Mercurial > hg > nginx-tests

annotate proxy_ssl_certificate.t @ 1260:eadd24ccfda1

Find changesets by keywords (author, files, the commit message), revision number or hash, or revset expression.
Tests: postponed startup in certain ssl certificate tests on win32. At least, some win32 hosts exhibit a round-off error or some such in the notBefore field of the certificate generated before starting nginx, such that it can be set to the value one second ahead of the current time. This manifests in spurious test failures due to certificate verify error with a failure reason "certificate is not yet valid".
author Sergey Kandaurov <pluknet@nginx.com>
date Tue, 12 Dec 2017 12:53:53 +0300
parents 0af58b78df35
children dbce8fb5f5f8
Ignore whitespace changes - Everywhere: Within whitespace: At end of lines:
rev   line source
497
d4330871bfb0 Tests: proxy_ssl_certificate, proxy_ssl_password_file tests.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff changeset
1 #!/usr/bin/perl
d4330871bfb0 Tests: proxy_ssl_certificate, proxy_ssl_password_file tests.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff changeset
2
d4330871bfb0 Tests: proxy_ssl_certificate, proxy_ssl_password_file tests.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff changeset
3 # (C) Sergey Kandaurov
d4330871bfb0 Tests: proxy_ssl_certificate, proxy_ssl_password_file tests.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff changeset
4 # (C) Nginx, Inc.
d4330871bfb0 Tests: proxy_ssl_certificate, proxy_ssl_password_file tests.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff changeset
5
643
02bb93aebaa5 Tests: minor cleanup, no functional changes.
Sergey Kandaurov <pluknet@nginx.com>
parents: 568
diff changeset
6 # Tests for http proxy module with proxy certificate to ssl backend.
497
d4330871bfb0 Tests: proxy_ssl_certificate, proxy_ssl_password_file tests.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff changeset
7 # The proxy_ssl_certificate and proxy_ssl_password_file directives.
d4330871bfb0 Tests: proxy_ssl_certificate, proxy_ssl_password_file tests.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff changeset
8
d4330871bfb0 Tests: proxy_ssl_certificate, proxy_ssl_password_file tests.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff changeset
9 ###############################################################################
d4330871bfb0 Tests: proxy_ssl_certificate, proxy_ssl_password_file tests.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff changeset
10
d4330871bfb0 Tests: proxy_ssl_certificate, proxy_ssl_password_file tests.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff changeset
11 use warnings;
d4330871bfb0 Tests: proxy_ssl_certificate, proxy_ssl_password_file tests.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff changeset
12 use strict;
d4330871bfb0 Tests: proxy_ssl_certificate, proxy_ssl_password_file tests.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff changeset
13
d4330871bfb0 Tests: proxy_ssl_certificate, proxy_ssl_password_file tests.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff changeset
14 use Test::More;
d4330871bfb0 Tests: proxy_ssl_certificate, proxy_ssl_password_file tests.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff changeset
15
d4330871bfb0 Tests: proxy_ssl_certificate, proxy_ssl_password_file tests.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff changeset
16 BEGIN { use FindBin; chdir($FindBin::Bin); }
d4330871bfb0 Tests: proxy_ssl_certificate, proxy_ssl_password_file tests.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff changeset
17
d4330871bfb0 Tests: proxy_ssl_certificate, proxy_ssl_password_file tests.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff changeset
18 use lib 'lib';
d4330871bfb0 Tests: proxy_ssl_certificate, proxy_ssl_password_file tests.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff changeset
19 use Test::Nginx;
d4330871bfb0 Tests: proxy_ssl_certificate, proxy_ssl_password_file tests.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff changeset
20
d4330871bfb0 Tests: proxy_ssl_certificate, proxy_ssl_password_file tests.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff changeset
21 ###############################################################################
d4330871bfb0 Tests: proxy_ssl_certificate, proxy_ssl_password_file tests.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff changeset
22
d4330871bfb0 Tests: proxy_ssl_certificate, proxy_ssl_password_file tests.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff changeset
23 select STDERR; $| = 1;
d4330871bfb0 Tests: proxy_ssl_certificate, proxy_ssl_password_file tests.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff changeset
24 select STDOUT; $| = 1;
d4330871bfb0 Tests: proxy_ssl_certificate, proxy_ssl_password_file tests.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff changeset
25
d4330871bfb0 Tests: proxy_ssl_certificate, proxy_ssl_password_file tests.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff changeset
26 my $t = Test::Nginx->new()->has(qw/http http_ssl proxy/)
568
907e89fba9c3 Tests: removed TODO and try_run() checks for legacy versions.
