nginx-tests: ssl_certificate

annotate ssl_certificate_perl.t @ 1817:c045fbb98e9a

Tests: revised tests for listen port ranges. Renumbered testing ports to get more chance to execute when run in parallel. Relaxed condition to skip tests only when the port range is out of sequence. Adjacent port numbers out of a specified range aren't crucial to skip tests: if not in sequence, statistically this will be caught in subsequent runs. Unsafe tests that use wildcard addresses are moved to a separate file.

author	Sergey Kandaurov <pluknet@nginx.com>
date	Fri, 23 Dec 2022 19:20:50 +0400
parents	fd440d324700
children	58951cf933e1

rev	line source
1457 80911c4fe023 Tests: loading "data:..." certificates with perl module. Sergey Kandaurov <pluknet@nginx.com> parents: diff changeset	1 #!/usr/bin/perl
80911c4fe023 Tests: loading "data:..." certificates with perl module. Sergey Kandaurov <pluknet@nginx.com> parents: diff changeset	2
80911c4fe023 Tests: loading "data:..." certificates with perl module. Sergey Kandaurov <pluknet@nginx.com> parents: diff changeset	3 # (C) Sergey Kandaurov
80911c4fe023 Tests: loading "data:..." certificates with perl module. Sergey Kandaurov <pluknet@nginx.com> parents: diff changeset	4 # (C) Nginx, Inc.
80911c4fe023 Tests: loading "data:..." certificates with perl module. Sergey Kandaurov <pluknet@nginx.com> parents: diff changeset	5
80911c4fe023 Tests: loading "data:..." certificates with perl module. Sergey Kandaurov <pluknet@nginx.com> parents: diff changeset	6 # Tests for http ssl module, loading certificates from memory with perl module.
80911c4fe023 Tests: loading "data:..." certificates with perl module. Sergey Kandaurov <pluknet@nginx.com> parents: diff changeset	7
80911c4fe023 Tests: loading "data:..." certificates with perl module. Sergey Kandaurov <pluknet@nginx.com> parents: diff changeset	8 ###############################################################################
80911c4fe023 Tests: loading "data:..." certificates with perl module. Sergey Kandaurov <pluknet@nginx.com> parents: diff changeset	9
80911c4fe023 Tests: loading "data:..." certificates with perl module. Sergey Kandaurov <pluknet@nginx.com> parents: diff changeset	10 use warnings;
80911c4fe023 Tests: loading "data:..." certificates with perl module. Sergey Kandaurov <pluknet@nginx.com> parents: diff changeset	11 use strict;
80911c4fe023 Tests: loading "data:..." certificates with perl module. Sergey Kandaurov <pluknet@nginx.com> parents: diff changeset	12
80911c4fe023 Tests: loading "data:..." certificates with perl module. Sergey Kandaurov <pluknet@nginx.com> parents: diff changeset	13 use Test::More;
80911c4fe023 Tests: loading "data:..." certificates with perl module. Sergey Kandaurov <pluknet@nginx.com> parents: diff changeset	14
80911c4fe023 Tests: loading "data:..." certificates with perl module. Sergey Kandaurov <pluknet@nginx.com> parents: diff changeset	15 BEGIN { use FindBin; chdir($FindBin::Bin); }
80911c4fe023 Tests: loading "data:..." certificates with perl module. Sergey Kandaurov <pluknet@nginx.com> parents: diff changeset	16
80911c4fe023 Tests: loading "data:..." certificates with perl module. Sergey Kandaurov <pluknet@nginx.com> parents: diff changeset	17 use lib 'lib';
80911c4fe023 Tests: loading "data:..." certificates with perl module. Sergey Kandaurov <pluknet@nginx.com> parents: diff changeset	18 use Test::Nginx;
