nginx-tests: ssl.t annotate

annotate ssl.t @ 1938:e1059682aeef

Tests: fixed ClientHello with resending Initial QUIC packets. Previously it was rebuilt each time using distinct ClientHello.random resulting in different CRYPTO payload. As such, it led to TLS digest hash and derived secrets mismatch when resending Initial packet. Now ClientHello is built once and reused when resending Initial packets. Additionally, this required to preserve a generated secret value used in shared secret calculation as part of TLS key schedule. Previously it was regenerated when receiving a Retry packet, but this won't work with reused ClientHello as the resulting shared secrets won't match.

author	Sergey Kandaurov <pluknet@nginx.com>
date	Wed, 30 Aug 2023 02:22:58 +0400
parents	a797d7428fa5
children	0b5ec15c62ed

rev	line source
370 74cfe56c7b83 Tests: simple https tests. Sergey Kandaurov <pluknet@nginx.com> parents: diff changeset	1 #!/usr/bin/perl
74cfe56c7b83 Tests: simple https tests. Sergey Kandaurov <pluknet@nginx.com> parents: diff changeset	2
74cfe56c7b83 Tests: simple https tests. Sergey Kandaurov <pluknet@nginx.com> parents: diff changeset	3 # (C) Sergey Kandaurov
664 97660514e518 Tests: more http ssl tests. Andrey Zelenkov <zelenkov@nginx.com> parents: 503 diff changeset	4 # (C) Andrey Zelenkov
370 74cfe56c7b83 Tests: simple https tests. Sergey Kandaurov <pluknet@nginx.com> parents: diff changeset	5 # (C) Nginx, Inc.
74cfe56c7b83 Tests: simple https tests. Sergey Kandaurov <pluknet@nginx.com> parents: diff changeset	6
74cfe56c7b83 Tests: simple https tests. Sergey Kandaurov <pluknet@nginx.com> parents: diff changeset	7 # Tests for http ssl module.
74cfe56c7b83 Tests: simple https tests. Sergey Kandaurov <pluknet@nginx.com> parents: diff changeset	8
74cfe56c7b83 Tests: simple https tests. Sergey Kandaurov <pluknet@nginx.com> parents: diff changeset	9 ###############################################################################
74cfe56c7b83 Tests: simple https tests. Sergey Kandaurov <pluknet@nginx.com> parents: diff changeset	10
74cfe56c7b83 Tests: simple https tests. Sergey Kandaurov <pluknet@nginx.com> parents: diff changeset	11 use warnings;
74cfe56c7b83 Tests: simple https tests. Sergey Kandaurov <pluknet@nginx.com> parents: diff changeset	12 use strict;
74cfe56c7b83 Tests: simple https tests. Sergey Kandaurov <pluknet@nginx.com> parents: diff changeset	13
74cfe56c7b83 Tests: simple https tests. Sergey Kandaurov <pluknet@nginx.com> parents: diff changeset	14 use Test::More;
74cfe56c7b83 Tests: simple https tests. Sergey Kandaurov <pluknet@nginx.com> parents: diff changeset	15
1325 f80176242a7e Tests: c->read->ready handling in ngx_ssl_recv(), fixed in 1.5.8. Sergey Kandaurov <pluknet@nginx.com> parents: 1324 diff changeset	16 use Socket qw/ CRLF /;
1866 a797d7428fa5 Tests: simplified http SSL tests with IO::Socket::SSL. Maxim Dounin <mdounin@mdounin.ru> parents: 1858 diff changeset	17 use IO::Select;
1325 f80176242a7e Tests: c->read->ready handling in ngx_ssl_recv(), fixed in 1.5.8. Sergey Kandaurov <pluknet@nginx.com> parents: 1324 diff changeset	18
370 74cfe56c7b83 Tests: simple https tests. Sergey Kandaurov <pluknet@nginx.com> parents: diff changeset	19 BEGIN { use FindBin; chdir($FindBin::Bin); }
74cfe56c7b83 Tests: simple https tests. Sergey Kandaurov <pluknet@nginx.com> parents: diff changeset	20
74cfe56c7b83 Tests: simple https tests. Sergey Kandaurov <pluknet@nginx.com> parents: diff changeset	21 use lib 'lib';
74cfe56c7b83 Tests: simple https tests. Sergey Kandaurov <pluknet@nginx.com> parents: diff changeset	22 use Test::Nginx;
74cfe56c7b83 Tests: simple https tests. Sergey Kandaurov <pluknet@nginx.com> parents: diff changeset	23
74cfe56c7b83 Tests: simple https tests. Sergey Kandaurov <pluknet@nginx.com> parents: diff changeset	24 ###############################################################################
74cfe56c7b83 Tests: simple https tests. Sergey Kandaurov <pluknet@nginx.com> parents: diff changeset	25
74cfe56c7b83 Tests: simple https tests. Sergey Kandaurov <pluknet@nginx.com> parents: diff changeset	26 select STDERR; $\| = 1;
74cfe56c7b83 Tests: simple https tests. Sergey Kandaurov <pluknet@nginx.com> parents: diff changeset	27 select STDOUT; $\| = 1;
74cfe56c7b83 Tests: simple https tests. Sergey Kandaurov <pluknet@nginx.com> parents: diff changeset	28
1858 cdcd75657e52 Tests: added has_feature() tests for IO::Socket::SSL. Maxim Dounin <mdounin@mdounin.ru> parents: 1830 diff changeset	29 my $t = Test::Nginx->new()->has(qw/http http_ssl rewrite proxy socket_ssl/)
1829 a78c32419f02 Tests: separate SSL session reuse tests. Maxim Dounin <mdounin@mdounin.ru> parents: 1820 diff changeset	30 ->has_daemon('openssl')->plan(21);
370 74cfe56c7b83 Tests: simple https tests. Sergey Kandaurov <pluknet@nginx.com> parents: diff changeset	31
1068 d0ec761774a5 Tests: client certificate issuer/subject variables. Sergey Kandaurov <pluknet@nginx.com> parents: 1067 diff changeset	32 $t->write_file_expand('nginx.conf', <<'EOF');
370 74cfe56c7b83 Tests: simple https tests. Sergey Kandaurov <pluknet@nginx.com> parents: diff changeset	33
74cfe56c7b83 Tests: simple https tests. Sergey Kandaurov <pluknet@nginx.com> parents: diff changeset	34 %%TEST_GLOBALS%%
74cfe56c7b83 Tests: simple https tests. Sergey Kandaurov <pluknet@nginx.com> parents: diff changeset	35
74cfe56c7b83 Tests: simple https tests. Sergey Kandaurov <pluknet@nginx.com> parents: diff changeset	36 daemon off;
74cfe56c7b83 Tests: simple https tests. Sergey Kandaurov <pluknet@nginx.com> parents: diff changeset	37
74cfe56c7b83 Tests: simple https tests. Sergey Kandaurov <pluknet@nginx.com> parents: diff changeset	38 events {
74cfe56c7b83 Tests: simple https tests. Sergey Kandaurov <pluknet@nginx.com> parents: diff changeset	39 }
74cfe56c7b83 Tests: simple https tests. Sergey Kandaurov <pluknet@nginx.com> parents: diff changeset	40
74cfe56c7b83 Tests: simple https tests. Sergey Kandaurov <pluknet@nginx.com> parents: diff changeset	41 http {
74cfe56c7b83 Tests: simple https tests. Sergey Kandaurov <pluknet@nginx.com> parents: diff changeset	42 %%TEST_GLOBALS_HTTP%%
74cfe56c7b83 Tests: simple https tests. Sergey Kandaurov <pluknet@nginx.com> parents: diff changeset	43
664 97660514e518 Tests: more http ssl tests. Andrey Zelenkov <zelenkov@nginx.com> parents: 503 diff changeset	44 ssl_certificate_key localhost.key;
97660514e518 Tests: more http ssl tests. Andrey Zelenkov <zelenkov@nginx.com> parents: 503 diff changeset	45 ssl_certificate localhost.crt;
