Mercurial > hg > nginx-tests
annotate stream_upstream_zone_ssl.t @ 1606:e4e0695552ed
Tests: fixed stream_proxy_ssl_conf_command.t.
The stream_proxy_ssl_conf_command.t test used stream return module
to return the response. Since this ignores actual request, but the
perl test code used http_get(). This might result in the request being
sent after the response is returned and the connection closed by the server,
resulting in RST being generated and no response seen by the client at all.
Fix is to use "stream(...)->read()" instead of http_get(), so
no request is sent at all, eliminating possibility of RST being
generated.
author | Maxim Dounin <mdounin@mdounin.ru> |
---|---|
date | Tue, 10 Nov 2020 05:03:29 +0300 |
parents | dbce8fb5f5f8 |
children | f3ba4c74de31 |
rev | line source |
---|---|
560
f3434de79a7f
Tests: upstream zone tests with ssl backend.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
1 #!/usr/bin/perl |
f3434de79a7f
Tests: upstream zone tests with ssl backend.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
2 |
f3434de79a7f
Tests: upstream zone tests with ssl backend.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
3 # (C) Sergey Kandaurov |
f3434de79a7f
Tests: upstream zone tests with ssl backend.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
4 # (C) Nginx, Inc. |
f3434de79a7f
Tests: upstream zone tests with ssl backend.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
5 |
f3434de79a7f
Tests: upstream zone tests with ssl backend.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
6 # Stream tests for upstream zone with ssl backend. |
f3434de79a7f
Tests: upstream zone tests with ssl backend.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
7 |
f3434de79a7f
Tests: upstream zone tests with ssl backend.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
8 ############################################################################### |
f3434de79a7f
Tests: upstream zone tests with ssl backend.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
9 |
f3434de79a7f
Tests: upstream zone tests with ssl backend.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
10 use warnings; |
f3434de79a7f
Tests: upstream zone tests with ssl backend.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
11 use strict; |
f3434de79a7f
Tests: upstream zone tests with ssl backend.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
12 |
f3434de79a7f
Tests: upstream zone tests with ssl backend.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
13 use Test::More; |
f3434de79a7f
Tests: upstream zone tests with ssl backend.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
14 |
f3434de79a7f
Tests: upstream zone tests with ssl backend.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
15 BEGIN { use FindBin; chdir($FindBin::Bin); } |
f3434de79a7f
Tests: upstream zone tests with ssl backend.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
16 |
f3434de79a7f
Tests: upstream zone tests with ssl backend.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
17 use lib 'lib'; |
f3434de79a7f
Tests: upstream zone tests with ssl backend.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
18 use Test::Nginx; |
1195
af7feabed82a
Tests: stream proxy ssl session tests no longer use http backends.
Sergey Kandaurov <pluknet@nginx.com>
parents:
1116
diff
changeset
|
19 use Test::Nginx::Stream qw/ stream /; |
560
f3434de79a7f
Tests: upstream zone tests with ssl backend.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
20 |
f3434de79a7f
Tests: upstream zone tests with ssl backend.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
21 ############################################################################### |
f3434de79a7f
Tests: upstream zone tests with ssl backend.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
22 |
f3434de79a7f
Tests: upstream zone tests with ssl backend.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
23 select STDERR; $| = 1; |
f3434de79a7f
Tests: upstream zone tests with ssl backend.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
24 select STDOUT; $| = 1; |
f3434de79a7f
Tests: upstream zone tests with ssl backend.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
25 |
1195
af7feabed82a
Tests: stream proxy ssl session tests no longer use http backends.
Sergey Kandaurov <pluknet@nginx.com>
parents:
1116
diff
changeset
|
26 my $t = Test::Nginx->new()->has(qw/stream stream_ssl stream_return/) |
1197
155573499f20
Tests: more ssl session tests.
