Mercurial > hg > nginx-tests

annotate stream_proxy_ssl_certificate.t @ 1585:bff287fbf347

Find changesets by keywords (author, files, the commit message), revision number or hash, or revset expression.
Tests: added proxy_cookie_domain/path tests with "off" parameter.
author Sergey Kandaurov <pluknet@nginx.com>
date Thu, 23 Jul 2020 12:17:39 +0300
parents dbce8fb5f5f8
children f3ba4c74de31
Ignore whitespace changes - Everywhere: Within whitespace: At end of lines:
rev   line source
644
df8a498e0d50 Tests: stream proxy_ssl_certificate, proxy_ssl_password_file tests.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff changeset
1 #!/usr/bin/perl
df8a498e0d50 Tests: stream proxy_ssl_certificate, proxy_ssl_password_file tests.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff changeset
2
df8a498e0d50 Tests: stream proxy_ssl_certificate, proxy_ssl_password_file tests.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff changeset
3 # (C) Sergey Kandaurov
df8a498e0d50 Tests: stream proxy_ssl_certificate, proxy_ssl_password_file tests.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff changeset
4 # (C) Nginx, Inc.
df8a498e0d50 Tests: stream proxy_ssl_certificate, proxy_ssl_password_file tests.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff changeset
5
df8a498e0d50 Tests: stream proxy_ssl_certificate, proxy_ssl_password_file tests.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff changeset
6 # Tests for stream proxy module with proxy certificate to ssl backend.
df8a498e0d50 Tests: stream proxy_ssl_certificate, proxy_ssl_password_file tests.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff changeset
7 # The proxy_ssl_certificate and proxy_ssl_password_file directives.
df8a498e0d50 Tests: stream proxy_ssl_certificate, proxy_ssl_password_file tests.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff changeset
8
df8a498e0d50 Tests: stream proxy_ssl_certificate, proxy_ssl_password_file tests.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff changeset
9 ###############################################################################
df8a498e0d50 Tests: stream proxy_ssl_certificate, proxy_ssl_password_file tests.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff changeset
10
df8a498e0d50 Tests: stream proxy_ssl_certificate, proxy_ssl_password_file tests.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff changeset
11 use warnings;
df8a498e0d50 Tests: stream proxy_ssl_certificate, proxy_ssl_password_file tests.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff changeset
12 use strict;
df8a498e0d50 Tests: stream proxy_ssl_certificate, proxy_ssl_password_file tests.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff changeset
13
df8a498e0d50 Tests: stream proxy_ssl_certificate, proxy_ssl_password_file tests.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff changeset
14 use Test::More;
df8a498e0d50 Tests: stream proxy_ssl_certificate, proxy_ssl_password_file tests.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff changeset
15
df8a498e0d50 Tests: stream proxy_ssl_certificate, proxy_ssl_password_file tests.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff changeset
16 BEGIN { use FindBin; chdir($FindBin::Bin); }
df8a498e0d50 Tests: stream proxy_ssl_certificate, proxy_ssl_password_file tests.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff changeset
17
df8a498e0d50 Tests: stream proxy_ssl_certificate, proxy_ssl_password_file tests.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff changeset
18 use lib 'lib';
df8a498e0d50 Tests: stream proxy_ssl_certificate, proxy_ssl_password_file tests.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff changeset
19 use Test::Nginx;
df8a498e0d50 Tests: stream proxy_ssl_certificate, proxy_ssl_password_file tests.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff changeset
20
df8a498e0d50 Tests: stream proxy_ssl_certificate, proxy_ssl_password_file tests.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff changeset
21 ###############################################################################
df8a498e0d50 Tests: stream proxy_ssl_certificate, proxy_ssl_password_file tests.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff changeset
22
df8a498e0d50 Tests: stream proxy_ssl_certificate, proxy_ssl_password_file tests.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff changeset
23 select STDERR; $| = 1;
