Mercurial > hg > nginx-tests

annotate ssl_crl.t @ 1260:eadd24ccfda1

Find changesets by keywords (author, files, the commit message), revision number or hash, or revset expression.
Tests: postponed startup in certain ssl certificate tests on win32. At least, some win32 hosts exhibit a round-off error or some such in the notBefore field of the certificate generated before starting nginx, such that it can be set to the value one second ahead of the current time. This manifests in spurious test failures due to certificate verify error with a failure reason "certificate is not yet valid".
author Sergey Kandaurov <pluknet@nginx.com>
date Tue, 12 Dec 2017 12:53:53 +0300
parents 0af58b78df35
children 8c764fd93b5e
Ignore whitespace changes - Everywhere: Within whitespace: At end of lines:
rev   line source
1125
97a6cb846926 Tests: basic ssl_crl tests.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff changeset
1 #!/usr/bin/perl
97a6cb846926 Tests: basic ssl_crl tests.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff changeset
2
97a6cb846926 Tests: basic ssl_crl tests.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff changeset
3 # (C) Sergey Kandaurov
97a6cb846926 Tests: basic ssl_crl tests.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff changeset
4 # (C) Nginx, Inc.
97a6cb846926 Tests: basic ssl_crl tests.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff changeset
5
97a6cb846926 Tests: basic ssl_crl tests.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff changeset
6 # Tests for http ssl module, ssl_crl directive.
97a6cb846926 Tests: basic ssl_crl tests.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff changeset
7
97a6cb846926 Tests: basic ssl_crl tests.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff changeset
8 ###############################################################################
97a6cb846926 Tests: basic ssl_crl tests.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff changeset
9
97a6cb846926 Tests: basic ssl_crl tests.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff changeset
10 use warnings;
97a6cb846926 Tests: basic ssl_crl tests.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff changeset
11 use strict;
97a6cb846926 Tests: basic ssl_crl tests.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff changeset
12
97a6cb846926 Tests: basic ssl_crl tests.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff changeset
13 use Test::More;
97a6cb846926 Tests: basic ssl_crl tests.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff changeset
14
97a6cb846926 Tests: basic ssl_crl tests.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff changeset
15 BEGIN { use FindBin; chdir($FindBin::Bin); }
97a6cb846926 Tests: basic ssl_crl tests.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff changeset
16
97a6cb846926 Tests: basic ssl_crl tests.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff changeset
17 use lib 'lib';
97a6cb846926 Tests: basic ssl_crl tests.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff changeset
18 use Test::Nginx;
97a6cb846926 Tests: basic ssl_crl tests.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff changeset
19
97a6cb846926 Tests: basic ssl_crl tests.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff changeset
20 ###############################################################################
97a6cb846926 Tests: basic ssl_crl tests.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff changeset
21
97a6cb846926 Tests: basic ssl_crl tests.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff changeset
22 select STDERR; $| = 1;
97a6cb846926 Tests: basic ssl_crl tests.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff changeset
23 select STDOUT; $| = 1;
97a6cb846926 Tests: basic ssl_crl tests.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff changeset
24
97a6cb846926 Tests: basic ssl_crl tests.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff changeset
25 eval { require IO::Socket::SSL; };
97a6cb846926 Tests: basic ssl_crl tests.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff changeset
26 plan(skip_all => 'IO::Socket::SSL not installed') if $@;
97a6cb846926 Tests: basic ssl_crl tests.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff changeset
27 eval { IO::Socket::SSL::SSL_VERIFY_NONE(); };
97a6cb846926 Tests: basic ssl_crl tests.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff changeset
28 plan(skip_all => 'IO::Socket::SSL too old') if $@;
97a6cb846926 Tests: basic ssl_crl tests.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff changeset
29
97a6cb846926 Tests: basic ssl_crl tests.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff changeset
30 my $t = Test::Nginx->new()->has(qw/http http_ssl/)
97a6cb846926 Tests: basic ssl_crl tests.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff changeset
