Mercurial > hg > nginx-tests

annotate stream_proxy_ssl_certificate.t @ 1260:eadd24ccfda1

Find changesets by keywords (author, files, the commit message), revision number or hash, or revset expression.
Tests: postponed startup in certain ssl certificate tests on win32. At least, some win32 hosts exhibit a round-off error or some such in the notBefore field of the certificate generated before starting nginx, such that it can be set to the value one second ahead of the current time. This manifests in spurious test failures due to certificate verify error with a failure reason "certificate is not yet valid".
author Sergey Kandaurov <pluknet@nginx.com>
date Tue, 12 Dec 2017 12:53:53 +0300
parents 0af58b78df35
children dbce8fb5f5f8
Ignore whitespace changes - Everywhere: Within whitespace: At end of lines:
rev   line source
644
df8a498e0d50 Tests: stream proxy_ssl_certificate, proxy_ssl_password_file tests.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff changeset
1 #!/usr/bin/perl
df8a498e0d50 Tests: stream proxy_ssl_certificate, proxy_ssl_password_file tests.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff changeset
2
df8a498e0d50 Tests: stream proxy_ssl_certificate, proxy_ssl_password_file tests.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff changeset
3 # (C) Sergey Kandaurov
df8a498e0d50 Tests: stream proxy_ssl_certificate, proxy_ssl_password_file tests.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff changeset
4 # (C) Nginx, Inc.
df8a498e0d50 Tests: stream proxy_ssl_certificate, proxy_ssl_password_file tests.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff changeset
5
df8a498e0d50 Tests: stream proxy_ssl_certificate, proxy_ssl_password_file tests.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff changeset
6 # Tests for stream proxy module with proxy certificate to ssl backend.
df8a498e0d50 Tests: stream proxy_ssl_certificate, proxy_ssl_password_file tests.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff changeset
7 # The proxy_ssl_certificate and proxy_ssl_password_file directives.
df8a498e0d50 Tests: stream proxy_ssl_certificate, proxy_ssl_password_file tests.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff changeset
8
df8a498e0d50 Tests: stream proxy_ssl_certificate, proxy_ssl_password_file tests.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff changeset
9 ###############################################################################
df8a498e0d50 Tests: stream proxy_ssl_certificate, proxy_ssl_password_file tests.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff changeset
10
df8a498e0d50 Tests: stream proxy_ssl_certificate, proxy_ssl_password_file tests.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff changeset
11 use warnings;
df8a498e0d50 Tests: stream proxy_ssl_certificate, proxy_ssl_password_file tests.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff changeset
12 use strict;
df8a498e0d50 Tests: stream proxy_ssl_certificate, proxy_ssl_password_file tests.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff changeset
13
df8a498e0d50 Tests: stream proxy_ssl_certificate, proxy_ssl_password_file tests.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff changeset
14 use Test::More;
df8a498e0d50 Tests: stream proxy_ssl_certificate, proxy_ssl_password_file tests.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff changeset
15
df8a498e0d50 Tests: stream proxy_ssl_certificate, proxy_ssl_password_file tests.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff changeset
16 BEGIN { use FindBin; chdir($FindBin::Bin); }
df8a498e0d50 Tests: stream proxy_ssl_certificate, proxy_ssl_password_file tests.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff changeset
17
df8a498e0d50 Tests: stream proxy_ssl_certificate, proxy_ssl_password_file tests.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff changeset
18 use lib 'lib';
df8a498e0d50 Tests: stream proxy_ssl_certificate, proxy_ssl_password_file tests.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff changeset
19 use Test::Nginx;
df8a498e0d50 Tests: stream proxy_ssl_certificate, proxy_ssl_password_file tests.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff changeset
20
df8a498e0d50 Tests: stream proxy_ssl_certificate, proxy_ssl_password_file tests.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff changeset
21 ###############################################################################
df8a498e0d50 Tests: stream proxy_ssl_certificate, proxy_ssl_password_file tests.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff changeset
