Mercurial > hg > nginx-tests
annotate stream_ssl_conf_command.t @ 1606:e4e0695552ed
Tests: fixed stream_proxy_ssl_conf_command.t.
The stream_proxy_ssl_conf_command.t test used stream return module
to return the response. Since this ignores actual request, but the
perl test code used http_get(). This might result in the request being
sent after the response is returned and the connection closed by the server,
resulting in RST being generated and no response seen by the client at all.
Fix is to use "stream(...)->read()" instead of http_get(), so
no request is sent at all, eliminating possibility of RST being
generated.
| author | Maxim Dounin <mdounin@mdounin.ru> |
|---|---|
| date | Tue, 10 Nov 2020 05:03:29 +0300 |
| parents | 8d2d37a4b48e |
| children | f3ba4c74de31 |
| rev | line source |
|---|---|
|
1603
8d2d37a4b48e
Tests: ssl_conf_command tests.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
1 #!/usr/bin/perl |
|
8d2d37a4b48e
Tests: ssl_conf_command tests.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
2 |
|
8d2d37a4b48e
Tests: ssl_conf_command tests.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
3 # (C) Sergey Kandaurov |
|
8d2d37a4b48e
Tests: ssl_conf_command tests.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
4 # (C) Nginx, Inc. |
|
8d2d37a4b48e
Tests: ssl_conf_command tests.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
5 |
|
8d2d37a4b48e
Tests: ssl_conf_command tests.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
6 # Tests for stream ssl module, ssl_conf_command. |
|
8d2d37a4b48e
Tests: ssl_conf_command tests.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
7 |
|
8d2d37a4b48e
Tests: ssl_conf_command tests.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
8 ############################################################################### |
|
8d2d37a4b48e
Tests: ssl_conf_command tests.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
9 |
|
8d2d37a4b48e
Tests: ssl_conf_command tests.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
10 use warnings; |
|
8d2d37a4b48e
Tests: ssl_conf_command tests.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
11 use strict; |
|
8d2d37a4b48e
Tests: ssl_conf_command tests.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
12 |
|
8d2d37a4b48e
Tests: ssl_conf_command tests.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
13 use Test::More; |
|
8d2d37a4b48e
Tests: ssl_conf_command tests.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
14 |
|
8d2d37a4b48e
Tests: ssl_conf_command tests.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
15 BEGIN { use FindBin; chdir($FindBin::Bin); } |
|
8d2d37a4b48e
Tests: ssl_conf_command tests.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
16 |
|
8d2d37a4b48e
Tests: ssl_conf_command tests.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
17 use lib 'lib'; |
|
8d2d37a4b48e
Tests: ssl_conf_command tests.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
18 use Test::Nginx; |
|
8d2d37a4b48e
Tests: ssl_conf_command tests.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
19 |
|
8d2d37a4b48e
Tests: ssl_conf_command tests.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
20 ############################################################################### |
|
8d2d37a4b48e
Tests: ssl_conf_command tests.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
21 |
|
8d2d37a4b48e
Tests: ssl_conf_command tests.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
22 select STDERR; $| = 1; |
|
8d2d37a4b48e
Tests: ssl_conf_command tests.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
23 select STDOUT; $| = 1; |
|
8d2d37a4b48e
Tests: ssl_conf_command tests.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
24 |
|
8d2d37a4b48e
Tests: ssl_conf_command tests.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
25 eval { |
|
8d2d37a4b48e
Tests: ssl_conf_command tests.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
26 require Net::SSLeay; |
|
8d2d37a4b48e
Tests: ssl_conf_command tests.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
27 Net::SSLeay::load_error_strings(); |
|
8d2d37a4b48e
Tests: ssl_conf_command tests.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
28 Net::SSLeay::SSLeay_add_ssl_algorithms(); |
|
8d2d37a4b48e
Tests: ssl_conf_command tests.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
29 Net::SSLeay::randomize(); |
|
8d2d37a4b48e
Tests: ssl_conf_command tests.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
30 }; |
|
8d2d37a4b48e
Tests: ssl_conf_command tests.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
31 plan(skip_all => 'Net::SSLeay not installed') if $@; |
|
8d2d37a4b48e
Tests: ssl_conf_command tests.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
32 |
|
8d2d37a4b48e
Tests: ssl_conf_command tests.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
33 my $t = Test::Nginx->new()->has(qw/stream stream_ssl stream_return/) |
|
8d2d37a4b48e
Tests: ssl_conf_command tests.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
34 ->has_daemon('openssl'); |
|
8d2d37a4b48e
Tests: ssl_conf_command tests.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
35 |
|
8d2d37a4b48e
Tests: ssl_conf_command tests.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
36 $t->write_file_expand('nginx.conf', <<'EOF'); |
|
8d2d37a4b48e
