys with certificate variable.
Sergey Kandaurov <pluknet@nginx.com>
parents:
1328
diff
changeset
|
60 |
|
44973a23b031
Tests: loading "engine:..." keys with certificate variable.
Sergey Kandaurov <pluknet@nginx.com>
parents:
1328
diff
changeset
|
61 location /var { |
|
44973a23b031
Tests: loading "engine:..." keys with certificate variable.
Sergey Kandaurov <pluknet@nginx.com>
parents:
1328
diff
changeset
|
62 proxy_pass https://127.0.0.1:8082/; |
|
44973a23b031
Tests: loading "engine:..." keys with certificate variable.
Sergey Kandaurov <pluknet@nginx.com>
parents:
1328
diff
changeset
|
63 proxy_ssl_name localhost; |
|
44973a23b031
Tests: loading "engine:..." keys with certificate variable.
Sergey Kandaurov <pluknet@nginx.com>
parents:
1328
diff
changeset
|
64 proxy_ssl_server_name on; |
|
44973a23b031
Tests: loading "engine:..." keys with certificate variable.
Sergey Kandaurov <pluknet@nginx.com>
parents:
1328
diff
changeset
|
65 } |
|
44973a23b031
Tests: loading "engine:..." keys with certificate variable.
Sergey Kandaurov <pluknet@nginx.com>
parents:
1328
diff
changeset
|
66 } |
|
44973a23b031
Tests: loading "engine:..." keys with certificate variable.
Sergey Kandaurov <pluknet@nginx.com>
parents:
1328
diff
changeset
|
67 |
|
44973a23b031
Tests: loading "engine:..." keys with certificate variable.
Sergey Kandaurov <pluknet@nginx.com>
parents:
1328
diff
changeset
|
68 server { |
|
44973a23b031
Tests: loading "engine:..." keys with certificate variable.
Sergey Kandaurov <pluknet@nginx.com>
parents:
1328
diff
changeset
|
69 listen 127.0.0.1:8082 ssl; |
|
44973a23b031
Tests: loading "engine:..." keys with certificate variable.
Sergey Kandaurov <pluknet@nginx.com>
parents:
1328
diff
changeset
|
70 server_name localhost; |
|
44973a23b031
Tests: loading "engine:..." keys with certificate variable.
Sergey Kandaurov <pluknet@nginx.com>
parents:
1328
diff
changeset
|
71 |
|
44973a23b031
Tests: loading "engine:..." keys with certificate variable.
Sergey Kandaurov <pluknet@nginx.com>
parents:
1328
diff
changeset
|
72 ssl_certificate $ssl_server_name.crt; |
|
1747
7f09d144d15c
Tests: updated ssl_engine_keys.t test to use SoftHSM v2.
Maxim Dounin <mdounin@mdounin.ru>
parents:
1535
diff
changeset
|
73 ssl_certificate_key engine:pkcs11:id_00; |
|
1446
44973a23b031
Tests: loading "engine:..." keys with certificate variable.
Sergey Kandaurov <pluknet@nginx.com>
parents:
1328
diff
changeset
|
74 |
|
44973a23b031
Tests: loading "engine:..." keys with certificate variable.
Sergey Kandaurov <pluknet@nginx.com>
parents:
1328
diff
changeset
|
75 location / { |
|
44973a23b031
Tests: loading "engine:..." keys with certificate variable.
Sergey Kandaurov <pluknet@nginx.com>
parents:
1328
diff
changeset
|
76 # index index.html by default |
|
44973a23b031
Tests: loading "engine:..." keys with certificate variable.
