Mercurial > hg > nginx-tests
annotate stream_ssl_conf_command.t @ 1689:dbd19195df8a
Tests: adjusted mail_smtp.t "long pipelined" TODO.
Prior to fixed reading with fully filled buffer in 2851e4c7de03 (1.21.0),
test for long pipelined commands leads to connection close by nginx, which
can result in RST and no response seen by the client, notably on win32.
While here, cleaned up permitted smtp_auth methods in that particular server.
author | Sergey Kandaurov <pluknet@nginx.com> |
---|---|
date | Mon, 24 May 2021 22:09:54 +0300 |
parents | f3ba4c74de31 |
children | f6795e2e6a4b |
rev | line source |
---|---|
1603
8d2d37a4b48e
Tests: ssl_conf_command tests.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
1 #!/usr/bin/perl |
8d2d37a4b48e
Tests: ssl_conf_command tests.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
2 |
8d2d37a4b48e
Tests: ssl_conf_command tests.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
3 # (C) Sergey Kandaurov |
8d2d37a4b48e
Tests: ssl_conf_command tests.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
4 # (C) Nginx, Inc. |
8d2d37a4b48e
Tests: ssl_conf_command tests.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
5 |
8d2d37a4b48e
Tests: ssl_conf_command tests.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
6 # Tests for stream ssl module, ssl_conf_command. |
8d2d37a4b48e
Tests: ssl_conf_command tests.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
7 |
8d2d37a4b48e
Tests: ssl_conf_command tests.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
8 ############################################################################### |
8d2d37a4b48e
Tests: ssl_conf_command tests.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
9 |
8d2d37a4b48e
Tests: ssl_conf_command tests.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
10 use warnings; |
8d2d37a4b48e
Tests: ssl_conf_command tests.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
11 use strict; |
8d2d37a4b48e
Tests: ssl_conf_command tests.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
12 |
8d2d37a4b48e
Tests: ssl_conf_command tests.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
13 use Test::More; |
8d2d37a4b48e
Tests: ssl_conf_command tests.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
14 |
8d2d37a4b48e
Tests: ssl_conf_command tests.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
15 BEGIN { use FindBin; chdir($FindBin::Bin); } |
8d2d37a4b48e
Tests: ssl_conf_command tests.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
16 |
8d2d37a4b48e
Tests: ssl_conf_command tests.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
17 use lib 'lib'; |
8d2d37a4b48e
Tests: ssl_conf_command tests.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
18 use Test::Nginx; |
8d2d37a4b48e
Tests: ssl_conf_command tests.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
19 |
8d2d37a4b48e
Tests: ssl_conf_command tests.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
20 ############################################################################### |
8d2d37a4b48e
Tests: ssl_conf_command tests.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
21 |
8d2d37a4b48e
Tests: ssl_conf_command tests.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
22 select STDERR; $| = 1; |
8d2d37a4b48e
Tests: ssl_conf_command tests.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
23 select STDOUT; $| = 1; |
8d2d37a4b48e
Tests: ssl_conf_command tests.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
24 |
8d2d37a4b48e
Tests: ssl_conf_command tests.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
25 eval { |
8d2d37a4b48e
Tests: ssl_conf_command tests.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
26 require Net::SSLeay; |
8d2d37a4b48e
Tests: ssl_conf_command tests.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
27 Net::SSLeay::load_error_strings(); |
8d2d37a4b48e
Tests: ssl_conf_command tests.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
28 Net::SSLeay::SSLeay_add_ssl_algorithms(); |
8d2d37a4b48e
Tests: ssl_conf_command tests.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
29 Net::SSLeay::randomize(); |
8d2d37a4b48e
Tests: ssl_conf_command tests.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
30 }; |
8d2d37a4b48e
Tests: ssl_conf_command tests.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
31 plan(skip_all => 'Net::SSLeay not installed') if $@; |
8d2d37a4b48e
Tests: ssl_conf_command tests.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
32 |
8d2d37a4b48e
Tests: ssl_conf_command tests.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
33 my $t = Test::Nginx->new()->has(qw/stream stream_ssl stream_return/) |
8d2d37a4b48e
Tests: ssl_conf_command tests.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
34 ->has_daemon('openssl'); |
8d2d37a4b48e
Tests: ssl_conf_command tests.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
35 |
8d2d37a4b48e
Tests: ssl_conf_command tests.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
36 $t->write_file_expand('nginx.conf', <<'EOF'); |
8d2d37a4b48e
Tests: ssl_conf_command tests.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
37 |
8d2d37a4b48e
Tests: ssl_conf_command tests.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
38 %%TEST_GLOBALS%% |
8d2d37a4b48e
Tests: ssl_conf_command tests.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
39 |
8d2d37a4b48e
Tests: ssl_conf_command tests.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
40 daemon off; |
8d2d37a4b48e
Tests: ssl_conf_command tests.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
41 |
8d2d37a4b48e
Tests: ssl_conf_command tests.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
42 events { |
8d2d37a4b48e
Tests: ssl_conf_command tests.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
43 } |
8d2d37a4b48e
Tests: ssl_conf_command tests.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
44 |
8d2d37a4b48e
Tests: ssl_conf_command tests.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
45 stream { |
1609
f3ba4c74de31
Tests: added TEST_GLOBALS_STREAM variable support.
