Mercurial > hg > nginx-tests
annotate proxy_ssl_verify.t @ 1260:eadd24ccfda1
Tests: postponed startup in certain ssl certificate tests on win32.
At least, some win32 hosts exhibit a round-off error or some such in the
notBefore field of the certificate generated before starting nginx, such
that it can be set to the value one second ahead of the current time.
This manifests in spurious test failures due to certificate verify error
with a failure reason "certificate is not yet valid".
| author | Sergey Kandaurov <pluknet@nginx.com> |
|---|---|
| date | Tue, 12 Dec 2017 12:53:53 +0300 |
| parents | 0af58b78df35 |
| children | dbce8fb5f5f8 |
| rev | line source |
|---|---|
|
393
3c9aeeb09ac8
Tests: proxy_ssl_name and proxy_ssl_verify tests.
Maxim Dounin <mdounin@mdounin.ru>
parents:
diff
changeset
|
1 #!/usr/bin/perl |
|
3c9aeeb09ac8
Tests: proxy_ssl_name and proxy_ssl_verify tests.
Maxim Dounin <mdounin@mdounin.ru>
parents:
diff
changeset
|
2 |
|
3c9aeeb09ac8
Tests: proxy_ssl_name and proxy_ssl_verify tests.
Maxim Dounin <mdounin@mdounin.ru>
parents:
diff
changeset
|
3 # (C) Maxim Dounin |
|
3c9aeeb09ac8
Tests: proxy_ssl_name and proxy_ssl_verify tests.
Maxim Dounin <mdounin@mdounin.ru>
parents:
diff
changeset
|
4 # (C) Nginx, Inc. |
|
3c9aeeb09ac8
Tests: proxy_ssl_name and proxy_ssl_verify tests.
Maxim Dounin <mdounin@mdounin.ru>
parents:
diff
changeset
|
5 |
|
3c9aeeb09ac8
Tests: proxy_ssl_name and proxy_ssl_verify tests.
Maxim Dounin <mdounin@mdounin.ru>
parents:
diff
changeset
|
6 # Tests for proxy to ssl backend, backend certificate verification. |
|
3c9aeeb09ac8
Tests: proxy_ssl_name and proxy_ssl_verify tests.
Maxim Dounin <mdounin@mdounin.ru>
parents:
diff
changeset
|
7 |
|
3c9aeeb09ac8
Tests: proxy_ssl_name and proxy_ssl_verify tests.
Maxim Dounin <mdounin@mdounin.ru>
parents:
diff
changeset
|
8 ############################################################################### |
|
3c9aeeb09ac8
Tests: proxy_ssl_name and proxy_ssl_verify tests.
Maxim Dounin <mdounin@mdounin.ru>
parents:
diff
changeset
|
9 |
|
3c9aeeb09ac8
Tests: proxy_ssl_name and proxy_ssl_verify tests.
Maxim Dounin <mdounin@mdounin.ru>
parents:
diff
changeset
|
10 use warnings; |
|
3c9aeeb09ac8
Tests: proxy_ssl_name and proxy_ssl_verify tests.
Maxim Dounin <mdounin@mdounin.ru>
parents:
diff
changeset
|
11 use strict; |
|
3c9aeeb09ac8
Tests: proxy_ssl_name and proxy_ssl_verify tests.
Maxim Dounin <mdounin@mdounin.ru>
parents:
diff
changeset
|
12 |
|
3c9aeeb09ac8
Tests: proxy_ssl_name and proxy_ssl_verify tests.
Maxim Dounin <mdounin@mdounin.ru>
parents:
diff
changeset
|
13 use Test::More; |
|
3c9aeeb09ac8
Tests: proxy_ssl_name and proxy_ssl_verify tests.
Maxim Dounin <mdounin@mdounin.ru>
parents:
diff
changeset
|
14 |
|
3c9aeeb09ac8
Tests: proxy_ssl_name and proxy_ssl_verify tests.
Maxim Dounin <mdounin@mdounin.ru>
parents:
diff
changeset
|
15 BEGIN { use FindBin; chdir($FindBin::Bin); } |
|
3c9aeeb09ac8
Tests: proxy_ssl_name and proxy_ssl_verify tests.
Maxim Dounin <mdounin@mdounin.ru>
parents:
diff
changeset
|
16 |
|
3c9aeeb09ac8
Tests: proxy_ssl_name and proxy_ssl_verify tests.
Maxim Dounin <mdounin@mdounin.ru>
parents:
diff
changeset
|
17 use lib 'lib'; |
|
3c9aeeb09ac8
Tests: proxy_ssl_name and proxy_ssl_verify tests.
Maxim Dounin <mdounin@mdounin.ru>
parents:
diff
changeset
|
18 use Test::Nginx; |
|
3c9aeeb09ac8
Tests: proxy_ssl_name and proxy_ssl_verify tests.