df8a498e0d50 Tests: stream proxy_ssl_certificate, proxy_ssl_password_file tests.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff changeset
24 select STDOUT; $| = 1;
df8a498e0d50 Tests: stream proxy_ssl_certificate, proxy_ssl_password_file tests.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff changeset
25
df8a498e0d50 Tests: stream proxy_ssl_certificate, proxy_ssl_password_file tests.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff changeset
26 my $t = Test::Nginx->new()->has(qw/stream stream_ssl http http_ssl/)
df8a498e0d50 Tests: stream proxy_ssl_certificate, proxy_ssl_password_file tests.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff changeset
27 ->has_daemon('openssl')->plan(5);
df8a498e0d50 Tests: stream proxy_ssl_certificate, proxy_ssl_password_file tests.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff changeset
28
df8a498e0d50 Tests: stream proxy_ssl_certificate, proxy_ssl_password_file tests.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff changeset
29 $t->write_file_expand('nginx.conf', <<'EOF');
df8a498e0d50 Tests: stream proxy_ssl_certificate, proxy_ssl_password_file tests.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff changeset
30
df8a498e0d50 Tests: stream proxy_ssl_certificate, proxy_ssl_password_file tests.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff changeset
31 %%TEST_GLOBALS%%
df8a498e0d50 Tests: stream proxy_ssl_certificate, proxy_ssl_password_file tests.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff changeset
32
df8a498e0d50 Tests: stream proxy_ssl_certificate, proxy_ssl_password_file tests.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff changeset
33 daemon off;
df8a498e0d50 Tests: stream proxy_ssl_certificate, proxy_ssl_password_file tests.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff changeset
34
df8a498e0d50 Tests: stream proxy_ssl_certificate, proxy_ssl_password_file tests.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff changeset
35 events {
df8a498e0d50 Tests: stream proxy_ssl_certificate, proxy_ssl_password_file tests.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff changeset
36 }
df8a498e0d50 Tests: stream proxy_ssl_certificate, proxy_ssl_password_file tests.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff changeset
37
df8a498e0d50 Tests: stream proxy_ssl_certificate, proxy_ssl_password_file tests.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff changeset
38 stream {
df8a498e0d50 Tests: stream proxy_ssl_certificate, proxy_ssl_password_file tests.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff changeset
39 proxy_ssl on;
df8a498e0d50 Tests: stream proxy_ssl_certificate, proxy_ssl_password_file tests.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff changeset
40 proxy_ssl_session_reuse off;
df8a498e0d50 Tests: stream proxy_ssl_certificate, proxy_ssl_password_file tests.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff changeset
41
df8a498e0d50 Tests: stream proxy_ssl_certificate, proxy_ssl_password_file tests.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff changeset
42 server {
974
882267679006 Tests: simplified parallel modifications in tests.
Andrey Zelenkov <zelenkov@nginx.com>
parents: 952
diff changeset
43 listen 127.0.0.1:8082;
882267679006 Tests: simplified parallel modifications in tests.
Andrey Zelenkov <zelenkov@nginx.com>
parents: 952
diff changeset
44 proxy_pass 127.0.0.1:8080;
644
df8a498e0d50 Tests: stream proxy_ssl_certificate, proxy_ssl_password_file tests.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff changeset
45
df8a498e0d50 Tests: stream proxy_ssl_certificate, proxy_ssl_password_file tests.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff changeset
46 proxy_ssl_certificate 1.example.com.crt;
df8a498e0d50 Tests: stream proxy_ssl_certificate, proxy_ssl_password_file tests.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff changeset
47 proxy_ssl_certificate_key 1.example.com.key;
df8a498e0d50 Tests: stream proxy_ssl_certificate, proxy_ssl_password_file tests.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff changeset
48 }
df8a498e0d50 Tests: stream proxy_ssl_certificate, proxy_ssl_password_file tests.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff changeset
49
df8a498e0d50 Tests: stream proxy_ssl_certificate, proxy_ssl_password_file tests.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff changeset