Sergey Kandaurov <pluknet@nginx.com>
parents: 497
diff changeset
27 ->has_daemon('openssl')->plan(5);
497
d4330871bfb0 Tests: proxy_ssl_certificate, proxy_ssl_password_file tests.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff changeset
28
568
907e89fba9c3 Tests: removed TODO and try_run() checks for legacy versions.
Sergey Kandaurov <pluknet@nginx.com>
parents: 497
diff changeset
29 $t->write_file_expand('nginx.conf', <<'EOF');
497
d4330871bfb0 Tests: proxy_ssl_certificate, proxy_ssl_password_file tests.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff changeset
30
d4330871bfb0 Tests: proxy_ssl_certificate, proxy_ssl_password_file tests.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff changeset
31 %%TEST_GLOBALS%%
d4330871bfb0 Tests: proxy_ssl_certificate, proxy_ssl_password_file tests.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff changeset
32
d4330871bfb0 Tests: proxy_ssl_certificate, proxy_ssl_password_file tests.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff changeset
33 daemon off;
d4330871bfb0 Tests: proxy_ssl_certificate, proxy_ssl_password_file tests.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff changeset
34
d4330871bfb0 Tests: proxy_ssl_certificate, proxy_ssl_password_file tests.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff changeset
35 events {
d4330871bfb0 Tests: proxy_ssl_certificate, proxy_ssl_password_file tests.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff changeset
36 }
d4330871bfb0 Tests: proxy_ssl_certificate, proxy_ssl_password_file tests.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff changeset
37
d4330871bfb0 Tests: proxy_ssl_certificate, proxy_ssl_password_file tests.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff changeset
38 http {
d4330871bfb0 Tests: proxy_ssl_certificate, proxy_ssl_password_file tests.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff changeset
39 %%TEST_GLOBALS_HTTP%%
d4330871bfb0 Tests: proxy_ssl_certificate, proxy_ssl_password_file tests.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff changeset
40
d4330871bfb0 Tests: proxy_ssl_certificate, proxy_ssl_password_file tests.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff changeset
41 server {
974
882267679006 Tests: simplified parallel modifications in tests.
Andrey Zelenkov <zelenkov@nginx.com>
parents: 952
diff changeset
42 listen 127.0.0.1:8080;
497
d4330871bfb0 Tests: proxy_ssl_certificate, proxy_ssl_password_file tests.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff changeset
43 server_name localhost;
d4330871bfb0 Tests: proxy_ssl_certificate, proxy_ssl_password_file tests.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff changeset
44
d4330871bfb0 Tests: proxy_ssl_certificate, proxy_ssl_password_file tests.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff changeset
45 proxy_ssl_session_reuse off;
d4330871bfb0 Tests: proxy_ssl_certificate, proxy_ssl_password_file tests.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff changeset
46
d4330871bfb0 Tests: proxy_ssl_certificate, proxy_ssl_password_file tests.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff changeset
