Mercurial > hg > nginx-tests
annotate stream_proxy_ssl_verify.t @ 1606:e4e0695552ed
Tests: fixed stream_proxy_ssl_conf_command.t.
The stream_proxy_ssl_conf_command.t test used stream return module
to return the response. Since this ignores actual request, but the
perl test code used http_get(). This might result in the request being
sent after the response is returned and the connection closed by the server,
resulting in RST being generated and no response seen by the client at all.
Fix is to use "stream(...)->read()" instead of http_get(), so
no request is sent at all, eliminating possibility of RST being
generated.
author | Maxim Dounin <mdounin@mdounin.ru> |
---|---|
date | Tue, 10 Nov 2020 05:03:29 +0300 |
parents | dbce8fb5f5f8 |
children | f3ba4c74de31 |
rev | line source |
---|---|
559
9208d8243926
Tests: stream ssl and proxy ssl tests.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
1 #!/usr/bin/perl |
9208d8243926
Tests: stream ssl and proxy ssl tests.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
2 |
9208d8243926
Tests: stream ssl and proxy ssl tests.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
3 # (C) Sergey Kandaurov |
9208d8243926
Tests: stream ssl and proxy ssl tests.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
4 # (C) Nginx, Inc. |
9208d8243926
Tests: stream ssl and proxy ssl tests.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
5 |
9208d8243926
Tests: stream ssl and proxy ssl tests.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
6 # Stream tests for proxy to ssl backend, backend certificate verification. |
9208d8243926
Tests: stream ssl and proxy ssl tests.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
7 |
9208d8243926
Tests: stream ssl and proxy ssl tests.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
8 ############################################################################### |
9208d8243926
Tests: stream ssl and proxy ssl tests.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
9 |
9208d8243926
Tests: stream ssl and proxy ssl tests.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
10 use warnings; |
9208d8243926
Tests: stream ssl and proxy ssl tests.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
11 use strict; |
9208d8243926
Tests: stream ssl and proxy ssl tests.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
12 |
9208d8243926
Tests: stream ssl and proxy ssl tests.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
13 use Test::More; |
9208d8243926
Tests: stream ssl and proxy ssl tests.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
14 |
9208d8243926
Tests: stream ssl and proxy ssl tests.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
15 BEGIN { use FindBin; chdir($FindBin::Bin); } |
9208d8243926
Tests: stream ssl and proxy ssl tests.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
16 |
9208d8243926
Tests: stream ssl and proxy ssl tests.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
17 use lib 'lib'; |
9208d8243926
Tests: stream ssl and proxy ssl tests.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
18 use Test::Nginx; |
1453
6f53ec0cf591
Tests: simplified stream_proxy_ssl_verify.t using return directive.
Sergey Kandaurov <pluknet@nginx.com>
parents:
1260
diff
changeset
|
19 use Test::Nginx::Stream qw/ stream /; |
559
9208d8243926
Tests: stream ssl and proxy ssl tests.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
20 |
9208d8243926
Tests: stream ssl and proxy ssl tests.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
21 ############################################################################### |
9208d8243926
Tests: stream ssl and proxy ssl tests.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
22 |
9208d8243926
Tests: stream ssl and proxy ssl tests.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
23 select STDERR; $| = 1; |
9208d8243926
Tests: stream ssl and proxy ssl tests.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
24 select STDOUT; $| = 1; |
9208d8243926
Tests: stream ssl and proxy ssl tests.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
25 |
1453
6f53ec0cf591
Tests: simplified stream_proxy_ssl_verify.t using return directive.
Sergey Kandaurov <pluknet@nginx.com>
parents:
1260
diff
changeset
|
26 my $t = Test::Nginx->new()->has(qw/stream stream_ssl stream_return/) |
6f53ec0cf591
Tests: simplified stream_proxy_ssl_verify.t using return directive.
Sergey Kandaurov <pluknet@nginx.com>
parents:
1260
diff
changeset
|
27 ->has_daemon('openssl')->plan(6); |
559
9208d8243926
Tests: stream ssl and proxy ssl tests.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
28 |
1453
6f53ec0cf591
Tests: simplified stream_proxy_ssl_verify.t using return directive.