31 ->has_daemon('openssl')->plan(3);
97a6cb846926 Tests: basic ssl_crl tests.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff changeset
32
97a6cb846926 Tests: basic ssl_crl tests.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff changeset
33 $t->write_file_expand('nginx.conf', <<'EOF');
97a6cb846926 Tests: basic ssl_crl tests.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff changeset
34
97a6cb846926 Tests: basic ssl_crl tests.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff changeset
35 %%TEST_GLOBALS%%
97a6cb846926 Tests: basic ssl_crl tests.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff changeset
36
97a6cb846926 Tests: basic ssl_crl tests.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff changeset
37 daemon off;
97a6cb846926 Tests: basic ssl_crl tests.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff changeset
38
97a6cb846926 Tests: basic ssl_crl tests.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff changeset
39 events {
97a6cb846926 Tests: basic ssl_crl tests.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff changeset
40 }
97a6cb846926 Tests: basic ssl_crl tests.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff changeset
41
97a6cb846926 Tests: basic ssl_crl tests.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff changeset
42 http {
97a6cb846926 Tests: basic ssl_crl tests.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff changeset
43 %%TEST_GLOBALS_HTTP%%
97a6cb846926 Tests: basic ssl_crl tests.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff changeset
44
97a6cb846926 Tests: basic ssl_crl tests.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff changeset
45 ssl_certificate_key localhost.key;
97a6cb846926 Tests: basic ssl_crl tests.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff changeset
46 ssl_certificate localhost.crt;
97a6cb846926 Tests: basic ssl_crl tests.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff changeset
47
97a6cb846926 Tests: basic ssl_crl tests.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff changeset
48 ssl_verify_client on;
97a6cb846926 Tests: basic ssl_crl tests.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff changeset
49 ssl_client_certificate int-root.crt;
97a6cb846926 Tests: basic ssl_crl tests.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff changeset
50
97a6cb846926 Tests: basic ssl_crl tests.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff changeset
51 add_header X-Verify $ssl_client_verify always;
97a6cb846926 Tests: basic ssl_crl tests.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff changeset
52
97a6cb846926 Tests: basic ssl_crl tests.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff changeset
53 server {
97a6cb846926 Tests: basic ssl_crl tests.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff changeset
54 listen 127.0.0.1:8080 ssl;
97a6cb846926 Tests: basic ssl_crl tests.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff changeset
55 server_name localhost;
97a6cb846926 Tests: basic ssl_crl tests.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff changeset
56
97a6cb846926 Tests: basic ssl_crl tests.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff changeset
57 ssl_client_certificate root.crt;
97a6cb846926 Tests: basic ssl_crl tests.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff changeset
58 ssl_crl empty.crl;
97a6cb846926 Tests: basic ssl_crl tests.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff changeset
59 }
97a6cb846926 Tests: basic ssl_crl tests.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff changeset
60
97a6cb846926 Tests: basic ssl_crl tests.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff changeset
61 server {
97a6cb846926 Tests: basic ssl_crl tests.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff changeset
62 listen 127.0.0.1:8081 ssl;
97a6cb846926 Tests: basic ssl_crl tests.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff changeset
63 server_name localhost;
97a6cb846926 Tests: basic ssl_crl tests.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff changeset
64
97a6cb846926 Tests: basic ssl_crl tests.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff changeset
65 ssl_client_certificate root.crt;
97a6cb846926 Tests: basic ssl_crl tests.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff changeset
66 ssl_crl root.crl;
97a6cb846926 Tests: basic ssl_crl tests.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff changeset
67 }
97a6cb846926 Tests: basic ssl_crl tests.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff changeset
68
97a6cb846926 Tests: basic ssl_crl tests.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff changeset
69 server {
97a6cb846926 Tests: basic ssl_crl tests.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff changeset
70 listen 127.0.0.1:8082 ssl;
