Mercurial > hg > nginx-tests
annotate ssl_verify_depth.t @ 1260:eadd24ccfda1
Tests: postponed startup in certain ssl certificate tests on win32.
At least, some win32 hosts exhibit a round-off error or some such in the
notBefore field of the certificate generated before starting nginx, such
that it can be set to the value one second ahead of the current time.
This manifests in spurious test failures due to certificate verify error
with a failure reason "certificate is not yet valid".
author | Sergey Kandaurov <pluknet@nginx.com> |
---|---|
date | Tue, 12 Dec 2017 12:53:53 +0300 |
parents | 0af58b78df35 |
children | 8c764fd93b5e |
rev | line source |
---|---|
1115
54e07593713a
Tests: ssl_verify_depth tests.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
1 #!/usr/bin/perl |
54e07593713a
Tests: ssl_verify_depth tests.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
2 |
54e07593713a
Tests: ssl_verify_depth tests.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
3 # (C) Sergey Kandaurov |
54e07593713a
Tests: ssl_verify_depth tests.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
4 # (C) Nginx, Inc. |
54e07593713a
Tests: ssl_verify_depth tests.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
5 |
54e07593713a
Tests: ssl_verify_depth tests.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
6 # Tests for http ssl module, ssl_verify_depth. |
54e07593713a
Tests: ssl_verify_depth tests.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
7 |
54e07593713a
Tests: ssl_verify_depth tests.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
8 ############################################################################### |
54e07593713a
Tests: ssl_verify_depth tests.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
9 |
54e07593713a
Tests: ssl_verify_depth tests.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
10 use warnings; |
54e07593713a
Tests: ssl_verify_depth tests.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
11 use strict; |
54e07593713a
Tests: ssl_verify_depth tests.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
12 |
54e07593713a
Tests: ssl_verify_depth tests.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
13 use Test::More; |
54e07593713a
Tests: ssl_verify_depth tests.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
14 |
54e07593713a
Tests: ssl_verify_depth tests.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
15 BEGIN { use FindBin; chdir($FindBin::Bin); } |
54e07593713a
Tests: ssl_verify_depth tests.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
16 |
54e07593713a
Tests: ssl_verify_depth tests.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
17 use lib 'lib'; |
54e07593713a
Tests: ssl_verify_depth tests.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
18 use Test::Nginx; |
54e07593713a
Tests: ssl_verify_depth tests.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
19 |
54e07593713a
Tests: ssl_verify_depth tests.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
20 ############################################################################### |
54e07593713a
Tests: ssl_verify_depth tests.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
21 |
54e07593713a
Tests: ssl_verify_depth tests.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
22 select STDERR; $| = 1; |
54e07593713a
Tests: ssl_verify_depth tests.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
23 select STDOUT; $| = 1; |
54e07593713a
Tests: ssl_verify_depth tests.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
24 |
54e07593713a
Tests: ssl_verify_depth tests.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
25 eval { require IO::Socket::SSL; }; |
54e07593713a
Tests: ssl_verify_depth tests.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
26 plan(skip_all => 'IO::Socket::SSL not installed') if $@; |
54e07593713a
Tests: ssl_verify_depth tests.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
27 eval { IO::Socket::SSL::SSL_VERIFY_NONE(); }; |
54e07593713a
Tests: ssl_verify_depth tests.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
28 plan(skip_all => 'IO::Socket::SSL too old') if $@; |
54e07593713a
Tests: ssl_verify_depth tests.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
29 |
54e07593713a
Tests: ssl_verify_depth tests.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
30 my $t = Test::Nginx->new()->has(qw/http http_ssl/) |
1117
3e2af4dedd9c
Tests: ssl_verify_depth.t cleanup.
Sergey Kandaurov <pluknet@nginx.com>
parents:
1115
diff
changeset
|
31 ->has_daemon('openssl')->plan(2); |
1115
54e07593713a
Tests: ssl_verify_depth tests.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
32 |
54e07593713a
Tests: ssl_verify_depth tests.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
33 $t->write_file_expand('nginx.conf', <<'EOF'); |
54e07593713a
Tests: ssl_verify_depth tests.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
34 |
54e07593713a
Tests: ssl_verify_depth tests.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
35 %%TEST_GLOBALS%% |
54e07593713a
Tests: ssl_verify_depth tests.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
36 |
54e07593713a
Tests: ssl_verify_depth tests.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
37 daemon off; |
54e07593713a
Tests: ssl_verify_depth tests.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
38 |
54e07593713a
Tests: ssl_verify_depth tests.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
39 events { |
54e07593713a
Tests: ssl_verify_depth tests.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
40 } |
54e07593713a
Tests: ssl_verify_depth tests.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
41 |
54e07593713a
Tests: ssl_verify_depth tests.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
42 http { |
54e07593713a
Tests: ssl_verify_depth tests.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
43 %%TEST_GLOBALS_HTTP%% |
54e07593713a
Tests: ssl_verify_depth tests.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
44 |
54e07593713a
Tests: ssl_verify_depth tests.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
45 ssl_certificate_key localhost.key; |
54e07593713a
Tests: ssl_verify_depth tests.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
46 ssl_certificate localhost.crt; |
54e07593713a
Tests: ssl_verify_depth tests.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
47 |
1117
3e2af4dedd9c
Tests: ssl_verify_depth.t cleanup.