97660514e518 Tests: more http ssl tests. Andrey Zelenkov <zelenkov@nginx.com> parents: 503 diff changeset	46
1675 0d1cec688111 Tests: logging ssl variables with lingering close. Sergey Kandaurov <pluknet@nginx.com> parents: 1655 diff changeset	47 log_format ssl $ssl_protocol;
0d1cec688111 Tests: logging ssl variables with lingering close. Sergey Kandaurov <pluknet@nginx.com> parents: 1655 diff changeset	48
370 74cfe56c7b83 Tests: simple https tests. Sergey Kandaurov <pluknet@nginx.com> parents: diff changeset	49 server {
974 882267679006 Tests: simplified parallel modifications in tests. Andrey Zelenkov <zelenkov@nginx.com> parents: 952 diff changeset	50 listen 127.0.0.1:8085 ssl;
882267679006 Tests: simplified parallel modifications in tests. Andrey Zelenkov <zelenkov@nginx.com> parents: 952 diff changeset	51 listen 127.0.0.1:8080;
370 74cfe56c7b83 Tests: simple https tests. Sergey Kandaurov <pluknet@nginx.com> parents: diff changeset	52 server_name localhost;
74cfe56c7b83 Tests: simple https tests. Sergey Kandaurov <pluknet@nginx.com> parents: diff changeset	53
664 97660514e518 Tests: more http ssl tests. Andrey Zelenkov <zelenkov@nginx.com> parents: 503 diff changeset	54 ssl_certificate_key inner.key;
97660514e518 Tests: more http ssl tests. Andrey Zelenkov <zelenkov@nginx.com> parents: 503 diff changeset	55 ssl_certificate inner.crt;
503 071e8941e3bf Tests: reduce shared memory zone sizes. Maxim Dounin <mdounin@mdounin.ru> parents: 430 diff changeset	56 ssl_session_cache shared:SSL:1m;
1829 a78c32419f02 Tests: separate SSL session reuse tests. Maxim Dounin <mdounin@mdounin.ru> parents: 1820 diff changeset	57 ssl_session_tickets on;
1068 d0ec761774a5 Tests: client certificate issuer/subject variables. Sergey Kandaurov <pluknet@nginx.com> parents: 1067 diff changeset	58 ssl_verify_client optional_no_ca;
370 74cfe56c7b83 Tests: simple https tests. Sergey Kandaurov <pluknet@nginx.com> parents: diff changeset	59
1552 3b6b2667ece9 Tests: added https test with pipelined requests. Sergey Kandaurov <pluknet@nginx.com> parents: 1514 diff changeset	60 keepalive_requests 1000;
3b6b2667ece9 Tests: added https test with pipelined requests. Sergey Kandaurov <pluknet@nginx.com> parents: 1514 diff changeset	61
1514 c6f27bcdd9d9 Tests: revised ssl.t. Sergey Kandaurov <pluknet@nginx.com> parents: 1488 diff changeset	62 location / {
370 74cfe56c7b83 Tests: simple https tests. Sergey Kandaurov <pluknet@nginx.com> parents: diff changeset	63 return 200 "body $ssl_session_reused";
74cfe56c7b83 Tests: simple https tests. Sergey Kandaurov <pluknet@nginx.com> parents: diff changeset	64 }
74cfe56c7b83 Tests: simple https tests. Sergey Kandaurov <pluknet@nginx.com> parents: diff changeset	65 location /id {
74cfe56c7b83 Tests: simple https tests. Sergey Kandaurov <pluknet@nginx.com> parents: diff changeset	66 return 200 "body $ssl_session_id";
74cfe56c7b83 Tests: simple https tests. Sergey Kandaurov <pluknet@nginx.com> parents: diff changeset	67 }
664 97660514e518 Tests: more http ssl tests. Andrey Zelenkov <zelenkov@nginx.com> parents: 503 diff changeset	68 location /cipher {
97660514e518 Tests: more http ssl tests. Andrey Zelenkov <zelenkov@nginx.com> parents: 503 diff changeset	69 return 200 "body $ssl_cipher";
97660514e518 Tests: more http ssl tests. Andrey Zelenkov <zelenkov@nginx.com> parents: 503 diff changeset	70 }
1514 c6f27bcdd9d9 Tests: revised ssl.t. Sergey Kandaurov <pluknet@nginx.com> parents: 1488 diff changeset	71 location /ciphers {
c6f27bcdd9d9 Tests: revised ssl.t. Sergey Kandaurov <pluknet@nginx.com> parents: 1488 diff changeset	72 return 200 "body $ssl_ciphers";
c6f27bcdd9d9 Tests: revised ssl.t. Sergey Kandaurov <pluknet@nginx.com> parents: 1488 diff changeset	73 }
664 97660514e518 Tests: more http ssl tests. Andrey Zelenkov <zelenkov@nginx.com> parents: 503 diff changeset	74 location /client_verify {
97660514e518 Tests: more http ssl tests. Andrey Zelenkov <zelenkov@nginx.com> parents: 503 diff changeset	75 return 200 "body $ssl_client_verify";
97660514e518 Tests: more http ssl tests. Andrey Zelenkov <zelenkov@nginx.com> parents: 503 diff changeset	76 }
97660514e518 Tests: more http ssl tests. Andrey Zelenkov <zelenkov@nginx.com> parents: 503 diff changeset	77 location /protocol {
97660514e518 Tests: more http ssl tests. Andrey Zelenkov <zelenkov@nginx.com> parents: 503 diff changeset	78 return 200 "body $ssl_protocol";
97660514e518 Tests: more http ssl tests. Andrey Zelenkov <zelenkov@nginx.com> parents: 503 diff changeset	79 }
1068 d0ec761774a5 Tests: client certificate issuer/subject variables. Sergey Kandaurov <pluknet@nginx.com> parents: 1067 diff changeset	80 location /issuer {
1382 cb1346b553aa Tests: simple https tests merged back. Sergey Kandaurov <pluknet@nginx.com> parents: 1325 diff changeset	81 return 200 "body $ssl_client_i_dn:$ssl_client_i_dn_legacy";
1068 d0ec761774a5 Tests: client certificate issuer/subject variables. Sergey Kandaurov <pluknet@nginx.com> parents: 1067 diff changeset	82 }
d0ec761774a5 Tests: client certificate issuer/subject variables. Sergey Kandaurov <pluknet@nginx.com> parents: 1067 diff changeset	83 location /subject {
1382 cb1346b553aa Tests: simple https tests merged back. Sergey Kandaurov <pluknet@nginx.com> parents: 1325 diff changeset	84 return 200 "body $ssl_client_s_dn:$ssl_client_s_dn_legacy";
cb1346b553aa Tests: simple https tests merged back. Sergey Kandaurov <pluknet@nginx.com> parents: 1325 diff changeset	85 }
cb1346b553aa Tests: simple https tests merged back. Sergey Kandaurov <pluknet@nginx.com> parents: 1325 diff changeset	86 location /time {
cb1346b553aa Tests: simple https tests merged back. Sergey Kandaurov <pluknet@nginx.com> parents: 1325 diff changeset	87 return 200 "body $ssl_client_v_start!$ssl_client_v_end!$ssl_client_v_remain";
1094 dd8f126afa32 Tests: client certificate time variables tests. Andrey Zelenkov <zelenkov@nginx.com> parents: 1093 diff changeset	88 }
1325 f80176242a7e Tests: c->read->ready handling in ngx_ssl_recv(), fixed in 1.5.8. Sergey Kandaurov <pluknet@nginx.com> parents: 1324 diff changeset	89
f80176242a7e Tests: c->read->ready handling in ngx_ssl_recv(), fixed in 1.5.8. Sergey Kandaurov <pluknet@nginx.com> parents: 1324 diff changeset	90 location /body {
f80176242a7e Tests: c->read->ready handling in ngx_ssl_recv(), fixed in 1.5.8. Sergey Kandaurov <pluknet@nginx.com> parents: 1324 diff changeset	91 add_header X-Body $request_body always;