Sergey Kandaurov <pluknet@nginx.com>
parents:
1195
diff
changeset
|
27 ->has(qw/stream_upstream_zone/)->has_daemon('openssl')->plan(9); |
560
f3434de79a7f
Tests: upstream zone tests with ssl backend.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
28 |
f3434de79a7f
Tests: upstream zone tests with ssl backend.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
29 $t->write_file_expand('nginx.conf', <<'EOF'); |
f3434de79a7f
Tests: upstream zone tests with ssl backend.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
30 |
f3434de79a7f
Tests: upstream zone tests with ssl backend.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
31 %%TEST_GLOBALS%% |
f3434de79a7f
Tests: upstream zone tests with ssl backend.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
32 |
f3434de79a7f
Tests: upstream zone tests with ssl backend.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
33 daemon off; |
f3434de79a7f
Tests: upstream zone tests with ssl backend.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
34 |
f3434de79a7f
Tests: upstream zone tests with ssl backend.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
35 events { |
f3434de79a7f
Tests: upstream zone tests with ssl backend.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
36 } |
f3434de79a7f
Tests: upstream zone tests with ssl backend.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
37 |
f3434de79a7f
Tests: upstream zone tests with ssl backend.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
38 stream { |
f3434de79a7f
Tests: upstream zone tests with ssl backend.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
39 proxy_ssl on; |
f3434de79a7f
Tests: upstream zone tests with ssl backend.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
40 proxy_ssl_session_reuse on; |
f3434de79a7f
Tests: upstream zone tests with ssl backend.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
41 |
f3434de79a7f
Tests: upstream zone tests with ssl backend.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
42 upstream u { |
982
325db3d62466
Tests: increase upstream shared memory zone sizes for large pages.
Sergey Kandaurov <pluknet@nginx.com>
parents:
974
diff
changeset
|
43 zone u 1m; |
974
882267679006
Tests: simplified parallel modifications in tests.
Andrey Zelenkov <zelenkov@nginx.com>
parents:
952
diff
changeset
|
44 server 127.0.0.1:8084; |
560
f3434de79a7f
Tests: upstream zone tests with ssl backend.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
45 } |
f3434de79a7f
Tests: upstream zone tests with ssl backend.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
46 |
f3434de79a7f
Tests: upstream zone tests with ssl backend.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
47 upstream u2 { |
982
325db3d62466
Tests: increase upstream shared memory zone sizes for large pages.
Sergey Kandaurov <pluknet@nginx.com>
parents:
974
diff
changeset
|
48 zone u2 1m; |
974
882267679006
Tests: simplified parallel modifications in tests.
Andrey Zelenkov <zelenkov@nginx.com>
parents:
952
diff
changeset
|
49 server 127.0.0.1:8084 backup; |
882267679006
Tests: simplified parallel modifications in tests.
Andrey Zelenkov <zelenkov@nginx.com>
parents:
952
diff
changeset
|
50 server 127.0.0.1:8085 down; |
560
f3434de79a7f
Tests: upstream zone tests with ssl backend.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
51 } |
f3434de79a7f
Tests: upstream zone tests with ssl backend.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
52 |
f3434de79a7f
Tests: upstream zone tests with ssl backend.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
53 server { |
974
882267679006
Tests: simplified parallel modifications in tests.
Andrey Zelenkov <zelenkov@nginx.com>
parents:
952
diff
changeset
|
54 listen 127.0.0.1:8080; |
560
f3434de79a7f
Tests: upstream zone tests with ssl backend.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
55 proxy_pass u; |
f3434de79a7f
Tests: upstream zone tests with ssl backend.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
56 proxy_ssl_session_reuse off; |
f3434de79a7f
Tests: upstream zone tests with ssl backend.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
57 } |
f3434de79a7f
Tests: upstream zone tests with ssl backend.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
58 |
f3434de79a7f
Tests: upstream zone tests with ssl backend.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
59 server { |
974
882267679006
Tests: simplified parallel modifications in tests.
Andrey Zelenkov <zelenkov@nginx.com>
parents:
952
diff
changeset
|
60 listen 127.0.0.1:8081; |
560
f3434de79a7f
Tests: upstream zone tests with ssl backend.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
61 proxy_pass u; |
f3434de79a7f
Tests: upstream zone tests with ssl backend.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
62 } |
f3434de79a7f
Tests: upstream zone tests with ssl backend.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
63 |
f3434de79a7f
Tests: upstream zone tests with ssl backend.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
64 server { |
974
882267679006
Tests: simplified parallel modifications in tests.
