Mercurial > hg > nginx-tests
annotate stream_ssl_conf_command.t @ 1817:c045fbb98e9a
Tests: revised tests for listen port ranges.
Renumbered testing ports to get more chance to execute when run in parallel.
Relaxed condition to skip tests only when the port range is out of sequence.
Adjacent port numbers out of a specified range aren't crucial to skip tests:
if not in sequence, statistically this will be caught in subsequent runs.
Unsafe tests that use wildcard addresses are moved to a separate file.
author | Sergey Kandaurov <pluknet@nginx.com> |
---|---|
date | Fri, 23 Dec 2022 19:20:50 +0400 |
parents | 4baeba0e0da2 |
children | 58951cf933e1 |
rev | line source |
---|---|
1603
8d2d37a4b48e
Tests: ssl_conf_command tests.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
1 #!/usr/bin/perl |
8d2d37a4b48e
Tests: ssl_conf_command tests.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
2 |
8d2d37a4b48e
Tests: ssl_conf_command tests.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
3 # (C) Sergey Kandaurov |
8d2d37a4b48e
Tests: ssl_conf_command tests.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
4 # (C) Nginx, Inc. |
8d2d37a4b48e
Tests: ssl_conf_command tests.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
5 |
8d2d37a4b48e
Tests: ssl_conf_command tests.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
6 # Tests for stream ssl module, ssl_conf_command. |
8d2d37a4b48e
Tests: ssl_conf_command tests.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
7 |
8d2d37a4b48e
Tests: ssl_conf_command tests.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
8 ############################################################################### |
8d2d37a4b48e
Tests: ssl_conf_command tests.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
9 |
8d2d37a4b48e
Tests: ssl_conf_command tests.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
10 use warnings; |
8d2d37a4b48e
Tests: ssl_conf_command tests.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
11 use strict; |
8d2d37a4b48e
Tests: ssl_conf_command tests.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
12 |
8d2d37a4b48e
Tests: ssl_conf_command tests.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
13 use Test::More; |
8d2d37a4b48e
Tests: ssl_conf_command tests.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
14 |
8d2d37a4b48e
Tests: ssl_conf_command tests.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
15 BEGIN { use FindBin; chdir($FindBin::Bin); } |
8d2d37a4b48e
Tests: ssl_conf_command tests.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
16 |
8d2d37a4b48e
Tests: ssl_conf_command tests.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
17 use lib 'lib'; |
8d2d37a4b48e
Tests: ssl_conf_command tests.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
18 use Test::Nginx; |
8d2d37a4b48e
Tests: ssl_conf_command tests.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
19 |
8d2d37a4b48e
Tests: ssl_conf_command tests.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
20 ############################################################################### |
8d2d37a4b48e
Tests: ssl_conf_command tests.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
21 |
8d2d37a4b48e
Tests: ssl_conf_command tests.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
22 select STDERR; $| = 1; |
8d2d37a4b48e
Tests: ssl_conf_command tests.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
23 select STDOUT; $| = 1; |
8d2d37a4b48e
Tests: ssl_conf_command tests.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
24 |
8d2d37a4b48e
Tests: ssl_conf_command tests.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
25 eval { |
8d2d37a4b48e
Tests: ssl_conf_command tests.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
26 require Net::SSLeay; |
8d2d37a4b48e
Tests: ssl_conf_command tests.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
27 Net::SSLeay::load_error_strings(); |
8d2d37a4b48e
Tests: ssl_conf_command tests.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
28 Net::SSLeay::SSLeay_add_ssl_algorithms(); |
8d2d37a4b48e
Tests: ssl_conf_command tests.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
29 Net::SSLeay::randomize(); |
8d2d37a4b48e
Tests: ssl_conf_command tests.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
30 }; |
8d2d37a4b48e
Tests: ssl_conf_command tests.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
31 plan(skip_all => 'Net::SSLeay not installed') if $@; |
8d2d37a4b48e
Tests: ssl_conf_command tests.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
32 |
8d2d37a4b48e
Tests: ssl_conf_command tests.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
33 my $t = Test::Nginx->new()->has(qw/stream stream_ssl stream_return/) |
8d2d37a4b48e
Tests: ssl_conf_command tests.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
34 ->has_daemon('openssl'); |
8d2d37a4b48e
Tests: ssl_conf_command tests.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
35 |
1692
f6795e2e6a4b
Tests: skip ssl_conf_command tests on too old OpenSSL explicitly.
Sergey Kandaurov <pluknet@nginx.com>
parents:
1609
diff
changeset
|
36 $t->{_configure_args} =~ /OpenSSL ([\d\.]+)/; |
f6795e2e6a4b
Tests: skip ssl_conf_command tests on too old OpenSSL explicitly.
Sergey Kandaurov <pluknet@nginx.com>
parents:
1609
diff
changeset
|
37 plan(skip_all => 'OpenSSL too old') unless defined $1 and $1 ge '1.0.2'; |
1696
4baeba0e0da2
Tests: skip ssl_conf_command tests with BoringSSL.