22
df8a498e0d50 Tests: stream proxy_ssl_certificate, proxy_ssl_password_file tests.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff changeset
23 select STDERR; $| = 1;
df8a498e0d50 Tests: stream proxy_ssl_certificate, proxy_ssl_password_file tests.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff changeset
24 select STDOUT; $| = 1;
df8a498e0d50 Tests: stream proxy_ssl_certificate, proxy_ssl_password_file tests.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff changeset
25
df8a498e0d50 Tests: stream proxy_ssl_certificate, proxy_ssl_password_file tests.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff changeset
26 my $t = Test::Nginx->new()->has(qw/stream stream_ssl http http_ssl/)
df8a498e0d50 Tests: stream proxy_ssl_certificate, proxy_ssl_password_file tests.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff changeset
27 ->has_daemon('openssl')->plan(5);
df8a498e0d50 Tests: stream proxy_ssl_certificate, proxy_ssl_password_file tests.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff changeset
28
df8a498e0d50 Tests: stream proxy_ssl_certificate, proxy_ssl_password_file tests.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff changeset
29 $t->write_file_expand('nginx.conf', <<'EOF');
df8a498e0d50 Tests: stream proxy_ssl_certificate, proxy_ssl_password_file tests.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff changeset
30
df8a498e0d50 Tests: stream proxy_ssl_certificate, proxy_ssl_password_file tests.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff changeset
31 %%TEST_GLOBALS%%
df8a498e0d50 Tests: stream proxy_ssl_certificate, proxy_ssl_password_file tests.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff changeset
32
df8a498e0d50 Tests: stream proxy_ssl_certificate, proxy_ssl_password_file tests.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff changeset
33 daemon off;
df8a498e0d50 Tests: stream proxy_ssl_certificate, proxy_ssl_password_file tests.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff changeset
34
df8a498e0d50 Tests: stream proxy_ssl_certificate, proxy_ssl_password_file tests.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff changeset
35 events {
df8a498e0d50 Tests: stream proxy_ssl_certificate, proxy_ssl_password_file tests.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff changeset
36 }
df8a498e0d50 Tests: stream proxy_ssl_certificate, proxy_ssl_password_file tests.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff changeset
37
df8a498e0d50 Tests: stream proxy_ssl_certificate, proxy_ssl_password_file tests.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff changeset
38 stream {
df8a498e0d50 Tests: stream proxy_ssl_certificate, proxy_ssl_password_file tests.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff changeset
39 proxy_ssl on;
df8a498e0d50 Tests: stream proxy_ssl_certificate, proxy_ssl_password_file tests.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff changeset
40 proxy_ssl_session_reuse off;
df8a498e0d50 Tests: stream proxy_ssl_certificate, proxy_ssl_password_file tests.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff changeset
41
df8a498e0d50 Tests: stream proxy_ssl_certificate, proxy_ssl_password_file tests.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff changeset
42 server {
974
882267679006 Tests: simplified parallel modifications in tests.
Andrey Zelenkov <zelenkov@nginx.com>
parents: 952
diff changeset
43 listen 127.0.0.1:8082;
882267679006 Tests: simplified parallel modifications in tests.
Andrey Zelenkov <zelenkov@nginx.com>
parents: 952
diff changeset
44 proxy_pass 127.0.0.1:8080;
644
df8a498e0d50 Tests: stream proxy_ssl_certificate, proxy_ssl_password_file tests.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff changeset
45
df8a498e0d50 Tests: stream proxy_ssl_certificate, proxy_ssl_password_file tests.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff changeset
46 proxy_ssl_certificate 1.example.com.crt;
df8a498e0d50 Tests: stream proxy_ssl_certificate, proxy_ssl_password_file tests.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff changeset
47 proxy_ssl_certificate_key 1.example.com.key;
df8a498e0d50 Tests: stream proxy_ssl_certificate, proxy_ssl_password_file tests.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff changeset
48 }
df8a498e0d50 Tests: stream proxy_ssl_certificate, proxy_ssl_password_file tests.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff changeset
49
df8a498e0d50 Tests: stream proxy_ssl_certificate, proxy_ssl_password_file tests.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff changeset