50 server {
974
882267679006 Tests: simplified parallel modifications in tests.
Andrey Zelenkov <zelenkov@nginx.com>
parents: 952
diff changeset
51 listen 127.0.0.1:8083;
882267679006 Tests: simplified parallel modifications in tests.
Andrey Zelenkov <zelenkov@nginx.com>
parents: 952
diff changeset
52 proxy_pass 127.0.0.1:8080;
644
df8a498e0d50 Tests: stream proxy_ssl_certificate, proxy_ssl_password_file tests.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff changeset
53
df8a498e0d50 Tests: stream proxy_ssl_certificate, proxy_ssl_password_file tests.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff changeset
54 proxy_ssl_certificate 2.example.com.crt;
df8a498e0d50 Tests: stream proxy_ssl_certificate, proxy_ssl_password_file tests.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff changeset
55 proxy_ssl_certificate_key 2.example.com.key;
df8a498e0d50 Tests: stream proxy_ssl_certificate, proxy_ssl_password_file tests.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff changeset
56 }
df8a498e0d50 Tests: stream proxy_ssl_certificate, proxy_ssl_password_file tests.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff changeset
57
df8a498e0d50 Tests: stream proxy_ssl_certificate, proxy_ssl_password_file tests.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff changeset
58 server {
974
882267679006 Tests: simplified parallel modifications in tests.
Andrey Zelenkov <zelenkov@nginx.com>
parents: 952
diff changeset
59 listen 127.0.0.1:8084;
882267679006 Tests: simplified parallel modifications in tests.
Andrey Zelenkov <zelenkov@nginx.com>
parents: 952
diff changeset
60 proxy_pass 127.0.0.1:8081;
644
df8a498e0d50 Tests: stream proxy_ssl_certificate, proxy_ssl_password_file tests.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff changeset
61
df8a498e0d50 Tests: stream proxy_ssl_certificate, proxy_ssl_password_file tests.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff changeset
62 proxy_ssl_certificate 3.example.com.crt;
df8a498e0d50 Tests: stream proxy_ssl_certificate, proxy_ssl_password_file tests.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff changeset
63 proxy_ssl_certificate_key 3.example.com.key;
df8a498e0d50 Tests: stream proxy_ssl_certificate, proxy_ssl_password_file tests.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff changeset
64 proxy_ssl_password_file password;
df8a498e0d50 Tests: stream proxy_ssl_certificate, proxy_ssl_password_file tests.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff changeset
65 }
df8a498e0d50 Tests: stream proxy_ssl_certificate, proxy_ssl_password_file tests.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff changeset
66 }
df8a498e0d50 Tests: stream proxy_ssl_certificate, proxy_ssl_password_file tests.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff changeset
67
df8a498e0d50 Tests: stream proxy_ssl_certificate, proxy_ssl_password_file tests.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff changeset
68 http {
df8a498e0d50 Tests: stream proxy_ssl_certificate, proxy_ssl_password_file tests.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff changeset
69 %%TEST_GLOBALS_HTTP%%
df8a498e0d50 Tests: stream proxy_ssl_certificate, proxy_ssl_password_file tests.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff changeset
70
df8a498e0d50 Tests: stream proxy_ssl_certificate, proxy_ssl_password_file tests.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff changeset