Sergey Kandaurov <pluknet@nginx.com>
parents:
1328
diff
changeset
|
77 } |
|
516
2bc470a58621
Tests: test for loading "engine:..." keys.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
78 } |
|
2bc470a58621
Tests: test for loading "engine:..." keys.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
79 } |
|
2bc470a58621
Tests: test for loading "engine:..." keys.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
80 |
|
2bc470a58621
Tests: test for loading "engine:..." keys.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
81 EOF |
|
2bc470a58621
Tests: test for loading "engine:..." keys.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
82 |
|
2bc470a58621
Tests: test for loading "engine:..." keys.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
83 # Create a SoftHSM token with a secret key, and configure OpenSSL |
|
2bc470a58621
Tests: test for loading "engine:..." keys.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
84 # to access it using the pkcs11 engine, see detailed example |
|
2bc470a58621
Tests: test for loading "engine:..." keys.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
85 # posted by Dmitrii Pichulin here: |
|
2bc470a58621
Tests: test for loading "engine:..." keys.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
86 # |
|
2bc470a58621
Tests: test for loading "engine:..." keys.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
87 # http://mailman.nginx.org/pipermail/nginx-devel/2014-October/006151.html |
|
2bc470a58621
Tests: test for loading "engine:..." keys.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
88 # |
|
2bc470a58621
Tests: test for loading "engine:..." keys.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
89 # Note that library paths may differ on different systems, |
|
2bc470a58621
Tests: test for loading "engine:..." keys.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
90 # and may need to be adjusted. |
|
2bc470a58621
Tests: test for loading "engine:..." keys.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
91 |
|
2bc470a58621
Tests: test for loading "engine:..." keys.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
92 $t->write_file('openssl.conf', <<EOF); |
|
2bc470a58621
Tests: test for loading "engine:..." keys.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
93 openssl_conf = openssl_def |
|
2bc470a58621
Tests: test for loading "engine:..." keys.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
94 |
|
2bc470a58621
Tests: test for loading "engine:..." keys.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
95 [openssl_def] |
|
2bc470a58621
Tests: test for loading "engine:..." keys.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
96 engines = engine_section |
|
2bc470a58621
Tests: test for loading "engine:..." keys.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
97 |
|
2bc470a58621
Tests: test for loading "engine:..." keys.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
98 [engine_section] |
|
2bc470a58621
Tests: test for loading "engine:..." keys.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
99 pkcs11 = pkcs11_section |
|
2bc470a58621
Tests: test for loading "engine:..." keys.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
100 |
|
2bc470a58621
Tests: test for loading "engine:..." keys.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
101 [pkcs11_section] |
|
2bc470a58621
Tests: test for loading "engine:..." keys.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
102 engine_id = pkcs11 |
|
1328
a682c219af45
Tests: updated ssl_engine_keys.t test.
Maxim Dounin <mdounin@mdounin.ru>
parents:
1220
diff
changeset
|
103 dynamic_path = /usr/local/lib/engines/pkcs11.so |
|
1747
7f09d144d15c
Tests: updated ssl_engine_keys.t test to use SoftHSM v2.
Maxim Dounin <mdounin@mdounin.ru>
parents:
1535
diff
changeset
|
104 MODULE_PATH = /usr/local/lib/softhsm/libsofthsm2.so |
|
1328
a682c219af45
Tests: updated ssl_engine_keys.t test.
Maxim Dounin <mdounin@mdounin.ru>
parents:
1220
diff
changeset
|
105 init = 1 |
|
516
2bc470a58621
Tests: test for loading "engine:..." keys.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
106 PIN = 1234 |
|
2bc470a58621
Tests: test for loading "engine:..." keys.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
107 |
|
2bc470a58621
Tests: test for loading "engine:..." keys.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
108 [ req ] |
|
1488
dbce8fb5f5f8
Tests: align with OpenSSL security level 2.
Sergey Kandaurov <pluknet@nginx.com>
parents:
1446
diff
changeset
|
109 default_bits = 2048 |
|
516
2bc470a58621
Tests: test for loading "engine:..." keys.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
110 encrypt_key = no |
|
2bc470a58621
Tests: test for loading "engine:..." keys.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
111 distinguished_name = req_distinguished_name |
|
2bc470a58621
Tests: test for loading "engine:..." keys.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
112 [ req_distinguished_name ] |
|
2bc470a58621
Tests: test for loading "engine:..." keys.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
113 EOF |
|
2bc470a58621
Tests: test for loading "engine:..." keys.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
114 |
|
2bc470a58621
Tests: test for loading "engine:..." keys.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
115 my $d = $t->testdir(); |
|
2bc470a58621
Tests: test for loading "engine:..." keys.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
116 |
|
1747
7f09d144d15c
Tests: updated ssl_engine_keys.t test to use SoftHSM v2.
Maxim Dounin <mdounin@mdounin.ru>
parents:
1535
diff
changeset
|
117 $t->write_file('softhsm2.conf', <<EOF); |
|
7f09d144d15c
Tests: updated ssl_engine_keys.t test to use SoftHSM v2.
Maxim Dounin <mdounin@mdounin.ru>
parents:
1535
diff
changeset
|
118 directories.tokendir = $d/tokens/ |
|
7f09d144d15c
Tests: updated ssl_engine_keys.t test to use SoftHSM v2.
Maxim Dounin <mdounin@mdounin.ru>
parents:
1535
diff
changeset
|
119 objectstore.backend = file |
|
516
2bc470a58621
Tests: test for loading "engine:..." keys.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
120 EOF |
|
2bc470a58621
Tests: test for loading "engine:..." keys.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
121 |
|
1747
7f09d144d15c
Tests: updated ssl_engine_keys.t test to use SoftHSM v2.
Maxim Dounin <mdounin@mdounin.ru>
parents:
1535
diff
changeset
|
122 mkdir($d . '/tokens'); |
|
7f09d144d15c
Tests: updated ssl_engine_keys.t test to use SoftHSM v2.