Maxim Dounin <mdounin@mdounin.ru>
parents:
diff
changeset
|
19 |
|
3c9aeeb09ac8
Tests: proxy_ssl_name and proxy_ssl_verify tests.
Maxim Dounin <mdounin@mdounin.ru>
parents:
diff
changeset
|
20 ############################################################################### |
|
3c9aeeb09ac8
Tests: proxy_ssl_name and proxy_ssl_verify tests.
Maxim Dounin <mdounin@mdounin.ru>
parents:
diff
changeset
|
21 |
|
3c9aeeb09ac8
Tests: proxy_ssl_name and proxy_ssl_verify tests.
Maxim Dounin <mdounin@mdounin.ru>
parents:
diff
changeset
|
22 select STDERR; $| = 1; |
|
3c9aeeb09ac8
Tests: proxy_ssl_name and proxy_ssl_verify tests.
Maxim Dounin <mdounin@mdounin.ru>
parents:
diff
changeset
|
23 select STDOUT; $| = 1; |
|
3c9aeeb09ac8
Tests: proxy_ssl_name and proxy_ssl_verify tests.
Maxim Dounin <mdounin@mdounin.ru>
parents:
diff
changeset
|
24 |
|
3c9aeeb09ac8
Tests: proxy_ssl_name and proxy_ssl_verify tests.
Maxim Dounin <mdounin@mdounin.ru>
parents:
diff
changeset
|
25 my $t = Test::Nginx->new()->has(qw/http http_ssl proxy/) |
|
568
907e89fba9c3
Tests: removed TODO and try_run() checks for legacy versions.
Sergey Kandaurov <pluknet@nginx.com>
parents:
393
diff
changeset
|
26 ->has_daemon('openssl')->plan(6) |
|
393
3c9aeeb09ac8
Tests: proxy_ssl_name and proxy_ssl_verify tests.
Maxim Dounin <mdounin@mdounin.ru>
parents:
diff
changeset
|
27 ->write_file_expand('nginx.conf', <<'EOF'); |
|
3c9aeeb09ac8
Tests: proxy_ssl_name and proxy_ssl_verify tests.
Maxim Dounin <mdounin@mdounin.ru>
parents:
diff
changeset
|
28 |
|
3c9aeeb09ac8
Tests: proxy_ssl_name and proxy_ssl_verify tests.
Maxim Dounin <mdounin@mdounin.ru>
parents:
diff
changeset
|
29 %%TEST_GLOBALS%% |
|
3c9aeeb09ac8
Tests: proxy_ssl_name and proxy_ssl_verify tests.
Maxim Dounin <mdounin@mdounin.ru>
parents:
diff
changeset
|
30 |
|
3c9aeeb09ac8
Tests: proxy_ssl_name and proxy_ssl_verify tests.
Maxim Dounin <mdounin@mdounin.ru>
parents:
diff
changeset
|
31 daemon off; |
|
3c9aeeb09ac8
Tests: proxy_ssl_name and proxy_ssl_verify tests.
Maxim Dounin <mdounin@mdounin.ru>
parents:
diff
changeset
|
32 |
|
3c9aeeb09ac8
Tests: proxy_ssl_name and proxy_ssl_verify tests.
Maxim Dounin <mdounin@mdounin.ru>
parents:
diff
changeset
|
33 events { |
|
3c9aeeb09ac8
Tests: proxy_ssl_name and proxy_ssl_verify tests.
Maxim Dounin <mdounin@mdounin.ru>
parents:
diff
changeset
|
34 } |
|
3c9aeeb09ac8
Tests: proxy_ssl_name and proxy_ssl_verify tests.
Maxim Dounin <mdounin@mdounin.ru>
parents:
diff
changeset
|
35 |
|
3c9aeeb09ac8
Tests: proxy_ssl_name and proxy_ssl_verify tests.
Maxim Dounin <mdounin@mdounin.ru>
parents:
diff
changeset
|
36 http { |
|
3c9aeeb09ac8
Tests: proxy_ssl_name and proxy_ssl_verify tests.
Maxim Dounin <mdounin@mdounin.ru>
parents:
diff
changeset
|
37 %%TEST_GLOBALS_HTTP%% |
|
3c9aeeb09ac8
Tests: proxy_ssl_name and proxy_ssl_verify tests.
Maxim Dounin <mdounin@mdounin.ru>
parents:
diff
changeset
|
38 |
|
3c9aeeb09ac8
Tests: proxy_ssl_name and proxy_ssl_verify tests.
Maxim Dounin <mdounin@mdounin.ru>
parents:
diff
changeset
|
39 server { |
|
974
882267679006
Tests: simplified parallel modifications in tests.
Andrey Zelenkov <zelenkov@nginx.com>
parents:
952
diff
changeset
|
40 listen 127.0.0.1:8080; |
|
393
3c9aeeb09ac8
Tests: proxy_ssl_name and proxy_ssl_verify tests.