97a6cb846926 Tests: basic ssl_crl tests.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff changeset
71 server_name localhost;
97a6cb846926 Tests: basic ssl_crl tests.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff changeset
72
97a6cb846926 Tests: basic ssl_crl tests.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff changeset
73 ssl_verify_depth 2;
97a6cb846926 Tests: basic ssl_crl tests.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff changeset
74 ssl_crl root.crl;
97a6cb846926 Tests: basic ssl_crl tests.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff changeset
75 }
97a6cb846926 Tests: basic ssl_crl tests.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff changeset
76 }
97a6cb846926 Tests: basic ssl_crl tests.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff changeset
77
97a6cb846926 Tests: basic ssl_crl tests.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff changeset
78 EOF
97a6cb846926 Tests: basic ssl_crl tests.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff changeset
79
97a6cb846926 Tests: basic ssl_crl tests.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff changeset
80 my $d = $t->testdir();
97a6cb846926 Tests: basic ssl_crl tests.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff changeset
81
97a6cb846926 Tests: basic ssl_crl tests.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff changeset
82 $t->write_file('openssl.conf', <<EOF);
97a6cb846926 Tests: basic ssl_crl tests.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff changeset
83 [ req ]
97a6cb846926 Tests: basic ssl_crl tests.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff changeset
84 default_bits = 1024
97a6cb846926 Tests: basic ssl_crl tests.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff changeset
85 encrypt_key = no
97a6cb846926 Tests: basic ssl_crl tests.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff changeset
86 distinguished_name = req_distinguished_name
97a6cb846926 Tests: basic ssl_crl tests.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff changeset
87 [ req_distinguished_name ]
97a6cb846926 Tests: basic ssl_crl tests.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff changeset
88 EOF
97a6cb846926 Tests: basic ssl_crl tests.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff changeset
89
97a6cb846926 Tests: basic ssl_crl tests.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff changeset
90 $t->write_file('ca.conf', <<EOF);
97a6cb846926 Tests: basic ssl_crl tests.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff changeset
91 [ ca ]
97a6cb846926 Tests: basic ssl_crl tests.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff changeset
92 default_ca = myca
97a6cb846926 Tests: basic ssl_crl tests.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff changeset
93
97a6cb846926 Tests: basic ssl_crl tests.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff changeset
94 [ myca ]
97a6cb846926 Tests: basic ssl_crl tests.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff changeset
95 new_certs_dir = $d
97a6cb846926 Tests: basic ssl_crl tests.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff changeset
96 database = $d/certindex
97a6cb846926 Tests: basic ssl_crl tests.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff changeset
97 default_md = sha1
97a6cb846926 Tests: basic ssl_crl tests.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff changeset
98 policy = myca_policy
97a6cb846926 Tests: basic ssl_crl tests.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff changeset
99 serial = $d/certserial
97a6cb846926 Tests: basic ssl_crl tests.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff changeset
100 default_days = 1
97a6cb846926 Tests: basic ssl_crl tests.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff changeset
101
97a6cb846926 Tests: basic ssl_crl tests.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff changeset
102 [ myca_policy ]
97a6cb846926 Tests: basic ssl_crl tests.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff changeset
103 commonName = supplied
97a6cb846926 Tests: basic ssl_crl tests.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff changeset
104 EOF
97a6cb846926 Tests: basic ssl_crl tests.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff changeset
105
97a6cb846926 Tests: basic ssl_crl tests.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff changeset
106 foreach my $name ('root', 'localhost') {
97a6cb846926 Tests: basic ssl_crl tests.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff changeset
107 system('openssl req -x509 -new '
1220
0af58b78df35 Tests: removed single quotes from system() calls.
Sergey Kandaurov <pluknet@nginx.com>
parents: 1125
diff changeset
108 . "-config $d/openssl.conf -subj /CN=$name/ "
0af58b78df35 Tests: removed single quotes from system() calls.