71 server {
974
882267679006 Tests: simplified parallel modifications in tests.
Andrey Zelenkov <zelenkov@nginx.com>
parents: 952
diff changeset
72 listen 127.0.0.1:8080 ssl;
644
df8a498e0d50 Tests: stream proxy_ssl_certificate, proxy_ssl_password_file tests.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff changeset
73 server_name localhost;
df8a498e0d50 Tests: stream proxy_ssl_certificate, proxy_ssl_password_file tests.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff changeset
74
df8a498e0d50 Tests: stream proxy_ssl_certificate, proxy_ssl_password_file tests.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff changeset
75 ssl_certificate 2.example.com.crt;
df8a498e0d50 Tests: stream proxy_ssl_certificate, proxy_ssl_password_file tests.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff changeset
76 ssl_certificate_key 2.example.com.key;
df8a498e0d50 Tests: stream proxy_ssl_certificate, proxy_ssl_password_file tests.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff changeset
77
df8a498e0d50 Tests: stream proxy_ssl_certificate, proxy_ssl_password_file tests.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff changeset
78 ssl_verify_client optional_no_ca;
df8a498e0d50 Tests: stream proxy_ssl_certificate, proxy_ssl_password_file tests.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff changeset
79 ssl_trusted_certificate 1.example.com.crt;
df8a498e0d50 Tests: stream proxy_ssl_certificate, proxy_ssl_password_file tests.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff changeset
80
df8a498e0d50 Tests: stream proxy_ssl_certificate, proxy_ssl_password_file tests.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff changeset
81 location / {
df8a498e0d50 Tests: stream proxy_ssl_certificate, proxy_ssl_password_file tests.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff changeset
82 add_header X-Verify $ssl_client_verify;
df8a498e0d50 Tests: stream proxy_ssl_certificate, proxy_ssl_password_file tests.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff changeset
83 add_header X-Name $ssl_client_s_dn;
df8a498e0d50 Tests: stream proxy_ssl_certificate, proxy_ssl_password_file tests.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff changeset
84 }
df8a498e0d50 Tests: stream proxy_ssl_certificate, proxy_ssl_password_file tests.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff changeset
85 }
df8a498e0d50 Tests: stream proxy_ssl_certificate, proxy_ssl_password_file tests.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff changeset
86
df8a498e0d50 Tests: stream proxy_ssl_certificate, proxy_ssl_password_file tests.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff changeset
87 server {
974
882267679006 Tests: simplified parallel modifications in tests.
Andrey Zelenkov <zelenkov@nginx.com>
parents: 952
diff changeset
88 listen 127.0.0.1:8081 ssl;
644
df8a498e0d50 Tests: stream proxy_ssl_certificate, proxy_ssl_password_file tests.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff changeset
89 server_name localhost;
df8a498e0d50 Tests: stream proxy_ssl_certificate, proxy_ssl_password_file tests.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff changeset
90
df8a498e0d50 Tests: stream proxy_ssl_certificate, proxy_ssl_password_file tests.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff changeset
91 ssl_certificate 1.example.com.crt;
df8a498e0d50 Tests: stream proxy_ssl_certificate, proxy_ssl_password_file tests.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff changeset
92 ssl_certificate_key 1.example.com.key;
df8a498e0d50 Tests: stream proxy_ssl_certificate, proxy_ssl_password_file tests.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff changeset
93
df8a498e0d50 Tests: stream proxy_ssl_certificate, proxy_ssl_password_file tests.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff changeset
94 ssl_verify_client optional_no_ca;
df8a498e0d50 Tests: stream proxy_ssl_certificate, proxy_ssl_password_file tests.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff changeset
95 ssl_trusted_certificate 3.example.com.crt;
df8a498e0d50 Tests: stream proxy_ssl_certificate, proxy_ssl_password_file tests.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff changeset
96
df8a498e0d50 Tests: stream proxy_ssl_certificate, proxy_ssl_password_file tests.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff changeset
97 location / {
df8a498e0d50 Tests: stream proxy_ssl_certificate, proxy_ssl_password_file tests.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff changeset
98 add_header X-Verify $ssl_client_verify;
df8a498e0d50 Tests: stream proxy_ssl_certificate, proxy_ssl_password_file tests.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff changeset
99 }
df8a498e0d50 Tests: stream proxy_ssl_certificate, proxy_ssl_password_file tests.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff changeset
100 }
df8a498e0d50 Tests: stream proxy_ssl_certificate, proxy_ssl_password_file tests.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff changeset
101 }
df8a498e0d50 Tests: stream proxy_ssl_certificate, proxy_ssl_password_file tests.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff changeset
102
df8a498e0d50 Tests: stream proxy_ssl_certificate, proxy_ssl_password_file tests.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff changeset
103 EOF
df8a498e0d50 Tests: stream proxy_ssl_certificate, proxy_ssl_password_file tests.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff changeset
104
df8a498e0d50 Tests: stream proxy_ssl_certificate, proxy_ssl_password_file tests.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff changeset
105 $t->write_file('openssl.conf', <<EOF);
df8a498e0d50 Tests: stream proxy_ssl_certificate, proxy_ssl_password_file tests.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff changeset
106 [ req ]
1488
dbce8fb5f5f8 Tests: align with OpenSSL security level 2.
