Mercurial > hg > nginx-tests
annotate ssl_reject_handshake.t @ 1752:ba6e24e38f03
Tests: improved stop_daemons() to send signal again.
As was observed, it's possible that a signal to complete a uwsgi daemon
can be ignored while it is starting up, which results in tests hang due
to eternal waiting on child processes termination. Notably, it is seen
when running tests with a high number of prove jobs on a low-profile VM
against nginx with broken modules and/or configuration. To reproduce:
$ TEST_NGINX_GLOBALS=ERROR prove -j16 uwsgi*.t
Inspecting uwsgi under ktrace on FreeBSD confirms that a SIGTERM signal
is ignored at the very beginning of uwsgi startup. It is then replaced
with a default action after listen(), thus waiting until uwsgi is ready
to accept new TCP connections doesn't completely solve the hang window.
The fix is to retry sending a signal some time after waitpid(WNOHANG)
continuously demonstrated no progress with reaping a signaled process.
It is modelled after f13ead27f89c that improved stop() for nginx.
author | Sergey Kandaurov <pluknet@nginx.com> |
---|---|
date | Wed, 29 Dec 2021 22:29:23 +0300 |
parents | 5ac6efbe5552 |
children | 2a7fc70900a5 |
rev | line source |
---|---|
1601
376cbc2c2b20
Tests: ssl_reject_handshake tests.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
1 #!/usr/bin/perl |
376cbc2c2b20
Tests: ssl_reject_handshake tests.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
2 |
376cbc2c2b20
Tests: ssl_reject_handshake tests.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
3 # (C) Sergey Kandaurov |
376cbc2c2b20
Tests: ssl_reject_handshake tests.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
4 # (C) Nginx, Inc. |
376cbc2c2b20
Tests: ssl_reject_handshake tests.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
5 |
376cbc2c2b20
Tests: ssl_reject_handshake tests.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
6 # Tests for http ssl module, ssl_reject_handshake. |
376cbc2c2b20
Tests: ssl_reject_handshake tests.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
7 |
376cbc2c2b20
Tests: ssl_reject_handshake tests.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
8 ############################################################################### |
376cbc2c2b20
Tests: ssl_reject_handshake tests.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
9 |
376cbc2c2b20
Tests: ssl_reject_handshake tests.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
10 use warnings; |
376cbc2c2b20
Tests: ssl_reject_handshake tests.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
11 use strict; |
376cbc2c2b20
Tests: ssl_reject_handshake tests.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
12 |
376cbc2c2b20
Tests: ssl_reject_handshake tests.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
13 use Test::More; |
376cbc2c2b20
Tests: ssl_reject_handshake tests.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
14 |
376cbc2c2b20
Tests: ssl_reject_handshake tests.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
15 BEGIN { use FindBin; chdir($FindBin::Bin); } |
376cbc2c2b20
Tests: ssl_reject_handshake tests.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
16 |
376cbc2c2b20
Tests: ssl_reject_handshake tests.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
17 use lib 'lib'; |
376cbc2c2b20
Tests: ssl_reject_handshake tests.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
18 use Test::Nginx; |
376cbc2c2b20
Tests: ssl_reject_handshake tests.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
19 |
376cbc2c2b20
Tests: ssl_reject_handshake tests.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
20 ############################################################################### |
376cbc2c2b20
Tests: ssl_reject_handshake tests.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
21 |
376cbc2c2b20
Tests: ssl_reject_handshake tests.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
22 select STDERR; $| = 1; |
376cbc2c2b20
Tests: ssl_reject_handshake tests.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
23 select STDOUT; $| = 1; |
376cbc2c2b20
Tests: ssl_reject_handshake tests.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
24 |
376cbc2c2b20
Tests: ssl_reject_handshake tests.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
25 eval { require IO::Socket::SSL; }; |
376cbc2c2b20
Tests: ssl_reject_handshake tests.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
26 plan(skip_all => 'IO::Socket::SSL not installed') if $@; |
1602
d35db22947ab
Tests: fixed ssl_reject_handshake.t with too old IO::Socket::SSL.
Sergey Kandaurov <pluknet@nginx.com>
parents:
1601
diff
changeset
|
27 eval { IO::Socket::SSL->can_client_sni() or die; }; |
d35db22947ab
Tests: fixed ssl_reject_handshake.t with too old IO::Socket::SSL.