Andrey Zelenkov <zelenkov@nginx.com>
parents:
952
diff
changeset
|
65 listen 127.0.0.1:8082; |
560
f3434de79a7f
Tests: upstream zone tests with ssl backend.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
66 proxy_pass u2; |
f3434de79a7f
Tests: upstream zone tests with ssl backend.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
67 proxy_ssl_session_reuse off; |
f3434de79a7f
Tests: upstream zone tests with ssl backend.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
68 } |
f3434de79a7f
Tests: upstream zone tests with ssl backend.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
69 |
f3434de79a7f
Tests: upstream zone tests with ssl backend.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
70 server { |
974
882267679006
Tests: simplified parallel modifications in tests.
Andrey Zelenkov <zelenkov@nginx.com>
parents:
952
diff
changeset
|
71 listen 127.0.0.1:8083; |
560
f3434de79a7f
Tests: upstream zone tests with ssl backend.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
72 proxy_pass u2; |
f3434de79a7f
Tests: upstream zone tests with ssl backend.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
73 } |
f3434de79a7f
Tests: upstream zone tests with ssl backend.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
74 |
f3434de79a7f
Tests: upstream zone tests with ssl backend.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
75 server { |
1195
af7feabed82a
Tests: stream proxy ssl session tests no longer use http backends.
Sergey Kandaurov <pluknet@nginx.com>
parents:
1116
diff
changeset
|
76 listen 127.0.0.1:8084 ssl; |
af7feabed82a
Tests: stream proxy ssl session tests no longer use http backends.
Sergey Kandaurov <pluknet@nginx.com>
parents:
1116
diff
changeset
|
77 return $ssl_session_reused; |
560
f3434de79a7f
Tests: upstream zone tests with ssl backend.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
78 |
f3434de79a7f
Tests: upstream zone tests with ssl backend.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
79 ssl_certificate_key localhost.key; |
f3434de79a7f
Tests: upstream zone tests with ssl backend.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
80 ssl_certificate localhost.crt; |
f3434de79a7f
Tests: upstream zone tests with ssl backend.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
81 ssl_session_cache builtin; |
f3434de79a7f
Tests: upstream zone tests with ssl backend.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
82 } |
f3434de79a7f
Tests: upstream zone tests with ssl backend.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
83 } |
f3434de79a7f
Tests: upstream zone tests with ssl backend.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
84 |
f3434de79a7f
Tests: upstream zone tests with ssl backend.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
85 EOF |
f3434de79a7f
Tests: upstream zone tests with ssl backend.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
86 |
f3434de79a7f
Tests: upstream zone tests with ssl backend.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
87 $t->write_file('openssl.conf', <<EOF); |
f3434de79a7f
Tests: upstream zone tests with ssl backend.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
88 [ req ] |
1488
dbce8fb5f5f8
Tests: align with OpenSSL security level 2.
Sergey Kandaurov <pluknet@nginx.com>
parents:
1381
diff
changeset
|
89 default_bits = 2048 |
560
f3434de79a7f
Tests: upstream zone tests with ssl backend.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
90 encrypt_key = no |
f3434de79a7f
Tests: upstream zone tests with ssl backend.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
91 distinguished_name = req_distinguished_name |
f3434de79a7f
Tests: upstream zone tests with ssl backend.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
92 [ req_distinguished_name ] |
f3434de79a7f
Tests: upstream zone tests with ssl backend.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
93 EOF |
f3434de79a7f
Tests: upstream zone tests with ssl backend.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
94 |
f3434de79a7f
Tests: upstream zone tests with ssl backend.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
95 my $d = $t->testdir(); |
f3434de79a7f
Tests: upstream zone tests with ssl backend.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
96 |
f3434de79a7f
Tests: upstream zone tests with ssl backend.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
97 foreach my $name ('localhost') { |
f3434de79a7f
Tests: upstream zone tests with ssl backend.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
98 system('openssl req -x509 -new ' |
1220
0af58b78df35
Tests: removed single quotes from system() calls.
