Mercurial > hg > nginx-tests

annotate ssl_verify_depth.t @ 1606:e4e0695552ed

Find changesets by keywords (author, files, the commit message), revision number or hash, or revset expression.
Tests: fixed stream_proxy_ssl_conf_command.t. The stream_proxy_ssl_conf_command.t test used stream return module to return the response. Since this ignores actual request, but the perl test code used http_get(). This might result in the request being sent after the response is returned and the connection closed by the server, resulting in RST being generated and no response seen by the client at all. Fix is to use "stream(...)->read()" instead of http_get(), so no request is sent at all, eliminating possibility of RST being generated.
author Maxim Dounin <mdounin@mdounin.ru>
date Tue, 10 Nov 2020 05:03:29 +0300
parents aa5a61d1254b
children bad6aa24ec10
Ignore whitespace changes - Everywhere: Within whitespace: At end of lines:
rev   line source
1115
54e07593713a Tests: ssl_verify_depth tests.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff changeset
1 #!/usr/bin/perl
54e07593713a Tests: ssl_verify_depth tests.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff changeset
2
54e07593713a Tests: ssl_verify_depth tests.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff changeset
3 # (C) Sergey Kandaurov
54e07593713a Tests: ssl_verify_depth tests.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff changeset
4 # (C) Nginx, Inc.
54e07593713a Tests: ssl_verify_depth tests.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff changeset
5
54e07593713a Tests: ssl_verify_depth tests.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff changeset
6 # Tests for http ssl module, ssl_verify_depth.
54e07593713a Tests: ssl_verify_depth tests.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff changeset
7
54e07593713a Tests: ssl_verify_depth tests.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff changeset
8 ###############################################################################
54e07593713a Tests: ssl_verify_depth tests.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff changeset
9
54e07593713a Tests: ssl_verify_depth tests.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff changeset
10 use warnings;
54e07593713a Tests: ssl_verify_depth tests.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff changeset
11 use strict;
54e07593713a Tests: ssl_verify_depth tests.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff changeset
12
54e07593713a Tests: ssl_verify_depth tests.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff changeset
13 use Test::More;
54e07593713a Tests: ssl_verify_depth tests.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff changeset
14
54e07593713a Tests: ssl_verify_depth tests.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff changeset
15 BEGIN { use FindBin; chdir($FindBin::Bin); }
54e07593713a Tests: ssl_verify_depth tests.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff changeset
16
54e07593713a Tests: ssl_verify_depth tests.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff changeset
17 use lib 'lib';
54e07593713a Tests: ssl_verify_depth tests.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff changeset
18 use Test::Nginx;
54e07593713a Tests: ssl_verify_depth tests.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff changeset
19
54e07593713a Tests: ssl_verify_depth tests.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff changeset
20 ###############################################################################
54e07593713a Tests: ssl_verify_depth tests.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff changeset
21
54e07593713a Tests: ssl_verify_depth tests.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff changeset
22 select STDERR; $| = 1;
54e07593713a Tests: ssl_verify_depth tests.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff changeset
23 select STDOUT; $| = 1;
54e07593713a Tests: ssl_verify_depth tests.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff changeset
24
54e07593713a Tests: ssl_verify_depth tests.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff changeset
25 eval { require IO::Socket::SSL; };
54e07593713a Tests: ssl_verify_depth tests.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff changeset
26 plan(skip_all => 'IO::Socket::SSL not installed') if $@;
54e07593713a Tests: ssl_verify_depth tests.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff changeset
27 eval { IO::Socket::SSL::SSL_VERIFY_NONE(); };
54e07593713a Tests: ssl_verify_depth tests.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff changeset
28 plan(skip_all => 'IO::Socket::SSL too old') if $@;
54e07593713a Tests: ssl_verify_depth tests.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff changeset
29
54e07593713a Tests: ssl_verify_depth tests.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff changeset
30 my $t = Test::Nginx->new()->has(qw/http http_ssl/)
1117
3e2af4dedd9c Tests: ssl_verify_depth.t cleanup.