50 server {
974
882267679006 Tests: simplified parallel modifications in tests.
Andrey Zelenkov <zelenkov@nginx.com>
parents: 952
diff changeset
51 listen 127.0.0.1:8083;
882267679006 Tests: simplified parallel modifications in tests.
Andrey Zelenkov <zelenkov@nginx.com>
parents: 952
diff changeset
52 proxy_pass 127.0.0.1:8080;
644
df8a498e0d50 Tests: stream proxy_ssl_certificate, proxy_ssl_password_file tests.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff changeset
53
df8a498e0d50 Tests: stream proxy_ssl_certificate, proxy_ssl_password_file tests.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff changeset
54 proxy_ssl_certificate 2.example.com.crt;
df8a498e0d50 Tests: stream proxy_ssl_certificate, proxy_ssl_password_file tests.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff changeset
55 proxy_ssl_certificate_key 2.example.com.key;
df8a498e0d50 Tests: stream proxy_ssl_certificate, proxy_ssl_password_file tests.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff changeset
56 }
df8a498e0d50 Tests: stream proxy_ssl_certificate, proxy_ssl_password_file tests.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff changeset
57
df8a498e0d50 Tests: stream proxy_ssl_certificate, proxy_ssl_password_file tests.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff changeset
58 server {
974
882267679006 Tests: simplified parallel modifications in tests.
Andrey Zelenkov <zelenkov@nginx.com>
parents: 952
diff changeset
59 listen 127.0.0.1:8084;
882267679006 Tests: simplified parallel modifications in tests.
Andrey Zelenkov <zelenkov@nginx.com>
parents: 952
diff changeset
60 proxy_pass 127.0.0.1:8081;
644
df8a498e0d50 Tests: stream proxy_ssl_certificate, proxy_ssl_password_file tests.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff changeset
61
df8a498e0d50 Tests: stream proxy_ssl_certificate, proxy_ssl_password_file tests.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff changeset
62 proxy_ssl_certificate 3.example.com.crt;
df8a498e0d50 Tests: stream proxy_ssl_certificate, proxy_ssl_password_file tests.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff changeset
63 proxy_ssl_certificate_key 3.example.com.key;
df8a498e0d50 Tests: stream proxy_ssl_certificate, proxy_ssl_password_file tests.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff changeset
64 proxy_ssl_password_file password;
df8a498e0d50 Tests: stream proxy_ssl_certificate, proxy_ssl_password_file tests.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff changeset
65 }
df8a498e0d50 Tests: stream proxy_ssl_certificate, proxy_ssl_password_file tests.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff changeset
66 }
df8a498e0d50 Tests: stream proxy_ssl_certificate, proxy_ssl_password_file tests.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff changeset
67
df8a498e0d50 Tests: stream proxy_ssl_certificate, proxy_ssl_password_file tests.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff changeset
68 http {
df8a498e0d50 Tests: stream proxy_ssl_certificate, proxy_ssl_password_file tests.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff changeset
69 %%TEST_GLOBALS_HTTP%%
df8a498e0d50 Tests: stream proxy_ssl_certificate, proxy_ssl_password_file tests.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff changeset
70
df8a498e0d50 Tests: stream proxy_ssl_certificate, proxy_ssl_password_file tests.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff changeset