Maxim Dounin <mdounin@mdounin.ru>
parents:
diff
changeset
|
41 server_name localhost; |
|
3c9aeeb09ac8
Tests: proxy_ssl_name and proxy_ssl_verify tests.
Maxim Dounin <mdounin@mdounin.ru>
parents:
diff
changeset
|
42 |
|
3c9aeeb09ac8
Tests: proxy_ssl_name and proxy_ssl_verify tests.
Maxim Dounin <mdounin@mdounin.ru>
parents:
diff
changeset
|
43 location /verify { |
|
974
882267679006
Tests: simplified parallel modifications in tests.
Andrey Zelenkov <zelenkov@nginx.com>
parents:
952
diff
changeset
|
44 proxy_pass https://127.0.0.1:8081/; |
|
393
3c9aeeb09ac8
Tests: proxy_ssl_name and proxy_ssl_verify tests.
Maxim Dounin <mdounin@mdounin.ru>
parents:
diff
changeset
|
45 proxy_ssl_name example.com; |
|
3c9aeeb09ac8
Tests: proxy_ssl_name and proxy_ssl_verify tests.
Maxim Dounin <mdounin@mdounin.ru>
parents:
diff
changeset
|
46 proxy_ssl_verify on; |
|
3c9aeeb09ac8
Tests: proxy_ssl_name and proxy_ssl_verify tests.
Maxim Dounin <mdounin@mdounin.ru>
parents:
diff
changeset
|
47 proxy_ssl_trusted_certificate 1.example.com.crt; |
|
3c9aeeb09ac8
Tests: proxy_ssl_name and proxy_ssl_verify tests.
Maxim Dounin <mdounin@mdounin.ru>
parents:
diff
changeset
|
48 } |
|
3c9aeeb09ac8
Tests: proxy_ssl_name and proxy_ssl_verify tests.
Maxim Dounin <mdounin@mdounin.ru>
parents:
diff
changeset
|
49 |
|
3c9aeeb09ac8
Tests: proxy_ssl_name and proxy_ssl_verify tests.
Maxim Dounin <mdounin@mdounin.ru>
parents:
diff
changeset
|
50 location /wildcard { |
|
974
882267679006
Tests: simplified parallel modifications in tests.
Andrey Zelenkov <zelenkov@nginx.com>
parents:
952
diff
changeset
|
51 proxy_pass https://127.0.0.1:8081/; |
|
393
3c9aeeb09ac8
Tests: proxy_ssl_name and proxy_ssl_verify tests.
Maxim Dounin <mdounin@mdounin.ru>
parents:
diff
changeset
|
52 proxy_ssl_name foo.example.com; |
|
3c9aeeb09ac8
Tests: proxy_ssl_name and proxy_ssl_verify tests.
Maxim Dounin <mdounin@mdounin.ru>
parents:
diff
changeset
|
53 proxy_ssl_verify on; |
|
3c9aeeb09ac8
Tests: proxy_ssl_name and proxy_ssl_verify tests.
Maxim Dounin <mdounin@mdounin.ru>
parents:
diff
changeset
|
54 proxy_ssl_trusted_certificate 1.example.com.crt; |
|
3c9aeeb09ac8
Tests: proxy_ssl_name and proxy_ssl_verify tests.
Maxim Dounin <mdounin@mdounin.ru>
parents:
diff
changeset
|
55 } |
|
3c9aeeb09ac8
Tests: proxy_ssl_name and proxy_ssl_verify tests.
Maxim Dounin <mdounin@mdounin.ru>
parents:
diff
changeset
|
56 |
|
3c9aeeb09ac8
Tests: proxy_ssl_name and proxy_ssl_verify tests.
Maxim Dounin <mdounin@mdounin.ru>
parents:
diff
changeset
|
57 location /fail { |
|
974
882267679006
Tests: simplified parallel modifications in tests.
Andrey Zelenkov <zelenkov@nginx.com>
parents:
952
diff
changeset
|
58 proxy_pass https://127.0.0.1:8081/; |
|
393
3c9aeeb09ac8
Tests: proxy_ssl_name and proxy_ssl_verify tests.
Maxim Dounin <mdounin@mdounin.ru>
parents:
diff
changeset
|
59 proxy_ssl_name no.match.example.com; |
|
3c9aeeb09ac8
Tests: proxy_ssl_name and proxy_ssl_verify tests.
Maxim Dounin <mdounin@mdounin.ru>
parents:
diff
changeset
|
60 proxy_ssl_verify on; |
|
3c9aeeb09ac8
Tests: proxy_ssl_name and proxy_ssl_verify tests.
Maxim Dounin <mdounin@mdounin.ru>
parents:
diff
changeset
|
61 proxy_ssl_trusted_certificate 1.example.com.crt; |
|
3c9aeeb09ac8
Tests: proxy_ssl_name and proxy_ssl_verify tests.