Sergey Kandaurov <pluknet@nginx.com>
parents: 1115
diff changeset
31 ->has_daemon('openssl')->plan(2);
1115
54e07593713a Tests: ssl_verify_depth tests.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff changeset
32
54e07593713a Tests: ssl_verify_depth tests.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff changeset
33 $t->write_file_expand('nginx.conf', <<'EOF');
54e07593713a Tests: ssl_verify_depth tests.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff changeset
34
54e07593713a Tests: ssl_verify_depth tests.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff changeset
35 %%TEST_GLOBALS%%
54e07593713a Tests: ssl_verify_depth tests.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff changeset
36
54e07593713a Tests: ssl_verify_depth tests.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff changeset
37 daemon off;
54e07593713a Tests: ssl_verify_depth tests.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff changeset
38
54e07593713a Tests: ssl_verify_depth tests.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff changeset
39 events {
54e07593713a Tests: ssl_verify_depth tests.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff changeset
40 }
54e07593713a Tests: ssl_verify_depth tests.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff changeset
41
54e07593713a Tests: ssl_verify_depth tests.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff changeset
42 http {
54e07593713a Tests: ssl_verify_depth tests.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff changeset
43 %%TEST_GLOBALS_HTTP%%
54e07593713a Tests: ssl_verify_depth tests.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff changeset
44
54e07593713a Tests: ssl_verify_depth tests.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff changeset
45 ssl_certificate_key localhost.key;
54e07593713a Tests: ssl_verify_depth tests.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff changeset
46 ssl_certificate localhost.crt;
54e07593713a Tests: ssl_verify_depth tests.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff changeset
47
1117
3e2af4dedd9c Tests: ssl_verify_depth.t cleanup.
Sergey Kandaurov <pluknet@nginx.com>
parents: 1115
diff changeset
48 ssl_verify_client on;
1605
aa5a61d1254b Tests: actually test the verification depth in ssl_verify_depth.t.
Sergey Kandaurov <pluknet@nginx.com>
parents: 1488
diff changeset
49 ssl_client_certificate root.crt;
1115
54e07593713a Tests: ssl_verify_depth tests.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff changeset
50
1605
aa5a61d1254b Tests: actually test the verification depth in ssl_verify_depth.t.
Sergey Kandaurov <pluknet@nginx.com>
parents: 1488
diff changeset
51 add_header X-Verify $ssl_client_verify always;
1115
54e07593713a Tests: ssl_verify_depth tests.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff changeset
52
54e07593713a Tests: ssl_verify_depth tests.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff changeset
53 server {
54e07593713a Tests: ssl_verify_depth tests.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff changeset
54 listen 127.0.0.1:8080 ssl;
54e07593713a Tests: ssl_verify_depth tests.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff changeset
55 server_name localhost;
1605
aa5a61d1254b Tests: actually test the verification depth in ssl_verify_depth.t.
Sergey Kandaurov <pluknet@nginx.com>
parents: 1488
diff changeset
56 ssl_verify_depth 3;
aa5a61d1254b Tests: actually test the verification depth in ssl_verify_depth.t.
Sergey Kandaurov <pluknet@nginx.com>
parents: 1488
diff changeset
57 }
aa5a61d1254b Tests: actually test the verification depth in ssl_verify_depth.t.
Sergey Kandaurov <pluknet@nginx.com>
parents: 1488
diff changeset
58
aa5a61d1254b Tests: actually test the verification depth in ssl_verify_depth.t.
Sergey Kandaurov <pluknet@nginx.com>
parents: 1488
diff changeset
59 server {
aa5a61d1254b Tests: actually test the verification depth in ssl_verify_depth.t.
Sergey Kandaurov <pluknet@nginx.com>
parents: 1488
diff changeset
60 listen 127.0.0.1:8081 ssl;
aa5a61d1254b Tests: actually test the verification depth in ssl_verify_depth.t.