Tests: ssl_conf_command tests.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
37 |
|
8d2d37a4b48e
Tests: ssl_conf_command tests.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
38 %%TEST_GLOBALS%% |
|
8d2d37a4b48e
Tests: ssl_conf_command tests.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
39 |
|
8d2d37a4b48e
Tests: ssl_conf_command tests.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
40 daemon off; |
|
8d2d37a4b48e
Tests: ssl_conf_command tests.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
41 |
|
8d2d37a4b48e
Tests: ssl_conf_command tests.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
42 events { |
|
8d2d37a4b48e
Tests: ssl_conf_command tests.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
43 } |
|
8d2d37a4b48e
Tests: ssl_conf_command tests.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
44 |
|
8d2d37a4b48e
Tests: ssl_conf_command tests.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
45 stream { |
|
8d2d37a4b48e
Tests: ssl_conf_command tests.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
46 server { |
|
8d2d37a4b48e
Tests: ssl_conf_command tests.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
47 listen 127.0.0.1:8443 ssl; |
|
8d2d37a4b48e
Tests: ssl_conf_command tests.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
48 return OK; |
|
8d2d37a4b48e
Tests: ssl_conf_command tests.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
49 |
|
8d2d37a4b48e
Tests: ssl_conf_command tests.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
50 ssl_protocols TLSv1.2; |
|
8d2d37a4b48e
Tests: ssl_conf_command tests.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
51 |
|
8d2d37a4b48e
Tests: ssl_conf_command tests.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
52 ssl_session_tickets off; |
|
8d2d37a4b48e
Tests: ssl_conf_command tests.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
53 ssl_conf_command Options SessionTicket; |
|
8d2d37a4b48e
Tests: ssl_conf_command tests.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
54 |
|
8d2d37a4b48e
Tests: ssl_conf_command tests.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
55 ssl_prefer_server_ciphers on; |
|
8d2d37a4b48e
Tests: ssl_conf_command tests.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
56 ssl_conf_command Options -ServerPreference; |
|
8d2d37a4b48e
Tests: ssl_conf_command tests.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
57 ssl_ciphers ECDHE-RSA-AES256-GCM-SHA384:ECDHE-RSA-AES128-GCM-SHA256; |
|
8d2d37a4b48e
Tests: ssl_conf_command tests.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
58 |
|
8d2d37a4b48e
Tests: ssl_conf_command tests.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
59 ssl_certificate localhost.crt; |
|
8d2d37a4b48e
Tests: ssl_conf_command tests.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
60 ssl_certificate_key localhost.key; |
|
8d2d37a4b48e
Tests: ssl_conf_command tests.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
61 ssl_conf_command Certificate override.crt; |
|
8d2d37a4b48e
Tests: ssl_conf_command tests.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
62 ssl_conf_command PrivateKey override.key; |
|
8d2d37a4b48e
Tests: ssl_conf_command tests.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
63 } |
|
8d2d37a4b48e
Tests: ssl_conf_command tests.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
64 } |
|
8d2d37a4b48e
Tests: ssl_conf_command tests.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
65 |
|
8d2d37a4b48e
Tests: ssl_conf_command tests.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
66 EOF |
|
8d2d37a4b48e
Tests: ssl_conf_command tests.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
67 |
|
8d2d37a4b48e
Tests: ssl_conf_command tests.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
68 $t->write_file('openssl.conf', <<EOF); |
|
8d2d37a4b48e
Tests: ssl_conf_command tests.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
69 [ req ] |
|
8d2d37a4b48e
Tests: ssl_conf_command tests.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
70 default_bits = 2048 |
|
8d2d37a4b48e
Tests: ssl_conf_command tests.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
71 encrypt_key = no |
|
8d2d37a4b48e
Tests: ssl_conf_command tests.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
72 distinguished_name = req_distinguished_name |
|
8d2d37a4b48e
Tests: ssl_conf_command tests.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
73 [ req_distinguished_name ] |
|
8d2d37a4b48e
Tests: ssl_conf_command tests.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
74 EOF |
|
8d2d37a4b48e
Tests: ssl_conf_command tests.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
75 |
|
8d2d37a4b48e
Tests: ssl_conf_command tests.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
76 my $d = $t->testdir(); |
|
8d2d37a4b48e
Tests: ssl_conf_command tests.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
77 |
|
8d2d37a4b48e
Tests: ssl_conf_command tests.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
78 foreach my $name ('localhost', 'override') { |
|
8d2d37a4b48e
Tests: ssl_conf_command tests.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
79 system('openssl req -x509 -new ' |
|
8d2d37a4b48e
Tests: ssl_conf_command tests.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
80 . "-config $d/openssl.conf -subj /CN=$name/ " |