Sergey Kandaurov <pluknet@nginx.com>
parents:
1601
diff
changeset
|
28 plan(skip_all => 'IO::Socket::SSL with OpenSSL SNI support required') if $@; |
1601
376cbc2c2b20
Tests: ssl_reject_handshake tests.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
29 |
1602
d35db22947ab
Tests: fixed ssl_reject_handshake.t with too old IO::Socket::SSL.
Sergey Kandaurov <pluknet@nginx.com>
parents:
1601
diff
changeset
|
30 my $t = Test::Nginx->new()->has(qw/http http_ssl sni/)->has_daemon('openssl'); |
1601
376cbc2c2b20
Tests: ssl_reject_handshake tests.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
31 |
376cbc2c2b20
Tests: ssl_reject_handshake tests.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
32 $t->write_file_expand('nginx.conf', <<'EOF'); |
376cbc2c2b20
Tests: ssl_reject_handshake tests.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
33 |
376cbc2c2b20
Tests: ssl_reject_handshake tests.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
34 %%TEST_GLOBALS%% |
376cbc2c2b20
Tests: ssl_reject_handshake tests.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
35 |
376cbc2c2b20
Tests: ssl_reject_handshake tests.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
36 daemon off; |
376cbc2c2b20
Tests: ssl_reject_handshake tests.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
37 |
376cbc2c2b20
Tests: ssl_reject_handshake tests.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
38 events { |
376cbc2c2b20
Tests: ssl_reject_handshake tests.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
39 } |
376cbc2c2b20
Tests: ssl_reject_handshake tests.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
40 |
376cbc2c2b20
Tests: ssl_reject_handshake tests.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
41 http { |
376cbc2c2b20
Tests: ssl_reject_handshake tests.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
42 %%TEST_GLOBALS_HTTP%% |
376cbc2c2b20
Tests: ssl_reject_handshake tests.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
43 |
376cbc2c2b20
Tests: ssl_reject_handshake tests.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
44 add_header X-Name $ssl_server_name; |
376cbc2c2b20
Tests: ssl_reject_handshake tests.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
45 |
376cbc2c2b20
Tests: ssl_reject_handshake tests.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
46 server { |
376cbc2c2b20
Tests: ssl_reject_handshake tests.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
47 listen 127.0.0.1:8080 ssl; |
376cbc2c2b20
Tests: ssl_reject_handshake tests.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
48 server_name localhost; |
376cbc2c2b20
Tests: ssl_reject_handshake tests.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
49 |
376cbc2c2b20
Tests: ssl_reject_handshake tests.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
50 ssl_reject_handshake on; |
376cbc2c2b20
Tests: ssl_reject_handshake tests.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
51 } |
376cbc2c2b20
Tests: ssl_reject_handshake tests.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
52 |
376cbc2c2b20
Tests: ssl_reject_handshake tests.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
53 server { |
376cbc2c2b20
Tests: ssl_reject_handshake tests.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
54 listen 127.0.0.1:8081; |
376cbc2c2b20
Tests: ssl_reject_handshake tests.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
55 server_name ssl; |
376cbc2c2b20
Tests: ssl_reject_handshake tests.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
56 |
376cbc2c2b20
Tests: ssl_reject_handshake tests.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
57 ssl on; |
376cbc2c2b20
Tests: ssl_reject_handshake tests.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
58 ssl_reject_handshake on; |
376cbc2c2b20
Tests: ssl_reject_handshake tests.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
59 } |
376cbc2c2b20
Tests: ssl_reject_handshake tests.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
60 |
376cbc2c2b20
Tests: ssl_reject_handshake tests.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
61 server { |
376cbc2c2b20
Tests: ssl_reject_handshake tests.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
62 listen 127.0.0.1:8080 ssl; |
376cbc2c2b20
Tests: ssl_reject_handshake tests.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
63 listen 127.0.0.1:8081 ssl; |
376cbc2c2b20
Tests: ssl_reject_handshake tests.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
64 server_name virtual; |
376cbc2c2b20
Tests: ssl_reject_handshake tests.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
65 |
376cbc2c2b20
Tests: ssl_reject_handshake tests.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
66 ssl_certificate localhost.crt; |
376cbc2c2b20
Tests: ssl_reject_handshake tests.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
67 ssl_certificate_key localhost.key; |
376cbc2c2b20
Tests: ssl_reject_handshake tests.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
68 } |
376cbc2c2b20
Tests: ssl_reject_handshake tests.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
69 |
376cbc2c2b20
Tests: ssl_reject_handshake tests.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
