Mercurial > hg > nginx-tests
annotate proxy_ssl_certificate.t @ 1021:ebdf239722b9
Tests: relaxed proxy_cache_lock.t nolock tests to fix on Solaris.
Assumed that the order of responses being arrived in nolock case may be ignored.
An important part of such case is that the only last response should be cached.
author | Sergey Kandaurov <pluknet@nginx.com> |
---|---|
date | Fri, 02 Sep 2016 12:17:35 +0300 |
parents | 882267679006 |
children | 90a0d85436c1 |
rev | line source |
---|---|
497
d4330871bfb0
Tests: proxy_ssl_certificate, proxy_ssl_password_file tests.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
1 #!/usr/bin/perl |
d4330871bfb0
Tests: proxy_ssl_certificate, proxy_ssl_password_file tests.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
2 |
d4330871bfb0
Tests: proxy_ssl_certificate, proxy_ssl_password_file tests.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
3 # (C) Sergey Kandaurov |
d4330871bfb0
Tests: proxy_ssl_certificate, proxy_ssl_password_file tests.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
4 # (C) Nginx, Inc. |
d4330871bfb0
Tests: proxy_ssl_certificate, proxy_ssl_password_file tests.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
5 |
643
02bb93aebaa5
Tests: minor cleanup, no functional changes.
Sergey Kandaurov <pluknet@nginx.com>
parents:
568
diff
changeset
|
6 # Tests for http proxy module with proxy certificate to ssl backend. |
497
d4330871bfb0
Tests: proxy_ssl_certificate, proxy_ssl_password_file tests.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
7 # The proxy_ssl_certificate and proxy_ssl_password_file directives. |
d4330871bfb0
Tests: proxy_ssl_certificate, proxy_ssl_password_file tests.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
8 |
d4330871bfb0
Tests: proxy_ssl_certificate, proxy_ssl_password_file tests.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
9 ############################################################################### |
d4330871bfb0
Tests: proxy_ssl_certificate, proxy_ssl_password_file tests.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
10 |
d4330871bfb0
Tests: proxy_ssl_certificate, proxy_ssl_password_file tests.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
11 use warnings; |
d4330871bfb0
Tests: proxy_ssl_certificate, proxy_ssl_password_file tests.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
12 use strict; |
d4330871bfb0
Tests: proxy_ssl_certificate, proxy_ssl_password_file tests.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
13 |
d4330871bfb0
Tests: proxy_ssl_certificate, proxy_ssl_password_file tests.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
14 use Test::More; |
d4330871bfb0
Tests: proxy_ssl_certificate, proxy_ssl_password_file tests.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
15 |
d4330871bfb0
Tests: proxy_ssl_certificate, proxy_ssl_password_file tests.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
16 BEGIN { use FindBin; chdir($FindBin::Bin); } |
d4330871bfb0
Tests: proxy_ssl_certificate, proxy_ssl_password_file tests.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
17 |
d4330871bfb0
Tests: proxy_ssl_certificate, proxy_ssl_password_file tests.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
18 use lib 'lib'; |
d4330871bfb0
Tests: proxy_ssl_certificate, proxy_ssl_password_file tests.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
19 use Test::Nginx; |
d4330871bfb0
Tests: proxy_ssl_certificate, proxy_ssl_password_file tests.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
20 |
d4330871bfb0
Tests: proxy_ssl_certificate, proxy_ssl_password_file tests.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
21 ############################################################################### |
d4330871bfb0
Tests: proxy_ssl_certificate, proxy_ssl_password_file tests.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
22 |
d4330871bfb0
Tests: proxy_ssl_certificate, proxy_ssl_password_file tests.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
23 select STDERR; $| = 1; |
d4330871bfb0
Tests: proxy_ssl_certificate, proxy_ssl_password_file tests.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
24 select STDOUT; $| = 1; |
d4330871bfb0
Tests: proxy_ssl_certificate, proxy_ssl_password_file tests.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
25 |
d4330871bfb0
Tests: proxy_ssl_certificate, proxy_ssl_password_file tests.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
26 my $t = Test::Nginx->new()->has(qw/http http_ssl proxy/) |
568
907e89fba9c3
Tests: removed TODO and try_run() checks for legacy versions.