71 server {
974
882267679006 Tests: simplified parallel modifications in tests.
Andrey Zelenkov <zelenkov@nginx.com>
parents: 952
diff changeset
72 listen 127.0.0.1:8080 ssl;
644
df8a498e0d50 Tests: stream proxy_ssl_certificate, proxy_ssl_password_file tests.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff changeset
73 server_name localhost;
df8a498e0d50 Tests: stream proxy_ssl_certificate, proxy_ssl_password_file tests.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff changeset
74
df8a498e0d50 Tests: stream proxy_ssl_certificate, proxy_ssl_password_file tests.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff changeset
75 ssl_certificate 2.example.com.crt;
df8a498e0d50 Tests: stream proxy_ssl_certificate, proxy_ssl_password_file tests.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff changeset
76 ssl_certificate_key 2.example.com.key;
df8a498e0d50 Tests: stream proxy_ssl_certificate, proxy_ssl_password_file tests.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff changeset
77
df8a498e0d50 Tests: stream proxy_ssl_certificate, proxy_ssl_password_file tests.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff changeset
78 ssl_verify_client optional_no_ca;
df8a498e0d50 Tests: stream proxy_ssl_certificate, proxy_ssl_password_file tests.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff changeset
79 ssl_trusted_certificate 1.example.com.crt;
df8a498e0d50 Tests: stream proxy_ssl_certificate, proxy_ssl_password_file tests.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff changeset
80
df8a498e0d50 Tests: stream proxy_ssl_certificate, proxy_ssl_password_file tests.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff changeset
81 location / {
df8a498e0d50 Tests: stream proxy_ssl_certificate, proxy_ssl_password_file tests.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff changeset
82 add_header X-Verify $ssl_client_verify;
df8a498e0d50 Tests: stream proxy_ssl_certificate, proxy_ssl_password_file tests.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff changeset
83 add_header X-Name $ssl_client_s_dn;
df8a498e0d50 Tests: stream proxy_ssl_certificate, proxy_ssl_password_file tests.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff changeset
84 }
df8a498e0d50 Tests: stream proxy_ssl_certificate, proxy_ssl_password_file tests.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff changeset
85 }
df8a498e0d50 Tests: stream proxy_ssl_certificate, proxy_ssl_password_file tests.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff changeset
86
df8a498e0d50 Tests: stream proxy_ssl_certificate, proxy_ssl_password_file tests.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff changeset
87 server {
974
882267679006 Tests: simplified parallel modifications in tests.
Andrey Zelenkov <zelenkov@nginx.com>
parents: 952
diff changeset
88 listen 127.0.0.1:8081 ssl;
644
df8a498e0d50 Tests: stream proxy_ssl_certificate, proxy_ssl_password_file tests.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff changeset
89 server_name localhost;
df8a498e0d50 Tests: stream proxy_ssl_certificate, proxy_ssl_password_file tests.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff changeset
90
df8a498e0d50 Tests: stream proxy_ssl_certificate, proxy_ssl_password_file tests.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff changeset
91 ssl_certificate 1.example.com.crt;
df8a498e0d50 Tests: stream proxy_ssl_certificate, proxy_ssl_password_file tests.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff changeset
92 ssl_certificate_key 1.example.com.key;
df8a498e0d50 Tests: stream proxy_ssl_certificate, proxy_ssl_password_file tests.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff changeset
93
df8a498e0d50 Tests: stream proxy_ssl_certificate, proxy_ssl_password_file tests.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff changeset
94 ssl_verify_client optional_no_ca;
df8a498e0d50 Tests: stream proxy_ssl_certificate, proxy_ssl_password_file tests.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff changeset
95 ssl_trusted_certificate 3.example.com.crt;
df8a498e0d50 Tests: stream proxy_ssl_certificate, proxy_ssl_password_file tests.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff changeset
96
df8a498e0d50 Tests: stream proxy_ssl_certificate, proxy_ssl_password_file tests.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff changeset
97 location / {
df8a498e0d50 Tests: stream proxy_ssl_certificate, proxy_ssl_password_file tests.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff changeset