80911c4fe023 Tests: loading "data:..." certificates with perl module. Sergey Kandaurov <pluknet@nginx.com> parents: diff changeset	19
80911c4fe023 Tests: loading "data:..." certificates with perl module. Sergey Kandaurov <pluknet@nginx.com> parents: diff changeset	20 ###############################################################################
80911c4fe023 Tests: loading "data:..." certificates with perl module. Sergey Kandaurov <pluknet@nginx.com> parents: diff changeset	21
80911c4fe023 Tests: loading "data:..." certificates with perl module. Sergey Kandaurov <pluknet@nginx.com> parents: diff changeset	22 select STDERR; $\| = 1;
80911c4fe023 Tests: loading "data:..." certificates with perl module. Sergey Kandaurov <pluknet@nginx.com> parents: diff changeset	23 select STDOUT; $\| = 1;
80911c4fe023 Tests: loading "data:..." certificates with perl module. Sergey Kandaurov <pluknet@nginx.com> parents: diff changeset	24
80911c4fe023 Tests: loading "data:..." certificates with perl module. Sergey Kandaurov <pluknet@nginx.com> parents: diff changeset	25 eval {
80911c4fe023 Tests: loading "data:..." certificates with perl module. Sergey Kandaurov <pluknet@nginx.com> parents: diff changeset	26 require Net::SSLeay;
80911c4fe023 Tests: loading "data:..." certificates with perl module. Sergey Kandaurov <pluknet@nginx.com> parents: diff changeset	27 Net::SSLeay::load_error_strings();
80911c4fe023 Tests: loading "data:..." certificates with perl module. Sergey Kandaurov <pluknet@nginx.com> parents: diff changeset	28 Net::SSLeay::SSLeay_add_ssl_algorithms();
80911c4fe023 Tests: loading "data:..." certificates with perl module. Sergey Kandaurov <pluknet@nginx.com> parents: diff changeset	29 Net::SSLeay::randomize();
80911c4fe023 Tests: loading "data:..." certificates with perl module. Sergey Kandaurov <pluknet@nginx.com> parents: diff changeset	30 };
80911c4fe023 Tests: loading "data:..." certificates with perl module. Sergey Kandaurov <pluknet@nginx.com> parents: diff changeset	31 plan(skip_all => 'Net::SSLeay not installed') if $@;
80911c4fe023 Tests: loading "data:..." certificates with perl module. Sergey Kandaurov <pluknet@nginx.com> parents: diff changeset	32
80911c4fe023 Tests: loading "data:..." certificates with perl module. Sergey Kandaurov <pluknet@nginx.com> parents: diff changeset	33 eval {
80911c4fe023 Tests: loading "data:..." certificates with perl module. Sergey Kandaurov <pluknet@nginx.com> parents: diff changeset	34 my $ctx = Net::SSLeay::CTX_new() or die;
80911c4fe023 Tests: loading "data:..." certificates with perl module. Sergey Kandaurov <pluknet@nginx.com> parents: diff changeset	35 my $ssl = Net::SSLeay::new($ctx) or die;
80911c4fe023 Tests: loading "data:..." certificates with perl module. Sergey Kandaurov <pluknet@nginx.com> parents: diff changeset	36 Net::SSLeay::set_tlsext_host_name($ssl, 'example.org') == 1 or die;
80911c4fe023 Tests: loading "data:..." certificates with perl module. Sergey Kandaurov <pluknet@nginx.com> parents: diff changeset	37 };
80911c4fe023 Tests: loading "data:..." certificates with perl module. Sergey Kandaurov <pluknet@nginx.com> parents: diff changeset	38 plan(skip_all => 'Net::SSLeay with OpenSSL SNI support required') if $@;
80911c4fe023 Tests: loading "data:..." certificates with perl module. Sergey Kandaurov <pluknet@nginx.com> parents: diff changeset	39