Sergey Kandaurov <pluknet@nginx.com>
parents:
1260
diff
changeset
|
29 $t->write_file_expand('nginx.conf', <<'EOF'); |
559
9208d8243926
Tests: stream ssl and proxy ssl tests.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
30 |
9208d8243926
Tests: stream ssl and proxy ssl tests.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
31 %%TEST_GLOBALS%% |
9208d8243926
Tests: stream ssl and proxy ssl tests.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
32 |
9208d8243926
Tests: stream ssl and proxy ssl tests.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
33 daemon off; |
9208d8243926
Tests: stream ssl and proxy ssl tests.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
34 |
9208d8243926
Tests: stream ssl and proxy ssl tests.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
35 events { |
9208d8243926
Tests: stream ssl and proxy ssl tests.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
36 } |
9208d8243926
Tests: stream ssl and proxy ssl tests.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
37 |
9208d8243926
Tests: stream ssl and proxy ssl tests.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
38 stream { |
9208d8243926
Tests: stream ssl and proxy ssl tests.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
39 proxy_ssl on; |
9208d8243926
Tests: stream ssl and proxy ssl tests.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
40 proxy_ssl_verify on; |
9208d8243926
Tests: stream ssl and proxy ssl tests.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
41 |
9208d8243926
Tests: stream ssl and proxy ssl tests.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
42 server { |
974
882267679006
Tests: simplified parallel modifications in tests.
Andrey Zelenkov <zelenkov@nginx.com>
parents:
952
diff
changeset
|
43 listen 127.0.0.1:8080; |
882267679006
Tests: simplified parallel modifications in tests.
Andrey Zelenkov <zelenkov@nginx.com>
parents:
952
diff
changeset
|
44 proxy_pass 127.0.0.1:8086; |
559
9208d8243926
Tests: stream ssl and proxy ssl tests.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
45 |
9208d8243926
Tests: stream ssl and proxy ssl tests.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
46 proxy_ssl_name example.com; |
9208d8243926
Tests: stream ssl and proxy ssl tests.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
47 proxy_ssl_trusted_certificate 1.example.com.crt; |
9208d8243926
Tests: stream ssl and proxy ssl tests.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
48 } |
9208d8243926
Tests: stream ssl and proxy ssl tests.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
49 |
9208d8243926
Tests: stream ssl and proxy ssl tests.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
50 server { |
974
882267679006
Tests: simplified parallel modifications in tests.
Andrey Zelenkov <zelenkov@nginx.com>
parents:
952
diff
changeset
|
51 listen 127.0.0.1:8081; |
882267679006
Tests: simplified parallel modifications in tests.
Andrey Zelenkov <zelenkov@nginx.com>
parents:
952
diff
changeset
|
52 proxy_pass 127.0.0.1:8086; |
559
9208d8243926
Tests: stream ssl and proxy ssl tests.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
53 |
9208d8243926
Tests: stream ssl and proxy ssl tests.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
54 proxy_ssl_name foo.example.com; |
9208d8243926
Tests: stream ssl and proxy ssl tests.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
55 proxy_ssl_trusted_certificate 1.example.com.crt; |
9208d8243926
Tests: stream ssl and proxy ssl tests.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
56 } |
9208d8243926
Tests: stream ssl and proxy ssl tests.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
57 |
9208d8243926
Tests: stream ssl and proxy ssl tests.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
58 server { |
974
882267679006
Tests: simplified parallel modifications in tests.
Andrey Zelenkov <zelenkov@nginx.com>
parents:
952
diff
changeset
|
59 listen 127.0.0.1:8082; |
882267679006
Tests: simplified parallel modifications in tests.
Andrey Zelenkov <zelenkov@nginx.com>
parents:
952
diff
changeset
|
60 proxy_pass 127.0.0.1:8086; |
559
9208d8243926
Tests: stream ssl and proxy ssl tests.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
61 |
9208d8243926
Tests: stream ssl and proxy ssl tests.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
62 proxy_ssl_name no.match.example.com; |
9208d8243926
Tests: stream ssl and proxy ssl tests.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
63 proxy_ssl_trusted_certificate 1.example.com.crt; |
9208d8243926
Tests: stream ssl and proxy ssl tests.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
64 } |
9208d8243926
Tests: stream ssl and proxy ssl tests.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
65 |
9208d8243926
Tests: stream ssl and proxy ssl tests.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
66 server { |
974
882267679006
Tests: simplified parallel modifications in tests.
Andrey Zelenkov <zelenkov@nginx.com>
parents:
952
diff
changeset
|
67 listen 127.0.0.1:8083; |
882267679006
Tests: simplified parallel modifications in tests.