f80176242a7e Tests: c->read->ready handling in ngx_ssl_recv(), fixed in 1.5.8. Sergey Kandaurov <pluknet@nginx.com> parents: 1324 diff changeset	92 proxy_pass http://127.0.0.1:8080/;
1675 0d1cec688111 Tests: logging ssl variables with lingering close. Sergey Kandaurov <pluknet@nginx.com> parents: 1655 diff changeset	93
0d1cec688111 Tests: logging ssl variables with lingering close. Sergey Kandaurov <pluknet@nginx.com> parents: 1655 diff changeset	94 access_log %%TESTDIR%%/ssl.log ssl;
1325 f80176242a7e Tests: c->read->ready handling in ngx_ssl_recv(), fixed in 1.5.8. Sergey Kandaurov <pluknet@nginx.com> parents: 1324 diff changeset	95 }
664 97660514e518 Tests: more http ssl tests. Andrey Zelenkov <zelenkov@nginx.com> parents: 503 diff changeset	96 }
97660514e518 Tests: more http ssl tests. Andrey Zelenkov <zelenkov@nginx.com> parents: 503 diff changeset	97
97660514e518 Tests: more http ssl tests. Andrey Zelenkov <zelenkov@nginx.com> parents: 503 diff changeset	98 server {
1655 666d54ab5036 Tests: ssl_session_timeout fixes. Sergey Kandaurov <pluknet@nginx.com> parents: 1608 diff changeset	99 listen 127.0.0.1:8086 ssl;
666d54ab5036 Tests: ssl_session_timeout fixes. Sergey Kandaurov <pluknet@nginx.com> parents: 1608 diff changeset	100 server_name localhost;
666d54ab5036 Tests: ssl_session_timeout fixes. Sergey Kandaurov <pluknet@nginx.com> parents: 1608 diff changeset	101
666d54ab5036 Tests: ssl_session_timeout fixes. Sergey Kandaurov <pluknet@nginx.com> parents: 1608 diff changeset	102 ssl_session_cache shared:SSL:1m;
1829 a78c32419f02 Tests: separate SSL session reuse tests. Maxim Dounin <mdounin@mdounin.ru> parents: 1820 diff changeset	103 ssl_session_tickets on;
1655 666d54ab5036 Tests: ssl_session_timeout fixes. Sergey Kandaurov <pluknet@nginx.com> parents: 1608 diff changeset	104 ssl_session_timeout 1;
666d54ab5036 Tests: ssl_session_timeout fixes. Sergey Kandaurov <pluknet@nginx.com> parents: 1608 diff changeset	105
666d54ab5036 Tests: ssl_session_timeout fixes. Sergey Kandaurov <pluknet@nginx.com> parents: 1608 diff changeset	106 location / {
666d54ab5036 Tests: ssl_session_timeout fixes. Sergey Kandaurov <pluknet@nginx.com> parents: 1608 diff changeset	107 return 200 "body $ssl_session_reused";
666d54ab5036 Tests: ssl_session_timeout fixes. Sergey Kandaurov <pluknet@nginx.com> parents: 1608 diff changeset	108 }
666d54ab5036 Tests: ssl_session_timeout fixes. Sergey Kandaurov <pluknet@nginx.com> parents: 1608 diff changeset	109 }
370 74cfe56c7b83 Tests: simple https tests. Sergey Kandaurov <pluknet@nginx.com> parents: diff changeset	110 }
74cfe56c7b83 Tests: simple https tests. Sergey Kandaurov <pluknet@nginx.com> parents: diff changeset	111
74cfe56c7b83 Tests: simple https tests. Sergey Kandaurov <pluknet@nginx.com> parents: diff changeset	112 EOF
74cfe56c7b83 Tests: simple https tests. Sergey Kandaurov <pluknet@nginx.com> parents: diff changeset	113
74cfe56c7b83 Tests: simple https tests. Sergey Kandaurov <pluknet@nginx.com> parents: diff changeset	114 $t->write_file('openssl.conf', <<EOF);
74cfe56c7b83 Tests: simple https tests. Sergey Kandaurov <pluknet@nginx.com> parents: diff changeset	115 [ req ]
1488 dbce8fb5f5f8 Tests: align with OpenSSL security level 2. Sergey Kandaurov <pluknet@nginx.com> parents: 1478 diff changeset	116 default_bits = 2048
370 74cfe56c7b83 Tests: simple https tests. Sergey Kandaurov <pluknet@nginx.com> parents: diff changeset	117 encrypt_key = no
74cfe56c7b83 Tests: simple https tests. Sergey Kandaurov <pluknet@nginx.com> parents: diff changeset	118 distinguished_name = req_distinguished_name
74cfe56c7b83 Tests: simple https tests. Sergey Kandaurov <pluknet@nginx.com> parents: diff changeset	119 [ req_distinguished_name ]
74cfe56c7b83 Tests: simple https tests. Sergey Kandaurov <pluknet@nginx.com> parents: diff changeset	120 EOF
74cfe56c7b83 Tests: simple https tests. Sergey Kandaurov <pluknet@nginx.com> parents: diff changeset	121
74cfe56c7b83 Tests: simple https tests. Sergey Kandaurov <pluknet@nginx.com> parents: diff changeset	122 my $d = $t->testdir();
74cfe56c7b83 Tests: simple https tests. Sergey Kandaurov <pluknet@nginx.com> parents: diff changeset	123
1068 d0ec761774a5 Tests: client certificate issuer/subject variables. Sergey Kandaurov <pluknet@nginx.com> parents: 1067 diff changeset	124 $t->write_file('ca.conf', <<EOF);
d0ec761774a5 Tests: client certificate issuer/subject variables. Sergey Kandaurov <pluknet@nginx.com> parents: 1067 diff changeset	125 [ ca ]
d0ec761774a5 Tests: client certificate issuer/subject variables. Sergey Kandaurov <pluknet@nginx.com> parents: 1067 diff changeset	126 default_ca = myca
d0ec761774a5 Tests: client certificate issuer/subject variables. Sergey Kandaurov <pluknet@nginx.com> parents: 1067 diff changeset	127
d0ec761774a5 Tests: client certificate issuer/subject variables. Sergey Kandaurov <pluknet@nginx.com> parents: 1067 diff changeset	128 [ myca ]
d0ec761774a5 Tests: client certificate issuer/subject variables. Sergey Kandaurov <pluknet@nginx.com> parents: 1067 diff changeset	129 new_certs_dir = $d
d0ec761774a5 Tests: client certificate issuer/subject variables. Sergey Kandaurov <pluknet@nginx.com> parents: 1067 diff changeset	130 database = $d/certindex
1488 dbce8fb5f5f8 Tests: align with OpenSSL security level 2. Sergey Kandaurov <pluknet@nginx.com> parents: 1478 diff changeset	131 default_md = sha256
1068 d0ec761774a5 Tests: client certificate issuer/subject variables. Sergey Kandaurov <pluknet@nginx.com> parents: 1067 diff changeset	132 policy = myca_policy
d0ec761774a5 Tests: client certificate issuer/subject variables. Sergey Kandaurov <pluknet@nginx.com> parents: 1067 diff changeset	133 serial = $d/certserial
1094 dd8f126afa32 Tests: client certificate time variables tests. Andrey Zelenkov <zelenkov@nginx.com> parents: 1093 diff changeset	134 default_days = 3
1068 d0ec761774a5 Tests: client certificate issuer/subject variables. Sergey Kandaurov <pluknet@nginx.com> parents: 1067 diff changeset	135
d0ec761774a5 Tests: client certificate issuer/subject variables. Sergey Kandaurov <pluknet@nginx.com> parents: 1067 diff changeset	136 [ myca_policy ]
d0ec761774a5 Tests: client certificate issuer/subject variables. Sergey Kandaurov <pluknet@nginx.com> parents: 1067 diff changeset	137 commonName = supplied
d0ec761774a5 Tests: client certificate issuer/subject variables. Sergey Kandaurov <pluknet@nginx.com> parents: 1067 diff changeset	138 EOF