80911c4fe023 Tests: loading "data:..." certificates with perl module. Sergey Kandaurov <pluknet@nginx.com> parents: diff changeset	40 my $t = Test::Nginx->new()->has(qw/http http_ssl perl/)->has_daemon('openssl');
80911c4fe023 Tests: loading "data:..." certificates with perl module. Sergey Kandaurov <pluknet@nginx.com> parents: diff changeset	41
80911c4fe023 Tests: loading "data:..." certificates with perl module. Sergey Kandaurov <pluknet@nginx.com> parents: diff changeset	42 $t->{_configure_args} =~ /OpenSSL ([\d\.]+)/;
80911c4fe023 Tests: loading "data:..." certificates with perl module. Sergey Kandaurov <pluknet@nginx.com> parents: diff changeset	43 plan(skip_all => 'OpenSSL too old') unless defined $1 and $1 ge '1.0.2';
80911c4fe023 Tests: loading "data:..." certificates with perl module. Sergey Kandaurov <pluknet@nginx.com> parents: diff changeset	44
80911c4fe023 Tests: loading "data:..." certificates with perl module. Sergey Kandaurov <pluknet@nginx.com> parents: diff changeset	45 $t->write_file_expand('nginx.conf', <<'EOF');
80911c4fe023 Tests: loading "data:..." certificates with perl module. Sergey Kandaurov <pluknet@nginx.com> parents: diff changeset	46
80911c4fe023 Tests: loading "data:..." certificates with perl module. Sergey Kandaurov <pluknet@nginx.com> parents: diff changeset	47 %%TEST_GLOBALS%%
80911c4fe023 Tests: loading "data:..." certificates with perl module. Sergey Kandaurov <pluknet@nginx.com> parents: diff changeset	48
80911c4fe023 Tests: loading "data:..." certificates with perl module. Sergey Kandaurov <pluknet@nginx.com> parents: diff changeset	49 daemon off;
80911c4fe023 Tests: loading "data:..." certificates with perl module. Sergey Kandaurov <pluknet@nginx.com> parents: diff changeset	50
80911c4fe023 Tests: loading "data:..." certificates with perl module. Sergey Kandaurov <pluknet@nginx.com> parents: diff changeset	51 events {
80911c4fe023 Tests: loading "data:..." certificates with perl module. Sergey Kandaurov <pluknet@nginx.com> parents: diff changeset	52 }
80911c4fe023 Tests: loading "data:..." certificates with perl module. Sergey Kandaurov <pluknet@nginx.com> parents: diff changeset	53
80911c4fe023 Tests: loading "data:..." certificates with perl module. Sergey Kandaurov <pluknet@nginx.com> parents: diff changeset	54 http {
80911c4fe023 Tests: loading "data:..." certificates with perl module. Sergey Kandaurov <pluknet@nginx.com> parents: diff changeset	55 %%TEST_GLOBALS_HTTP%%
80911c4fe023 Tests: loading "data:..." certificates with perl module. Sergey Kandaurov <pluknet@nginx.com> parents: diff changeset	56
80911c4fe023 Tests: loading "data:..." certificates with perl module. Sergey Kandaurov <pluknet@nginx.com> parents: diff changeset	57 perl_set $pem '
80911c4fe023 Tests: loading "data:..." certificates with perl module. Sergey Kandaurov <pluknet@nginx.com> parents: diff changeset	58 sub {
80911c4fe023 Tests: loading "data:..." certificates with perl module. Sergey Kandaurov <pluknet@nginx.com> parents: diff changeset	59 my $r = shift;
80911c4fe023 Tests: loading "data:..." certificates with perl module. Sergey Kandaurov <pluknet@nginx.com> parents: diff changeset	60 local $/;
80911c4fe023 Tests: loading "data:..." certificates with perl module. Sergey Kandaurov <pluknet@nginx.com> parents: diff changeset	61 my $sni = $r->variable("ssl_server_name");