Sergey Kandaurov <pluknet@nginx.com>
parents:
497
diff
changeset
|
27 ->has_daemon('openssl')->plan(5); |
497
d4330871bfb0
Tests: proxy_ssl_certificate, proxy_ssl_password_file tests.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
28 |
568
907e89fba9c3
Tests: removed TODO and try_run() checks for legacy versions.
Sergey Kandaurov <pluknet@nginx.com>
parents:
497
diff
changeset
|
29 $t->write_file_expand('nginx.conf', <<'EOF'); |
497
d4330871bfb0
Tests: proxy_ssl_certificate, proxy_ssl_password_file tests.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
30 |
d4330871bfb0
Tests: proxy_ssl_certificate, proxy_ssl_password_file tests.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
31 %%TEST_GLOBALS%% |
d4330871bfb0
Tests: proxy_ssl_certificate, proxy_ssl_password_file tests.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
32 |
d4330871bfb0
Tests: proxy_ssl_certificate, proxy_ssl_password_file tests.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
33 daemon off; |
d4330871bfb0
Tests: proxy_ssl_certificate, proxy_ssl_password_file tests.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
34 |
d4330871bfb0
Tests: proxy_ssl_certificate, proxy_ssl_password_file tests.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
35 events { |
d4330871bfb0
Tests: proxy_ssl_certificate, proxy_ssl_password_file tests.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
36 } |
d4330871bfb0
Tests: proxy_ssl_certificate, proxy_ssl_password_file tests.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
37 |
d4330871bfb0
Tests: proxy_ssl_certificate, proxy_ssl_password_file tests.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
38 http { |
d4330871bfb0
Tests: proxy_ssl_certificate, proxy_ssl_password_file tests.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
39 %%TEST_GLOBALS_HTTP%% |
d4330871bfb0
Tests: proxy_ssl_certificate, proxy_ssl_password_file tests.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
40 |
d4330871bfb0
Tests: proxy_ssl_certificate, proxy_ssl_password_file tests.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
41 server { |
974
882267679006
Tests: simplified parallel modifications in tests.
Andrey Zelenkov <zelenkov@nginx.com>
parents:
952
diff
changeset
|
42 listen 127.0.0.1:8080; |
497
d4330871bfb0
Tests: proxy_ssl_certificate, proxy_ssl_password_file tests.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
43 server_name localhost; |
d4330871bfb0
Tests: proxy_ssl_certificate, proxy_ssl_password_file tests.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
44 |
d4330871bfb0
Tests: proxy_ssl_certificate, proxy_ssl_password_file tests.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
45 proxy_ssl_session_reuse off; |
d4330871bfb0
Tests: proxy_ssl_certificate, proxy_ssl_password_file tests.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
46 |
d4330871bfb0
Tests: proxy_ssl_certificate, proxy_ssl_password_file tests.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
47 location /verify { |
974
882267679006
Tests: simplified parallel modifications in tests.
Andrey Zelenkov <zelenkov@nginx.com>
parents:
952
diff
changeset
|
48 proxy_pass https://127.0.0.1:8081/; |
497
d4330871bfb0
Tests: proxy_ssl_certificate, proxy_ssl_password_file tests.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
49 proxy_ssl_certificate 1.example.com.crt; |
d4330871bfb0
Tests: proxy_ssl_certificate, proxy_ssl_password_file tests.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
50 proxy_ssl_certificate_key 1.example.com.key; |
d4330871bfb0
Tests: proxy_ssl_certificate, proxy_ssl_password_file tests.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
51 } |
d4330871bfb0
Tests: proxy_ssl_certificate, proxy_ssl_password_file tests.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
52 |
d4330871bfb0
Tests: proxy_ssl_certificate, proxy_ssl_password_file tests.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
53 location /fail { |
974
882267679006
Tests: simplified parallel modifications in tests.
Andrey Zelenkov <zelenkov@nginx.com>
parents:
952
diff
changeset
|
54 proxy_pass https://127.0.0.1:8081/; |
497
d4330871bfb0
Tests: proxy_ssl_certificate, proxy_ssl_password_file tests.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
55 proxy_ssl_certificate 2.example.com.crt; |
d4330871bfb0
Tests: proxy_ssl_certificate, proxy_ssl_password_file tests.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
56 proxy_ssl_certificate_key 2.example.com.key; |
d4330871bfb0
Tests: proxy_ssl_certificate, proxy_ssl_password_file tests.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
57 } |
d4330871bfb0
Tests: proxy_ssl_certificate, proxy_ssl_password_file tests.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
58 |
d4330871bfb0
Tests: proxy_ssl_certificate, proxy_ssl_password_file tests.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
59 location /encrypted { |
974
882267679006
Tests: simplified parallel modifications in tests.