Sergey Kandaurov <pluknet@nginx.com>
parents: 1488
diff changeset
61 server_name localhost;
1115
54e07593713a Tests: ssl_verify_depth tests.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff changeset
62 }
54e07593713a Tests: ssl_verify_depth tests.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff changeset
63 }
54e07593713a Tests: ssl_verify_depth tests.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff changeset
64
54e07593713a Tests: ssl_verify_depth tests.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff changeset
65 EOF
54e07593713a Tests: ssl_verify_depth tests.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff changeset
66
54e07593713a Tests: ssl_verify_depth tests.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff changeset
67 my $d = $t->testdir();
54e07593713a Tests: ssl_verify_depth tests.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff changeset
68
54e07593713a Tests: ssl_verify_depth tests.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff changeset
69 $t->write_file('openssl.conf', <<EOF);
54e07593713a Tests: ssl_verify_depth tests.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff changeset
70 [ req ]
1488
dbce8fb5f5f8 Tests: align with OpenSSL security level 2.
Sergey Kandaurov <pluknet@nginx.com>
parents: 1421
diff changeset
71 default_bits = 2048
1115
54e07593713a Tests: ssl_verify_depth tests.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff changeset
72 encrypt_key = no
54e07593713a Tests: ssl_verify_depth tests.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff changeset
73 distinguished_name = req_distinguished_name
54e07593713a Tests: ssl_verify_depth tests.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff changeset
74 [ req_distinguished_name ]
54e07593713a Tests: ssl_verify_depth tests.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff changeset
75 EOF
54e07593713a Tests: ssl_verify_depth tests.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff changeset
76
54e07593713a Tests: ssl_verify_depth tests.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff changeset
77 $t->write_file('ca.conf', <<EOF);
54e07593713a Tests: ssl_verify_depth tests.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff changeset
78 [ ca ]
54e07593713a Tests: ssl_verify_depth tests.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff changeset
79 default_ca = myca
54e07593713a Tests: ssl_verify_depth tests.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff changeset
80
54e07593713a Tests: ssl_verify_depth tests.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff changeset
81 [ myca ]
54e07593713a Tests: ssl_verify_depth tests.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff changeset
82 new_certs_dir = $d
54e07593713a Tests: ssl_verify_depth tests.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff changeset
83 database = $d/certindex
1488
dbce8fb5f5f8 Tests: align with OpenSSL security level 2.
Sergey Kandaurov <pluknet@nginx.com>
parents: 1421
diff changeset
84 default_md = sha256
1115
54e07593713a Tests: ssl_verify_depth tests.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff changeset
85 policy = myca_policy
54e07593713a Tests: ssl_verify_depth tests.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff changeset
86 serial = $d/certserial
54e07593713a Tests: ssl_verify_depth tests.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff changeset
87 default_days = 1
1605
aa5a61d1254b Tests: actually test the verification depth in ssl_verify_depth.t.
Sergey Kandaurov <pluknet@nginx.com>
parents: 1488
diff changeset
88 x509_extensions = myca_extensions
1115
54e07593713a Tests: ssl_verify_depth tests.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff changeset
89
54e07593713a Tests: ssl_verify_depth tests.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff changeset
90 [ myca_policy ]
54e07593713a Tests: ssl_verify_depth tests.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff changeset
91 commonName = supplied
1605
aa5a61d1254b Tests: actually test the verification depth in ssl_verify_depth.t.
Sergey Kandaurov <pluknet@nginx.com>
parents: 1488
diff changeset
92
aa5a61d1254b Tests: actually test the verification depth in ssl_verify_depth.t.
Sergey Kandaurov <pluknet@nginx.com>
parents: 1488
diff changeset
93 [ myca_extensions ]
aa5a61d1254b Tests: actually test the verification depth in ssl_verify_depth.t.
Sergey Kandaurov <pluknet@nginx.com>
parents: 1488
diff changeset
94 basicConstraints = critical,CA:TRUE
1115
54e07593713a Tests: ssl_verify_depth tests.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff changeset
95 EOF
54e07593713a Tests: ssl_verify_depth tests.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff changeset
96
54e07593713a Tests: ssl_verify_depth tests.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff changeset
97 foreach my $name ('root', 'localhost') {
54e07593713a Tests: ssl_verify_depth tests.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff changeset
98 system('openssl req -x509 -new '
1220
0af58b78df35 Tests: removed single quotes from system() calls.