Maxim Dounin <mdounin@mdounin.ru>
parents:
diff
changeset
|
62 } |
|
3c9aeeb09ac8
Tests: proxy_ssl_name and proxy_ssl_verify tests.
Maxim Dounin <mdounin@mdounin.ru>
parents:
diff
changeset
|
63 |
|
3c9aeeb09ac8
Tests: proxy_ssl_name and proxy_ssl_verify tests.
Maxim Dounin <mdounin@mdounin.ru>
parents:
diff
changeset
|
64 location /cn { |
|
974
882267679006
Tests: simplified parallel modifications in tests.
Andrey Zelenkov <zelenkov@nginx.com>
parents:
952
diff
changeset
|
65 proxy_pass https://127.0.0.1:8082/; |
|
393
3c9aeeb09ac8
Tests: proxy_ssl_name and proxy_ssl_verify tests.
Maxim Dounin <mdounin@mdounin.ru>
parents:
diff
changeset
|
66 proxy_ssl_name 2.example.com; |
|
3c9aeeb09ac8
Tests: proxy_ssl_name and proxy_ssl_verify tests.
Maxim Dounin <mdounin@mdounin.ru>
parents:
diff
changeset
|
67 proxy_ssl_verify on; |
|
3c9aeeb09ac8
Tests: proxy_ssl_name and proxy_ssl_verify tests.
Maxim Dounin <mdounin@mdounin.ru>
parents:
diff
changeset
|
68 proxy_ssl_trusted_certificate 2.example.com.crt; |
|
3c9aeeb09ac8
Tests: proxy_ssl_name and proxy_ssl_verify tests.
Maxim Dounin <mdounin@mdounin.ru>
parents:
diff
changeset
|
69 } |
|
3c9aeeb09ac8
Tests: proxy_ssl_name and proxy_ssl_verify tests.
Maxim Dounin <mdounin@mdounin.ru>
parents:
diff
changeset
|
70 |
|
3c9aeeb09ac8
Tests: proxy_ssl_name and proxy_ssl_verify tests.
Maxim Dounin <mdounin@mdounin.ru>
parents:
diff
changeset
|
71 location /cn/fail { |
|
974
882267679006
Tests: simplified parallel modifications in tests.
Andrey Zelenkov <zelenkov@nginx.com>
parents:
952
diff
changeset
|
72 proxy_pass https://127.0.0.1:8082/; |
|
393
3c9aeeb09ac8
Tests: proxy_ssl_name and proxy_ssl_verify tests.
Maxim Dounin <mdounin@mdounin.ru>
parents:
diff
changeset
|
73 proxy_ssl_name bad.example.com; |
|
3c9aeeb09ac8
Tests: proxy_ssl_name and proxy_ssl_verify tests.
Maxim Dounin <mdounin@mdounin.ru>
parents:
diff
changeset
|
74 proxy_ssl_verify on; |
|
3c9aeeb09ac8
Tests: proxy_ssl_name and proxy_ssl_verify tests.
Maxim Dounin <mdounin@mdounin.ru>
parents:
diff
changeset
|
75 proxy_ssl_trusted_certificate 2.example.com.crt; |
|
3c9aeeb09ac8
Tests: proxy_ssl_name and proxy_ssl_verify tests.
Maxim Dounin <mdounin@mdounin.ru>
parents:
diff
changeset
|
76 } |
|
3c9aeeb09ac8
Tests: proxy_ssl_name and proxy_ssl_verify tests.
Maxim Dounin <mdounin@mdounin.ru>
parents:
diff
changeset
|
77 |
|
3c9aeeb09ac8
Tests: proxy_ssl_name and proxy_ssl_verify tests.
Maxim Dounin <mdounin@mdounin.ru>
parents:
diff
changeset
|
78 location /untrusted { |
|
974
882267679006
Tests: simplified parallel modifications in tests.
Andrey Zelenkov <zelenkov@nginx.com>
parents:
952
diff
changeset
|
79 proxy_pass https://127.0.0.1:8082/; |
|
393
3c9aeeb09ac8
Tests: proxy_ssl_name and proxy_ssl_verify tests.
Maxim Dounin <mdounin@mdounin.ru>
parents:
diff
changeset
|
80 proxy_ssl_verify on; |
|
3c9aeeb09ac8
Tests: proxy_ssl_name and proxy_ssl_verify tests.
Maxim Dounin <mdounin@mdounin.ru>
parents:
diff
changeset
|
81 proxy_ssl_trusted_certificate 1.example.com.crt; |
|
3c9aeeb09ac8
Tests: proxy_ssl_name and proxy_ssl_verify tests.
Maxim Dounin <mdounin@mdounin.ru>
parents:
diff
changeset
|
82 proxy_ssl_session_reuse off; |
|
3c9aeeb09ac8
Tests: proxy_ssl_name and proxy_ssl_verify tests.