Sergey Kandaurov <pluknet@nginx.com>
parents:
1115
diff
changeset
|
48 ssl_verify_client on; |
1115
54e07593713a
Tests: ssl_verify_depth tests.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
49 ssl_client_certificate int-root.crt; |
54e07593713a
Tests: ssl_verify_depth tests.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
50 |
54e07593713a
Tests: ssl_verify_depth tests.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
51 add_header X-Verify $ssl_client_verify; |
54e07593713a
Tests: ssl_verify_depth tests.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
52 |
54e07593713a
Tests: ssl_verify_depth tests.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
53 server { |
54e07593713a
Tests: ssl_verify_depth tests.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
54 listen 127.0.0.1:8080 ssl; |
54e07593713a
Tests: ssl_verify_depth tests.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
55 server_name localhost; |
54e07593713a
Tests: ssl_verify_depth tests.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
56 ssl_verify_depth 0; |
54e07593713a
Tests: ssl_verify_depth tests.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
57 } |
54e07593713a
Tests: ssl_verify_depth tests.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
58 } |
54e07593713a
Tests: ssl_verify_depth tests.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
59 |
54e07593713a
Tests: ssl_verify_depth tests.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
60 EOF |
54e07593713a
Tests: ssl_verify_depth tests.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
61 |
54e07593713a
Tests: ssl_verify_depth tests.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
62 my $d = $t->testdir(); |
54e07593713a
Tests: ssl_verify_depth tests.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
63 |
54e07593713a
Tests: ssl_verify_depth tests.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
64 $t->write_file('openssl.conf', <<EOF); |
54e07593713a
Tests: ssl_verify_depth tests.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
65 [ req ] |
54e07593713a
Tests: ssl_verify_depth tests.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
66 default_bits = 1024 |
54e07593713a
Tests: ssl_verify_depth tests.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
67 encrypt_key = no |
54e07593713a
Tests: ssl_verify_depth tests.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
68 distinguished_name = req_distinguished_name |
54e07593713a
Tests: ssl_verify_depth tests.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
69 [ req_distinguished_name ] |
54e07593713a
Tests: ssl_verify_depth tests.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
70 EOF |
54e07593713a
Tests: ssl_verify_depth tests.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
71 |
54e07593713a
Tests: ssl_verify_depth tests.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
72 $t->write_file('ca.conf', <<EOF); |
54e07593713a
Tests: ssl_verify_depth tests.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
73 [ ca ] |
54e07593713a
Tests: ssl_verify_depth tests.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
74 default_ca = myca |
54e07593713a
Tests: ssl_verify_depth tests.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
75 |
54e07593713a
Tests: ssl_verify_depth tests.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
76 [ myca ] |
54e07593713a
Tests: ssl_verify_depth tests.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
77 new_certs_dir = $d |
54e07593713a
Tests: ssl_verify_depth tests.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
78 database = $d/certindex |
54e07593713a
Tests: ssl_verify_depth tests.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
79 default_md = sha1 |
54e07593713a
Tests: ssl_verify_depth tests.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
80 policy = myca_policy |
54e07593713a
Tests: ssl_verify_depth tests.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
81 serial = $d/certserial |
54e07593713a
Tests: ssl_verify_depth tests.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
82 default_days = 1 |
54e07593713a
Tests: ssl_verify_depth tests.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
83 |
54e07593713a
Tests: ssl_verify_depth tests.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
84 [ myca_policy ] |
54e07593713a
Tests: ssl_verify_depth tests.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
85 commonName = supplied |
54e07593713a
Tests: ssl_verify_depth tests.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
86 EOF |
54e07593713a
Tests: ssl_verify_depth tests.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
87 |
54e07593713a
Tests: ssl_verify_depth tests.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
88 foreach my $name ('root', 'localhost') { |
54e07593713a
Tests: ssl_verify_depth tests.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
89 system('openssl req -x509 -new ' |
1220
0af58b78df35
Tests: removed single quotes from system() calls.