80911c4fe023 Tests: loading "data:..." certificates with perl module. Sergey Kandaurov <pluknet@nginx.com> parents: diff changeset	62 open my $fh, "<", "%%TESTDIR%%/$sni.crt";
80911c4fe023 Tests: loading "data:..." certificates with perl module. Sergey Kandaurov <pluknet@nginx.com> parents: diff changeset	63 my $content = <$fh>;
80911c4fe023 Tests: loading "data:..." certificates with perl module. Sergey Kandaurov <pluknet@nginx.com> parents: diff changeset	64 close $fh;
80911c4fe023 Tests: loading "data:..." certificates with perl module. Sergey Kandaurov <pluknet@nginx.com> parents: diff changeset	65 return $content;
80911c4fe023 Tests: loading "data:..." certificates with perl module. Sergey Kandaurov <pluknet@nginx.com> parents: diff changeset	66 }
80911c4fe023 Tests: loading "data:..." certificates with perl module. Sergey Kandaurov <pluknet@nginx.com> parents: diff changeset	67 ';
80911c4fe023 Tests: loading "data:..." certificates with perl module. Sergey Kandaurov <pluknet@nginx.com> parents: diff changeset	68
80911c4fe023 Tests: loading "data:..." certificates with perl module. Sergey Kandaurov <pluknet@nginx.com> parents: diff changeset	69 server {
80911c4fe023 Tests: loading "data:..." certificates with perl module. Sergey Kandaurov <pluknet@nginx.com> parents: diff changeset	70 listen 127.0.0.1:8080 ssl;
80911c4fe023 Tests: loading "data:..." certificates with perl module. Sergey Kandaurov <pluknet@nginx.com> parents: diff changeset	71 server_name localhost;
80911c4fe023 Tests: loading "data:..." certificates with perl module. Sergey Kandaurov <pluknet@nginx.com> parents: diff changeset	72
80911c4fe023 Tests: loading "data:..." certificates with perl module. Sergey Kandaurov <pluknet@nginx.com> parents: diff changeset	73 ssl_certificate data:$pem;
80911c4fe023 Tests: loading "data:..." certificates with perl module. Sergey Kandaurov <pluknet@nginx.com> parents: diff changeset	74 ssl_certificate_key data:$pem;
80911c4fe023 Tests: loading "data:..." certificates with perl module. Sergey Kandaurov <pluknet@nginx.com> parents: diff changeset	75 }
80911c4fe023 Tests: loading "data:..." certificates with perl module. Sergey Kandaurov <pluknet@nginx.com> parents: diff changeset	76 }
80911c4fe023 Tests: loading "data:..." certificates with perl module. Sergey Kandaurov <pluknet@nginx.com> parents: diff changeset	77
80911c4fe023 Tests: loading "data:..." certificates with perl module. Sergey Kandaurov <pluknet@nginx.com> parents: diff changeset	78 EOF
80911c4fe023 Tests: loading "data:..." certificates with perl module. Sergey Kandaurov <pluknet@nginx.com> parents: diff changeset	79
80911c4fe023 Tests: loading "data:..." certificates with perl module. Sergey Kandaurov <pluknet@nginx.com> parents: diff changeset	80 $t->write_file('openssl.conf', <<EOF);
80911c4fe023 Tests: loading "data:..." certificates with perl module. Sergey Kandaurov <pluknet@nginx.com> parents: diff changeset	81 [ req ]
1488 dbce8fb5f5f8 Tests: align with OpenSSL security level 2. Sergey Kandaurov <pluknet@nginx.com> parents: 1457 diff changeset	82 default_bits = 2048
1457 80911c4fe023 Tests: loading "data:..." certificates with perl module. Sergey Kandaurov <pluknet@nginx.com> parents: diff changeset	83 encrypt_key = no
80911c4fe023 Tests: loading "data:..." certificates with perl module. Sergey Kandaurov <pluknet@nginx.com> parents: diff changeset	84 distinguished_name = req_distinguished_name