Maxim Dounin <mdounin@mdounin.ru>
parents:
diff
changeset
|
83 } |
|
3c9aeeb09ac8
Tests: proxy_ssl_name and proxy_ssl_verify tests.
Maxim Dounin <mdounin@mdounin.ru>
parents:
diff
changeset
|
84 } |
|
3c9aeeb09ac8
Tests: proxy_ssl_name and proxy_ssl_verify tests.
Maxim Dounin <mdounin@mdounin.ru>
parents:
diff
changeset
|
85 |
|
3c9aeeb09ac8
Tests: proxy_ssl_name and proxy_ssl_verify tests.
Maxim Dounin <mdounin@mdounin.ru>
parents:
diff
changeset
|
86 server { |
|
974
882267679006
Tests: simplified parallel modifications in tests.
Andrey Zelenkov <zelenkov@nginx.com>
parents:
952
diff
changeset
|
87 listen 127.0.0.1:8081 ssl; |
|
393
3c9aeeb09ac8
Tests: proxy_ssl_name and proxy_ssl_verify tests.
Maxim Dounin <mdounin@mdounin.ru>
parents:
diff
changeset
|
88 server_name 1.example.com; |
|
3c9aeeb09ac8
Tests: proxy_ssl_name and proxy_ssl_verify tests.
Maxim Dounin <mdounin@mdounin.ru>
parents:
diff
changeset
|
89 |
|
3c9aeeb09ac8
Tests: proxy_ssl_name and proxy_ssl_verify tests.
Maxim Dounin <mdounin@mdounin.ru>
parents:
diff
changeset
|
90 ssl_certificate 1.example.com.crt; |
|
3c9aeeb09ac8
Tests: proxy_ssl_name and proxy_ssl_verify tests.
Maxim Dounin <mdounin@mdounin.ru>
parents:
diff
changeset
|
91 ssl_certificate_key 1.example.com.key; |
|
3c9aeeb09ac8
Tests: proxy_ssl_name and proxy_ssl_verify tests.
Maxim Dounin <mdounin@mdounin.ru>
parents:
diff
changeset
|
92 |
|
3c9aeeb09ac8
Tests: proxy_ssl_name and proxy_ssl_verify tests.
Maxim Dounin <mdounin@mdounin.ru>
parents:
diff
changeset
|
93 add_header X-Name $ssl_server_name; |
|
3c9aeeb09ac8
Tests: proxy_ssl_name and proxy_ssl_verify tests.
Maxim Dounin <mdounin@mdounin.ru>
parents:
diff
changeset
|
94 } |
|
3c9aeeb09ac8
Tests: proxy_ssl_name and proxy_ssl_verify tests.
Maxim Dounin <mdounin@mdounin.ru>
parents:
diff
changeset
|
95 |
|
3c9aeeb09ac8
Tests: proxy_ssl_name and proxy_ssl_verify tests.
Maxim Dounin <mdounin@mdounin.ru>
parents:
diff
changeset
|
96 server { |
|
974
882267679006
Tests: simplified parallel modifications in tests.
Andrey Zelenkov <zelenkov@nginx.com>
parents:
952
diff
changeset
|
97 listen 127.0.0.1:8082 ssl; |
|
393
3c9aeeb09ac8
Tests: proxy_ssl_name and proxy_ssl_verify tests.
Maxim Dounin <mdounin@mdounin.ru>
parents:
diff
changeset
|
98 server_name 2.example.com; |
|
3c9aeeb09ac8
Tests: proxy_ssl_name and proxy_ssl_verify tests.
Maxim Dounin <mdounin@mdounin.ru>
parents:
diff
changeset
|
99 |
|
3c9aeeb09ac8
Tests: proxy_ssl_name and proxy_ssl_verify tests.
Maxim Dounin <mdounin@mdounin.ru>
parents:
diff
changeset
|
100 ssl_certificate 2.example.com.crt; |
|
3c9aeeb09ac8
Tests: proxy_ssl_name and proxy_ssl_verify tests.
Maxim Dounin <mdounin@mdounin.ru>
parents:
diff
changeset
|
101 ssl_certificate_key 2.example.com.key; |
|
3c9aeeb09ac8
Tests: proxy_ssl_name and proxy_ssl_verify tests.
Maxim Dounin <mdounin@mdounin.ru>
parents:
diff
changeset
|
102 |
|
3c9aeeb09ac8
Tests: proxy_ssl_name and proxy_ssl_verify tests.
Maxim Dounin <mdounin@mdounin.ru>
parents:
diff
changeset
|
103 add_header X-Name $ssl_server_name; |
|
3c9aeeb09ac8
Tests: proxy_ssl_name and proxy_ssl_verify tests.
Maxim Dounin <mdounin@mdounin.ru>
parents:
diff
changeset
|
104 } |
|
3c9aeeb09ac8
Tests: proxy_ssl_name and proxy_ssl_verify tests.