70 server { |
376cbc2c2b20
Tests: ssl_reject_handshake tests.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
71 listen 127.0.0.1:8082 ssl; |
376cbc2c2b20
Tests: ssl_reject_handshake tests.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
72 server_name localhost; |
376cbc2c2b20
Tests: ssl_reject_handshake tests.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
73 |
376cbc2c2b20
Tests: ssl_reject_handshake tests.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
74 ssl_certificate localhost.crt; |
376cbc2c2b20
Tests: ssl_reject_handshake tests.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
75 ssl_certificate_key localhost.key; |
376cbc2c2b20
Tests: ssl_reject_handshake tests.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
76 } |
376cbc2c2b20
Tests: ssl_reject_handshake tests.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
77 |
376cbc2c2b20
Tests: ssl_reject_handshake tests.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
78 server { |
376cbc2c2b20
Tests: ssl_reject_handshake tests.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
79 listen 127.0.0.1:8082 ssl; |
376cbc2c2b20
Tests: ssl_reject_handshake tests.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
80 server_name virtual1; |
376cbc2c2b20
Tests: ssl_reject_handshake tests.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
81 } |
376cbc2c2b20
Tests: ssl_reject_handshake tests.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
82 |
376cbc2c2b20
Tests: ssl_reject_handshake tests.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
83 server { |
376cbc2c2b20
Tests: ssl_reject_handshake tests.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
84 listen 127.0.0.1:8082 ssl; |
376cbc2c2b20
Tests: ssl_reject_handshake tests.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
85 server_name virtual2; |
376cbc2c2b20
Tests: ssl_reject_handshake tests.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
86 |
376cbc2c2b20
Tests: ssl_reject_handshake tests.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
87 ssl_reject_handshake on; |
376cbc2c2b20
Tests: ssl_reject_handshake tests.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
88 } |
376cbc2c2b20
Tests: ssl_reject_handshake tests.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
89 } |
376cbc2c2b20
Tests: ssl_reject_handshake tests.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
90 |
376cbc2c2b20
Tests: ssl_reject_handshake tests.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
91 EOF |
376cbc2c2b20
Tests: ssl_reject_handshake tests.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
92 |
376cbc2c2b20
Tests: ssl_reject_handshake tests.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
93 $t->write_file('openssl.conf', <<EOF); |
376cbc2c2b20
Tests: ssl_reject_handshake tests.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
94 [ req ] |
376cbc2c2b20
Tests: ssl_reject_handshake tests.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
95 default_bits = 2048 |
376cbc2c2b20
Tests: ssl_reject_handshake tests.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
96 encrypt_key = no |
376cbc2c2b20
Tests: ssl_reject_handshake tests.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
97 distinguished_name = req_distinguished_name |
376cbc2c2b20
Tests: ssl_reject_handshake tests.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
98 [ req_distinguished_name ] |
376cbc2c2b20
Tests: ssl_reject_handshake tests.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
99 EOF |
376cbc2c2b20
Tests: ssl_reject_handshake tests.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
100 |
376cbc2c2b20
Tests: ssl_reject_handshake tests.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
101 my $d = $t->testdir(); |
376cbc2c2b20
Tests: ssl_reject_handshake tests.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
102 |
376cbc2c2b20
Tests: ssl_reject_handshake tests.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
103 foreach my $name ('localhost') { |
376cbc2c2b20
Tests: ssl_reject_handshake tests.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
104 system('openssl req -x509 -new ' |
376cbc2c2b20
Tests: ssl_reject_handshake tests.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
105 . "-config $d/openssl.conf -subj /CN=$name/ " |
376cbc2c2b20
Tests: ssl_reject_handshake tests.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
106 . "-out $d/$name.crt -keyout $d/$name.key " |
376cbc2c2b20
Tests: ssl_reject_handshake tests.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
107 . ">>$d/openssl.out 2>&1") == 0 |
376cbc2c2b20
Tests: ssl_reject_handshake tests.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
108 or die "Can't create certificate for $name: $!\n"; |
376cbc2c2b20
Tests: ssl_reject_handshake tests.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
109 } |
376cbc2c2b20
Tests: ssl_reject_handshake tests.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
110 |
376cbc2c2b20
Tests: ssl_reject_handshake tests.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
111 $t->write_file('index.html', ''); |
1693
5ac6efbe5552
Tests: removed TODO and try_run() checks for legacy versions.