Sergey Kandaurov <pluknet@nginx.com>
parents: 1124
diff changeset
99 . "-config $d/openssl.conf -subj /CN=$name/ "
0af58b78df35 Tests: removed single quotes from system() calls.
Sergey Kandaurov <pluknet@nginx.com>
parents: 1124
diff changeset
100 . "-out $d/$name.crt -keyout $d/$name.key "
1115
54e07593713a Tests: ssl_verify_depth tests.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff changeset
101 . ">>$d/openssl.out 2>&1") == 0
54e07593713a Tests: ssl_verify_depth tests.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff changeset
102 or die "Can't create certificate for $name: $!\n";
54e07593713a Tests: ssl_verify_depth tests.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff changeset
103 }
54e07593713a Tests: ssl_verify_depth tests.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff changeset
104
1605
aa5a61d1254b Tests: actually test the verification depth in ssl_verify_depth.t.
Sergey Kandaurov <pluknet@nginx.com>
parents: 1488
diff changeset
105 foreach my $name ('int', 'int2', 'end') {
1115
54e07593713a Tests: ssl_verify_depth tests.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff changeset
106 system("openssl req -new "
1220
0af58b78df35 Tests: removed single quotes from system() calls.
Sergey Kandaurov <pluknet@nginx.com>
parents: 1124
diff changeset
107 . "-config $d/openssl.conf -subj /CN=$name/ "
0af58b78df35 Tests: removed single quotes from system() calls.
Sergey Kandaurov <pluknet@nginx.com>
parents: 1124
diff changeset
108 . "-out $d/$name.csr -keyout $d/$name.key "
1115
54e07593713a Tests: ssl_verify_depth tests.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff changeset
109 . ">>$d/openssl.out 2>&1") == 0
54e07593713a Tests: ssl_verify_depth tests.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff changeset
110 or die "Can't create certificate for $name: $!\n";
54e07593713a Tests: ssl_verify_depth tests.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff changeset
111 }
54e07593713a Tests: ssl_verify_depth tests.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff changeset
112
54e07593713a Tests: ssl_verify_depth tests.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff changeset
113 $t->write_file('certserial', '1000');
54e07593713a Tests: ssl_verify_depth tests.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff changeset
114 $t->write_file('certindex', '');
54e07593713a Tests: ssl_verify_depth tests.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff changeset
115
1220
0af58b78df35 Tests: removed single quotes from system() calls.
Sergey Kandaurov <pluknet@nginx.com>
parents: 1124
diff changeset
116 system("openssl ca -batch -config $d/ca.conf "
0af58b78df35 Tests: removed single quotes from system() calls.
Sergey Kandaurov <pluknet@nginx.com>
parents: 1124
diff changeset
117 . "-keyfile $d/root.key -cert $d/root.crt "
0af58b78df35 Tests: removed single quotes from system() calls.
Sergey Kandaurov <pluknet@nginx.com>
parents: 1124
diff changeset
118 . "-subj /CN=int/ -in $d/int.csr -out $d/int.crt "
1115
54e07593713a Tests: ssl_verify_depth tests.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff changeset
119 . ">>$d/openssl.out 2>&1") == 0
54e07593713a Tests: ssl_verify_depth tests.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff changeset
120 or die "Can't sign certificate for int: $!\n";
54e07593713a Tests: ssl_verify_depth tests.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff changeset
121
1220
0af58b78df35 Tests: removed single quotes from system() calls.
Sergey Kandaurov <pluknet@nginx.com>
parents: 1124
diff changeset
122 system("openssl ca -batch -config $d/ca.conf "
0af58b78df35 Tests: removed single quotes from system() calls.
Sergey Kandaurov <pluknet@nginx.com>
parents: 1124
diff changeset
123 . "-keyfile $d/int.key -cert $d/int.crt "
1605
aa5a61d1254b Tests: actually test the verification depth in ssl_verify_depth.t.