Maxim Dounin <mdounin@mdounin.ru>
parents:
diff
changeset
|
105 } |
|
3c9aeeb09ac8
Tests: proxy_ssl_name and proxy_ssl_verify tests.
Maxim Dounin <mdounin@mdounin.ru>
parents:
diff
changeset
|
106 |
|
3c9aeeb09ac8
Tests: proxy_ssl_name and proxy_ssl_verify tests.
Maxim Dounin <mdounin@mdounin.ru>
parents:
diff
changeset
|
107 EOF |
|
3c9aeeb09ac8
Tests: proxy_ssl_name and proxy_ssl_verify tests.
Maxim Dounin <mdounin@mdounin.ru>
parents:
diff
changeset
|
108 |
|
3c9aeeb09ac8
Tests: proxy_ssl_name and proxy_ssl_verify tests.
Maxim Dounin <mdounin@mdounin.ru>
parents:
diff
changeset
|
109 $t->write_file('openssl.1.example.com.conf', <<EOF); |
|
3c9aeeb09ac8
Tests: proxy_ssl_name and proxy_ssl_verify tests.
Maxim Dounin <mdounin@mdounin.ru>
parents:
diff
changeset
|
110 [ req ] |
|
3c9aeeb09ac8
Tests: proxy_ssl_name and proxy_ssl_verify tests.
Maxim Dounin <mdounin@mdounin.ru>
parents:
diff
changeset
|
111 prompt = no |
|
3c9aeeb09ac8
Tests: proxy_ssl_name and proxy_ssl_verify tests.
Maxim Dounin <mdounin@mdounin.ru>
parents:
diff
changeset
|
112 default_bits = 1024 |
|
3c9aeeb09ac8
Tests: proxy_ssl_name and proxy_ssl_verify tests.
Maxim Dounin <mdounin@mdounin.ru>
parents:
diff
changeset
|
113 encrypt_key = no |
|
3c9aeeb09ac8
Tests: proxy_ssl_name and proxy_ssl_verify tests.
Maxim Dounin <mdounin@mdounin.ru>
parents:
diff
changeset
|
114 distinguished_name = req_distinguished_name |
|
3c9aeeb09ac8
Tests: proxy_ssl_name and proxy_ssl_verify tests.
Maxim Dounin <mdounin@mdounin.ru>
parents:
diff
changeset
|
115 x509_extensions = v3_req |
|
3c9aeeb09ac8
Tests: proxy_ssl_name and proxy_ssl_verify tests.
Maxim Dounin <mdounin@mdounin.ru>
parents:
diff
changeset
|
116 |
|
3c9aeeb09ac8
Tests: proxy_ssl_name and proxy_ssl_verify tests.
Maxim Dounin <mdounin@mdounin.ru>
parents:
diff
changeset
|
117 [ req_distinguished_name ] |
|
3c9aeeb09ac8
Tests: proxy_ssl_name and proxy_ssl_verify tests.
Maxim Dounin <mdounin@mdounin.ru>
parents:
diff
changeset
|
118 commonName=no.match.example.com |
|
3c9aeeb09ac8
Tests: proxy_ssl_name and proxy_ssl_verify tests.
Maxim Dounin <mdounin@mdounin.ru>
parents:
diff
changeset
|
119 |
|
3c9aeeb09ac8
Tests: proxy_ssl_name and proxy_ssl_verify tests.
Maxim Dounin <mdounin@mdounin.ru>
parents:
diff
changeset
|
120 [ v3_req ] |
|
3c9aeeb09ac8
Tests: proxy_ssl_name and proxy_ssl_verify tests.
Maxim Dounin <mdounin@mdounin.ru>
parents:
diff
changeset
|
121 subjectAltName = DNS:example.com,DNS:*.example.com |
|
3c9aeeb09ac8
Tests: proxy_ssl_name and proxy_ssl_verify tests.
Maxim Dounin <mdounin@mdounin.ru>
parents:
diff
changeset
|
122 EOF |
|
3c9aeeb09ac8
Tests: proxy_ssl_name and proxy_ssl_verify tests.
Maxim Dounin <mdounin@mdounin.ru>
parents:
diff
changeset
|
123 |
|
3c9aeeb09ac8
Tests: proxy_ssl_name and proxy_ssl_verify tests.
Maxim Dounin <mdounin@mdounin.ru>
parents:
diff
changeset
|
124 $t->write_file('openssl.2.example.com.conf', <<EOF); |
|
3c9aeeb09ac8
Tests: proxy_ssl_name and proxy_ssl_verify tests.
Maxim Dounin <mdounin@mdounin.ru>
parents:
diff
changeset
|
125 [ req ] |
|
3c9aeeb09ac8
Tests: proxy_ssl_name and proxy_ssl_verify tests.