Sergey Kandaurov <pluknet@nginx.com>
parents:
1693
diff
changeset
|
38 plan(skip_all => 'no ssl_conf_command') if $t->has_module('BoringSSL'); |
1692
f6795e2e6a4b
Tests: skip ssl_conf_command tests on too old OpenSSL explicitly.
Sergey Kandaurov <pluknet@nginx.com>
parents:
1609
diff
changeset
|
39 |
1603
8d2d37a4b48e
Tests: ssl_conf_command tests.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
40 $t->write_file_expand('nginx.conf', <<'EOF'); |
8d2d37a4b48e
Tests: ssl_conf_command tests.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
41 |
8d2d37a4b48e
Tests: ssl_conf_command tests.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
42 %%TEST_GLOBALS%% |
8d2d37a4b48e
Tests: ssl_conf_command tests.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
43 |
8d2d37a4b48e
Tests: ssl_conf_command tests.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
44 daemon off; |
8d2d37a4b48e
Tests: ssl_conf_command tests.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
45 |
8d2d37a4b48e
Tests: ssl_conf_command tests.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
46 events { |
8d2d37a4b48e
Tests: ssl_conf_command tests.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
47 } |
8d2d37a4b48e
Tests: ssl_conf_command tests.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
48 |
8d2d37a4b48e
Tests: ssl_conf_command tests.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
49 stream { |
1609
f3ba4c74de31
Tests: added TEST_GLOBALS_STREAM variable support.
Andrei Belov <defan@nginx.com>
parents:
1603
diff
changeset
|
50 %%TEST_GLOBALS_STREAM%% |
f3ba4c74de31
Tests: added TEST_GLOBALS_STREAM variable support.
Andrei Belov <defan@nginx.com>
parents:
1603
diff
changeset
|
51 |
1603
8d2d37a4b48e
Tests: ssl_conf_command tests.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
52 server { |
8d2d37a4b48e
Tests: ssl_conf_command tests.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
53 listen 127.0.0.1:8443 ssl; |
8d2d37a4b48e
Tests: ssl_conf_command tests.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
54 return OK; |
8d2d37a4b48e
Tests: ssl_conf_command tests.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
55 |
8d2d37a4b48e
Tests: ssl_conf_command tests.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
56 ssl_protocols TLSv1.2; |
8d2d37a4b48e
Tests: ssl_conf_command tests.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
57 |
8d2d37a4b48e
Tests: ssl_conf_command tests.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
58 ssl_session_tickets off; |
8d2d37a4b48e
Tests: ssl_conf_command tests.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
59 ssl_conf_command Options SessionTicket; |
8d2d37a4b48e
Tests: ssl_conf_command tests.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
60 |
8d2d37a4b48e
Tests: ssl_conf_command tests.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
61 ssl_prefer_server_ciphers on; |
8d2d37a4b48e
Tests: ssl_conf_command tests.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
62 ssl_conf_command Options -ServerPreference; |
8d2d37a4b48e
Tests: ssl_conf_command tests.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
63 ssl_ciphers ECDHE-RSA-AES256-GCM-SHA384:ECDHE-RSA-AES128-GCM-SHA256; |
8d2d37a4b48e
Tests: ssl_conf_command tests.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
64 |
8d2d37a4b48e
Tests: ssl_conf_command tests.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
65 ssl_certificate localhost.crt; |
8d2d37a4b48e
Tests: ssl_conf_command tests.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
66 ssl_certificate_key localhost.key; |
8d2d37a4b48e
Tests: ssl_conf_command tests.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
67 ssl_conf_command Certificate override.crt; |
8d2d37a4b48e
Tests: ssl_conf_command tests.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
68 ssl_conf_command PrivateKey override.key; |
8d2d37a4b48e
Tests: ssl_conf_command tests.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
69 } |
8d2d37a4b48e
Tests: ssl_conf_command tests.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
70 } |
8d2d37a4b48e
Tests: ssl_conf_command tests.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
71 |
8d2d37a4b48e
Tests: ssl_conf_command tests.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
72 EOF |
8d2d37a4b48e
Tests: ssl_conf_command tests.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
73 |
8d2d37a4b48e
Tests: ssl_conf_command tests.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
74 $t->write_file('openssl.conf', <<EOF); |
8d2d37a4b48e
Tests: ssl_conf_command tests.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
75 [ req ] |
8d2d37a4b48e
Tests: ssl_conf_command tests.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
76 default_bits = 2048 |
8d2d37a4b48e
Tests: ssl_conf_command tests.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
77 encrypt_key = no |
8d2d37a4b48e
Tests: ssl_conf_command tests.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
78 distinguished_name = req_distinguished_name |
8d2d37a4b48e
Tests: ssl_conf_command tests.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
79 [ req_distinguished_name ] |
8d2d37a4b48e
Tests: ssl_conf_command tests.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
80 EOF |
8d2d37a4b48e
Tests: ssl_conf_command tests.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
81 |
8d2d37a4b48e
Tests: ssl_conf_command tests.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
82 my $d = $t->testdir(); |
8d2d37a4b48e
Tests: ssl_conf_command tests.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
83 |
8d2d37a4b48e
Tests: ssl_conf_command tests.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
84 foreach my $name ('localhost', 'override') { |
8d2d37a4b48e
Tests: ssl_conf_command tests.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
85 system('openssl req -x509 -new ' |
8d2d37a4b48e
Tests: ssl_conf_command tests.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
86 . "-config $d/openssl.conf -subj /CN=$name/ " |
8d2d37a4b48e
Tests: ssl_conf_command tests.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
87 . "-out $d/$name.crt -keyout $d/$name.key " |
8d2d37a4b48e
Tests: ssl_conf_command tests.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
88 . ">>$d/openssl.out 2>&1") == 0 |
8d2d37a4b48e
Tests: ssl_conf_command tests.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
89 or die "Can't create certificate for $name: $!\n"; |
8d2d37a4b48e
Tests: ssl_conf_command tests.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
90 } |
8d2d37a4b48e
Tests: ssl_conf_command tests.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
91 |
1693
5ac6efbe5552
Tests: removed TODO and try_run() checks for legacy versions.