Maxim Dounin <mdounin@mdounin.ru>
parents:
1535
diff
changeset
|
123 |
|
7f09d144d15c
Tests: updated ssl_engine_keys.t test to use SoftHSM v2.
Maxim Dounin <mdounin@mdounin.ru>
parents:
1535
diff
changeset
|
124 $ENV{SOFTHSM2_CONF} = "$d/softhsm2.conf"; |
|
516
2bc470a58621
Tests: test for loading "engine:..." keys.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
125 $ENV{OPENSSL_CONF} = "$d/openssl.conf"; |
|
2bc470a58621
Tests: test for loading "engine:..." keys.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
126 |
|
2bc470a58621
Tests: test for loading "engine:..." keys.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
127 foreach my $name ('localhost') { |
|
1747
7f09d144d15c
Tests: updated ssl_engine_keys.t test to use SoftHSM v2.
Maxim Dounin <mdounin@mdounin.ru>
parents:
1535
diff
changeset
|
128 system('softhsm2-util --init-token --slot 0 --label NginxZero ' |
|
516
2bc470a58621
Tests: test for loading "engine:..." keys.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
129 . '--pin 1234 --so-pin 1234 ' |
|
2bc470a58621
Tests: test for loading "engine:..." keys.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
130 . ">>$d/openssl.out 2>&1"); |
|
2bc470a58621
Tests: test for loading "engine:..." keys.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
131 |
|
1747
7f09d144d15c
Tests: updated ssl_engine_keys.t test to use SoftHSM v2.
Maxim Dounin <mdounin@mdounin.ru>
parents:
1535
diff
changeset
|
132 system('pkcs11-tool --module=/usr/local/lib/softhsm/libsofthsm2.so ' |
|
1488
dbce8fb5f5f8
Tests: align with OpenSSL security level 2.
Sergey Kandaurov <pluknet@nginx.com>
parents:
1446
diff
changeset
|
133 . '-p 1234 -l -k -d 0 -a nx_key_0 --key-type rsa:2048 ' |
|
516
2bc470a58621
Tests: test for loading "engine:..." keys.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
134 . ">>$d/openssl.out 2>&1"); |
|
2bc470a58621
Tests: test for loading "engine:..." keys.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
135 |
|
1747
7f09d144d15c
Tests: updated ssl_engine_keys.t test to use SoftHSM v2.
Maxim Dounin <mdounin@mdounin.ru>
parents:
1535
diff
changeset
|
136 system('openssl req -x509 -new ' |
|
7f09d144d15c
Tests: updated ssl_engine_keys.t test to use SoftHSM v2.
Maxim Dounin <mdounin@mdounin.ru>
parents:
1535
diff
changeset
|
137 . "-subj /CN=$name/ -out $d/$name.crt -text " |
|
7f09d144d15c
Tests: updated ssl_engine_keys.t test to use SoftHSM v2.
Maxim Dounin <mdounin@mdounin.ru>
parents:
1535
diff
changeset
|
138 . "-engine pkcs11 -keyform engine -key id_00 " |
|
516
2bc470a58621
Tests: test for loading "engine:..." keys.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
139 . ">>$d/openssl.out 2>&1") == 0 |
|
2bc470a58621
Tests: test for loading "engine:..." keys.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
140 or die "Can't create certificate for $name: $!\n"; |
|
2bc470a58621
Tests: test for loading "engine:..." keys.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
141 } |
|
2bc470a58621
Tests: test for loading "engine:..." keys.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
142 |
|
1535
144c6ce732e4
Tests: removed TODO and try_run() checks for legacy versions.
Sergey Kandaurov <pluknet@nginx.com>
parents:
1488
diff
changeset
|
143 $t->run(); |
|
516
2bc470a58621
Tests: test for loading "engine:..." keys.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
144 |
|
2bc470a58621
Tests: test for loading "engine:..." keys.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
145 $t->write_file('index.html', ''); |
|
2bc470a58621
Tests: test for loading "engine:..." keys.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
146 |
|
2bc470a58621
Tests: test for loading "engine:..." keys.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
147 ############################################################################### |
|
2bc470a58621
Tests: test for loading "engine:..." keys.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
148 |
|
2bc470a58621
Tests: test for loading "engine:..." keys.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
149 like(http_get('/proxy'), qr/200 OK/, 'ssl engine keys'); |
|
1446
44973a23b031
Tests: loading "engine:..." keys with certificate variable.
Sergey Kandaurov <pluknet@nginx.com>
parents:
1328
diff
changeset
|
150 like(http_get('/var'), qr/200 OK/, 'ssl_certificate with variable'); |
|
516
2bc470a58621
Tests: test for loading "engine:..." keys.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
151 |
|
2bc470a58621
Tests: test for loading "engine:..." keys.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
152 ############################################################################### |