47 location /verify {
974
882267679006 Tests: simplified parallel modifications in tests.
Andrey Zelenkov <zelenkov@nginx.com>
parents: 952
diff changeset
48 proxy_pass https://127.0.0.1:8081/;
497
d4330871bfb0 Tests: proxy_ssl_certificate, proxy_ssl_password_file tests.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff changeset
49 proxy_ssl_certificate 1.example.com.crt;
d4330871bfb0 Tests: proxy_ssl_certificate, proxy_ssl_password_file tests.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff changeset
50 proxy_ssl_certificate_key 1.example.com.key;
d4330871bfb0 Tests: proxy_ssl_certificate, proxy_ssl_password_file tests.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff changeset
51 }
d4330871bfb0 Tests: proxy_ssl_certificate, proxy_ssl_password_file tests.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff changeset
52
d4330871bfb0 Tests: proxy_ssl_certificate, proxy_ssl_password_file tests.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff changeset
53 location /fail {
974
882267679006 Tests: simplified parallel modifications in tests.
Andrey Zelenkov <zelenkov@nginx.com>
parents: 952
diff changeset
54 proxy_pass https://127.0.0.1:8081/;
497
d4330871bfb0 Tests: proxy_ssl_certificate, proxy_ssl_password_file tests.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff changeset
55 proxy_ssl_certificate 2.example.com.crt;
d4330871bfb0 Tests: proxy_ssl_certificate, proxy_ssl_password_file tests.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff changeset
56 proxy_ssl_certificate_key 2.example.com.key;
d4330871bfb0 Tests: proxy_ssl_certificate, proxy_ssl_password_file tests.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff changeset
57 }
d4330871bfb0 Tests: proxy_ssl_certificate, proxy_ssl_password_file tests.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff changeset
58
d4330871bfb0 Tests: proxy_ssl_certificate, proxy_ssl_password_file tests.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff changeset
59 location /encrypted {
974
882267679006 Tests: simplified parallel modifications in tests.
Andrey Zelenkov <zelenkov@nginx.com>
parents: 952
diff changeset
60 proxy_pass https://127.0.0.1:8082/;
497
d4330871bfb0 Tests: proxy_ssl_certificate, proxy_ssl_password_file tests.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff changeset
61 proxy_ssl_certificate 3.example.com.crt;
d4330871bfb0 Tests: proxy_ssl_certificate, proxy_ssl_password_file tests.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff changeset
62 proxy_ssl_certificate_key 3.example.com.key;
d4330871bfb0 Tests: proxy_ssl_certificate, proxy_ssl_password_file tests.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff changeset
63 proxy_ssl_password_file password;
d4330871bfb0 Tests: proxy_ssl_certificate, proxy_ssl_password_file tests.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff changeset
64 }
d4330871bfb0 Tests: proxy_ssl_certificate, proxy_ssl_password_file tests.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff changeset
65 }
d4330871bfb0 Tests: proxy_ssl_certificate, proxy_ssl_password_file tests.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff changeset
66
d4330871bfb0 Tests: proxy_ssl_certificate, proxy_ssl_password_file tests.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff changeset