Andrey Zelenkov <zelenkov@nginx.com>
parents:
952
diff
changeset
|
60 proxy_pass https://127.0.0.1:8082/; |
497
d4330871bfb0
Tests: proxy_ssl_certificate, proxy_ssl_password_file tests.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
61 proxy_ssl_certificate 3.example.com.crt; |
d4330871bfb0
Tests: proxy_ssl_certificate, proxy_ssl_password_file tests.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
62 proxy_ssl_certificate_key 3.example.com.key; |
d4330871bfb0
Tests: proxy_ssl_certificate, proxy_ssl_password_file tests.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
63 proxy_ssl_password_file password; |
d4330871bfb0
Tests: proxy_ssl_certificate, proxy_ssl_password_file tests.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
64 } |
d4330871bfb0
Tests: proxy_ssl_certificate, proxy_ssl_password_file tests.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
65 } |
d4330871bfb0
Tests: proxy_ssl_certificate, proxy_ssl_password_file tests.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
66 |
d4330871bfb0
Tests: proxy_ssl_certificate, proxy_ssl_password_file tests.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
67 server { |
974
882267679006
Tests: simplified parallel modifications in tests.
Andrey Zelenkov <zelenkov@nginx.com>
parents:
952
diff
changeset
|
68 listen 127.0.0.1:8081 ssl; |
497
d4330871bfb0
Tests: proxy_ssl_certificate, proxy_ssl_password_file tests.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
69 server_name localhost; |
d4330871bfb0
Tests: proxy_ssl_certificate, proxy_ssl_password_file tests.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
70 |
d4330871bfb0
Tests: proxy_ssl_certificate, proxy_ssl_password_file tests.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
71 ssl_certificate 2.example.com.crt; |
d4330871bfb0
Tests: proxy_ssl_certificate, proxy_ssl_password_file tests.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
72 ssl_certificate_key 2.example.com.key; |
d4330871bfb0
Tests: proxy_ssl_certificate, proxy_ssl_password_file tests.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
73 |
d4330871bfb0
Tests: proxy_ssl_certificate, proxy_ssl_password_file tests.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
74 ssl_verify_client optional_no_ca; |
d4330871bfb0
Tests: proxy_ssl_certificate, proxy_ssl_password_file tests.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
75 ssl_trusted_certificate 1.example.com.crt; |
d4330871bfb0
Tests: proxy_ssl_certificate, proxy_ssl_password_file tests.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
76 |
d4330871bfb0
Tests: proxy_ssl_certificate, proxy_ssl_password_file tests.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
77 location / { |
d4330871bfb0
Tests: proxy_ssl_certificate, proxy_ssl_password_file tests.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
78 add_header X-Verify $ssl_client_verify; |
d4330871bfb0
Tests: proxy_ssl_certificate, proxy_ssl_password_file tests.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
79 add_header X-Name $ssl_client_s_dn; |
d4330871bfb0
Tests: proxy_ssl_certificate, proxy_ssl_password_file tests.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
80 } |
d4330871bfb0
Tests: proxy_ssl_certificate, proxy_ssl_password_file tests.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
81 } |
d4330871bfb0
Tests: proxy_ssl_certificate, proxy_ssl_password_file tests.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
82 |
d4330871bfb0
Tests: proxy_ssl_certificate, proxy_ssl_password_file tests.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
83 server { |
974
882267679006
Tests: simplified parallel modifications in tests.