d0ec761774a5 Tests: client certificate issuer/subject variables. Sergey Kandaurov <pluknet@nginx.com> parents: 1067 diff changeset	139
d0ec761774a5 Tests: client certificate issuer/subject variables. Sergey Kandaurov <pluknet@nginx.com> parents: 1067 diff changeset	140 $t->write_file('certserial', '1000');
d0ec761774a5 Tests: client certificate issuer/subject variables. Sergey Kandaurov <pluknet@nginx.com> parents: 1067 diff changeset	141 $t->write_file('certindex', '');
d0ec761774a5 Tests: client certificate issuer/subject variables. Sergey Kandaurov <pluknet@nginx.com> parents: 1067 diff changeset	142
d0ec761774a5 Tests: client certificate issuer/subject variables. Sergey Kandaurov <pluknet@nginx.com> parents: 1067 diff changeset	143 system('openssl req -x509 -new '
1220 0af58b78df35 Tests: removed single quotes from system() calls. Sergey Kandaurov <pluknet@nginx.com> parents: 1139 diff changeset	144 . "-config $d/openssl.conf -subj /CN=issuer/ "
0af58b78df35 Tests: removed single quotes from system() calls. Sergey Kandaurov <pluknet@nginx.com> parents: 1139 diff changeset	145 . "-out $d/issuer.crt -keyout $d/issuer.key "
1068 d0ec761774a5 Tests: client certificate issuer/subject variables. Sergey Kandaurov <pluknet@nginx.com> parents: 1067 diff changeset	146 . ">>$d/openssl.out 2>&1") == 0
d0ec761774a5 Tests: client certificate issuer/subject variables. Sergey Kandaurov <pluknet@nginx.com> parents: 1067 diff changeset	147 or die "Can't create certificate for issuer: $!\n";
d0ec761774a5 Tests: client certificate issuer/subject variables. Sergey Kandaurov <pluknet@nginx.com> parents: 1067 diff changeset	148
d0ec761774a5 Tests: client certificate issuer/subject variables. Sergey Kandaurov <pluknet@nginx.com> parents: 1067 diff changeset	149 system("openssl req -new "
1220 0af58b78df35 Tests: removed single quotes from system() calls. Sergey Kandaurov <pluknet@nginx.com> parents: 1139 diff changeset	150 . "-config $d/openssl.conf -subj /CN=subject/ "
0af58b78df35 Tests: removed single quotes from system() calls. Sergey Kandaurov <pluknet@nginx.com> parents: 1139 diff changeset	151 . "-out $d/subject.csr -keyout $d/subject.key "
1068 d0ec761774a5 Tests: client certificate issuer/subject variables. Sergey Kandaurov <pluknet@nginx.com> parents: 1067 diff changeset	152 . ">>$d/openssl.out 2>&1") == 0
d0ec761774a5 Tests: client certificate issuer/subject variables. Sergey Kandaurov <pluknet@nginx.com> parents: 1067 diff changeset	153 or die "Can't create certificate for subject: $!\n";
d0ec761774a5 Tests: client certificate issuer/subject variables. Sergey Kandaurov <pluknet@nginx.com> parents: 1067 diff changeset	154
1220 0af58b78df35 Tests: removed single quotes from system() calls. Sergey Kandaurov <pluknet@nginx.com> parents: 1139 diff changeset	155 system("openssl ca -batch -config $d/ca.conf "
0af58b78df35 Tests: removed single quotes from system() calls. Sergey Kandaurov <pluknet@nginx.com> parents: 1139 diff changeset	156 . "-keyfile $d/issuer.key -cert $d/issuer.crt "
0af58b78df35 Tests: removed single quotes from system() calls. Sergey Kandaurov <pluknet@nginx.com> parents: 1139 diff changeset	157 . "-subj /CN=subject/ -in $d/subject.csr -out $d/subject.crt "
1068 d0ec761774a5 Tests: client certificate issuer/subject variables. Sergey Kandaurov <pluknet@nginx.com> parents: 1067 diff changeset	158 . ">>$d/openssl.out 2>&1") == 0
d0ec761774a5 Tests: client certificate issuer/subject variables. Sergey Kandaurov <pluknet@nginx.com> parents: 1067 diff changeset	159 or die "Can't sign certificate for subject: $!\n";
d0ec761774a5 Tests: client certificate issuer/subject variables. Sergey Kandaurov <pluknet@nginx.com> parents: 1067 diff changeset	160
664 97660514e518 Tests: more http ssl tests. Andrey Zelenkov <zelenkov@nginx.com> parents: 503 diff changeset	161 foreach my $name ('localhost', 'inner') {
370 74cfe56c7b83 Tests: simple https tests. Sergey Kandaurov <pluknet@nginx.com> parents: diff changeset	162 system('openssl req -x509 -new '
1220 0af58b78df35 Tests: removed single quotes from system() calls. Sergey Kandaurov <pluknet@nginx.com> parents: 1139 diff changeset	163 . "-config $d/openssl.conf -subj /CN=$name/ "
0af58b78df35 Tests: removed single quotes from system() calls. Sergey Kandaurov <pluknet@nginx.com> parents: 1139 diff changeset	164 . "-out $d/$name.crt -keyout $d/$name.key "
370 74cfe56c7b83 Tests: simple https tests. Sergey Kandaurov <pluknet@nginx.com> parents: diff changeset	165 . ">>$d/openssl.out 2>&1") == 0
74cfe56c7b83 Tests: simple https tests. Sergey Kandaurov <pluknet@nginx.com> parents: diff changeset	166 or die "Can't create certificate for $name: $!\n";
74cfe56c7b83 Tests: simple https tests. Sergey Kandaurov <pluknet@nginx.com> parents: diff changeset	167 }
74cfe56c7b83 Tests: simple https tests. Sergey Kandaurov <pluknet@nginx.com> parents: diff changeset	168
1139 e7e968e3eb74 Tests: split ssl.t to run relevant tests on stable versions again. Sergey Kandaurov <pluknet@nginx.com> parents: 1132 diff changeset	169 $t->run();
370 74cfe56c7b83 Tests: simple https tests. Sergey Kandaurov <pluknet@nginx.com> parents: diff changeset	170
74cfe56c7b83 Tests: simple https tests. Sergey Kandaurov <pluknet@nginx.com> parents: diff changeset	171 ###############################################################################
74cfe56c7b83 Tests: simple https tests. Sergey Kandaurov <pluknet@nginx.com> parents: diff changeset	172
1829 a78c32419f02 Tests: separate SSL session reuse tests. Maxim Dounin <mdounin@mdounin.ru> parents: 1820 diff changeset	173 # ssl session reuse
664 97660514e518 Tests: more http ssl tests. Andrey Zelenkov <zelenkov@nginx.com> parents: 503 diff changeset	174
1829 a78c32419f02 Tests: separate SSL session reuse tests. Maxim Dounin <mdounin@mdounin.ru> parents: 1820 diff changeset	175 my $ctx = get_ssl_context();
1478 f9718a0773b9 Tests: skip TLS 1.3 session reuse tests with older Perl modules. Sergey Kandaurov <pluknet@nginx.com> parents: 1449 diff changeset	176
1829 a78c32419f02 Tests: separate SSL session reuse tests. Maxim Dounin <mdounin@mdounin.ru> parents: 1820 diff changeset	177 like(get('/', 8085, $ctx), qr/^body \.$/m, 'session');
1514 c6f27bcdd9d9 Tests: revised ssl.t. Sergey Kandaurov <pluknet@nginx.com> parents: 1488 diff changeset	178
1829 a78c32419f02 Tests: separate SSL session reuse tests. Maxim Dounin <mdounin@mdounin.ru> parents: 1820 diff changeset	179 TODO: {
a78c32419f02 Tests: separate SSL session reuse tests. Maxim Dounin <mdounin@mdounin.ru> parents: 1820 diff changeset	180 local $TODO = 'no TLSv1.3 sessions, old Net::SSLeay'