Sergey Kandaurov <pluknet@nginx.com>
parents:
1124
diff
changeset
|
90 . "-config $d/openssl.conf -subj /CN=$name/ " |
0af58b78df35
Tests: removed single quotes from system() calls.
Sergey Kandaurov <pluknet@nginx.com>
parents:
1124
diff
changeset
|
91 . "-out $d/$name.crt -keyout $d/$name.key " |
1115
54e07593713a
Tests: ssl_verify_depth tests.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
92 . ">>$d/openssl.out 2>&1") == 0 |
54e07593713a
Tests: ssl_verify_depth tests.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
93 or die "Can't create certificate for $name: $!\n"; |
54e07593713a
Tests: ssl_verify_depth tests.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
94 } |
54e07593713a
Tests: ssl_verify_depth tests.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
95 |
54e07593713a
Tests: ssl_verify_depth tests.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
96 foreach my $name ('int', 'end') { |
54e07593713a
Tests: ssl_verify_depth tests.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
97 system("openssl req -new " |
1220
0af58b78df35
Tests: removed single quotes from system() calls.
Sergey Kandaurov <pluknet@nginx.com>
parents:
1124
diff
changeset
|
98 . "-config $d/openssl.conf -subj /CN=$name/ " |
0af58b78df35
Tests: removed single quotes from system() calls.
Sergey Kandaurov <pluknet@nginx.com>
parents:
1124
diff
changeset
|
99 . "-out $d/$name.csr -keyout $d/$name.key " |
1115
54e07593713a
Tests: ssl_verify_depth tests.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
100 . ">>$d/openssl.out 2>&1") == 0 |
54e07593713a
Tests: ssl_verify_depth tests.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
101 or die "Can't create certificate for $name: $!\n"; |
54e07593713a
Tests: ssl_verify_depth tests.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
102 } |
54e07593713a
Tests: ssl_verify_depth tests.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
103 |
54e07593713a
Tests: ssl_verify_depth tests.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
104 $t->write_file('certserial', '1000'); |
54e07593713a
Tests: ssl_verify_depth tests.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
105 $t->write_file('certindex', ''); |
54e07593713a
Tests: ssl_verify_depth tests.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
106 |
1220
0af58b78df35
Tests: removed single quotes from system() calls.
Sergey Kandaurov <pluknet@nginx.com>
parents:
1124
diff
changeset
|
107 system("openssl ca -batch -config $d/ca.conf " |
0af58b78df35
Tests: removed single quotes from system() calls.
Sergey Kandaurov <pluknet@nginx.com>
parents:
1124
diff
changeset
|
108 . "-keyfile $d/root.key -cert $d/root.crt " |
0af58b78df35
Tests: removed single quotes from system() calls.
Sergey Kandaurov <pluknet@nginx.com>
parents:
1124
diff
changeset
|
109 . "-subj /CN=int/ -in $d/int.csr -out $d/int.crt " |
1115
54e07593713a
Tests: ssl_verify_depth tests.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
110 . ">>$d/openssl.out 2>&1") == 0 |
54e07593713a
Tests: ssl_verify_depth tests.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
111 or die "Can't sign certificate for int: $!\n"; |
54e07593713a
Tests: ssl_verify_depth tests.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
112 |
1220
0af58b78df35
Tests: removed single quotes from system() calls.
Sergey Kandaurov <pluknet@nginx.com>
parents:
1124
diff
changeset
|
113 system("openssl ca -batch -config $d/ca.conf " |
0af58b78df35
Tests: removed single quotes from system() calls.
Sergey Kandaurov <pluknet@nginx.com>
parents:
1124
diff
changeset
|
114 . "-keyfile $d/int.key -cert $d/int.crt " |
0af58b78df35
Tests: removed single quotes from system() calls.
Sergey Kandaurov <pluknet@nginx.com>
parents:
1124
diff
changeset
|
115 . "-subj /CN=end/ -in $d/end.csr -out $d/end.crt " |
1115
54e07593713a
Tests: ssl_verify_depth tests.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
116 . ">>$d/openssl.out 2>&1") == 0 |
54e07593713a
Tests: ssl_verify_depth tests.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
117 or die "Can't sign certificate for end: $!\n"; |
54e07593713a
Tests: ssl_verify_depth tests.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
118 |
54e07593713a
Tests: ssl_verify_depth tests.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
119 $t->write_file('int-root.crt', |
54e07593713a
Tests: ssl_verify_depth tests.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
120 $t->read_file('int.crt') . $t->read_file('root.crt')); |
54e07593713a
Tests: ssl_verify_depth tests.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
121 |
54e07593713a
Tests: ssl_verify_depth tests.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
122 $t->write_file('t', ''); |
54e07593713a
Tests: ssl_verify_depth tests.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
123 $t->run(); |
54e07593713a
Tests: ssl_verify_depth tests.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
124 |
54e07593713a
Tests: ssl_verify_depth tests.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
125 ############################################################################### |
54e07593713a
Tests: ssl_verify_depth tests.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
126 |
1117
3e2af4dedd9c
Tests: ssl_verify_depth.t cleanup.