Sergey Kandaurov <pluknet@nginx.com>
parents: 1260
diff changeset
107 default_bits = 2048
644
df8a498e0d50 Tests: stream proxy_ssl_certificate, proxy_ssl_password_file tests.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff changeset
108 encrypt_key = no
df8a498e0d50 Tests: stream proxy_ssl_certificate, proxy_ssl_password_file tests.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff changeset
109 distinguished_name = req_distinguished_name
df8a498e0d50 Tests: stream proxy_ssl_certificate, proxy_ssl_password_file tests.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff changeset
110 [ req_distinguished_name ]
df8a498e0d50 Tests: stream proxy_ssl_certificate, proxy_ssl_password_file tests.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff changeset
111 EOF
df8a498e0d50 Tests: stream proxy_ssl_certificate, proxy_ssl_password_file tests.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff changeset
112
df8a498e0d50 Tests: stream proxy_ssl_certificate, proxy_ssl_password_file tests.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff changeset
113 my $d = $t->testdir();
df8a498e0d50 Tests: stream proxy_ssl_certificate, proxy_ssl_password_file tests.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff changeset
114
df8a498e0d50 Tests: stream proxy_ssl_certificate, proxy_ssl_password_file tests.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff changeset
115 foreach my $name ('1.example.com', '2.example.com') {
df8a498e0d50 Tests: stream proxy_ssl_certificate, proxy_ssl_password_file tests.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff changeset
116 system('openssl req -x509 -new '
1220
0af58b78df35 Tests: removed single quotes from system() calls.
Sergey Kandaurov <pluknet@nginx.com>
parents: 1140
diff changeset
117 . "-config $d/openssl.conf -subj /CN=$name/ "
0af58b78df35 Tests: removed single quotes from system() calls.
Sergey Kandaurov <pluknet@nginx.com>
parents: 1140
diff changeset
118 . "-out $d/$name.crt -keyout $d/$name.key "
644
df8a498e0d50 Tests: stream proxy_ssl_certificate, proxy_ssl_password_file tests.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff changeset
119 . ">>$d/openssl.out 2>&1") == 0
df8a498e0d50 Tests: stream proxy_ssl_certificate, proxy_ssl_password_file tests.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff changeset
120 or die "Can't create certificate for $name: $!\n";
df8a498e0d50 Tests: stream proxy_ssl_certificate, proxy_ssl_password_file tests.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff changeset
121 }
df8a498e0d50 Tests: stream proxy_ssl_certificate, proxy_ssl_password_file tests.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff changeset
122
df8a498e0d50 Tests: stream proxy_ssl_certificate, proxy_ssl_password_file tests.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff changeset
123 foreach my $name ('3.example.com') {
1220
0af58b78df35 Tests: removed single quotes from system() calls.
Sergey Kandaurov <pluknet@nginx.com>
parents: 1140
diff changeset
124 system("openssl genrsa -out $d/$name.key -passout pass:$name "
1488
dbce8fb5f5f8 Tests: align with OpenSSL security level 2.