67 server {
974
882267679006 Tests: simplified parallel modifications in tests.
Andrey Zelenkov <zelenkov@nginx.com>
parents: 952
diff changeset
68 listen 127.0.0.1:8081 ssl;
497
d4330871bfb0 Tests: proxy_ssl_certificate, proxy_ssl_password_file tests.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff changeset
69 server_name localhost;
d4330871bfb0 Tests: proxy_ssl_certificate, proxy_ssl_password_file tests.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff changeset
70
d4330871bfb0 Tests: proxy_ssl_certificate, proxy_ssl_password_file tests.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff changeset
71 ssl_certificate 2.example.com.crt;
d4330871bfb0 Tests: proxy_ssl_certificate, proxy_ssl_password_file tests.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff changeset
72 ssl_certificate_key 2.example.com.key;
d4330871bfb0 Tests: proxy_ssl_certificate, proxy_ssl_password_file tests.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff changeset
73
d4330871bfb0 Tests: proxy_ssl_certificate, proxy_ssl_password_file tests.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff changeset
74 ssl_verify_client optional_no_ca;
d4330871bfb0 Tests: proxy_ssl_certificate, proxy_ssl_password_file tests.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff changeset
75 ssl_trusted_certificate 1.example.com.crt;
d4330871bfb0 Tests: proxy_ssl_certificate, proxy_ssl_password_file tests.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff changeset
76
d4330871bfb0 Tests: proxy_ssl_certificate, proxy_ssl_password_file tests.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff changeset
77 location / {
d4330871bfb0 Tests: proxy_ssl_certificate, proxy_ssl_password_file tests.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff changeset
78 add_header X-Verify $ssl_client_verify;
d4330871bfb0 Tests: proxy_ssl_certificate, proxy_ssl_password_file tests.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff changeset
79 add_header X-Name $ssl_client_s_dn;
d4330871bfb0 Tests: proxy_ssl_certificate, proxy_ssl_password_file tests.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff changeset
80 }
d4330871bfb0 Tests: proxy_ssl_certificate, proxy_ssl_password_file tests.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff changeset
81 }
d4330871bfb0 Tests: proxy_ssl_certificate, proxy_ssl_password_file tests.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff changeset
82
d4330871bfb0 Tests: proxy_ssl_certificate, proxy_ssl_password_file tests.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff changeset
83 server {
974
882267679006 Tests: simplified parallel modifications in tests.
Andrey Zelenkov <zelenkov@nginx.com>
parents: 952
diff changeset
84 listen 127.0.0.1:8082 ssl;
497
d4330871bfb0 Tests: proxy_ssl_certificate, proxy_ssl_password_file tests.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff changeset
85 server_name localhost;
d4330871bfb0 Tests: proxy_ssl_certificate, proxy_ssl_password_file tests.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff changeset
86
d4330871bfb0 Tests: proxy_ssl_certificate, proxy_ssl_password_file tests.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff changeset
87 ssl_certificate 1.example.com.crt;
d4330871bfb0 Tests: proxy_ssl_certificate, proxy_ssl_password_file tests.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff changeset
88 ssl_certificate_key 1.example.com.key;
d4330871bfb0 Tests: proxy_ssl_certificate, proxy_ssl_password_file tests.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff changeset
89
d4330871bfb0 Tests: proxy_ssl_certificate, proxy_ssl_password_file tests.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff changeset
90 ssl_verify_client optional_no_ca;
d4330871bfb0 Tests: proxy_ssl_certificate, proxy_ssl_password_file tests.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff changeset
91 ssl_trusted_certificate 3.example.com.crt;
d4330871bfb0 Tests: proxy_ssl_certificate, proxy_ssl_password_file tests.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff changeset
92
d4330871bfb0 Tests: proxy_ssl_certificate, proxy_ssl_password_file tests.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff changeset
93 location / {
d4330871bfb0 Tests: proxy_ssl_certificate, proxy_ssl_password_file tests.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff changeset
94 add_header X-Verify $ssl_client_verify;
d4330871bfb0 Tests: proxy_ssl_certificate, proxy_ssl_password_file tests.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff changeset
95 }
d4330871bfb0 Tests: proxy_ssl_certificate, proxy_ssl_password_file tests.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff changeset
96 }