Sergey Kandaurov <pluknet@nginx.com>
parents:
1115
diff
changeset
|
127 like(get(8080, 'root'), qr/SUCCESS/, 'verify depth'); |
3e2af4dedd9c
Tests: ssl_verify_depth.t cleanup.
Sergey Kandaurov <pluknet@nginx.com>
parents:
1115
diff
changeset
|
128 like(get(8080, 'end'), qr/400 Bad Request/, 'verify depth limited'); |
1115
54e07593713a
Tests: ssl_verify_depth tests.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
129 |
54e07593713a
Tests: ssl_verify_depth tests.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
130 ############################################################################### |
54e07593713a
Tests: ssl_verify_depth tests.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
131 |
54e07593713a
Tests: ssl_verify_depth tests.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
132 sub get { |
54e07593713a
Tests: ssl_verify_depth tests.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
133 my ($port, $cert) = @_; |
54e07593713a
Tests: ssl_verify_depth tests.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
134 my $s = get_ssl_socket($port, $cert) or return; |
54e07593713a
Tests: ssl_verify_depth tests.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
135 http_get('/t', socket => $s); |
54e07593713a
Tests: ssl_verify_depth tests.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
136 } |
54e07593713a
Tests: ssl_verify_depth tests.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
137 |
54e07593713a
Tests: ssl_verify_depth tests.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
138 sub get_ssl_socket { |
54e07593713a
Tests: ssl_verify_depth tests.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
139 my ($port, $cert) = @_; |
54e07593713a
Tests: ssl_verify_depth tests.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
140 my ($s); |
54e07593713a
Tests: ssl_verify_depth tests.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
141 |
54e07593713a
Tests: ssl_verify_depth tests.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
142 eval { |
54e07593713a
Tests: ssl_verify_depth tests.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
143 local $SIG{ALRM} = sub { die "timeout\n" }; |
54e07593713a
Tests: ssl_verify_depth tests.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
144 local $SIG{PIPE} = sub { die "sigpipe\n" }; |
54e07593713a
Tests: ssl_verify_depth tests.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
145 alarm(2); |
54e07593713a
Tests: ssl_verify_depth tests.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
146 $s = IO::Socket::SSL->new( |
54e07593713a
Tests: ssl_verify_depth tests.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
147 Proto => 'tcp', |
54e07593713a
Tests: ssl_verify_depth tests.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
148 PeerAddr => '127.0.0.1', |
54e07593713a
Tests: ssl_verify_depth tests.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
149 PeerPort => port($port), |
54e07593713a
Tests: ssl_verify_depth tests.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
150 SSL_verify_mode => IO::Socket::SSL::SSL_VERIFY_NONE(), |
54e07593713a
Tests: ssl_verify_depth tests.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
151 SSL_cert_file => "$d/$cert.crt", |
54e07593713a
Tests: ssl_verify_depth tests.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
152 SSL_key_file => "$d/$cert.key", |
54e07593713a
Tests: ssl_verify_depth tests.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
153 SSL_error_trap => sub { die $_[1] } |
54e07593713a
Tests: ssl_verify_depth tests.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
154 ); |
54e07593713a
Tests: ssl_verify_depth tests.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
155 alarm(0); |
54e07593713a
Tests: ssl_verify_depth tests.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
156 }; |
54e07593713a
Tests: ssl_verify_depth tests.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
157 alarm(0); |
54e07593713a
Tests: ssl_verify_depth tests.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
158 |
54e07593713a
Tests: ssl_verify_depth tests.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
159 if ($@) { |
54e07593713a
Tests: ssl_verify_depth tests.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
160 log_in("died: $@"); |
54e07593713a
Tests: ssl_verify_depth tests.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
161 return undef; |
54e07593713a
Tests: ssl_verify_depth tests.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
162 } |
54e07593713a
Tests: ssl_verify_depth tests.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
163 |
54e07593713a
Tests: ssl_verify_depth tests.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
164 return $s; |
54e07593713a
Tests: ssl_verify_depth tests.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
165 } |
54e07593713a
Tests: ssl_verify_depth tests.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
166 |
54e07593713a
Tests: ssl_verify_depth tests.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
167 ############################################################################### |