Andrey Zelenkov <zelenkov@nginx.com>
parents:
952
diff
changeset
|
68 proxy_pass 127.0.0.1:8087; |
559
9208d8243926
Tests: stream ssl and proxy ssl tests.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
69 |
9208d8243926
Tests: stream ssl and proxy ssl tests.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
70 proxy_ssl_name 2.example.com; |
9208d8243926
Tests: stream ssl and proxy ssl tests.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
71 proxy_ssl_trusted_certificate 2.example.com.crt; |
9208d8243926
Tests: stream ssl and proxy ssl tests.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
72 } |
9208d8243926
Tests: stream ssl and proxy ssl tests.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
73 |
9208d8243926
Tests: stream ssl and proxy ssl tests.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
74 server { |
974
882267679006
Tests: simplified parallel modifications in tests.
Andrey Zelenkov <zelenkov@nginx.com>
parents:
952
diff
changeset
|
75 listen 127.0.0.1:8084; |
882267679006
Tests: simplified parallel modifications in tests.
Andrey Zelenkov <zelenkov@nginx.com>
parents:
952
diff
changeset
|
76 proxy_pass 127.0.0.1:8087; |
559
9208d8243926
Tests: stream ssl and proxy ssl tests.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
77 |
9208d8243926
Tests: stream ssl and proxy ssl tests.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
78 proxy_ssl_name bad.example.com; |
9208d8243926
Tests: stream ssl and proxy ssl tests.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
79 proxy_ssl_trusted_certificate 2.example.com.crt; |
9208d8243926
Tests: stream ssl and proxy ssl tests.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
80 } |
9208d8243926
Tests: stream ssl and proxy ssl tests.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
81 |
9208d8243926
Tests: stream ssl and proxy ssl tests.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
82 server { |
974
882267679006
Tests: simplified parallel modifications in tests.
Andrey Zelenkov <zelenkov@nginx.com>
parents:
952
diff
changeset
|
83 listen 127.0.0.1:8085; |
882267679006
Tests: simplified parallel modifications in tests.
Andrey Zelenkov <zelenkov@nginx.com>
parents:
952
diff
changeset
|
84 proxy_pass 127.0.0.1:8087; |
559
9208d8243926
Tests: stream ssl and proxy ssl tests.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
85 |
9208d8243926
Tests: stream ssl and proxy ssl tests.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
86 proxy_ssl_trusted_certificate 1.example.com.crt; |
9208d8243926
Tests: stream ssl and proxy ssl tests.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
87 proxy_ssl_session_reuse off; |
9208d8243926
Tests: stream ssl and proxy ssl tests.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
88 } |
9208d8243926
Tests: stream ssl and proxy ssl tests.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
89 |
9208d8243926
Tests: stream ssl and proxy ssl tests.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
90 server { |
974
882267679006
Tests: simplified parallel modifications in tests.
Andrey Zelenkov <zelenkov@nginx.com>
parents:
952
diff
changeset
|
91 listen 127.0.0.1:8086 ssl; |
610
936deb3c4727
Tests: combined multiple stream blocks being invalid since 1.9.3.
Sergey Kandaurov <pluknet@nginx.com>
parents:
598
diff
changeset
|
92 proxy_ssl off; |
1453
6f53ec0cf591
Tests: simplified stream_proxy_ssl_verify.t using return directive.
Sergey Kandaurov <pluknet@nginx.com>
parents:
1260
diff
changeset
|
93 return OK; |
559
9208d8243926
Tests: stream ssl and proxy ssl tests.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
94 |
9208d8243926
Tests: stream ssl and proxy ssl tests.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
95 ssl_certificate 1.example.com.crt; |
9208d8243926
Tests: stream ssl and proxy ssl tests.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
96 ssl_certificate_key 1.example.com.key; |
9208d8243926
Tests: stream ssl and proxy ssl tests.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
97 } |
9208d8243926
Tests: stream ssl and proxy ssl tests.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
98 |
9208d8243926
Tests: stream ssl and proxy ssl tests.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
99 server { |
974
882267679006
Tests: simplified parallel modifications in tests.
Andrey Zelenkov <zelenkov@nginx.com>
parents:
952
diff
changeset
|
100 listen 127.0.0.1:8087 ssl; |
610
936deb3c4727
Tests: combined multiple stream blocks being invalid since 1.9.3.
Sergey Kandaurov <pluknet@nginx.com>
parents:
598
diff
changeset
|
101 proxy_ssl off; |
1453
6f53ec0cf591
Tests: simplified stream_proxy_ssl_verify.t using return directive.