Maxim Dounin <mdounin@mdounin.ru>
parents:
diff
changeset
|
126 prompt = no |
|
3c9aeeb09ac8
Tests: proxy_ssl_name and proxy_ssl_verify tests.
Maxim Dounin <mdounin@mdounin.ru>
parents:
diff
changeset
|
127 default_bits = 1024 |
|
3c9aeeb09ac8
Tests: proxy_ssl_name and proxy_ssl_verify tests.
Maxim Dounin <mdounin@mdounin.ru>
parents:
diff
changeset
|
128 encrypt_key = no |
|
3c9aeeb09ac8
Tests: proxy_ssl_name and proxy_ssl_verify tests.
Maxim Dounin <mdounin@mdounin.ru>
parents:
diff
changeset
|
129 distinguished_name = req_distinguished_name |
|
3c9aeeb09ac8
Tests: proxy_ssl_name and proxy_ssl_verify tests.
Maxim Dounin <mdounin@mdounin.ru>
parents:
diff
changeset
|
130 |
|
3c9aeeb09ac8
Tests: proxy_ssl_name and proxy_ssl_verify tests.
Maxim Dounin <mdounin@mdounin.ru>
parents:
diff
changeset
|
131 [ req_distinguished_name ] |
|
3c9aeeb09ac8
Tests: proxy_ssl_name and proxy_ssl_verify tests.
Maxim Dounin <mdounin@mdounin.ru>
parents:
diff
changeset
|
132 commonName=2.example.com |
|
3c9aeeb09ac8
Tests: proxy_ssl_name and proxy_ssl_verify tests.
Maxim Dounin <mdounin@mdounin.ru>
parents:
diff
changeset
|
133 EOF |
|
3c9aeeb09ac8
Tests: proxy_ssl_name and proxy_ssl_verify tests.
Maxim Dounin <mdounin@mdounin.ru>
parents:
diff
changeset
|
134 |
|
3c9aeeb09ac8
Tests: proxy_ssl_name and proxy_ssl_verify tests.
Maxim Dounin <mdounin@mdounin.ru>
parents:
diff
changeset
|
135 my $d = $t->testdir(); |
|
3c9aeeb09ac8
Tests: proxy_ssl_name and proxy_ssl_verify tests.
Maxim Dounin <mdounin@mdounin.ru>
parents:
diff
changeset
|
136 |
|
3c9aeeb09ac8
Tests: proxy_ssl_name and proxy_ssl_verify tests.
Maxim Dounin <mdounin@mdounin.ru>
parents:
diff
changeset
|
137 foreach my $name ('1.example.com', '2.example.com') { |
|
3c9aeeb09ac8
Tests: proxy_ssl_name and proxy_ssl_verify tests.
Maxim Dounin <mdounin@mdounin.ru>
parents:
diff
changeset
|
138 system('openssl req -x509 -new ' |
|
1220
0af58b78df35
Tests: removed single quotes from system() calls.
Sergey Kandaurov <pluknet@nginx.com>
parents:
974
diff
changeset
|
139 . "-config $d/openssl.$name.conf " |
|
0af58b78df35
Tests: removed single quotes from system() calls.
Sergey Kandaurov <pluknet@nginx.com>
parents:
974
diff
changeset
|
140 . "-out $d/$name.crt -keyout $d/$name.key " |
|
393
3c9aeeb09ac8
Tests: proxy_ssl_name and proxy_ssl_verify tests.
Maxim Dounin <mdounin@mdounin.ru>
parents:
diff
changeset
|
141 . ">>$d/openssl.out 2>&1") == 0 |
|
3c9aeeb09ac8
Tests: proxy_ssl_name and proxy_ssl_verify tests.
Maxim Dounin <mdounin@mdounin.ru>
parents:
diff
changeset
|
142 or die "Can't create certificate for $name: $!\n"; |
|
3c9aeeb09ac8
Tests: proxy_ssl_name and proxy_ssl_verify tests.
Maxim Dounin <mdounin@mdounin.ru>
parents:
diff
changeset
|
143 } |
|
3c9aeeb09ac8
Tests: proxy_ssl_name and proxy_ssl_verify tests.
Maxim Dounin <mdounin@mdounin.ru>
parents:
diff
changeset
|
144 |
|
1260
eadd24ccfda1
Tests: postponed startup in certain ssl certificate tests on win32.
Sergey Kandaurov <pluknet@nginx.com>
parents:
1220
diff
changeset
|
145 sleep 1 if $^O eq 'MSWin32'; |
|
eadd24ccfda1
Tests: postponed startup in certain ssl certificate tests on win32.
Sergey Kandaurov <pluknet@nginx.com>
parents:
1220
diff
changeset
|
146 |
|
393
3c9aeeb09ac8
Tests: proxy_ssl_name and proxy_ssl_verify tests.
Maxim Dounin <mdounin@mdounin.ru>
parents:
diff
changeset
|
147 $t->write_file('index.html', ''); |
|
3c9aeeb09ac8
Tests: proxy_ssl_name and proxy_ssl_verify tests.