a78c32419f02 Tests: separate SSL session reuse tests. Maxim Dounin <mdounin@mdounin.ru> parents: 1820 diff changeset	181 if $Net::SSLeay::VERSION < 1.88 && test_tls13();
a78c32419f02 Tests: separate SSL session reuse tests. Maxim Dounin <mdounin@mdounin.ru> parents: 1820 diff changeset	182 local $TODO = 'no TLSv1.3 sessions, old IO::Socket::SSL'
a78c32419f02 Tests: separate SSL session reuse tests. Maxim Dounin <mdounin@mdounin.ru> parents: 1820 diff changeset	183 if $IO::Socket::SSL::VERSION < 2.061 && test_tls13();
1830 8dec885fa3da Tests: LibreSSL and BoringSSL session reuse with TLSv1.3. Maxim Dounin <mdounin@mdounin.ru> parents: 1829 diff changeset	184 local $TODO = 'no TLSv1.3 sessions in LibreSSL'
8dec885fa3da Tests: LibreSSL and BoringSSL session reuse with TLSv1.3. Maxim Dounin <mdounin@mdounin.ru> parents: 1829 diff changeset	185 if $t->has_module('LibreSSL') && test_tls13();
1514 c6f27bcdd9d9 Tests: revised ssl.t. Sergey Kandaurov <pluknet@nginx.com> parents: 1488 diff changeset	186
1829 a78c32419f02 Tests: separate SSL session reuse tests. Maxim Dounin <mdounin@mdounin.ru> parents: 1820 diff changeset	187 like(get('/', 8085, $ctx), qr/^body r$/m, 'session reused');
664 97660514e518 Tests: more http ssl tests. Andrey Zelenkov <zelenkov@nginx.com> parents: 503 diff changeset	188
1478 f9718a0773b9 Tests: skip TLS 1.3 session reuse tests with older Perl modules. Sergey Kandaurov <pluknet@nginx.com> parents: 1449 diff changeset	189 }
664 97660514e518 Tests: more http ssl tests. Andrey Zelenkov <zelenkov@nginx.com> parents: 503 diff changeset	190
97660514e518 Tests: more http ssl tests. Andrey Zelenkov <zelenkov@nginx.com> parents: 503 diff changeset	191 # ssl certificate inheritance
97660514e518 Tests: more http ssl tests. Andrey Zelenkov <zelenkov@nginx.com> parents: 503 diff changeset	192
1829 a78c32419f02 Tests: separate SSL session reuse tests. Maxim Dounin <mdounin@mdounin.ru> parents: 1820 diff changeset	193 my $s = get_ssl_socket(8086);
664 97660514e518 Tests: more http ssl tests. Andrey Zelenkov <zelenkov@nginx.com> parents: 503 diff changeset	194 like($s->dump_peer_certificate(), qr/CN=localhost/, 'CN');
97660514e518 Tests: more http ssl tests. Andrey Zelenkov <zelenkov@nginx.com> parents: 503 diff changeset	195
1514 c6f27bcdd9d9 Tests: revised ssl.t. Sergey Kandaurov <pluknet@nginx.com> parents: 1488 diff changeset	196 $s = get_ssl_socket(8085);
664 97660514e518 Tests: more http ssl tests. Andrey Zelenkov <zelenkov@nginx.com> parents: 503 diff changeset	197 like($s->dump_peer_certificate(), qr/CN=inner/, 'CN inner');
97660514e518 Tests: more http ssl tests. Andrey Zelenkov <zelenkov@nginx.com> parents: 503 diff changeset	198
97660514e518 Tests: more http ssl tests. Andrey Zelenkov <zelenkov@nginx.com> parents: 503 diff changeset	199 # session timeout
97660514e518 Tests: more http ssl tests. Andrey Zelenkov <zelenkov@nginx.com> parents: 503 diff changeset	200
1655 666d54ab5036 Tests: ssl_session_timeout fixes. Sergey Kandaurov <pluknet@nginx.com> parents: 1608 diff changeset	201 $ctx = get_ssl_context();
666d54ab5036 Tests: ssl_session_timeout fixes. Sergey Kandaurov <pluknet@nginx.com> parents: 1608 diff changeset	202
666d54ab5036 Tests: ssl_session_timeout fixes. Sergey Kandaurov <pluknet@nginx.com> parents: 1608 diff changeset	203 get('/', 8086, $ctx);
664 97660514e518 Tests: more http ssl tests. Andrey Zelenkov <zelenkov@nginx.com> parents: 503 diff changeset	204 select undef, undef, undef, 2.1;
97660514e518 Tests: more http ssl tests. Andrey Zelenkov <zelenkov@nginx.com> parents: 503 diff changeset	205
1655 666d54ab5036 Tests: ssl_session_timeout fixes. Sergey Kandaurov <pluknet@nginx.com> parents: 1608 diff changeset	206 like(get('/', 8086, $ctx), qr/^body \.$/m, 'session timeout');
664 97660514e518 Tests: more http ssl tests. Andrey Zelenkov <zelenkov@nginx.com> parents: 503 diff changeset	207
97660514e518 Tests: more http ssl tests. Andrey Zelenkov <zelenkov@nginx.com> parents: 503 diff changeset	208 # embedded variables
370 74cfe56c7b83 Tests: simple https tests. Sergey Kandaurov <pluknet@nginx.com> parents: diff changeset	209
1829 a78c32419f02 Tests: separate SSL session reuse tests. Maxim Dounin <mdounin@mdounin.ru> parents: 1820 diff changeset	210 $ctx = get_ssl_context();
a78c32419f02 Tests: separate SSL session reuse tests. Maxim Dounin <mdounin@mdounin.ru> parents: 1820 diff changeset	211 like(get('/id', 8085, $ctx), qr/^body (\w{64})?$/m, 'session id');
1830 8dec885fa3da Tests: LibreSSL and BoringSSL session reuse with TLSv1.3. Maxim Dounin <mdounin@mdounin.ru> parents: 1829 diff changeset	212
8dec885fa3da Tests: LibreSSL and BoringSSL session reuse with TLSv1.3. Maxim Dounin <mdounin@mdounin.ru> parents: 1829 diff changeset	213 TODO: {
8dec885fa3da Tests: LibreSSL and BoringSSL session reuse with TLSv1.3. Maxim Dounin <mdounin@mdounin.ru> parents: 1829 diff changeset	214 local $TODO = 'no TLSv1.3 sessions in LibreSSL'
8dec885fa3da Tests: LibreSSL and BoringSSL session reuse with TLSv1.3. Maxim Dounin <mdounin@mdounin.ru> parents: 1829 diff changeset	215 if $t->has_module('LibreSSL') && test_tls13();
8dec885fa3da Tests: LibreSSL and BoringSSL session reuse with TLSv1.3. Maxim Dounin <mdounin@mdounin.ru> parents: 1829 diff changeset	216 local $TODO = 'no TLSv1.3 sessions ids in BoringSSL'
8dec885fa3da Tests: LibreSSL and BoringSSL session reuse with TLSv1.3. Maxim Dounin <mdounin@mdounin.ru> parents: 1829 diff changeset	217 if $t->has_module('BoringSSL') && test_tls13();
8dec885fa3da Tests: LibreSSL and BoringSSL session reuse with TLSv1.3. Maxim Dounin <mdounin@mdounin.ru> parents: 1829 diff changeset	218
1829 a78c32419f02 Tests: separate SSL session reuse tests. Maxim Dounin <mdounin@mdounin.ru> parents: 1820 diff changeset	219 like(get('/id', 8085, $ctx), qr/^body \w{64}$/m, 'session id reused');
a78c32419f02 Tests: separate SSL session reuse tests. Maxim Dounin <mdounin@mdounin.ru> parents: 1820 diff changeset	220
1830 8dec885fa3da Tests: LibreSSL and BoringSSL session reuse with TLSv1.3. Maxim Dounin <mdounin@mdounin.ru> parents: 1829 diff changeset	221 }
8dec885fa3da Tests: LibreSSL and BoringSSL session reuse with TLSv1.3. Maxim Dounin <mdounin@mdounin.ru> parents: 1829 diff changeset	222
370 74cfe56c7b83 Tests: simple https tests. Sergey Kandaurov <pluknet@nginx.com> parents: diff changeset	223 unlike(http_get('/id'), qr/body \w/, 'session id no ssl');