Sergey Kandaurov <pluknet@nginx.com>
parents:
1260
diff
changeset
|
102 return OK; |
559
9208d8243926
Tests: stream ssl and proxy ssl tests.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
103 |
9208d8243926
Tests: stream ssl and proxy ssl tests.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
104 ssl_certificate 2.example.com.crt; |
9208d8243926
Tests: stream ssl and proxy ssl tests.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
105 ssl_certificate_key 2.example.com.key; |
9208d8243926
Tests: stream ssl and proxy ssl tests.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
106 } |
9208d8243926
Tests: stream ssl and proxy ssl tests.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
107 } |
9208d8243926
Tests: stream ssl and proxy ssl tests.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
108 |
9208d8243926
Tests: stream ssl and proxy ssl tests.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
109 EOF |
9208d8243926
Tests: stream ssl and proxy ssl tests.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
110 |
9208d8243926
Tests: stream ssl and proxy ssl tests.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
111 $t->write_file('openssl.1.example.com.conf', <<EOF); |
9208d8243926
Tests: stream ssl and proxy ssl tests.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
112 [ req ] |
9208d8243926
Tests: stream ssl and proxy ssl tests.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
113 prompt = no |
1488
dbce8fb5f5f8
Tests: align with OpenSSL security level 2.
Sergey Kandaurov <pluknet@nginx.com>
parents:
1453
diff
changeset
|
114 default_bits = 2048 |
559
9208d8243926
Tests: stream ssl and proxy ssl tests.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
115 encrypt_key = no |
9208d8243926
Tests: stream ssl and proxy ssl tests.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
116 distinguished_name = req_distinguished_name |
9208d8243926
Tests: stream ssl and proxy ssl tests.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
117 x509_extensions = v3_req |
9208d8243926
Tests: stream ssl and proxy ssl tests.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
118 |
9208d8243926
Tests: stream ssl and proxy ssl tests.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
119 [ req_distinguished_name ] |
9208d8243926
Tests: stream ssl and proxy ssl tests.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
120 commonName=no.match.example.com |
9208d8243926
Tests: stream ssl and proxy ssl tests.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
121 |
9208d8243926
Tests: stream ssl and proxy ssl tests.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
122 [ v3_req ] |
9208d8243926
Tests: stream ssl and proxy ssl tests.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
123 subjectAltName = DNS:example.com,DNS:*.example.com |
9208d8243926
Tests: stream ssl and proxy ssl tests.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
124 EOF |
9208d8243926
Tests: stream ssl and proxy ssl tests.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
125 |
9208d8243926
Tests: stream ssl and proxy ssl tests.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
126 $t->write_file('openssl.2.example.com.conf', <<EOF); |
9208d8243926
Tests: stream ssl and proxy ssl tests.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
127 [ req ] |
9208d8243926
Tests: stream ssl and proxy ssl tests.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
128 prompt = no |
1488
dbce8fb5f5f8
Tests: align with OpenSSL security level 2.
Sergey Kandaurov <pluknet@nginx.com>
parents:
1453
diff
changeset
|
129 default_bits = 2048 |
559
9208d8243926
Tests: stream ssl and proxy ssl tests.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
130 encrypt_key = no |
9208d8243926
Tests: stream ssl and proxy ssl tests.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
131 distinguished_name = req_distinguished_name |
9208d8243926
Tests: stream ssl and proxy ssl tests.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
132 |
9208d8243926
Tests: stream ssl and proxy ssl tests.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
133 [ req_distinguished_name ] |
9208d8243926
Tests: stream ssl and proxy ssl tests.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
134 commonName=2.example.com |
9208d8243926
Tests: stream ssl and proxy ssl tests.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
135 EOF |
9208d8243926
Tests: stream ssl and proxy ssl tests.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
136 |
9208d8243926
Tests: stream ssl and proxy ssl tests.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
137 my $d = $t->testdir(); |
9208d8243926
Tests: stream ssl and proxy ssl tests.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
138 |
9208d8243926
Tests: stream ssl and proxy ssl tests.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
139 foreach my $name ('1.example.com', '2.example.com') { |
9208d8243926
Tests: stream ssl and proxy ssl tests.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
140 system('openssl req -x509 -new ' |
1220
0af58b78df35
Tests: removed single quotes from system() calls.
Sergey Kandaurov <pluknet@nginx.com>
parents:
974
diff
changeset
|
141 . "-config $d/openssl.$name.conf " |
0af58b78df35
Tests: removed single quotes from system() calls.