Andrey Zelenkov <zelenkov@nginx.com>
parents:
952
diff
changeset
|
84 listen 127.0.0.1:8082 ssl; |
497
d4330871bfb0
Tests: proxy_ssl_certificate, proxy_ssl_password_file tests.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
85 server_name localhost; |
d4330871bfb0
Tests: proxy_ssl_certificate, proxy_ssl_password_file tests.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
86 |
d4330871bfb0
Tests: proxy_ssl_certificate, proxy_ssl_password_file tests.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
87 ssl_certificate 1.example.com.crt; |
d4330871bfb0
Tests: proxy_ssl_certificate, proxy_ssl_password_file tests.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
88 ssl_certificate_key 1.example.com.key; |
d4330871bfb0
Tests: proxy_ssl_certificate, proxy_ssl_password_file tests.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
89 |
d4330871bfb0
Tests: proxy_ssl_certificate, proxy_ssl_password_file tests.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
90 ssl_verify_client optional_no_ca; |
d4330871bfb0
Tests: proxy_ssl_certificate, proxy_ssl_password_file tests.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
91 ssl_trusted_certificate 3.example.com.crt; |
d4330871bfb0
Tests: proxy_ssl_certificate, proxy_ssl_password_file tests.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
92 |
d4330871bfb0
Tests: proxy_ssl_certificate, proxy_ssl_password_file tests.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
93 location / { |
d4330871bfb0
Tests: proxy_ssl_certificate, proxy_ssl_password_file tests.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
94 add_header X-Verify $ssl_client_verify; |
d4330871bfb0
Tests: proxy_ssl_certificate, proxy_ssl_password_file tests.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
95 } |
d4330871bfb0
Tests: proxy_ssl_certificate, proxy_ssl_password_file tests.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
96 } |
d4330871bfb0
Tests: proxy_ssl_certificate, proxy_ssl_password_file tests.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
97 } |
d4330871bfb0
Tests: proxy_ssl_certificate, proxy_ssl_password_file tests.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
98 |
d4330871bfb0
Tests: proxy_ssl_certificate, proxy_ssl_password_file tests.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
99 EOF |
d4330871bfb0
Tests: proxy_ssl_certificate, proxy_ssl_password_file tests.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
100 |
d4330871bfb0
Tests: proxy_ssl_certificate, proxy_ssl_password_file tests.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
101 $t->write_file('openssl.conf', <<EOF); |
d4330871bfb0
Tests: proxy_ssl_certificate, proxy_ssl_password_file tests.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
102 [ req ] |
d4330871bfb0
Tests: proxy_ssl_certificate, proxy_ssl_password_file tests.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
103 default_bits = 1024 |
d4330871bfb0
Tests: proxy_ssl_certificate, proxy_ssl_password_file tests.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
104 encrypt_key = no |
d4330871bfb0
Tests: proxy_ssl_certificate, proxy_ssl_password_file tests.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
105 distinguished_name = req_distinguished_name |
d4330871bfb0
Tests: proxy_ssl_certificate, proxy_ssl_password_file tests.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
106 [ req_distinguished_name ] |
d4330871bfb0
Tests: proxy_ssl_certificate, proxy_ssl_password_file tests.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
107 EOF |
d4330871bfb0
Tests: proxy_ssl_certificate, proxy_ssl_password_file tests.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
108 |
d4330871bfb0
Tests: proxy_ssl_certificate, proxy_ssl_password_file tests.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
109 my $d = $t->testdir(); |
d4330871bfb0
Tests: proxy_ssl_certificate, proxy_ssl_password_file tests.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
110 |
d4330871bfb0
Tests: proxy_ssl_certificate, proxy_ssl_password_file tests.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
111 foreach my $name ('1.example.com', '2.example.com') { |
d4330871bfb0
Tests: proxy_ssl_certificate, proxy_ssl_password_file tests.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
112 system('openssl req -x509 -new ' |
d4330871bfb0
Tests: proxy_ssl_certificate, proxy_ssl_password_file tests.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
113 . "-config '$d/openssl.conf' -subj '/CN=$name/' " |
d4330871bfb0
Tests: proxy_ssl_certificate, proxy_ssl_password_file tests.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
114 . "-out '$d/$name.crt' -keyout '$d/$name.key' " |
d4330871bfb0
Tests: proxy_ssl_certificate, proxy_ssl_password_file tests.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
115 . ">>$d/openssl.out 2>&1") == 0 |
d4330871bfb0
Tests: proxy_ssl_certificate, proxy_ssl_password_file tests.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