1829 a78c32419f02 Tests: separate SSL session reuse tests. Maxim Dounin <mdounin@mdounin.ru> parents: 1820 diff changeset	224
1067 4606a2ec3d7c Tests: ssl.t cleanup, no functional changes. Sergey Kandaurov <pluknet@nginx.com> parents: 974 diff changeset	225 like(get('/cipher', 8085), qr/^body [\w-]+$/m, 'cipher');
1514 c6f27bcdd9d9 Tests: revised ssl.t. Sergey Kandaurov <pluknet@nginx.com> parents: 1488 diff changeset	226
c6f27bcdd9d9 Tests: revised ssl.t. Sergey Kandaurov <pluknet@nginx.com> parents: 1488 diff changeset	227 SKIP: {
c6f27bcdd9d9 Tests: revised ssl.t. Sergey Kandaurov <pluknet@nginx.com> parents: 1488 diff changeset	228 skip 'BoringSSL', 1 if $t->has_module('BoringSSL');
c6f27bcdd9d9 Tests: revised ssl.t. Sergey Kandaurov <pluknet@nginx.com> parents: 1488 diff changeset	229
c6f27bcdd9d9 Tests: revised ssl.t. Sergey Kandaurov <pluknet@nginx.com> parents: 1488 diff changeset	230 like(get('/ciphers', 8085), qr/^body [:\w-]+$/m, 'ciphers');
c6f27bcdd9d9 Tests: revised ssl.t. Sergey Kandaurov <pluknet@nginx.com> parents: 1488 diff changeset	231
c6f27bcdd9d9 Tests: revised ssl.t. Sergey Kandaurov <pluknet@nginx.com> parents: 1488 diff changeset	232 }
c6f27bcdd9d9 Tests: revised ssl.t. Sergey Kandaurov <pluknet@nginx.com> parents: 1488 diff changeset	233
1067 4606a2ec3d7c Tests: ssl.t cleanup, no functional changes. Sergey Kandaurov <pluknet@nginx.com> parents: 974 diff changeset	234 like(get('/client_verify', 8085), qr/^body NONE$/m, 'client verify');
4606a2ec3d7c Tests: ssl.t cleanup, no functional changes. Sergey Kandaurov <pluknet@nginx.com> parents: 974 diff changeset	235 like(get('/protocol', 8085), qr/^body (TLS\|SSL)v(\d\|\.)+$/m, 'protocol');
1382 cb1346b553aa Tests: simple https tests merged back. Sergey Kandaurov <pluknet@nginx.com> parents: 1325 diff changeset	236 like(cert('/issuer', 8085), qr!^body CN=issuer:/CN=issuer$!m, 'issuer');
cb1346b553aa Tests: simple https tests merged back. Sergey Kandaurov <pluknet@nginx.com> parents: 1325 diff changeset	237 like(cert('/subject', 8085), qr!^body CN=subject:/CN=subject$!m, 'subject');
cb1346b553aa Tests: simple https tests merged back. Sergey Kandaurov <pluknet@nginx.com> parents: 1325 diff changeset	238 like(cert('/time', 8085), qr/^body [:\s\w]+![:\s\w]+![23]$/m, 'time');
1139 e7e968e3eb74 Tests: split ssl.t to run relevant tests on stable versions again. Sergey Kandaurov <pluknet@nginx.com> parents: 1132 diff changeset	239
1325 f80176242a7e Tests: c->read->ready handling in ngx_ssl_recv(), fixed in 1.5.8. Sergey Kandaurov <pluknet@nginx.com> parents: 1324 diff changeset	240 # c->read->ready handling bug in ngx_ssl_recv(), triggered with chunked body
f80176242a7e Tests: c->read->ready handling in ngx_ssl_recv(), fixed in 1.5.8. Sergey Kandaurov <pluknet@nginx.com> parents: 1324 diff changeset	241
f80176242a7e Tests: c->read->ready handling in ngx_ssl_recv(), fixed in 1.5.8. Sergey Kandaurov <pluknet@nginx.com> parents: 1324 diff changeset	242 like(get_body('/body', '0123456789', 20, 5), qr/X-Body: (0123456789){100}/,
f80176242a7e Tests: c->read->ready handling in ngx_ssl_recv(), fixed in 1.5.8. Sergey Kandaurov <pluknet@nginx.com> parents: 1324 diff changeset	243 'request body chunked');
f80176242a7e Tests: c->read->ready handling in ngx_ssl_recv(), fixed in 1.5.8. Sergey Kandaurov <pluknet@nginx.com> parents: 1324 diff changeset	244
1552 3b6b2667ece9 Tests: added https test with pipelined requests. Sergey Kandaurov <pluknet@nginx.com> parents: 1514 diff changeset	245 # pipelined requests
3b6b2667ece9 Tests: added https test with pipelined requests. Sergey Kandaurov <pluknet@nginx.com> parents: 1514 diff changeset	246
3b6b2667ece9 Tests: added https test with pipelined requests. Sergey Kandaurov <pluknet@nginx.com> parents: 1514 diff changeset	247 $s = get_ssl_socket(8085);
3b6b2667ece9 Tests: added https test with pipelined requests. Sergey Kandaurov <pluknet@nginx.com> parents: 1514 diff changeset	248 my $req = <<EOF;
3b6b2667ece9 Tests: added https test with pipelined requests. Sergey Kandaurov <pluknet@nginx.com> parents: 1514 diff changeset	249 GET / HTTP/1.1
3b6b2667ece9 Tests: added https test with pipelined requests. Sergey Kandaurov <pluknet@nginx.com> parents: 1514 diff changeset	250 Host: localhost
3b6b2667ece9 Tests: added https test with pipelined requests. Sergey Kandaurov <pluknet@nginx.com> parents: 1514 diff changeset	251
3b6b2667ece9 Tests: added https test with pipelined requests. Sergey Kandaurov <pluknet@nginx.com> parents: 1514 diff changeset	252 EOF
3b6b2667ece9 Tests: added https test with pipelined requests. Sergey Kandaurov <pluknet@nginx.com> parents: 1514 diff changeset	253
3b6b2667ece9 Tests: added https test with pipelined requests. Sergey Kandaurov <pluknet@nginx.com> parents: 1514 diff changeset	254 $req x= 1000;
3b6b2667ece9 Tests: added https test with pipelined requests. Sergey Kandaurov <pluknet@nginx.com> parents: 1514 diff changeset	255
3b6b2667ece9 Tests: added https test with pipelined requests. Sergey Kandaurov <pluknet@nginx.com> parents: 1514 diff changeset	256 my $r = http($req, socket => $s) \|\| "";
1820 84b6bb8d74e5 Tests: speedup lingering close with request pipelining. Sergey Kandaurov <pluknet@nginx.com> parents: 1748 diff changeset	257 $s = undef;
1552 3b6b2667ece9 Tests: added https test with pipelined requests. Sergey Kandaurov <pluknet@nginx.com> parents: 1514 diff changeset	258 is(() = $r =~ /(200 OK)/g, 1000, 'pipelined requests');
3b6b2667ece9 Tests: added https test with pipelined requests. Sergey Kandaurov <pluknet@nginx.com> parents: 1514 diff changeset	259
1723 3581dc3c1937 Tests: added ssl test for "unexpected eof while reading". Sergey Kandaurov <pluknet@nginx.com> parents: 1695 diff changeset	260 # OpenSSL 3.0 error "unexpected eof while reading" seen as a critical error
3581dc3c1937 Tests: added ssl test for "unexpected eof while reading". Sergey Kandaurov <pluknet@nginx.com> parents: 1695 diff changeset	261
3581dc3c1937 Tests: added ssl test for "unexpected eof while reading". Sergey Kandaurov <pluknet@nginx.com> parents: 1695 diff changeset	262 ok(get_ssl_socket(8085), 'ssl unexpected eof');
3581dc3c1937 Tests: added ssl test for "unexpected eof while reading". Sergey Kandaurov <pluknet@nginx.com> parents: 1695 diff changeset	263
1608 2f00ed2e0d1a Tests: added test for SSL shutdown on lingering close. Sergey Kandaurov <pluknet@nginx.com> parents: 1552 diff changeset	264 # close_notify is sent before lingering close