Sergey Kandaurov <pluknet@nginx.com>
parents: 1488
diff changeset
124 . "-subj /CN=int2/ -in $d/int2.csr -out $d/int2.crt "
aa5a61d1254b Tests: actually test the verification depth in ssl_verify_depth.t.
Sergey Kandaurov <pluknet@nginx.com>
parents: 1488
diff changeset
125 . ">>$d/openssl.out 2>&1") == 0
aa5a61d1254b Tests: actually test the verification depth in ssl_verify_depth.t.
Sergey Kandaurov <pluknet@nginx.com>
parents: 1488
diff changeset
126 or die "Can't sign certificate for int2: $!\n";
aa5a61d1254b Tests: actually test the verification depth in ssl_verify_depth.t.
Sergey Kandaurov <pluknet@nginx.com>
parents: 1488
diff changeset
127
aa5a61d1254b Tests: actually test the verification depth in ssl_verify_depth.t.
Sergey Kandaurov <pluknet@nginx.com>
parents: 1488
diff changeset
128 system("openssl ca -batch -config $d/ca.conf "
aa5a61d1254b Tests: actually test the verification depth in ssl_verify_depth.t.
Sergey Kandaurov <pluknet@nginx.com>
parents: 1488
diff changeset
129 . "-keyfile $d/int2.key -cert $d/int2.crt "
1220
0af58b78df35 Tests: removed single quotes from system() calls.
Sergey Kandaurov <pluknet@nginx.com>
parents: 1124
diff changeset
130 . "-subj /CN=end/ -in $d/end.csr -out $d/end.crt "
1115
54e07593713a Tests: ssl_verify_depth tests.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff changeset
131 . ">>$d/openssl.out 2>&1") == 0
54e07593713a Tests: ssl_verify_depth tests.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff changeset
132 or die "Can't sign certificate for end: $!\n";
54e07593713a Tests: ssl_verify_depth tests.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff changeset
133
1605
aa5a61d1254b Tests: actually test the verification depth in ssl_verify_depth.t.
Sergey Kandaurov <pluknet@nginx.com>
parents: 1488
diff changeset
134 $t->write_file('client.key', $t->read_file('end.key') .
aa5a61d1254b Tests: actually test the verification depth in ssl_verify_depth.t.
Sergey Kandaurov <pluknet@nginx.com>
parents: 1488
diff changeset
135 $t->read_file('int.key') . $t->read_file('int2.key'));
aa5a61d1254b Tests: actually test the verification depth in ssl_verify_depth.t.
Sergey Kandaurov <pluknet@nginx.com>
parents: 1488
diff changeset
136 $t->write_file('client.crt', $t->read_file('end.crt') .
aa5a61d1254b Tests: actually test the verification depth in ssl_verify_depth.t.
Sergey Kandaurov <pluknet@nginx.com>
parents: 1488
diff changeset
137 $t->read_file('int.crt') . $t->read_file('int2.crt'));
1115
54e07593713a Tests: ssl_verify_depth tests.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff changeset
138
54e07593713a Tests: ssl_verify_depth tests.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff changeset
139 $t->write_file('t', '');
54e07593713a Tests: ssl_verify_depth tests.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff changeset
140 $t->run();
54e07593713a Tests: ssl_verify_depth tests.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff changeset
141
54e07593713a Tests: ssl_verify_depth tests.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff changeset
142 ###############################################################################
54e07593713a Tests: ssl_verify_depth tests.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff changeset
143
1605
aa5a61d1254b Tests: actually test the verification depth in ssl_verify_depth.t.
Sergey Kandaurov <pluknet@nginx.com>
parents: 1488
diff changeset
144 like(get(8080, 'client'), qr/SUCCESS/, 'verify depth');
aa5a61d1254b Tests: actually test the verification depth in ssl_verify_depth.t.