Sergey Kandaurov <pluknet@nginx.com>
parents: 1260
diff changeset
125 . "-aes128 2048 >>$d/openssl.out 2>&1") == 0
644
df8a498e0d50 Tests: stream proxy_ssl_certificate, proxy_ssl_password_file tests.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff changeset
126 or die "Can't create private key: $!\n";
df8a498e0d50 Tests: stream proxy_ssl_certificate, proxy_ssl_password_file tests.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff changeset
127 system('openssl req -x509 -new '
1220
0af58b78df35 Tests: removed single quotes from system() calls.
Sergey Kandaurov <pluknet@nginx.com>
parents: 1140
diff changeset
128 . "-config $d/openssl.conf -subj /CN=$name/ "
0af58b78df35 Tests: removed single quotes from system() calls.
Sergey Kandaurov <pluknet@nginx.com>
parents: 1140
diff changeset
129 . "-out $d/$name.crt "
0af58b78df35 Tests: removed single quotes from system() calls.
Sergey Kandaurov <pluknet@nginx.com>
parents: 1140
diff changeset
130 . "-key $d/$name.key -passin pass:$name"
644
df8a498e0d50 Tests: stream proxy_ssl_certificate, proxy_ssl_password_file tests.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff changeset
131 . ">>$d/openssl.out 2>&1") == 0
df8a498e0d50 Tests: stream proxy_ssl_certificate, proxy_ssl_password_file tests.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff changeset
132 or die "Can't create certificate for $name: $!\n";
df8a498e0d50 Tests: stream proxy_ssl_certificate, proxy_ssl_password_file tests.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff changeset
133 }
df8a498e0d50 Tests: stream proxy_ssl_certificate, proxy_ssl_password_file tests.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff changeset
134
1260
eadd24ccfda1 Tests: postponed startup in certain ssl certificate tests on win32.
Sergey Kandaurov <pluknet@nginx.com>
parents: 1220
diff changeset
135 sleep 1 if $^O eq 'MSWin32';
eadd24ccfda1 Tests: postponed startup in certain ssl certificate tests on win32.
Sergey Kandaurov <pluknet@nginx.com>
parents: 1220
diff changeset
136
644
df8a498e0d50 Tests: stream proxy_ssl_certificate, proxy_ssl_password_file tests.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff changeset
137 $t->write_file('password', '3.example.com');
df8a498e0d50 Tests: stream proxy_ssl_certificate, proxy_ssl_password_file tests.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff changeset
138 $t->write_file('index.html', '');
df8a498e0d50 Tests: stream proxy_ssl_certificate, proxy_ssl_password_file tests.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff changeset
139
df8a498e0d50 Tests: stream proxy_ssl_certificate, proxy_ssl_password_file tests.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff changeset
140 $t->run();
df8a498e0d50 Tests: stream proxy_ssl_certificate, proxy_ssl_password_file tests.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff changeset
141
df8a498e0d50 Tests: stream proxy_ssl_certificate, proxy_ssl_password_file tests.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff changeset
142 ###############################################################################
df8a498e0d50 Tests: stream proxy_ssl_certificate, proxy_ssl_password_file tests.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff changeset
143
974
882267679006 Tests: simplified parallel modifications in tests.
Andrey Zelenkov <zelenkov@nginx.com>
parents: 952
diff changeset
144 like(http_get('/', socket => getconn('127.0.0.1:' . port(8082))),
644
df8a498e0d50 Tests: stream proxy_ssl_certificate, proxy_ssl_password_file tests.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff changeset
145 qr/X-Verify: SUCCESS/ms, 'verify certificate');