116 or die "Can't create certificate for $name: $!\n"; |
d4330871bfb0
Tests: proxy_ssl_certificate, proxy_ssl_password_file tests.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
117 } |
d4330871bfb0
Tests: proxy_ssl_certificate, proxy_ssl_password_file tests.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
118 |
d4330871bfb0
Tests: proxy_ssl_certificate, proxy_ssl_password_file tests.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
119 foreach my $name ('3.example.com') { |
d4330871bfb0
Tests: proxy_ssl_certificate, proxy_ssl_password_file tests.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
120 system("openssl genrsa -out $d/$name.key -passout pass:$name " |
d4330871bfb0
Tests: proxy_ssl_certificate, proxy_ssl_password_file tests.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
121 . "-aes128 2048 >>$d/openssl.out 2>&1") == 0 |
d4330871bfb0
Tests: proxy_ssl_certificate, proxy_ssl_password_file tests.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
122 or die "Can't create private key: $!\n"; |
d4330871bfb0
Tests: proxy_ssl_certificate, proxy_ssl_password_file tests.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
123 system('openssl req -x509 -new ' |
d4330871bfb0
Tests: proxy_ssl_certificate, proxy_ssl_password_file tests.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
124 . "-config '$d/openssl.conf' -subj '/CN=$name/' " |
d4330871bfb0
Tests: proxy_ssl_certificate, proxy_ssl_password_file tests.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
125 . "-out '$d/$name.crt' " |
d4330871bfb0
Tests: proxy_ssl_certificate, proxy_ssl_password_file tests.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
126 . "-key '$d/$name.key' -passin pass:$name" |
d4330871bfb0
Tests: proxy_ssl_certificate, proxy_ssl_password_file tests.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
127 . ">>$d/openssl.out 2>&1") == 0 |
d4330871bfb0
Tests: proxy_ssl_certificate, proxy_ssl_password_file tests.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
128 or die "Can't create certificate for $name: $!\n"; |
d4330871bfb0
Tests: proxy_ssl_certificate, proxy_ssl_password_file tests.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
129 } |
d4330871bfb0
Tests: proxy_ssl_certificate, proxy_ssl_password_file tests.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
130 |
d4330871bfb0
Tests: proxy_ssl_certificate, proxy_ssl_password_file tests.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
131 $t->write_file('password', '3.example.com'); |
d4330871bfb0
Tests: proxy_ssl_certificate, proxy_ssl_password_file tests.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
132 $t->write_file('index.html', ''); |
d4330871bfb0
Tests: proxy_ssl_certificate, proxy_ssl_password_file tests.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
133 |
d4330871bfb0
Tests: proxy_ssl_certificate, proxy_ssl_password_file tests.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
134 $t->run(); |
d4330871bfb0
Tests: proxy_ssl_certificate, proxy_ssl_password_file tests.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
135 |
d4330871bfb0
Tests: proxy_ssl_certificate, proxy_ssl_password_file tests.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
136 ############################################################################### |
d4330871bfb0
Tests: proxy_ssl_certificate, proxy_ssl_password_file tests.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
137 |
d4330871bfb0
Tests: proxy_ssl_certificate, proxy_ssl_password_file tests.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
138 like(http_get('/verify'), qr/X-Verify: SUCCESS/ms, 'verify certificate'); |
d4330871bfb0
Tests: proxy_ssl_certificate, proxy_ssl_password_file tests.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
139 like(http_get('/fail'), qr/X-Verify: FAILED/ms, 'fail certificate'); |
d4330871bfb0
Tests: proxy_ssl_certificate, proxy_ssl_password_file tests.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
140 like(http_get('/encrypted'), qr/X-Verify: SUCCESS/ms, 'with encrypted key'); |
d4330871bfb0
Tests: proxy_ssl_certificate, proxy_ssl_password_file tests.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
141 |
d4330871bfb0
Tests: proxy_ssl_certificate, proxy_ssl_password_file tests.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
142 like(http_get('/verify'), qr!X-Name: /CN=1.example!, 'valid certificate'); |
d4330871bfb0
Tests: proxy_ssl_certificate, proxy_ssl_password_file tests.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
143 unlike(http_get('/fail'), qr!X-Name: /CN=1.example!, 'invalid certificate'); |
d4330871bfb0
Tests: proxy_ssl_certificate, proxy_ssl_password_file tests.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
144 |
d4330871bfb0
Tests: proxy_ssl_certificate, proxy_ssl_password_file tests.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
145 ############################################################################### |