d4330871bfb0 Tests: proxy_ssl_certificate, proxy_ssl_password_file tests.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff changeset
97 }
d4330871bfb0 Tests: proxy_ssl_certificate, proxy_ssl_password_file tests.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff changeset
98
d4330871bfb0 Tests: proxy_ssl_certificate, proxy_ssl_password_file tests.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff changeset
99 EOF
d4330871bfb0 Tests: proxy_ssl_certificate, proxy_ssl_password_file tests.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff changeset
100
d4330871bfb0 Tests: proxy_ssl_certificate, proxy_ssl_password_file tests.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff changeset
101 $t->write_file('openssl.conf', <<EOF);
d4330871bfb0 Tests: proxy_ssl_certificate, proxy_ssl_password_file tests.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff changeset
102 [ req ]
d4330871bfb0 Tests: proxy_ssl_certificate, proxy_ssl_password_file tests.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff changeset
103 default_bits = 1024
d4330871bfb0 Tests: proxy_ssl_certificate, proxy_ssl_password_file tests.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff changeset
104 encrypt_key = no
d4330871bfb0 Tests: proxy_ssl_certificate, proxy_ssl_password_file tests.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff changeset
105 distinguished_name = req_distinguished_name
d4330871bfb0 Tests: proxy_ssl_certificate, proxy_ssl_password_file tests.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff changeset
106 [ req_distinguished_name ]
d4330871bfb0 Tests: proxy_ssl_certificate, proxy_ssl_password_file tests.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff changeset
107 EOF
d4330871bfb0 Tests: proxy_ssl_certificate, proxy_ssl_password_file tests.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff changeset
108
d4330871bfb0 Tests: proxy_ssl_certificate, proxy_ssl_password_file tests.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff changeset
109 my $d = $t->testdir();
d4330871bfb0 Tests: proxy_ssl_certificate, proxy_ssl_password_file tests.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff changeset
110
d4330871bfb0 Tests: proxy_ssl_certificate, proxy_ssl_password_file tests.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff changeset
111 foreach my $name ('1.example.com', '2.example.com') {
d4330871bfb0 Tests: proxy_ssl_certificate, proxy_ssl_password_file tests.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff changeset
112 system('openssl req -x509 -new '
1220
0af58b78df35 Tests: removed single quotes from system() calls.
Sergey Kandaurov <pluknet@nginx.com>
parents: 1140
diff changeset
113 . "-config $d/openssl.conf -subj /CN=$name/ "
0af58b78df35 Tests: removed single quotes from system() calls.
Sergey Kandaurov <pluknet@nginx.com>
parents: 1140
diff changeset
114 . "-out $d/$name.crt -keyout $d/$name.key "
497
d4330871bfb0 Tests: proxy_ssl_certificate, proxy_ssl_password_file tests.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff changeset
115 . ">>$d/openssl.out 2>&1") == 0
d4330871bfb0 Tests: proxy_ssl_certificate, proxy_ssl_password_file tests.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff changeset
116 or die "Can't create certificate for $name: $!\n";
d4330871bfb0 Tests: proxy_ssl_certificate, proxy_ssl_password_file tests.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff changeset
117 }
d4330871bfb0 Tests: proxy_ssl_certificate, proxy_ssl_password_file tests.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff changeset
118
d4330871bfb0 Tests: proxy_ssl_certificate, proxy_ssl_password_file tests.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff changeset
119 foreach my $name ('3.example.com') {
1220
0af58b78df35 Tests: removed single quotes from system() calls.
Sergey Kandaurov <pluknet@nginx.com>
parents: 1140
diff changeset
120 system("openssl genrsa -out $d/$name.key -passout pass:$name "
1140
778eae8230e4 Tests: reduced OpenSSL default key length to 1024.
Andrey Zelenkov <zelenkov@nginx.com>
parents: 1069
diff changeset
121 . "-aes128 1024 >>$d/openssl.out 2>&1") == 0
497
d4330871bfb0 Tests: proxy_ssl_certificate, proxy_ssl_password_file tests.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff changeset
122 or die "Can't create private key: $!\n";
d4330871bfb0 Tests: proxy_ssl_certificate, proxy_ssl_password_file tests.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff changeset
123 system('openssl req -x509 -new '
1220
0af58b78df35 Tests: removed single quotes from system() calls.
Sergey Kandaurov <pluknet@nginx.com>
parents: 1140
diff changeset
124 . "-config $d/openssl.conf -subj /CN=$name/ "
0af58b78df35 Tests: removed single quotes from system() calls.