Sergey Kandaurov <pluknet@nginx.com>
parents:
1197
diff
changeset
|
99 . "-config $d/openssl.conf -subj /CN=$name/ " |
0af58b78df35
Tests: removed single quotes from system() calls.
Sergey Kandaurov <pluknet@nginx.com>
parents:
1197
diff
changeset
|
100 . "-out $d/$name.crt -keyout $d/$name.key " |
560
f3434de79a7f
Tests: upstream zone tests with ssl backend.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
101 . ">>$d/openssl.out 2>&1") == 0 |
f3434de79a7f
Tests: upstream zone tests with ssl backend.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
102 or die "Can't create certificate for $name: $!\n"; |
f3434de79a7f
Tests: upstream zone tests with ssl backend.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
103 } |
f3434de79a7f
Tests: upstream zone tests with ssl backend.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
104 |
f3434de79a7f
Tests: upstream zone tests with ssl backend.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
105 $t->run(); |
f3434de79a7f
Tests: upstream zone tests with ssl backend.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
106 |
f3434de79a7f
Tests: upstream zone tests with ssl backend.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
107 ############################################################################### |
f3434de79a7f
Tests: upstream zone tests with ssl backend.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
108 |
1195
af7feabed82a
Tests: stream proxy ssl session tests no longer use http backends.
Sergey Kandaurov <pluknet@nginx.com>
parents:
1116
diff
changeset
|
109 is(stream('127.0.0.1:' . port(8080))->read(), '.', 'ssl'); |
af7feabed82a
Tests: stream proxy ssl session tests no longer use http backends.
Sergey Kandaurov <pluknet@nginx.com>
parents:
1116
diff
changeset
|
110 is(stream('127.0.0.1:' . port(8080))->read(), '.', 'ssl 2'); |
560
f3434de79a7f
Tests: upstream zone tests with ssl backend.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
111 |
1195
af7feabed82a
Tests: stream proxy ssl session tests no longer use http backends.
Sergey Kandaurov <pluknet@nginx.com>
parents:
1116
diff
changeset
|
112 is(stream('127.0.0.1:' . port(8081))->read(), '.', 'ssl session new'); |
af7feabed82a
Tests: stream proxy ssl session tests no longer use http backends.
Sergey Kandaurov <pluknet@nginx.com>
parents:
1116
diff
changeset
|
113 is(stream('127.0.0.1:' . port(8081))->read(), 'r', 'ssl session reused'); |
1197
155573499f20
Tests: more ssl session tests.
Sergey Kandaurov <pluknet@nginx.com>
parents:
1195
diff
changeset
|
114 is(stream('127.0.0.1:' . port(8081))->read(), 'r', 'ssl session reused 2'); |
560
f3434de79a7f
Tests: upstream zone tests with ssl backend.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
115 |
1195
af7feabed82a
Tests: stream proxy ssl session tests no longer use http backends.
Sergey Kandaurov <pluknet@nginx.com>
parents:
1116
diff
changeset
|
116 is(stream('127.0.0.1:' . port(8082))->read(), '.', 'backup ssl'); |
af7feabed82a
Tests: stream proxy ssl session tests no longer use http backends.
Sergey Kandaurov <pluknet@nginx.com>
parents:
1116
diff
changeset
|
117 is(stream('127.0.0.1:' . port(8082))->read(), '.', 'backup ssl 2'); |
560
f3434de79a7f
Tests: upstream zone tests with ssl backend.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
118 |
1195
af7feabed82a
Tests: stream proxy ssl session tests no longer use http backends.
Sergey Kandaurov <pluknet@nginx.com>
parents:
1116
diff
changeset
|
119 is(stream('127.0.0.1:' . port(8083))->read(), '.', 'backup ssl session new'); |
af7feabed82a
Tests: stream proxy ssl session tests no longer use http backends.
Sergey Kandaurov <pluknet@nginx.com>
parents:
1116
diff
changeset
|
120 is(stream('127.0.0.1:' . port(8083))->read(), 'r', 'backup ssl session reused'); |
560
f3434de79a7f
Tests: upstream zone tests with ssl backend.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
121 |
f3434de79a7f
Tests: upstream zone tests with ssl backend.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
122 ############################################################################### |