Andrei Belov <defan@nginx.com>
parents:
1603
diff
changeset
|
46 %%TEST_GLOBALS_STREAM%% |
f3ba4c74de31
Tests: added TEST_GLOBALS_STREAM variable support.
Andrei Belov <defan@nginx.com>
parents:
1603
diff
changeset
|
47 |
1603
8d2d37a4b48e
Tests: ssl_conf_command tests.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
48 server { |
8d2d37a4b48e
Tests: ssl_conf_command tests.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
49 listen 127.0.0.1:8443 ssl; |
8d2d37a4b48e
Tests: ssl_conf_command tests.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
50 return OK; |
8d2d37a4b48e
Tests: ssl_conf_command tests.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
51 |
8d2d37a4b48e
Tests: ssl_conf_command tests.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
52 ssl_protocols TLSv1.2; |
8d2d37a4b48e
Tests: ssl_conf_command tests.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
53 |
8d2d37a4b48e
Tests: ssl_conf_command tests.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
54 ssl_session_tickets off; |
8d2d37a4b48e
Tests: ssl_conf_command tests.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
55 ssl_conf_command Options SessionTicket; |
8d2d37a4b48e
Tests: ssl_conf_command tests.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
56 |
8d2d37a4b48e
Tests: ssl_conf_command tests.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
57 ssl_prefer_server_ciphers on; |
8d2d37a4b48e
Tests: ssl_conf_command tests.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
58 ssl_conf_command Options -ServerPreference; |
8d2d37a4b48e
Tests: ssl_conf_command tests.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
59 ssl_ciphers ECDHE-RSA-AES256-GCM-SHA384:ECDHE-RSA-AES128-GCM-SHA256; |
8d2d37a4b48e
Tests: ssl_conf_command tests.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
60 |
8d2d37a4b48e
Tests: ssl_conf_command tests.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
61 ssl_certificate localhost.crt; |
8d2d37a4b48e
Tests: ssl_conf_command tests.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
62 ssl_certificate_key localhost.key; |
8d2d37a4b48e
Tests: ssl_conf_command tests.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
63 ssl_conf_command Certificate override.crt; |
8d2d37a4b48e
Tests: ssl_conf_command tests.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
64 ssl_conf_command PrivateKey override.key; |
8d2d37a4b48e
Tests: ssl_conf_command tests.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
65 } |
8d2d37a4b48e
Tests: ssl_conf_command tests.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
66 } |
8d2d37a4b48e
Tests: ssl_conf_command tests.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
67 |
8d2d37a4b48e
Tests: ssl_conf_command tests.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
68 EOF |
8d2d37a4b48e
Tests: ssl_conf_command tests.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
69 |
8d2d37a4b48e
Tests: ssl_conf_command tests.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
70 $t->write_file('openssl.conf', <<EOF); |
8d2d37a4b48e
Tests: ssl_conf_command tests.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
71 [ req ] |
8d2d37a4b48e
Tests: ssl_conf_command tests.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
72 default_bits = 2048 |
8d2d37a4b48e
Tests: ssl_conf_command tests.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
73 encrypt_key = no |
8d2d37a4b48e
Tests: ssl_conf_command tests.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
74 distinguished_name = req_distinguished_name |
8d2d37a4b48e
Tests: ssl_conf_command tests.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
75 [ req_distinguished_name ] |
8d2d37a4b48e
Tests: ssl_conf_command tests.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
76 EOF |
8d2d37a4b48e
Tests: ssl_conf_command tests.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
77 |
8d2d37a4b48e
Tests: ssl_conf_command tests.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
78 my $d = $t->testdir(); |
8d2d37a4b48e
Tests: ssl_conf_command tests.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
79 |
8d2d37a4b48e
Tests: ssl_conf_command tests.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
80 foreach my $name ('localhost', 'override') { |
8d2d37a4b48e
Tests: ssl_conf_command tests.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
81 system('openssl req -x509 -new ' |
8d2d37a4b48e
Tests: ssl_conf_command tests.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
82 . "-config $d/openssl.conf -subj /CN=$name/ " |
8d2d37a4b48e
Tests: ssl_conf_command tests.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
83 . "-out $d/$name.crt -keyout $d/$name.key " |
8d2d37a4b48e
Tests: ssl_conf_command tests.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
84 . ">>$d/openssl.out 2>&1") == 0 |
8d2d37a4b48e
Tests: ssl_conf_command tests.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