Sergey Kandaurov <pluknet@nginx.com>
parents: 1125
diff changeset
109 . "-out $d/$name.crt -keyout $d/$name.key "
1125
97a6cb846926 Tests: basic ssl_crl tests.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff changeset
110 . ">>$d/openssl.out 2>&1") == 0
97a6cb846926 Tests: basic ssl_crl tests.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff changeset
111 or die "Can't create certificate for $name: $!\n";
97a6cb846926 Tests: basic ssl_crl tests.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff changeset
112 }
97a6cb846926 Tests: basic ssl_crl tests.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff changeset
113
97a6cb846926 Tests: basic ssl_crl tests.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff changeset
114 foreach my $name ('int', 'end') {
97a6cb846926 Tests: basic ssl_crl tests.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff changeset
115 system("openssl req -new "
1220
0af58b78df35 Tests: removed single quotes from system() calls.
Sergey Kandaurov <pluknet@nginx.com>
parents: 1125
diff changeset
116 . "-config $d/openssl.conf -subj /CN=$name/ "
0af58b78df35 Tests: removed single quotes from system() calls.
Sergey Kandaurov <pluknet@nginx.com>
parents: 1125
diff changeset
117 . "-out $d/$name.csr -keyout $d/$name.key "
1125
97a6cb846926 Tests: basic ssl_crl tests.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff changeset
118 . ">>$d/openssl.out 2>&1") == 0
97a6cb846926 Tests: basic ssl_crl tests.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff changeset
119 or die "Can't create certificate for $name: $!\n";
97a6cb846926 Tests: basic ssl_crl tests.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff changeset
120 }
97a6cb846926 Tests: basic ssl_crl tests.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff changeset
121
97a6cb846926 Tests: basic ssl_crl tests.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff changeset
122 $t->write_file('certserial', '1000');
97a6cb846926 Tests: basic ssl_crl tests.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff changeset
123 $t->write_file('certindex', '');
97a6cb846926 Tests: basic ssl_crl tests.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff changeset
124
1220
0af58b78df35 Tests: removed single quotes from system() calls.
Sergey Kandaurov <pluknet@nginx.com>
parents: 1125
diff changeset
125 system("openssl ca -batch -config $d/ca.conf "
0af58b78df35 Tests: removed single quotes from system() calls.
Sergey Kandaurov <pluknet@nginx.com>
parents: 1125
diff changeset
126 . "-keyfile $d/root.key -cert $d/root.crt "
0af58b78df35 Tests: removed single quotes from system() calls.
Sergey Kandaurov <pluknet@nginx.com>
parents: 1125
diff changeset
127 . "-subj /CN=int/ -in $d/int.csr -out $d/int.crt "
1125
97a6cb846926 Tests: basic ssl_crl tests.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff changeset
128 . ">>$d/openssl.out 2>&1") == 0
97a6cb846926 Tests: basic ssl_crl tests.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff changeset
129 or die "Can't sign certificate for int: $!\n";
97a6cb846926 Tests: basic ssl_crl tests.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff changeset
130
1220
0af58b78df35 Tests: removed single quotes from system() calls.
Sergey Kandaurov <pluknet@nginx.com>
parents: 1125
diff changeset
131 system("openssl ca -batch -config $d/ca.conf "
0af58b78df35 Tests: removed single quotes from system() calls.
Sergey Kandaurov <pluknet@nginx.com>
parents: 1125
diff changeset
132 . "-keyfile $d/int.key -cert $d/int.crt "
0af58b78df35 Tests: removed single quotes from system() calls.
Sergey Kandaurov <pluknet@nginx.com>
parents: 1125
diff changeset
133 . "-subj /CN=end/ -in $d/end.csr -out $d/end.crt "
1125
97a6cb846926 Tests: basic ssl_crl tests.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff changeset
134 . ">>$d/openssl.out 2>&1") == 0
97a6cb846926 Tests: basic ssl_crl tests.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff changeset
135 or die "Can't sign certificate for end: $!\n";
97a6cb846926 Tests: basic ssl_crl tests.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff changeset
136
1220
0af58b78df35 Tests: removed single quotes from system() calls.