Sergey Kandaurov <pluknet@nginx.com>
parents:
1692
diff
changeset
|
92 $t->run()->plan(3); |
1603
8d2d37a4b48e
Tests: ssl_conf_command tests.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
93 |
8d2d37a4b48e
Tests: ssl_conf_command tests.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
94 ############################################################################### |
8d2d37a4b48e
Tests: ssl_conf_command tests.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
95 |
8d2d37a4b48e
Tests: ssl_conf_command tests.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
96 my $ctx = Net::SSLeay::CTX_new() or die("Failed to create SSL_CTX $!"); |
8d2d37a4b48e
Tests: ssl_conf_command tests.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
97 |
8d2d37a4b48e
Tests: ssl_conf_command tests.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
98 my ($s, $ssl) = get_ssl_socket(); |
8d2d37a4b48e
Tests: ssl_conf_command tests.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
99 like(Net::SSLeay::dump_peer_certificate($ssl), qr/CN=override/, 'Certificate'); |
8d2d37a4b48e
Tests: ssl_conf_command tests.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
100 |
8d2d37a4b48e
Tests: ssl_conf_command tests.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
101 my $ses = Net::SSLeay::get_session($ssl); |
8d2d37a4b48e
Tests: ssl_conf_command tests.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
102 ($s, $ssl) = get_ssl_socket(ses => $ses); |
8d2d37a4b48e
Tests: ssl_conf_command tests.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
103 ok(Net::SSLeay::session_reused($ssl), 'SessionTicket'); |
8d2d37a4b48e
Tests: ssl_conf_command tests.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
104 |
8d2d37a4b48e
Tests: ssl_conf_command tests.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
105 ($s, $ssl) = get_ssl_socket(ciphers => |
8d2d37a4b48e
Tests: ssl_conf_command tests.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
106 'ECDHE-RSA-AES128-GCM-SHA256:ECDHE-RSA-AES256-GCM-SHA384'); |
8d2d37a4b48e
Tests: ssl_conf_command tests.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
107 is(Net::SSLeay::get_cipher($ssl), |
8d2d37a4b48e
Tests: ssl_conf_command tests.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
108 'ECDHE-RSA-AES128-GCM-SHA256', 'ServerPreference'); |
8d2d37a4b48e
Tests: ssl_conf_command tests.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
109 |
8d2d37a4b48e
Tests: ssl_conf_command tests.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
110 ############################################################################### |
8d2d37a4b48e
Tests: ssl_conf_command tests.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
111 |
8d2d37a4b48e
Tests: ssl_conf_command tests.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
112 sub get_ssl_socket { |
8d2d37a4b48e
Tests: ssl_conf_command tests.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
113 my (%extra) = @_; |
8d2d37a4b48e
Tests: ssl_conf_command tests.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
114 |
8d2d37a4b48e
Tests: ssl_conf_command tests.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
115 my $s = IO::Socket::INET->new('127.0.0.1:' . port(8443)); |
8d2d37a4b48e
Tests: ssl_conf_command tests.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
116 my $ssl = Net::SSLeay::new($ctx) or die("Failed to create SSL $!"); |
8d2d37a4b48e
Tests: ssl_conf_command tests.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
117 Net::SSLeay::set_session($ssl, $extra{ses}) if $extra{ses}; |
8d2d37a4b48e
Tests: ssl_conf_command tests.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
118 Net::SSLeay::set_cipher_list($ssl, $extra{ciphers}) if $extra{ciphers}; |
8d2d37a4b48e
Tests: ssl_conf_command tests.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
119 Net::SSLeay::set_fd($ssl, fileno($s)); |
8d2d37a4b48e
Tests: ssl_conf_command tests.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
120 Net::SSLeay::connect($ssl) or die("ssl connect"); |
8d2d37a4b48e
Tests: ssl_conf_command tests.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
121 return ($s, $ssl); |
8d2d37a4b48e
Tests: ssl_conf_command tests.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
122 } |
8d2d37a4b48e
Tests: ssl_conf_command tests.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
123 |
8d2d37a4b48e
Tests: ssl_conf_command tests.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
124 ############################################################################### |