Sergey Kandaurov <pluknet@nginx.com>
parents:
1602
diff
changeset
|
112 |
5ac6efbe5552
Tests: removed TODO and try_run() checks for legacy versions.
Sergey Kandaurov <pluknet@nginx.com>
parents:
1602
diff
changeset
|
113 # suppress deprecation warning |
5ac6efbe5552
Tests: removed TODO and try_run() checks for legacy versions.
Sergey Kandaurov <pluknet@nginx.com>
parents:
1602
diff
changeset
|
114 |
5ac6efbe5552
Tests: removed TODO and try_run() checks for legacy versions.
Sergey Kandaurov <pluknet@nginx.com>
parents:
1602
diff
changeset
|
115 open OLDERR, ">&", \*STDERR; close STDERR; |
5ac6efbe5552
Tests: removed TODO and try_run() checks for legacy versions.
Sergey Kandaurov <pluknet@nginx.com>
parents:
1602
diff
changeset
|
116 $t->run()->plan(9); |
5ac6efbe5552
Tests: removed TODO and try_run() checks for legacy versions.
Sergey Kandaurov <pluknet@nginx.com>
parents:
1602
diff
changeset
|
117 open STDERR, ">&", \*OLDERR; |
1601
376cbc2c2b20
Tests: ssl_reject_handshake tests.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
118 |
376cbc2c2b20
Tests: ssl_reject_handshake tests.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
119 ############################################################################### |
376cbc2c2b20
Tests: ssl_reject_handshake tests.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
120 |
376cbc2c2b20
Tests: ssl_reject_handshake tests.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
121 # default virtual server rejected |
376cbc2c2b20
Tests: ssl_reject_handshake tests.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
122 |
376cbc2c2b20
Tests: ssl_reject_handshake tests.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
123 like(get('default', 8080), qr/unrecognized name/, 'default rejected'); |
376cbc2c2b20
Tests: ssl_reject_handshake tests.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
124 like(get(undef, 8080), qr/unrecognized name/, 'absent sni rejected'); |
376cbc2c2b20
Tests: ssl_reject_handshake tests.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
125 like(get('virtual', 8080), qr/virtual/, 'virtual accepted'); |
376cbc2c2b20
Tests: ssl_reject_handshake tests.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
126 |
376cbc2c2b20
Tests: ssl_reject_handshake tests.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
127 # default virtual server rejected - ssl on |
376cbc2c2b20
Tests: ssl_reject_handshake tests.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
128 |
376cbc2c2b20
Tests: ssl_reject_handshake tests.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
129 like(get('default', 8081), qr/unrecognized name/, 'default rejected - ssl on'); |
376cbc2c2b20
Tests: ssl_reject_handshake tests.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
130 like(get('virtual', 8081), qr/virtual/, 'virtual accepted - ssl on'); |
376cbc2c2b20
Tests: ssl_reject_handshake tests.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
131 |
376cbc2c2b20
Tests: ssl_reject_handshake tests.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
132 # non-default server "virtual2" rejected |
376cbc2c2b20
Tests: ssl_reject_handshake tests.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
133 |
376cbc2c2b20
Tests: ssl_reject_handshake tests.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
134 like(get('default', 8082), qr/default/, 'default accepted'); |
376cbc2c2b20
Tests: ssl_reject_handshake tests.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
135 like(get(undef, 8082), qr/200 OK(?!.*X-Name)/is, 'absent sni accepted'); |
376cbc2c2b20
Tests: ssl_reject_handshake tests.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
136 like(get('virtual1', 8082), qr/virtual1/, 'virtual 1 accepted'); |
376cbc2c2b20
Tests: ssl_reject_handshake tests.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
137 like(get('virtual2', 8082), qr/unrecognized name/, 'virtual 2 rejected'); |
376cbc2c2b20
Tests: ssl_reject_handshake tests.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
138 |
376cbc2c2b20
Tests: ssl_reject_handshake tests.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
139 ############################################################################### |
376cbc2c2b20
Tests: ssl_reject_handshake tests.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
140 |
376cbc2c2b20
Tests: ssl_reject_handshake tests.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
141 sub get { |
376cbc2c2b20
Tests: ssl_reject_handshake tests.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
142 my ($host, $port) = @_; |
376cbc2c2b20
Tests: ssl_reject_handshake tests.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
143 my $s = get_ssl_socket($host, $port) or return $@; |
376cbc2c2b20
Tests: ssl_reject_handshake tests.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