Sergey Kandaurov <pluknet@nginx.com>
parents: 1488
diff changeset
145 like(get(8081, 'client'), qr/FAILED/, 'verify depth limited');
1115
54e07593713a Tests: ssl_verify_depth tests.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff changeset
146
54e07593713a Tests: ssl_verify_depth tests.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff changeset
147 ###############################################################################
54e07593713a Tests: ssl_verify_depth tests.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff changeset
148
54e07593713a Tests: ssl_verify_depth tests.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff changeset
149 sub get {
54e07593713a Tests: ssl_verify_depth tests.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff changeset
150 my ($port, $cert) = @_;
54e07593713a Tests: ssl_verify_depth tests.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff changeset
151 my $s = get_ssl_socket($port, $cert) or return;
54e07593713a Tests: ssl_verify_depth tests.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff changeset
152 http_get('/t', socket => $s);
54e07593713a Tests: ssl_verify_depth tests.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff changeset
153 }
54e07593713a Tests: ssl_verify_depth tests.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff changeset
154
54e07593713a Tests: ssl_verify_depth tests.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff changeset
155 sub get_ssl_socket {
54e07593713a Tests: ssl_verify_depth tests.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff changeset
156 my ($port, $cert) = @_;
54e07593713a Tests: ssl_verify_depth tests.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff changeset
157 my ($s);
54e07593713a Tests: ssl_verify_depth tests.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff changeset
158
54e07593713a Tests: ssl_verify_depth tests.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff changeset
159 eval {
54e07593713a Tests: ssl_verify_depth tests.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff changeset
160 local $SIG{ALRM} = sub { die "timeout\n" };
54e07593713a Tests: ssl_verify_depth tests.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff changeset
161 local $SIG{PIPE} = sub { die "sigpipe\n" };
1421
4e48bf51714f Tests: aligned various generic read timeouts to http_end().
Sergey Kandaurov <pluknet@nginx.com>
parents: 1407
diff changeset
162 alarm(8);
1115
54e07593713a Tests: ssl_verify_depth tests.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff changeset
163 $s = IO::Socket::SSL->new(
54e07593713a Tests: ssl_verify_depth tests.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff changeset
164 Proto => 'tcp',
54e07593713a Tests: ssl_verify_depth tests.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff changeset
165 PeerAddr => '127.0.0.1',
54e07593713a Tests: ssl_verify_depth tests.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff changeset
166 PeerPort => port($port),
54e07593713a Tests: ssl_verify_depth tests.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff changeset
167 SSL_verify_mode => IO::Socket::SSL::SSL_VERIFY_NONE(),
54e07593713a Tests: ssl_verify_depth tests.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff changeset
168 SSL_cert_file => "$d/$cert.crt",
54e07593713a Tests: ssl_verify_depth tests.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff changeset
169 SSL_key_file => "$d/$cert.key",
54e07593713a Tests: ssl_verify_depth tests.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff changeset
170 SSL_error_trap => sub { die $_[1] }
54e07593713a Tests: ssl_verify_depth tests.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff changeset
171 );
54e07593713a Tests: ssl_verify_depth tests.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff changeset
172 alarm(0);
54e07593713a Tests: ssl_verify_depth tests.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff changeset
173 };
54e07593713a Tests: ssl_verify_depth tests.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff changeset
174 alarm(0);
54e07593713a Tests: ssl_verify_depth tests.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff changeset
175
54e07593713a Tests: ssl_verify_depth tests.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff changeset
176 if ($@) {
54e07593713a Tests: ssl_verify_depth tests.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff changeset
177 log_in("died: $@");
54e07593713a Tests: ssl_verify_depth tests.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff changeset
178 return undef;
54e07593713a Tests: ssl_verify_depth tests.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff changeset
179 }
54e07593713a Tests: ssl_verify_depth tests.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff changeset
180
54e07593713a Tests: ssl_verify_depth tests.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff changeset
181 return $s;
54e07593713a Tests: ssl_verify_depth tests.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff changeset
182 }
54e07593713a Tests: ssl_verify_depth tests.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff changeset
183
54e07593713a Tests: ssl_verify_depth tests.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff changeset
184 ###############################################################################