Sergey Kandaurov <pluknet@nginx.com>
parents: 1140
diff changeset
125 . "-out $d/$name.crt "
0af58b78df35 Tests: removed single quotes from system() calls.
Sergey Kandaurov <pluknet@nginx.com>
parents: 1140
diff changeset
126 . "-key $d/$name.key -passin pass:$name"
497
d4330871bfb0 Tests: proxy_ssl_certificate, proxy_ssl_password_file tests.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff changeset
127 . ">>$d/openssl.out 2>&1") == 0
d4330871bfb0 Tests: proxy_ssl_certificate, proxy_ssl_password_file tests.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff changeset
128 or die "Can't create certificate for $name: $!\n";
d4330871bfb0 Tests: proxy_ssl_certificate, proxy_ssl_password_file tests.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff changeset
129 }
d4330871bfb0 Tests: proxy_ssl_certificate, proxy_ssl_password_file tests.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff changeset
130
1260
eadd24ccfda1 Tests: postponed startup in certain ssl certificate tests on win32.
Sergey Kandaurov <pluknet@nginx.com>
parents: 1220
diff changeset
131 sleep 1 if $^O eq 'MSWin32';
eadd24ccfda1 Tests: postponed startup in certain ssl certificate tests on win32.
Sergey Kandaurov <pluknet@nginx.com>
parents: 1220
diff changeset
132
497
d4330871bfb0 Tests: proxy_ssl_certificate, proxy_ssl_password_file tests.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff changeset
133 $t->write_file('password', '3.example.com');
d4330871bfb0 Tests: proxy_ssl_certificate, proxy_ssl_password_file tests.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff changeset
134 $t->write_file('index.html', '');
d4330871bfb0 Tests: proxy_ssl_certificate, proxy_ssl_password_file tests.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff changeset
135
d4330871bfb0 Tests: proxy_ssl_certificate, proxy_ssl_password_file tests.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff changeset
136 $t->run();
d4330871bfb0 Tests: proxy_ssl_certificate, proxy_ssl_password_file tests.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff changeset
137
d4330871bfb0 Tests: proxy_ssl_certificate, proxy_ssl_password_file tests.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff changeset
138 ###############################################################################
d4330871bfb0 Tests: proxy_ssl_certificate, proxy_ssl_password_file tests.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff changeset
139
d4330871bfb0 Tests: proxy_ssl_certificate, proxy_ssl_password_file tests.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff changeset
140 like(http_get('/verify'), qr/X-Verify: SUCCESS/ms, 'verify certificate');
d4330871bfb0 Tests: proxy_ssl_certificate, proxy_ssl_password_file tests.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff changeset
141 like(http_get('/fail'), qr/X-Verify: FAILED/ms, 'fail certificate');
d4330871bfb0 Tests: proxy_ssl_certificate, proxy_ssl_password_file tests.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff changeset
142 like(http_get('/encrypted'), qr/X-Verify: SUCCESS/ms, 'with encrypted key');
d4330871bfb0 Tests: proxy_ssl_certificate, proxy_ssl_password_file tests.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff changeset
143
1069
1b11a12be179 Tests: pass both issuer/subject variable formats where appropriate.
Sergey Kandaurov <pluknet@nginx.com>
parents: 1039
diff changeset
144 like(http_get('/verify'), qr!X-Name: /?CN=1.example!, 'valid certificate');
1b11a12be179 Tests: pass both issuer/subject variable formats where appropriate.
Sergey Kandaurov <pluknet@nginx.com>
parents: 1039
diff changeset
145 unlike(http_get('/fail'), qr!X-Name: /?CN=1.example!, 'invalid certificate');
497
d4330871bfb0 Tests: proxy_ssl_certificate, proxy_ssl_password_file tests.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff changeset
146
d4330871bfb0 Tests: proxy_ssl_certificate, proxy_ssl_password_file tests.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff changeset
147 ###############################################################################