80911c4fe023 Tests: loading "data:..." certificates with perl module. Sergey Kandaurov <pluknet@nginx.com> parents: diff changeset	85 [ req_distinguished_name ]
80911c4fe023 Tests: loading "data:..." certificates with perl module. Sergey Kandaurov <pluknet@nginx.com> parents: diff changeset	86 EOF
80911c4fe023 Tests: loading "data:..." certificates with perl module. Sergey Kandaurov <pluknet@nginx.com> parents: diff changeset	87
80911c4fe023 Tests: loading "data:..." certificates with perl module. Sergey Kandaurov <pluknet@nginx.com> parents: diff changeset	88 my $d = $t->testdir();
80911c4fe023 Tests: loading "data:..." certificates with perl module. Sergey Kandaurov <pluknet@nginx.com> parents: diff changeset	89
80911c4fe023 Tests: loading "data:..." certificates with perl module. Sergey Kandaurov <pluknet@nginx.com> parents: diff changeset	90 foreach my $name ('one', 'two') {
80911c4fe023 Tests: loading "data:..." certificates with perl module. Sergey Kandaurov <pluknet@nginx.com> parents: diff changeset	91 system('openssl req -x509 -new '
80911c4fe023 Tests: loading "data:..." certificates with perl module. Sergey Kandaurov <pluknet@nginx.com> parents: diff changeset	92 . "-config $d/openssl.conf -subj /CN=$name/ "
80911c4fe023 Tests: loading "data:..." certificates with perl module. Sergey Kandaurov <pluknet@nginx.com> parents: diff changeset	93 . "-out $d/$name.crt -keyout $d/$name.crt "
80911c4fe023 Tests: loading "data:..." certificates with perl module. Sergey Kandaurov <pluknet@nginx.com> parents: diff changeset	94 . ">>$d/openssl.out 2>&1") == 0
80911c4fe023 Tests: loading "data:..." certificates with perl module. Sergey Kandaurov <pluknet@nginx.com> parents: diff changeset	95 or die "Can't create certificate for $name: $!\n";
80911c4fe023 Tests: loading "data:..." certificates with perl module. Sergey Kandaurov <pluknet@nginx.com> parents: diff changeset	96 }
80911c4fe023 Tests: loading "data:..." certificates with perl module. Sergey Kandaurov <pluknet@nginx.com> parents: diff changeset	97
1535 144c6ce732e4 Tests: removed TODO and try_run() checks for legacy versions. Sergey Kandaurov <pluknet@nginx.com> parents: 1488 diff changeset	98 $t->run()->plan(2);
1457 80911c4fe023 Tests: loading "data:..." certificates with perl module. Sergey Kandaurov <pluknet@nginx.com> parents: diff changeset	99
80911c4fe023 Tests: loading "data:..." certificates with perl module. Sergey Kandaurov <pluknet@nginx.com> parents: diff changeset	100 ###############################################################################
80911c4fe023 Tests: loading "data:..." certificates with perl module. Sergey Kandaurov <pluknet@nginx.com> parents: diff changeset	101
80911c4fe023 Tests: loading "data:..." certificates with perl module. Sergey Kandaurov <pluknet@nginx.com> parents: diff changeset	102 like(cert('one', 8080), qr/CN=one/, 'certificate');
80911c4fe023 Tests: loading "data:..." certificates with perl module. Sergey Kandaurov <pluknet@nginx.com> parents: diff changeset	103 like(cert('two', 8080), qr/CN=two/, 'certificate 2');
80911c4fe023 Tests: loading "data:..." certificates with perl module. Sergey Kandaurov <pluknet@nginx.com> parents: diff changeset	104
80911c4fe023 Tests: loading "data:..." certificates with perl module. Sergey Kandaurov <pluknet@nginx.com> parents: diff changeset	105 ###############################################################################