Maxim Dounin <mdounin@mdounin.ru>
parents:
diff
changeset
|
148 |
|
568
907e89fba9c3
Tests: removed TODO and try_run() checks for legacy versions.
Sergey Kandaurov <pluknet@nginx.com>
parents:
393
diff
changeset
|
149 $t->run(); |
|
393
3c9aeeb09ac8
Tests: proxy_ssl_name and proxy_ssl_verify tests.
Maxim Dounin <mdounin@mdounin.ru>
parents:
diff
changeset
|
150 |
|
3c9aeeb09ac8
Tests: proxy_ssl_name and proxy_ssl_verify tests.
Maxim Dounin <mdounin@mdounin.ru>
parents:
diff
changeset
|
151 ############################################################################### |
|
3c9aeeb09ac8
Tests: proxy_ssl_name and proxy_ssl_verify tests.
Maxim Dounin <mdounin@mdounin.ru>
parents:
diff
changeset
|
152 |
|
3c9aeeb09ac8
Tests: proxy_ssl_name and proxy_ssl_verify tests.
Maxim Dounin <mdounin@mdounin.ru>
parents:
diff
changeset
|
153 # subjectAltName |
|
3c9aeeb09ac8
Tests: proxy_ssl_name and proxy_ssl_verify tests.
Maxim Dounin <mdounin@mdounin.ru>
parents:
diff
changeset
|
154 |
|
3c9aeeb09ac8
Tests: proxy_ssl_name and proxy_ssl_verify tests.
Maxim Dounin <mdounin@mdounin.ru>
parents:
diff
changeset
|
155 like(http_get('/verify'), qr/200 OK/ms, 'verify'); |
|
3c9aeeb09ac8
Tests: proxy_ssl_name and proxy_ssl_verify tests.
Maxim Dounin <mdounin@mdounin.ru>
parents:
diff
changeset
|
156 like(http_get('/wildcard'), qr/200 OK/ms, 'verify wildcard'); |
|
3c9aeeb09ac8
Tests: proxy_ssl_name and proxy_ssl_verify tests.
Maxim Dounin <mdounin@mdounin.ru>
parents:
diff
changeset
|
157 like(http_get('/fail'), qr/502 Bad/ms, 'verify fail'); |
|
3c9aeeb09ac8
Tests: proxy_ssl_name and proxy_ssl_verify tests.
Maxim Dounin <mdounin@mdounin.ru>
parents:
diff
changeset
|
158 |
|
3c9aeeb09ac8
Tests: proxy_ssl_name and proxy_ssl_verify tests.
Maxim Dounin <mdounin@mdounin.ru>
parents:
diff
changeset
|
159 # commonName |
|
3c9aeeb09ac8
Tests: proxy_ssl_name and proxy_ssl_verify tests.
Maxim Dounin <mdounin@mdounin.ru>
parents:
diff
changeset
|
160 |
|
3c9aeeb09ac8
Tests: proxy_ssl_name and proxy_ssl_verify tests.
Maxim Dounin <mdounin@mdounin.ru>
parents:
diff
changeset
|
161 like(http_get('/cn'), qr/200 OK/ms, 'verify cn'); |
|
3c9aeeb09ac8
Tests: proxy_ssl_name and proxy_ssl_verify tests.
Maxim Dounin <mdounin@mdounin.ru>
parents:
diff
changeset
|
162 like(http_get('/cn/fail'), qr/502 Bad/ms, 'verify cn fail'); |
|
3c9aeeb09ac8
Tests: proxy_ssl_name and proxy_ssl_verify tests.
Maxim Dounin <mdounin@mdounin.ru>
parents:
diff
changeset
|
163 |
|
3c9aeeb09ac8
Tests: proxy_ssl_name and proxy_ssl_verify tests.
Maxim Dounin <mdounin@mdounin.ru>
parents:
diff
changeset
|
164 # untrusted |
|
3c9aeeb09ac8
Tests: proxy_ssl_name and proxy_ssl_verify tests.
Maxim Dounin <mdounin@mdounin.ru>
parents:
diff
changeset
|
165 |
|
3c9aeeb09ac8
Tests: proxy_ssl_name and proxy_ssl_verify tests.
Maxim Dounin <mdounin@mdounin.ru>
parents:
diff
changeset
|
166 like(http_get('/untrusted'), qr/502 Bad/ms, 'untrusted'); |
|
3c9aeeb09ac8
Tests: proxy_ssl_name and proxy_ssl_verify tests.
Maxim Dounin <mdounin@mdounin.ru>
parents:
diff
changeset
|
167 |
|
3c9aeeb09ac8
Tests: proxy_ssl_name and proxy_ssl_verify tests.
Maxim Dounin <mdounin@mdounin.ru>
parents:
diff
changeset
|
168 ############################################################################### |