|
8d2d37a4b48e
Tests: ssl_conf_command tests.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
81 . "-out $d/$name.crt -keyout $d/$name.key " |
|
8d2d37a4b48e
Tests: ssl_conf_command tests.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
82 . ">>$d/openssl.out 2>&1") == 0 |
|
8d2d37a4b48e
Tests: ssl_conf_command tests.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
83 or die "Can't create certificate for $name: $!\n"; |
|
8d2d37a4b48e
Tests: ssl_conf_command tests.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
84 } |
|
8d2d37a4b48e
Tests: ssl_conf_command tests.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
85 |
|
8d2d37a4b48e
Tests: ssl_conf_command tests.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
86 $t->try_run('no ssl_conf_command')->plan(3); |
|
8d2d37a4b48e
Tests: ssl_conf_command tests.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
87 |
|
8d2d37a4b48e
Tests: ssl_conf_command tests.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
88 ############################################################################### |
|
8d2d37a4b48e
Tests: ssl_conf_command tests.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
89 |
|
8d2d37a4b48e
Tests: ssl_conf_command tests.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
90 my $ctx = Net::SSLeay::CTX_new() or die("Failed to create SSL_CTX $!"); |
|
8d2d37a4b48e
Tests: ssl_conf_command tests.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
91 |
|
8d2d37a4b48e
Tests: ssl_conf_command tests.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
92 my ($s, $ssl) = get_ssl_socket(); |
|
8d2d37a4b48e
Tests: ssl_conf_command tests.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
93 like(Net::SSLeay::dump_peer_certificate($ssl), qr/CN=override/, 'Certificate'); |
|
8d2d37a4b48e
Tests: ssl_conf_command tests.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
94 |
|
8d2d37a4b48e
Tests: ssl_conf_command tests.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
95 my $ses = Net::SSLeay::get_session($ssl); |
|
8d2d37a4b48e
Tests: ssl_conf_command tests.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
96 ($s, $ssl) = get_ssl_socket(ses => $ses); |
|
8d2d37a4b48e
Tests: ssl_conf_command tests.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
97 ok(Net::SSLeay::session_reused($ssl), 'SessionTicket'); |
|
8d2d37a4b48e
Tests: ssl_conf_command tests.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
98 |
|
8d2d37a4b48e
Tests: ssl_conf_command tests.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
99 ($s, $ssl) = get_ssl_socket(ciphers => |
|
8d2d37a4b48e
Tests: ssl_conf_command tests.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
100 'ECDHE-RSA-AES128-GCM-SHA256:ECDHE-RSA-AES256-GCM-SHA384'); |
|
8d2d37a4b48e
Tests: ssl_conf_command tests.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
101 is(Net::SSLeay::get_cipher($ssl), |
|
8d2d37a4b48e
Tests: ssl_conf_command tests.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
102 'ECDHE-RSA-AES128-GCM-SHA256', 'ServerPreference'); |
|
8d2d37a4b48e
Tests: ssl_conf_command tests.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
103 |
|
8d2d37a4b48e
Tests: ssl_conf_command tests.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
104 ############################################################################### |
|
8d2d37a4b48e
Tests: ssl_conf_command tests.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
105 |
|
8d2d37a4b48e
Tests: ssl_conf_command tests.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
106 sub get_ssl_socket { |
|
8d2d37a4b48e
Tests: ssl_conf_command tests.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
107 my (%extra) = @_; |
|
8d2d37a4b48e
Tests: ssl_conf_command tests.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
108 |
|
8d2d37a4b48e
Tests: ssl_conf_command tests.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
109 my $s = IO::Socket::INET->new('127.0.0.1:' . port(8443)); |
|
8d2d37a4b48e
Tests: ssl_conf_command tests.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
110 my $ssl = Net::SSLeay::new($ctx) or die("Failed to create SSL $!"); |
|
8d2d37a4b48e
Tests: ssl_conf_command tests.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
111 Net::SSLeay::set_session($ssl, $extra{ses}) if $extra{ses}; |
|
8d2d37a4b48e
Tests: ssl_conf_command tests.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
112 Net::SSLeay::set_cipher_list($ssl, $extra{ciphers}) if $extra{ciphers}; |
|
8d2d37a4b48e
Tests: ssl_conf_command tests.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
113 Net::SSLeay::set_fd($ssl, fileno($s)); |
|
8d2d37a4b48e
Tests: ssl_conf_command tests.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
114 Net::SSLeay::connect($ssl) or die("ssl connect"); |
|
8d2d37a4b48e
Tests: ssl_conf_command tests.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
115 return ($s, $ssl); |
|
8d2d37a4b48e
Tests: ssl_conf_command tests.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
116 } |
|
8d2d37a4b48e
Tests: ssl_conf_command tests.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
117 |
|
8d2d37a4b48e
Tests: ssl_conf_command tests.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
118 ############################################################################### |