Sergey Kandaurov <pluknet@nginx.com>
parents:
974
diff
changeset
|
142 . "-out $d/$name.crt -keyout $d/$name.key " |
559
9208d8243926
Tests: stream ssl and proxy ssl tests.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
143 . ">>$d/openssl.out 2>&1") == 0 |
9208d8243926
Tests: stream ssl and proxy ssl tests.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
144 or die "Can't create certificate for $name: $!\n"; |
9208d8243926
Tests: stream ssl and proxy ssl tests.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
145 } |
9208d8243926
Tests: stream ssl and proxy ssl tests.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
146 |
1260
eadd24ccfda1
Tests: postponed startup in certain ssl certificate tests on win32.
Sergey Kandaurov <pluknet@nginx.com>
parents:
1220
diff
changeset
|
147 sleep 1 if $^O eq 'MSWin32'; |
eadd24ccfda1
Tests: postponed startup in certain ssl certificate tests on win32.
Sergey Kandaurov <pluknet@nginx.com>
parents:
1220
diff
changeset
|
148 |
559
9208d8243926
Tests: stream ssl and proxy ssl tests.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
149 $t->run(); |
9208d8243926
Tests: stream ssl and proxy ssl tests.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
150 |
9208d8243926
Tests: stream ssl and proxy ssl tests.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
151 ############################################################################### |
9208d8243926
Tests: stream ssl and proxy ssl tests.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
152 |
9208d8243926
Tests: stream ssl and proxy ssl tests.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
153 # subjectAltName |
9208d8243926
Tests: stream ssl and proxy ssl tests.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
154 |
1453
6f53ec0cf591
Tests: simplified stream_proxy_ssl_verify.t using return directive.
Sergey Kandaurov <pluknet@nginx.com>
parents:
1260
diff
changeset
|
155 is(get(8080), 'OK', 'verify'); |
6f53ec0cf591
Tests: simplified stream_proxy_ssl_verify.t using return directive.
Sergey Kandaurov <pluknet@nginx.com>
parents:
1260
diff
changeset
|
156 is(get(8081), 'OK', 'verify wildcard'); |
6f53ec0cf591
Tests: simplified stream_proxy_ssl_verify.t using return directive.
Sergey Kandaurov <pluknet@nginx.com>
parents:
1260
diff
changeset
|
157 isnt(get(8082), 'OK', 'verify fail'); |
559
9208d8243926
Tests: stream ssl and proxy ssl tests.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
158 |
9208d8243926
Tests: stream ssl and proxy ssl tests.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
159 # commonName |
9208d8243926
Tests: stream ssl and proxy ssl tests.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
160 |
1453
6f53ec0cf591
Tests: simplified stream_proxy_ssl_verify.t using return directive.
Sergey Kandaurov <pluknet@nginx.com>
parents:
1260
diff
changeset
|
161 is(get(8083), 'OK', 'verify cn'); |
6f53ec0cf591
Tests: simplified stream_proxy_ssl_verify.t using return directive.
Sergey Kandaurov <pluknet@nginx.com>
parents:
1260
diff
changeset
|
162 isnt(get(8084), 'OK', 'verify cn fail'); |
559
9208d8243926
Tests: stream ssl and proxy ssl tests.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
163 |
9208d8243926
Tests: stream ssl and proxy ssl tests.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
164 # untrusted |
9208d8243926
Tests: stream ssl and proxy ssl tests.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
165 |
1453
6f53ec0cf591
Tests: simplified stream_proxy_ssl_verify.t using return directive.
Sergey Kandaurov <pluknet@nginx.com>
parents:
1260
diff
changeset
|
166 isnt(get(8085), 'OK', 'untrusted'); |
559
9208d8243926
Tests: stream ssl and proxy ssl tests.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
167 |
9208d8243926
Tests: stream ssl and proxy ssl tests.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
168 ############################################################################### |
9208d8243926
Tests: stream ssl and proxy ssl tests.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
169 |
892
0c64f87aa689
Tests: guard stream_proxy_ssl_verify.t tests against undef.
Sergey Kandaurov <pluknet@nginx.com>
parents:
891
diff
changeset
|
170 sub get { |
1453
6f53ec0cf591
Tests: simplified stream_proxy_ssl_verify.t using return directive.
Sergey Kandaurov <pluknet@nginx.com>
parents:
1260
diff
changeset
|
171 stream('127.0.0.1:' . port(shift))->read(); |
559
9208d8243926
Tests: stream ssl and proxy ssl tests.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
172 } |
9208d8243926
Tests: stream ssl and proxy ssl tests.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
173 |
9208d8243926
Tests: stream ssl and proxy ssl tests.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
174 ############################################################################### |