98 add_header X-Verify $ssl_client_verify;
df8a498e0d50 Tests: stream proxy_ssl_certificate, proxy_ssl_password_file tests.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff changeset
99 }
df8a498e0d50 Tests: stream proxy_ssl_certificate, proxy_ssl_password_file tests.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff changeset
100 }
df8a498e0d50 Tests: stream proxy_ssl_certificate, proxy_ssl_password_file tests.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff changeset
101 }
df8a498e0d50 Tests: stream proxy_ssl_certificate, proxy_ssl_password_file tests.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff changeset
102
df8a498e0d50 Tests: stream proxy_ssl_certificate, proxy_ssl_password_file tests.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff changeset
103 EOF
df8a498e0d50 Tests: stream proxy_ssl_certificate, proxy_ssl_password_file tests.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff changeset
104
df8a498e0d50 Tests: stream proxy_ssl_certificate, proxy_ssl_password_file tests.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff changeset
105 $t->write_file('openssl.conf', <<EOF);
df8a498e0d50 Tests: stream proxy_ssl_certificate, proxy_ssl_password_file tests.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff changeset
106 [ req ]
df8a498e0d50 Tests: stream proxy_ssl_certificate, proxy_ssl_password_file tests.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff changeset
107 default_bits = 1024
df8a498e0d50 Tests: stream proxy_ssl_certificate, proxy_ssl_password_file tests.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff changeset
108 encrypt_key = no
df8a498e0d50 Tests: stream proxy_ssl_certificate, proxy_ssl_password_file tests.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff changeset
109 distinguished_name = req_distinguished_name
df8a498e0d50 Tests: stream proxy_ssl_certificate, proxy_ssl_password_file tests.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff changeset
110 [ req_distinguished_name ]
df8a498e0d50 Tests: stream proxy_ssl_certificate, proxy_ssl_password_file tests.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff changeset
111 EOF
df8a498e0d50 Tests: stream proxy_ssl_certificate, proxy_ssl_password_file tests.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff changeset
112
df8a498e0d50 Tests: stream proxy_ssl_certificate, proxy_ssl_password_file tests.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff changeset
113 my $d = $t->testdir();
df8a498e0d50 Tests: stream proxy_ssl_certificate, proxy_ssl_password_file tests.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff changeset
114
df8a498e0d50 Tests: stream proxy_ssl_certificate, proxy_ssl_password_file tests.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff changeset
115 foreach my $name ('1.example.com', '2.example.com') {
df8a498e0d50 Tests: stream proxy_ssl_certificate, proxy_ssl_password_file tests.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff changeset
116 system('openssl req -x509 -new '
1220
0af58b78df35 Tests: removed single quotes from system() calls.
Sergey Kandaurov <pluknet@nginx.com>
parents: 1140
diff changeset
117 . "-config $d/openssl.conf -subj /CN=$name/ "
0af58b78df35 Tests: removed single quotes from system() calls.
Sergey Kandaurov <pluknet@nginx.com>
parents: 1140
diff changeset
118 . "-out $d/$name.crt -keyout $d/$name.key "
644
df8a498e0d50 Tests: stream proxy_ssl_certificate, proxy_ssl_password_file tests.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff changeset
119 . ">>$d/openssl.out 2>&1") == 0
df8a498e0d50 Tests: stream proxy_ssl_certificate, proxy_ssl_password_file tests.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff changeset
120 or die "Can't create certificate for $name: $!\n";
df8a498e0d50 Tests: stream proxy_ssl_certificate, proxy_ssl_password_file tests.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff changeset
121 }
df8a498e0d50 Tests: stream proxy_ssl_certificate, proxy_ssl_password_file tests.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff changeset
122
df8a498e0d50 Tests: stream proxy_ssl_certificate, proxy_ssl_password_file tests.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff changeset
123 foreach my $name ('3.example.com') {
1220
0af58b78df35 Tests: removed single quotes from system() calls.
Sergey Kandaurov <pluknet@nginx.com>
parents: 1140
diff changeset
124 system("openssl genrsa -out $d/$name.key -passout pass:$name "
1140
778eae8230e4 Tests: reduced OpenSSL default key length to 1024.