2f00ed2e0d1a Tests: added test for SSL shutdown on lingering close. Sergey Kandaurov <pluknet@nginx.com> parents: 1552 diff changeset	265
2f00ed2e0d1a Tests: added test for SSL shutdown on lingering close. Sergey Kandaurov <pluknet@nginx.com> parents: 1552 diff changeset	266 is(get_ssl_shutdown(8085), 1, 'ssl shutdown on lingering close');
2f00ed2e0d1a Tests: added test for SSL shutdown on lingering close. Sergey Kandaurov <pluknet@nginx.com> parents: 1552 diff changeset	267
1675 0d1cec688111 Tests: logging ssl variables with lingering close. Sergey Kandaurov <pluknet@nginx.com> parents: 1655 diff changeset	268 $t->stop();
0d1cec688111 Tests: logging ssl variables with lingering close. Sergey Kandaurov <pluknet@nginx.com> parents: 1655 diff changeset	269
0d1cec688111 Tests: logging ssl variables with lingering close. Sergey Kandaurov <pluknet@nginx.com> parents: 1655 diff changeset	270 like($t->read_file('ssl.log'), qr/^(TLS\|SSL)v(\d\|\.)+$/m,
0d1cec688111 Tests: logging ssl variables with lingering close. Sergey Kandaurov <pluknet@nginx.com> parents: 1655 diff changeset	271 'log ssl variable on lingering close');
0d1cec688111 Tests: logging ssl variables with lingering close. Sergey Kandaurov <pluknet@nginx.com> parents: 1655 diff changeset	272
1723 3581dc3c1937 Tests: added ssl test for "unexpected eof while reading". Sergey Kandaurov <pluknet@nginx.com> parents: 1695 diff changeset	273 like(`grep -F '[crit]' ${\($t->testdir())}/error.log`, qr/^$/s, 'no crit');
3581dc3c1937 Tests: added ssl test for "unexpected eof while reading". Sergey Kandaurov <pluknet@nginx.com> parents: 1695 diff changeset	274
370 74cfe56c7b83 Tests: simple https tests. Sergey Kandaurov <pluknet@nginx.com> parents: diff changeset	275 ###############################################################################
74cfe56c7b83 Tests: simple https tests. Sergey Kandaurov <pluknet@nginx.com> parents: diff changeset	276
1829 a78c32419f02 Tests: separate SSL session reuse tests. Maxim Dounin <mdounin@mdounin.ru> parents: 1820 diff changeset	277 sub test_tls13 {
a78c32419f02 Tests: separate SSL session reuse tests. Maxim Dounin <mdounin@mdounin.ru> parents: 1820 diff changeset	278 return get('/protocol', 8085) =~ /TLSv1.3/;
a78c32419f02 Tests: separate SSL session reuse tests. Maxim Dounin <mdounin@mdounin.ru> parents: 1820 diff changeset	279 }
a78c32419f02 Tests: separate SSL session reuse tests. Maxim Dounin <mdounin@mdounin.ru> parents: 1820 diff changeset	280
1067 4606a2ec3d7c Tests: ssl.t cleanup, no functional changes. Sergey Kandaurov <pluknet@nginx.com> parents: 974 diff changeset	281 sub get {
1866 a797d7428fa5 Tests: simplified http SSL tests with IO::Socket::SSL. Maxim Dounin <mdounin@mdounin.ru> parents: 1858 diff changeset	282 my ($uri, $port, $ctx, %extra) = @_;
a797d7428fa5 Tests: simplified http SSL tests with IO::Socket::SSL. Maxim Dounin <mdounin@mdounin.ru> parents: 1858 diff changeset	283 my $s = get_ssl_socket($port, $ctx, %extra) or return;
a797d7428fa5 Tests: simplified http SSL tests with IO::Socket::SSL. Maxim Dounin <mdounin@mdounin.ru> parents: 1858 diff changeset	284 return http_get($uri, socket => $s);
1067 4606a2ec3d7c Tests: ssl.t cleanup, no functional changes. Sergey Kandaurov <pluknet@nginx.com> parents: 974 diff changeset	285 }
4606a2ec3d7c Tests: ssl.t cleanup, no functional changes. Sergey Kandaurov <pluknet@nginx.com> parents: 974 diff changeset	286
1325 f80176242a7e Tests: c->read->ready handling in ngx_ssl_recv(), fixed in 1.5.8. Sergey Kandaurov <pluknet@nginx.com> parents: 1324 diff changeset	287 sub get_body {
f80176242a7e Tests: c->read->ready handling in ngx_ssl_recv(), fixed in 1.5.8. Sergey Kandaurov <pluknet@nginx.com> parents: 1324 diff changeset	288 my ($uri, $body, $len, $n) = @_;
1514 c6f27bcdd9d9 Tests: revised ssl.t. Sergey Kandaurov <pluknet@nginx.com> parents: 1488 diff changeset	289 my $s = get_ssl_socket(8085) or return;
1325 f80176242a7e Tests: c->read->ready handling in ngx_ssl_recv(), fixed in 1.5.8. Sergey Kandaurov <pluknet@nginx.com> parents: 1324 diff changeset	290 http("GET /body HTTP/1.1" . CRLF
f80176242a7e Tests: c->read->ready handling in ngx_ssl_recv(), fixed in 1.5.8. Sergey Kandaurov <pluknet@nginx.com> parents: 1324 diff changeset	291 . "Host: localhost" . CRLF
f80176242a7e Tests: c->read->ready handling in ngx_ssl_recv(), fixed in 1.5.8. Sergey Kandaurov <pluknet@nginx.com> parents: 1324 diff changeset	292 . "Connection: close" . CRLF
f80176242a7e Tests: c->read->ready handling in ngx_ssl_recv(), fixed in 1.5.8. Sergey Kandaurov <pluknet@nginx.com> parents: 1324 diff changeset	293 . "Transfer-Encoding: chunked" . CRLF . CRLF,
f80176242a7e Tests: c->read->ready handling in ngx_ssl_recv(), fixed in 1.5.8. Sergey Kandaurov <pluknet@nginx.com> parents: 1324 diff changeset	294 socket => $s, start => 1);
1514 c6f27bcdd9d9 Tests: revised ssl.t. Sergey Kandaurov <pluknet@nginx.com> parents: 1488 diff changeset	295 my $chs = unpack("H", pack("C", length($body) $len));
c6f27bcdd9d9 Tests: revised ssl.t. Sergey Kandaurov <pluknet@nginx.com> parents: 1488 diff changeset	296 http($chs . CRLF . $body x $len . CRLF, socket => $s, start => 1)
1325 f80176242a7e Tests: c->read->ready handling in ngx_ssl_recv(), fixed in 1.5.8. Sergey Kandaurov <pluknet@nginx.com> parents: 1324 diff changeset	297 for 1 .. $n;
f80176242a7e Tests: c->read->ready handling in ngx_ssl_recv(), fixed in 1.5.8. Sergey Kandaurov <pluknet@nginx.com> parents: 1324 diff changeset	298 my $r = http("0" . CRLF . CRLF, socket => $s);
f80176242a7e Tests: c->read->ready handling in ngx_ssl_recv(), fixed in 1.5.8. Sergey Kandaurov <pluknet@nginx.com> parents: 1324 diff changeset	299 return $r;
f80176242a7e Tests: c->read->ready handling in ngx_ssl_recv(), fixed in 1.5.8. Sergey Kandaurov <pluknet@nginx.com> parents: 1324 diff changeset	300 }
f80176242a7e Tests: c->read->ready handling in ngx_ssl_recv(), fixed in 1.5.8. Sergey Kandaurov <pluknet@nginx.com> parents: 1324 diff changeset	301
1068 d0ec761774a5 Tests: client certificate issuer/subject variables. Sergey Kandaurov <pluknet@nginx.com> parents: 1067 diff changeset	302 sub cert {
d0ec761774a5 Tests: client certificate issuer/subject variables. Sergey Kandaurov <pluknet@nginx.com> parents: 1067 diff changeset	303 my ($uri, $port) = @_;
1866 a797d7428fa5 Tests: simplified http SSL tests with IO::Socket::SSL. Maxim Dounin <mdounin@mdounin.ru> parents: 1858 diff changeset	304 return get(