85 or die "Can't create certificate for $name: $!\n"; |
8d2d37a4b48e
Tests: ssl_conf_command tests.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
86 } |
8d2d37a4b48e
Tests: ssl_conf_command tests.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
87 |
8d2d37a4b48e
Tests: ssl_conf_command tests.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
88 $t->try_run('no ssl_conf_command')->plan(3); |
8d2d37a4b48e
Tests: ssl_conf_command tests.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
89 |
8d2d37a4b48e
Tests: ssl_conf_command tests.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
90 ############################################################################### |
8d2d37a4b48e
Tests: ssl_conf_command tests.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
91 |
8d2d37a4b48e
Tests: ssl_conf_command tests.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
92 my $ctx = Net::SSLeay::CTX_new() or die("Failed to create SSL_CTX $!"); |
8d2d37a4b48e
Tests: ssl_conf_command tests.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
93 |
8d2d37a4b48e
Tests: ssl_conf_command tests.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
94 my ($s, $ssl) = get_ssl_socket(); |
8d2d37a4b48e
Tests: ssl_conf_command tests.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
95 like(Net::SSLeay::dump_peer_certificate($ssl), qr/CN=override/, 'Certificate'); |
8d2d37a4b48e
Tests: ssl_conf_command tests.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
96 |
8d2d37a4b48e
Tests: ssl_conf_command tests.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
97 my $ses = Net::SSLeay::get_session($ssl); |
8d2d37a4b48e
Tests: ssl_conf_command tests.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
98 ($s, $ssl) = get_ssl_socket(ses => $ses); |
8d2d37a4b48e
Tests: ssl_conf_command tests.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
99 ok(Net::SSLeay::session_reused($ssl), 'SessionTicket'); |
8d2d37a4b48e
Tests: ssl_conf_command tests.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
100 |
8d2d37a4b48e
Tests: ssl_conf_command tests.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
101 ($s, $ssl) = get_ssl_socket(ciphers => |
8d2d37a4b48e
Tests: ssl_conf_command tests.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
102 'ECDHE-RSA-AES128-GCM-SHA256:ECDHE-RSA-AES256-GCM-SHA384'); |
8d2d37a4b48e
Tests: ssl_conf_command tests.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
103 is(Net::SSLeay::get_cipher($ssl), |
8d2d37a4b48e
Tests: ssl_conf_command tests.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
104 'ECDHE-RSA-AES128-GCM-SHA256', 'ServerPreference'); |
8d2d37a4b48e
Tests: ssl_conf_command tests.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
105 |
8d2d37a4b48e
Tests: ssl_conf_command tests.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
106 ############################################################################### |
8d2d37a4b48e
Tests: ssl_conf_command tests.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
107 |
8d2d37a4b48e
Tests: ssl_conf_command tests.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
108 sub get_ssl_socket { |
8d2d37a4b48e
Tests: ssl_conf_command tests.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
109 my (%extra) = @_; |
8d2d37a4b48e
Tests: ssl_conf_command tests.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
110 |
8d2d37a4b48e
Tests: ssl_conf_command tests.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
111 my $s = IO::Socket::INET->new('127.0.0.1:' . port(8443)); |
8d2d37a4b48e
Tests: ssl_conf_command tests.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
112 my $ssl = Net::SSLeay::new($ctx) or die("Failed to create SSL $!"); |
8d2d37a4b48e
Tests: ssl_conf_command tests.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
113 Net::SSLeay::set_session($ssl, $extra{ses}) if $extra{ses}; |
8d2d37a4b48e
Tests: ssl_conf_command tests.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
114 Net::SSLeay::set_cipher_list($ssl, $extra{ciphers}) if $extra{ciphers}; |
8d2d37a4b48e
Tests: ssl_conf_command tests.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
115 Net::SSLeay::set_fd($ssl, fileno($s)); |
8d2d37a4b48e
Tests: ssl_conf_command tests.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
116 Net::SSLeay::connect($ssl) or die("ssl connect"); |
8d2d37a4b48e
Tests: ssl_conf_command tests.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
117 return ($s, $ssl); |
8d2d37a4b48e
Tests: ssl_conf_command tests.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
118 } |
8d2d37a4b48e
Tests: ssl_conf_command tests.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
119 |
8d2d37a4b48e
Tests: ssl_conf_command tests.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
120 ############################################################################### |