Andrey Zelenkov <zelenkov@nginx.com>
parents: 1069
diff changeset
125 . "-aes128 1024 >>$d/openssl.out 2>&1") == 0
644
df8a498e0d50 Tests: stream proxy_ssl_certificate, proxy_ssl_password_file tests.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff changeset
126 or die "Can't create private key: $!\n";
df8a498e0d50 Tests: stream proxy_ssl_certificate, proxy_ssl_password_file tests.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff changeset
127 system('openssl req -x509 -new '
1220
0af58b78df35 Tests: removed single quotes from system() calls.
Sergey Kandaurov <pluknet@nginx.com>
parents: 1140
diff changeset
128 . "-config $d/openssl.conf -subj /CN=$name/ "
0af58b78df35 Tests: removed single quotes from system() calls.
Sergey Kandaurov <pluknet@nginx.com>
parents: 1140
diff changeset
129 . "-out $d/$name.crt "
0af58b78df35 Tests: removed single quotes from system() calls.
Sergey Kandaurov <pluknet@nginx.com>
parents: 1140
diff changeset
130 . "-key $d/$name.key -passin pass:$name"
644
df8a498e0d50 Tests: stream proxy_ssl_certificate, proxy_ssl_password_file tests.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff changeset
131 . ">>$d/openssl.out 2>&1") == 0
df8a498e0d50 Tests: stream proxy_ssl_certificate, proxy_ssl_password_file tests.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff changeset
132 or die "Can't create certificate for $name: $!\n";
df8a498e0d50 Tests: stream proxy_ssl_certificate, proxy_ssl_password_file tests.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff changeset
133 }
df8a498e0d50 Tests: stream proxy_ssl_certificate, proxy_ssl_password_file tests.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff changeset
134
1260
eadd24ccfda1 Tests: postponed startup in certain ssl certificate tests on win32.
Sergey Kandaurov <pluknet@nginx.com>
parents: 1220
diff changeset
135 sleep 1 if $^O eq 'MSWin32';
eadd24ccfda1 Tests: postponed startup in certain ssl certificate tests on win32.
Sergey Kandaurov <pluknet@nginx.com>
parents: 1220
diff changeset
136
644
df8a498e0d50 Tests: stream proxy_ssl_certificate, proxy_ssl_password_file tests.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff changeset
137 $t->write_file('password', '3.example.com');
df8a498e0d50 Tests: stream proxy_ssl_certificate, proxy_ssl_password_file tests.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff changeset
138 $t->write_file('index.html', '');
df8a498e0d50 Tests: stream proxy_ssl_certificate, proxy_ssl_password_file tests.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff changeset
139
df8a498e0d50 Tests: stream proxy_ssl_certificate, proxy_ssl_password_file tests.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff changeset
140 $t->run();
df8a498e0d50 Tests: stream proxy_ssl_certificate, proxy_ssl_password_file tests.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff changeset
141
df8a498e0d50 Tests: stream proxy_ssl_certificate, proxy_ssl_password_file tests.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff changeset
142 ###############################################################################
df8a498e0d50 Tests: stream proxy_ssl_certificate, proxy_ssl_password_file tests.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff changeset
143
974
882267679006 Tests: simplified parallel modifications in tests.
Andrey Zelenkov <zelenkov@nginx.com>
parents: 952
diff changeset
144 like(http_get('/', socket => getconn('127.0.0.1:' . port(8082))),
644
df8a498e0d50 Tests: stream proxy_ssl_certificate, proxy_ssl_password_file tests.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff changeset
145 qr/X-Verify: SUCCESS/ms, 'verify certificate');