144 $host = 'localhost' if !defined $host; |
376cbc2c2b20
Tests: ssl_reject_handshake tests.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
145 my $r = http(<<EOF, socket => $s); |
376cbc2c2b20
Tests: ssl_reject_handshake tests.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
146 GET / HTTP/1.0 |
376cbc2c2b20
Tests: ssl_reject_handshake tests.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
147 Host: $host |
376cbc2c2b20
Tests: ssl_reject_handshake tests.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
148 |
376cbc2c2b20
Tests: ssl_reject_handshake tests.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
149 EOF |
376cbc2c2b20
Tests: ssl_reject_handshake tests.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
150 |
376cbc2c2b20
Tests: ssl_reject_handshake tests.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
151 $s->close(); |
376cbc2c2b20
Tests: ssl_reject_handshake tests.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
152 return $r; |
376cbc2c2b20
Tests: ssl_reject_handshake tests.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
153 } |
376cbc2c2b20
Tests: ssl_reject_handshake tests.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
154 |
376cbc2c2b20
Tests: ssl_reject_handshake tests.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
155 sub get_ssl_socket { |
376cbc2c2b20
Tests: ssl_reject_handshake tests.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
156 my ($host, $port) = @_; |
376cbc2c2b20
Tests: ssl_reject_handshake tests.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
157 my $s; |
376cbc2c2b20
Tests: ssl_reject_handshake tests.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
158 |
376cbc2c2b20
Tests: ssl_reject_handshake tests.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
159 eval { |
376cbc2c2b20
Tests: ssl_reject_handshake tests.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
160 local $SIG{ALRM} = sub { die "timeout\n" }; |
376cbc2c2b20
Tests: ssl_reject_handshake tests.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
161 local $SIG{PIPE} = sub { die "sigpipe\n" }; |
376cbc2c2b20
Tests: ssl_reject_handshake tests.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
162 alarm(8); |
376cbc2c2b20
Tests: ssl_reject_handshake tests.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
163 $s = IO::Socket::SSL->new( |
376cbc2c2b20
Tests: ssl_reject_handshake tests.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
164 Proto => 'tcp', |
376cbc2c2b20
Tests: ssl_reject_handshake tests.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
165 PeerAddr => '127.0.0.1', |
376cbc2c2b20
Tests: ssl_reject_handshake tests.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
166 PeerPort => port($port), |
376cbc2c2b20
Tests: ssl_reject_handshake tests.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
167 SSL_hostname => $host, |
376cbc2c2b20
Tests: ssl_reject_handshake tests.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
168 SSL_verify_mode => IO::Socket::SSL::SSL_VERIFY_NONE(), |
376cbc2c2b20
Tests: ssl_reject_handshake tests.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
169 SSL_error_trap => sub { die $_[1] }, |
376cbc2c2b20
Tests: ssl_reject_handshake tests.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
170 ); |
376cbc2c2b20
Tests: ssl_reject_handshake tests.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
171 alarm(0); |
376cbc2c2b20
Tests: ssl_reject_handshake tests.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
172 }; |
376cbc2c2b20
Tests: ssl_reject_handshake tests.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
173 alarm(0); |
376cbc2c2b20
Tests: ssl_reject_handshake tests.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
174 |
376cbc2c2b20
Tests: ssl_reject_handshake tests.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
175 if ($@) { |
376cbc2c2b20
Tests: ssl_reject_handshake tests.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
176 log_in("died: $@"); |
376cbc2c2b20
Tests: ssl_reject_handshake tests.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
177 return undef; |
376cbc2c2b20
Tests: ssl_reject_handshake tests.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
178 } |
376cbc2c2b20
Tests: ssl_reject_handshake tests.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
179 |
376cbc2c2b20
Tests: ssl_reject_handshake tests.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
180 return $s; |
376cbc2c2b20
Tests: ssl_reject_handshake tests.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
181 } |
376cbc2c2b20
Tests: ssl_reject_handshake tests.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
182 |
376cbc2c2b20
Tests: ssl_reject_handshake tests.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
183 ############################################################################### |