Sergey Kandaurov <pluknet@nginx.com>
parents: 1125
diff changeset
137 system("openssl ca -gencrl -config $d/ca.conf "
0af58b78df35 Tests: removed single quotes from system() calls.
Sergey Kandaurov <pluknet@nginx.com>
parents: 1125
diff changeset
138 . "-keyfile $d/root.key -cert $d/root.crt "
0af58b78df35 Tests: removed single quotes from system() calls.
Sergey Kandaurov <pluknet@nginx.com>
parents: 1125
diff changeset
139 . "-out $d/empty.crl -crldays 1 "
1125
97a6cb846926 Tests: basic ssl_crl tests.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff changeset
140 . ">>$d/openssl.out 2>&1") == 0
97a6cb846926 Tests: basic ssl_crl tests.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff changeset
141 or die "Can't create empty crl: $!\n";
97a6cb846926 Tests: basic ssl_crl tests.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff changeset
142
1220
0af58b78df35 Tests: removed single quotes from system() calls.
Sergey Kandaurov <pluknet@nginx.com>
parents: 1125
diff changeset
143 system("openssl ca -config $d/ca.conf -revoke $d/int.crt "
0af58b78df35 Tests: removed single quotes from system() calls.
Sergey Kandaurov <pluknet@nginx.com>
parents: 1125
diff changeset
144 . "-keyfile $d/root.key -cert $d/root.crt "
1125
97a6cb846926 Tests: basic ssl_crl tests.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff changeset
145 . ">>$d/openssl.out 2>&1") == 0
97a6cb846926 Tests: basic ssl_crl tests.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff changeset
146 or die "Can't revoke int.crt: $!\n";
97a6cb846926 Tests: basic ssl_crl tests.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff changeset
147
1220
0af58b78df35 Tests: removed single quotes from system() calls.
Sergey Kandaurov <pluknet@nginx.com>
parents: 1125
diff changeset
148 system("openssl ca -gencrl -config $d/ca.conf "
0af58b78df35 Tests: removed single quotes from system() calls.
Sergey Kandaurov <pluknet@nginx.com>
parents: 1125
diff changeset
149 . "-keyfile $d/root.key -cert $d/root.crt "
0af58b78df35 Tests: removed single quotes from system() calls.
Sergey Kandaurov <pluknet@nginx.com>
parents: 1125
diff changeset
150 . "-out $d/root.crl -crldays 1 "
1125
97a6cb846926 Tests: basic ssl_crl tests.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff changeset
151 . ">>$d/openssl.out 2>&1") == 0
97a6cb846926 Tests: basic ssl_crl tests.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff changeset
152 or die "Can't update crl: $!\n";
97a6cb846926 Tests: basic ssl_crl tests.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff changeset
153
97a6cb846926 Tests: basic ssl_crl tests.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff changeset
154 $t->write_file('int-root.crt',
97a6cb846926 Tests: basic ssl_crl tests.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff changeset
155 $t->read_file('int.crt') . $t->read_file('root.crt'));
97a6cb846926 Tests: basic ssl_crl tests.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff changeset
156
97a6cb846926 Tests: basic ssl_crl tests.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff changeset
157 $t->write_file('t', '');
97a6cb846926 Tests: basic ssl_crl tests.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff changeset
158 $t->run();
97a6cb846926 Tests: basic ssl_crl tests.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff changeset
159
97a6cb846926 Tests: basic ssl_crl tests.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff changeset
160 ###############################################################################
97a6cb846926 Tests: basic ssl_crl tests.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff changeset
161
97a6cb846926 Tests: basic ssl_crl tests.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff changeset
162 like(get(8080, 'int'), qr/SUCCESS/, 'crl - no revoked certs');
97a6cb846926 Tests: basic ssl_crl tests.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff changeset
163 like(get(8081, 'int'), qr/FAILED/, 'crl - client cert revoked');
97a6cb846926 Tests: basic ssl_crl tests.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff changeset
164 like(get(8082, 'end'), qr/FAILED/, 'crl - intermediate cert revoked');
97a6cb846926 Tests: basic ssl_crl tests.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff changeset
165
97a6cb846926 Tests: basic ssl_crl tests.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff changeset
166 ###############################################################################
97a6cb846926 Tests: basic ssl_crl tests.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff changeset
167