974
882267679006 Tests: simplified parallel modifications in tests.
Andrey Zelenkov <zelenkov@nginx.com>
parents: 952
diff changeset
146 like(http_get('/', socket => getconn('127.0.0.1:' . port(8083))),
644
df8a498e0d50 Tests: stream proxy_ssl_certificate, proxy_ssl_password_file tests.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff changeset
147 qr/X-Verify: FAILED/ms, 'fail certificate');
974
882267679006 Tests: simplified parallel modifications in tests.
Andrey Zelenkov <zelenkov@nginx.com>
parents: 952
diff changeset
148 like(http_get('/', socket => getconn('127.0.0.1:' . port(8084))),
644
df8a498e0d50 Tests: stream proxy_ssl_certificate, proxy_ssl_password_file tests.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff changeset
149 qr/X-Verify: SUCCESS/ms, 'with encrypted key');
df8a498e0d50 Tests: stream proxy_ssl_certificate, proxy_ssl_password_file tests.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff changeset
150
974
882267679006 Tests: simplified parallel modifications in tests.
Andrey Zelenkov <zelenkov@nginx.com>
parents: 952
diff changeset
151 like(http_get('/', socket => getconn('127.0.0.1:' . port(8082))),
1069
1b11a12be179 Tests: pass both issuer/subject variable formats where appropriate.
Sergey Kandaurov <pluknet@nginx.com>
parents: 1039
diff changeset
152 qr!X-Name: /?CN=1.example!, 'valid certificate');
974
882267679006 Tests: simplified parallel modifications in tests.
Andrey Zelenkov <zelenkov@nginx.com>
parents: 952
diff changeset
153 unlike(http_get('/', socket => getconn('127.0.0.1:' . port(8083))),
1069
1b11a12be179 Tests: pass both issuer/subject variable formats where appropriate.
Sergey Kandaurov <pluknet@nginx.com>
parents: 1039
diff changeset
154 qr!X-Name: /?CN=1.example!, 'invalid certificate');
644
df8a498e0d50 Tests: stream proxy_ssl_certificate, proxy_ssl_password_file tests.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff changeset
155
df8a498e0d50 Tests: stream proxy_ssl_certificate, proxy_ssl_password_file tests.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff changeset
156 ###############################################################################
df8a498e0d50 Tests: stream proxy_ssl_certificate, proxy_ssl_password_file tests.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff changeset
157
df8a498e0d50 Tests: stream proxy_ssl_certificate, proxy_ssl_password_file tests.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff changeset
158 sub getconn {
df8a498e0d50 Tests: stream proxy_ssl_certificate, proxy_ssl_password_file tests.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff changeset
159 my $peer = shift;
df8a498e0d50 Tests: stream proxy_ssl_certificate, proxy_ssl_password_file tests.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff changeset
160 my $s = IO::Socket::INET->new(
df8a498e0d50 Tests: stream proxy_ssl_certificate, proxy_ssl_password_file tests.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff changeset
161 Proto => 'tcp',
952
e9064d691790 Tests: converted tests to run in parallel.
Andrey Zelenkov <zelenkov@nginx.com>
parents: 644
diff changeset
162 PeerAddr => $peer
644
df8a498e0d50 Tests: stream proxy_ssl_certificate, proxy_ssl_password_file tests.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff changeset
163 )
df8a498e0d50 Tests: stream proxy_ssl_certificate, proxy_ssl_password_file tests.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff changeset
164 or die "Can't connect to nginx: $!\n";
df8a498e0d50 Tests: stream proxy_ssl_certificate, proxy_ssl_password_file tests.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff changeset
165
df8a498e0d50 Tests: stream proxy_ssl_certificate, proxy_ssl_password_file tests.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff changeset
166 return $s;
df8a498e0d50 Tests: stream proxy_ssl_certificate, proxy_ssl_password_file tests.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff changeset
167 }
df8a498e0d50 Tests: stream proxy_ssl_certificate, proxy_ssl_password_file tests.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff changeset
168
df8a498e0d50 Tests: stream proxy_ssl_certificate, proxy_ssl_password_file tests.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff changeset
169 ###############################################################################