974
882267679006 Tests: simplified parallel modifications in tests.
Andrey Zelenkov <zelenkov@nginx.com>
parents: 952
diff changeset
146 like(http_get('/', socket => getconn('127.0.0.1:' . port(8083))),
644
df8a498e0d50 Tests: stream proxy_ssl_certificate, proxy_ssl_password_file tests.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff changeset
147 qr/X-Verify: FAILED/ms, 'fail certificate');
974
882267679006 Tests: simplified parallel modifications in tests.
Andrey Zelenkov <zelenkov@nginx.com>
parents: 952
diff changeset
148 like(http_get('/', socket => getconn('127.0.0.1:' . port(8084))),
644
df8a498e0d50 Tests: stream proxy_ssl_certificate, proxy_ssl_password_file tests.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff changeset
149 qr/X-Verify: SUCCESS/ms, 'with encrypted key');
df8a498e0d50 Tests: stream proxy_ssl_certificate, proxy_ssl_password_file tests.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff changeset
150
974
882267679006 Tests: simplified parallel modifications in tests.
Andrey Zelenkov <zelenkov@nginx.com>
parents: 952
diff changeset
151 like(http_get('/', socket => getconn('127.0.0.1:' . port(8082))),
1069
1b11a12be179 Tests: pass both issuer/subject variable formats where appropriate.
Sergey Kandaurov <pluknet@nginx.com>
parents: 1039
diff changeset
152 qr!X-Name: /?CN=1.example!, 'valid certificate');
974
882267679006 Tests: simplified parallel modifications in tests.
Andrey Zelenkov <zelenkov@nginx.com>
parents: 952
diff changeset
153 unlike(http_get('/', socket => getconn('127.0.0.1:' . port(8083))),
1069
1b11a12be179 Tests: pass both issuer/subject variable formats where appropriate.
Sergey Kandaurov <pluknet@nginx.com>
parents: 1039
diff changeset
154 qr!X-Name: /?CN=1.example!, 'invalid certificate');
644
df8a498e0d50 Tests: stream proxy_ssl_certificate, proxy_ssl_password_file tests.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff changeset
155
df8a498e0d50 Tests: stream proxy_ssl_certificate, proxy_ssl_password_file tests.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff changeset
156 ###############################################################################
df8a498e0d50 Tests: stream proxy_ssl_certificate, proxy_ssl_password_file tests.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff changeset
157
df8a498e0d50 Tests: stream proxy_ssl_certificate, proxy_ssl_password_file tests.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff changeset
158 sub getconn {
df8a498e0d50 Tests: stream proxy_ssl_certificate, proxy_ssl_password_file tests.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff changeset
159 my $peer = shift;
df8a498e0d50 Tests: stream proxy_ssl_certificate, proxy_ssl_password_file tests.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff changeset
160 my $s = IO::Socket::INET->new(
df8a498e0d50 Tests: stream proxy_ssl_certificate, proxy_ssl_password_file tests.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff changeset
161 Proto => 'tcp',
952
e9064d691790 Tests: converted tests to run in parallel.
Andrey Zelenkov <zelenkov@nginx.com>
parents: 644
diff changeset
162 PeerAddr => $peer
644
df8a498e0d50 Tests: stream proxy_ssl_certificate, proxy_ssl_password_file tests.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff changeset
163 )
df8a498e0d50 Tests: stream proxy_ssl_certificate, proxy_ssl_password_file tests.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff changeset
164 or die "Can't connect to nginx: $!\n";
df8a498e0d50 Tests: stream proxy_ssl_certificate, proxy_ssl_password_file tests.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff changeset
165
df8a498e0d50 Tests: stream proxy_ssl_certificate, proxy_ssl_password_file tests.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff changeset
166 return $s;
df8a498e0d50 Tests: stream proxy_ssl_certificate, proxy_ssl_password_file tests.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff changeset
167 }
df8a498e0d50 Tests: stream proxy_ssl_certificate, proxy_ssl_password_file tests.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff changeset
168
df8a498e0d50 Tests: stream proxy_ssl_certificate, proxy_ssl_password_file tests.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff changeset
169 ###############################################################################