a797d7428fa5 Tests: simplified http SSL tests with IO::Socket::SSL. Maxim Dounin <mdounin@mdounin.ru> parents: 1858 diff changeset	305 $uri, $port, undef,
1068 d0ec761774a5 Tests: client certificate issuer/subject variables. Sergey Kandaurov <pluknet@nginx.com> parents: 1067 diff changeset	306 SSL_cert_file => "$d/subject.crt",
1866 a797d7428fa5 Tests: simplified http SSL tests with IO::Socket::SSL. Maxim Dounin <mdounin@mdounin.ru> parents: 1858 diff changeset	307 SSL_key_file => "$d/subject.key"
a797d7428fa5 Tests: simplified http SSL tests with IO::Socket::SSL. Maxim Dounin <mdounin@mdounin.ru> parents: 1858 diff changeset	308 );
1068 d0ec761774a5 Tests: client certificate issuer/subject variables. Sergey Kandaurov <pluknet@nginx.com> parents: 1067 diff changeset	309 }
d0ec761774a5 Tests: client certificate issuer/subject variables. Sergey Kandaurov <pluknet@nginx.com> parents: 1067 diff changeset	310
1514 c6f27bcdd9d9 Tests: revised ssl.t. Sergey Kandaurov <pluknet@nginx.com> parents: 1488 diff changeset	311 sub get_ssl_context {
c6f27bcdd9d9 Tests: revised ssl.t. Sergey Kandaurov <pluknet@nginx.com> parents: 1488 diff changeset	312 return IO::Socket::SSL::SSL_Context->new(
c6f27bcdd9d9 Tests: revised ssl.t. Sergey Kandaurov <pluknet@nginx.com> parents: 1488 diff changeset	313 SSL_verify_mode => IO::Socket::SSL::SSL_VERIFY_NONE(),
c6f27bcdd9d9 Tests: revised ssl.t. Sergey Kandaurov <pluknet@nginx.com> parents: 1488 diff changeset	314 SSL_session_cache_size => 100
c6f27bcdd9d9 Tests: revised ssl.t. Sergey Kandaurov <pluknet@nginx.com> parents: 1488 diff changeset	315 );
c6f27bcdd9d9 Tests: revised ssl.t. Sergey Kandaurov <pluknet@nginx.com> parents: 1488 diff changeset	316 }
c6f27bcdd9d9 Tests: revised ssl.t. Sergey Kandaurov <pluknet@nginx.com> parents: 1488 diff changeset	317
370 74cfe56c7b83 Tests: simple https tests. Sergey Kandaurov <pluknet@nginx.com> parents: diff changeset	318 sub get_ssl_socket {
1514 c6f27bcdd9d9 Tests: revised ssl.t. Sergey Kandaurov <pluknet@nginx.com> parents: 1488 diff changeset	319 my ($port, $ctx, %extra) = @_;
1866 a797d7428fa5 Tests: simplified http SSL tests with IO::Socket::SSL. Maxim Dounin <mdounin@mdounin.ru> parents: 1858 diff changeset	320 return http(
a797d7428fa5 Tests: simplified http SSL tests with IO::Socket::SSL. Maxim Dounin <mdounin@mdounin.ru> parents: 1858 diff changeset	321 '', PeerAddr => '127.0.0.1:' . port($port), start => 1,
a797d7428fa5 Tests: simplified http SSL tests with IO::Socket::SSL. Maxim Dounin <mdounin@mdounin.ru> parents: 1858 diff changeset	322 SSL => 1,
a797d7428fa5 Tests: simplified http SSL tests with IO::Socket::SSL. Maxim Dounin <mdounin@mdounin.ru> parents: 1858 diff changeset	323 SSL_reuse_ctx => $ctx,
a797d7428fa5 Tests: simplified http SSL tests with IO::Socket::SSL. Maxim Dounin <mdounin@mdounin.ru> parents: 1858 diff changeset	324 %extra
a797d7428fa5 Tests: simplified http SSL tests with IO::Socket::SSL. Maxim Dounin <mdounin@mdounin.ru> parents: 1858 diff changeset	325 );
370 74cfe56c7b83 Tests: simple https tests. Sergey Kandaurov <pluknet@nginx.com> parents: diff changeset	326 }
74cfe56c7b83 Tests: simple https tests. Sergey Kandaurov <pluknet@nginx.com> parents: diff changeset	327
1608 2f00ed2e0d1a Tests: added test for SSL shutdown on lingering close. Sergey Kandaurov <pluknet@nginx.com> parents: 1552 diff changeset	328 sub get_ssl_shutdown {
2f00ed2e0d1a Tests: added test for SSL shutdown on lingering close. Sergey Kandaurov <pluknet@nginx.com> parents: 1552 diff changeset	329 my ($port) = @_;
2f00ed2e0d1a Tests: added test for SSL shutdown on lingering close. Sergey Kandaurov <pluknet@nginx.com> parents: 1552 diff changeset	330
1866 a797d7428fa5 Tests: simplified http SSL tests with IO::Socket::SSL. Maxim Dounin <mdounin@mdounin.ru> parents: 1858 diff changeset	331 my $s = http(
a797d7428fa5 Tests: simplified http SSL tests with IO::Socket::SSL. Maxim Dounin <mdounin@mdounin.ru> parents: 1858 diff changeset	332 'GET /' . CRLF . 'extra',
a797d7428fa5 Tests: simplified http SSL tests with IO::Socket::SSL. Maxim Dounin <mdounin@mdounin.ru> parents: 1858 diff changeset	333 PeerAddr => '127.0.0.1:' . port($port), start => 1,
a797d7428fa5 Tests: simplified http SSL tests with IO::Socket::SSL. Maxim Dounin <mdounin@mdounin.ru> parents: 1858 diff changeset	334 SSL => 1
a797d7428fa5 Tests: simplified http SSL tests with IO::Socket::SSL. Maxim Dounin <mdounin@mdounin.ru> parents: 1858 diff changeset	335 );
a797d7428fa5 Tests: simplified http SSL tests with IO::Socket::SSL. Maxim Dounin <mdounin@mdounin.ru> parents: 1858 diff changeset	336
a797d7428fa5 Tests: simplified http SSL tests with IO::Socket::SSL. Maxim Dounin <mdounin@mdounin.ru> parents: 1858 diff changeset	337 $s->blocking(0);
a797d7428fa5 Tests: simplified http SSL tests with IO::Socket::SSL. Maxim Dounin <mdounin@mdounin.ru> parents: 1858 diff changeset	338 while (IO::Select->new($s)->can_read(8)) {
a797d7428fa5 Tests: simplified http SSL tests with IO::Socket::SSL. Maxim Dounin <mdounin@mdounin.ru> parents: 1858 diff changeset	339 my $n = $s->sysread(my $buf, 16384);
a797d7428fa5 Tests: simplified http SSL tests with IO::Socket::SSL. Maxim Dounin <mdounin@mdounin.ru> parents: 1858 diff changeset	340 next if !defined $n && $!{EWOULDBLOCK};
a797d7428fa5 Tests: simplified http SSL tests with IO::Socket::SSL. Maxim Dounin <mdounin@mdounin.ru> parents: 1858 diff changeset	341 last;
a797d7428fa5 Tests: simplified http SSL tests with IO::Socket::SSL. Maxim Dounin <mdounin@mdounin.ru> parents: 1858 diff changeset	342 }
a797d7428fa5 Tests: simplified http SSL tests with IO::Socket::SSL. Maxim Dounin <mdounin@mdounin.ru> parents: 1858 diff changeset	343 $s->blocking(1);
a797d7428fa5 Tests: simplified http SSL tests with IO::Socket::SSL. Maxim Dounin <mdounin@mdounin.ru> parents: 1858 diff changeset	344
a797d7428fa5 Tests: simplified http SSL tests with IO::Socket::SSL. Maxim Dounin <mdounin@mdounin.ru> parents: 1858 diff changeset	345 return $s->stop_SSL();
1608 2f00ed2e0d1a Tests: added test for SSL shutdown on lingering close. Sergey Kandaurov <pluknet@nginx.com> parents: 1552 diff changeset	346 }
2f00ed2e0d1a Tests: added test for SSL shutdown on lingering close. Sergey Kandaurov <pluknet@nginx.com> parents: 1552 diff changeset	347
370 74cfe56c7b83 Tests: simple https tests. Sergey Kandaurov <pluknet@nginx.com> parents: diff changeset	348 ###############################################################################

Mercurial > hg > nginx-tests

annotate ssl.t @ 1938:e1059682aeef