80911c4fe023 Tests: loading "data:..." certificates with perl module. Sergey Kandaurov <pluknet@nginx.com> parents: diff changeset	106
80911c4fe023 Tests: loading "data:..." certificates with perl module. Sergey Kandaurov <pluknet@nginx.com> parents: diff changeset	107 sub cert {
80911c4fe023 Tests: loading "data:..." certificates with perl module. Sergey Kandaurov <pluknet@nginx.com> parents: diff changeset	108 my ($host, $port) = @_;
80911c4fe023 Tests: loading "data:..." certificates with perl module. Sergey Kandaurov <pluknet@nginx.com> parents: diff changeset	109 my ($s, $ssl) = get_ssl_socket($host, $port) or return;
80911c4fe023 Tests: loading "data:..." certificates with perl module. Sergey Kandaurov <pluknet@nginx.com> parents: diff changeset	110 Net::SSLeay::dump_peer_certificate($ssl);
80911c4fe023 Tests: loading "data:..." certificates with perl module. Sergey Kandaurov <pluknet@nginx.com> parents: diff changeset	111 }
80911c4fe023 Tests: loading "data:..." certificates with perl module. Sergey Kandaurov <pluknet@nginx.com> parents: diff changeset	112
80911c4fe023 Tests: loading "data:..." certificates with perl module. Sergey Kandaurov <pluknet@nginx.com> parents: diff changeset	113 sub get_ssl_socket {
80911c4fe023 Tests: loading "data:..." certificates with perl module. Sergey Kandaurov <pluknet@nginx.com> parents: diff changeset	114 my ($host, $port) = @_;
80911c4fe023 Tests: loading "data:..." certificates with perl module. Sergey Kandaurov <pluknet@nginx.com> parents: diff changeset	115
1621 fd440d324700 Tests: simplified get_ssl_socket() functions that use Net::SSLeay. Sergey Kandaurov <pluknet@nginx.com> parents: 1535 diff changeset	116 my $s = IO::Socket::INET->new('127.0.0.1:' . port($port));
1457 80911c4fe023 Tests: loading "data:..." certificates with perl module. Sergey Kandaurov <pluknet@nginx.com> parents: diff changeset	117 my $ctx = Net::SSLeay::CTX_new() or die("Failed to create SSL_CTX $!");
80911c4fe023 Tests: loading "data:..." certificates with perl module. Sergey Kandaurov <pluknet@nginx.com> parents: diff changeset	118 my $ssl = Net::SSLeay::new($ctx) or die("Failed to create SSL $!");
80911c4fe023 Tests: loading "data:..." certificates with perl module. Sergey Kandaurov <pluknet@nginx.com> parents: diff changeset	119 Net::SSLeay::set_tlsext_host_name($ssl, $host);
80911c4fe023 Tests: loading "data:..." certificates with perl module. Sergey Kandaurov <pluknet@nginx.com> parents: diff changeset	120 Net::SSLeay::set_fd($ssl, fileno($s));
80911c4fe023 Tests: loading "data:..." certificates with perl module. Sergey Kandaurov <pluknet@nginx.com> parents: diff changeset	121 Net::SSLeay::connect($ssl) or die("ssl connect");
80911c4fe023 Tests: loading "data:..." certificates with perl module. Sergey Kandaurov <pluknet@nginx.com> parents: diff changeset	122 return ($s, $ssl);
80911c4fe023 Tests: loading "data:..." certificates with perl module. Sergey Kandaurov <pluknet@nginx.com> parents: diff changeset	123 }
80911c4fe023 Tests: loading "data:..." certificates with perl module. Sergey Kandaurov <pluknet@nginx.com> parents: diff changeset	124
80911c4fe023 Tests: loading "data:..." certificates with perl module. Sergey Kandaurov <pluknet@nginx.com> parents: diff changeset	125 ###############################################################################

Mercurial > hg > nginx-tests

annotate ssl_certificate_perl.t @ 1817:c045fbb98e9a