97a6cb846926 Tests: basic ssl_crl tests.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff changeset
168 sub get {
97a6cb846926 Tests: basic ssl_crl tests.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff changeset
169 my ($port, $cert) = @_;
97a6cb846926 Tests: basic ssl_crl tests.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff changeset
170 my $s = get_ssl_socket($port, $cert) or return;
97a6cb846926 Tests: basic ssl_crl tests.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff changeset
171 http_get('/t', socket => $s);
97a6cb846926 Tests: basic ssl_crl tests.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff changeset
172 }
97a6cb846926 Tests: basic ssl_crl tests.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff changeset
173
97a6cb846926 Tests: basic ssl_crl tests.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff changeset
174 sub get_ssl_socket {
97a6cb846926 Tests: basic ssl_crl tests.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff changeset
175 my ($port, $cert) = @_;
97a6cb846926 Tests: basic ssl_crl tests.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff changeset
176 my ($s);
97a6cb846926 Tests: basic ssl_crl tests.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff changeset
177
97a6cb846926 Tests: basic ssl_crl tests.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff changeset
178 eval {
97a6cb846926 Tests: basic ssl_crl tests.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff changeset
179 local $SIG{ALRM} = sub { die "timeout\n" };
97a6cb846926 Tests: basic ssl_crl tests.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff changeset
180 local $SIG{PIPE} = sub { die "sigpipe\n" };
97a6cb846926 Tests: basic ssl_crl tests.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff changeset
181 alarm(2);
97a6cb846926 Tests: basic ssl_crl tests.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff changeset
182 $s = IO::Socket::SSL->new(
97a6cb846926 Tests: basic ssl_crl tests.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff changeset
183 Proto => 'tcp',
97a6cb846926 Tests: basic ssl_crl tests.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff changeset
184 PeerAddr => '127.0.0.1',
97a6cb846926 Tests: basic ssl_crl tests.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff changeset
185 PeerPort => port($port),
97a6cb846926 Tests: basic ssl_crl tests.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff changeset
186 SSL_verify_mode => IO::Socket::SSL::SSL_VERIFY_NONE(),
97a6cb846926 Tests: basic ssl_crl tests.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff changeset
187 SSL_cert_file => "$d/$cert.crt",
97a6cb846926 Tests: basic ssl_crl tests.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff changeset
188 SSL_key_file => "$d/$cert.key",
97a6cb846926 Tests: basic ssl_crl tests.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff changeset
189 SSL_error_trap => sub { die $_[1] }
97a6cb846926 Tests: basic ssl_crl tests.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff changeset
190 );
97a6cb846926 Tests: basic ssl_crl tests.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff changeset
191 alarm(0);
97a6cb846926 Tests: basic ssl_crl tests.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff changeset
192 };
97a6cb846926 Tests: basic ssl_crl tests.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff changeset
193 alarm(0);
97a6cb846926 Tests: basic ssl_crl tests.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff changeset
194
97a6cb846926 Tests: basic ssl_crl tests.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff changeset
195 if ($@) {
97a6cb846926 Tests: basic ssl_crl tests.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff changeset
196 log_in("died: $@");
97a6cb846926 Tests: basic ssl_crl tests.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff changeset
197 return undef;
97a6cb846926 Tests: basic ssl_crl tests.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff changeset
198 }
97a6cb846926 Tests: basic ssl_crl tests.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff changeset
199
97a6cb846926 Tests: basic ssl_crl tests.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff changeset
200 return $s;
97a6cb846926 Tests: basic ssl_crl tests.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff changeset
201 }
97a6cb846926 Tests: basic ssl_crl tests.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff changeset
202
97a6cb846926 Tests: basic ssl_crl tests.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff changeset
203 ###############################################################################