Mercurial > hg > nginx-tests
annotate proxy_ssl_verify.t @ 1021:ebdf239722b9
Tests: relaxed proxy_cache_lock.t nolock tests to fix on Solaris.
Assumed that the order of responses being arrived in nolock case may be ignored.
An important part of such case is that the only last response should be cached.
| author | Sergey Kandaurov <pluknet@nginx.com> |
|---|---|
| date | Fri, 02 Sep 2016 12:17:35 +0300 |
| parents | 882267679006 |
| children | 0af58b78df35 |
| rev | line source |
|---|---|
|
393
3c9aeeb09ac8
Tests: proxy_ssl_name and proxy_ssl_verify tests.
Maxim Dounin <mdounin@mdounin.ru>
parents:
diff
changeset
|
1 #!/usr/bin/perl |
|
3c9aeeb09ac8
Tests: proxy_ssl_name and proxy_ssl_verify tests.
Maxim Dounin <mdounin@mdounin.ru>
parents:
diff
changeset
|
2 |
|
3c9aeeb09ac8
Tests: proxy_ssl_name and proxy_ssl_verify tests.
Maxim Dounin <mdounin@mdounin.ru>
parents:
diff
changeset
|
3 # (C) Maxim Dounin |
|
3c9aeeb09ac8
Tests: proxy_ssl_name and proxy_ssl_verify tests.
Maxim Dounin <mdounin@mdounin.ru>
parents:
diff
changeset
|
4 # (C) Nginx, Inc. |
|
3c9aeeb09ac8
Tests: proxy_ssl_name and proxy_ssl_verify tests.
Maxim Dounin <mdounin@mdounin.ru>
parents:
diff
changeset
|
5 |
|
3c9aeeb09ac8
Tests: proxy_ssl_name and proxy_ssl_verify tests.
Maxim Dounin <mdounin@mdounin.ru>
parents:
diff
changeset
|
6 # Tests for proxy to ssl backend, backend certificate verification. |
|
3c9aeeb09ac8
Tests: proxy_ssl_name and proxy_ssl_verify tests.
Maxim Dounin <mdounin@mdounin.ru>
parents:
diff
changeset
|
7 |
|
3c9aeeb09ac8
Tests: proxy_ssl_name and proxy_ssl_verify tests.
Maxim Dounin <mdounin@mdounin.ru>
parents:
diff
changeset
|
8 ############################################################################### |
|
3c9aeeb09ac8
Tests: proxy_ssl_name and proxy_ssl_verify tests.
Maxim Dounin <mdounin@mdounin.ru>
parents:
diff
changeset
|
9 |
|
3c9aeeb09ac8
Tests: proxy_ssl_name and proxy_ssl_verify tests.
Maxim Dounin <mdounin@mdounin.ru>
parents:
diff
changeset
|
10 use warnings; |
|
3c9aeeb09ac8
Tests: proxy_ssl_name and proxy_ssl_verify tests.
Maxim Dounin <mdounin@mdounin.ru>
parents:
diff
changeset
|
11 use strict; |
|
3c9aeeb09ac8
Tests: proxy_ssl_name and proxy_ssl_verify tests.
Maxim Dounin <mdounin@mdounin.ru>
parents:
diff
changeset
|
12 |
|
3c9aeeb09ac8
Tests: proxy_ssl_name and proxy_ssl_verify tests.
Maxim Dounin <mdounin@mdounin.ru>
parents:
diff
changeset
|
13 use Test::More; |
|
3c9aeeb09ac8
Tests: proxy_ssl_name and proxy_ssl_verify tests.
Maxim Dounin <mdounin@mdounin.ru>
parents:
diff
changeset
|
14 |
|
3c9aeeb09ac8
Tests: proxy_ssl_name and proxy_ssl_verify tests.
Maxim Dounin <mdounin@mdounin.ru>
parents:
diff
changeset
|
15 BEGIN { use FindBin; chdir($FindBin::Bin); } |
|
3c9aeeb09ac8
Tests: proxy_ssl_name and proxy_ssl_verify tests.
Maxim Dounin <mdounin@mdounin.ru>
parents:
diff
changeset
|
16 |
|
3c9aeeb09ac8
Tests: proxy_ssl_name and proxy_ssl_verify tests.
Maxim Dounin <mdounin@mdounin.ru>
parents:
diff
changeset
|
17 use lib 'lib'; |
|
3c9aeeb09ac8
Tests: proxy_ssl_name and proxy_ssl_verify tests.
Maxim Dounin <mdounin@mdounin.ru>
parents:
diff
changeset
|
18 use Test::Nginx; |
|
3c9aeeb09ac8
Tests: proxy_ssl_name and proxy_ssl_verify tests.
Maxim Dounin <mdounin@mdounin.ru>
parents:
diff
changeset
|
19 |
|
3c9aeeb09ac8
Tests: proxy_ssl_name and proxy_ssl_verify tests.
Maxim Dounin <mdounin@mdounin.ru>
parents:
diff
changeset
|
20 ############################################################################### |
|
3c9aeeb09ac8
Tests: proxy_ssl_name and proxy_ssl_verify tests.
Maxim Dounin <mdounin@mdounin.ru>
parents:
diff
changeset
|
21 |
|
3c9aeeb09ac8
Tests: proxy_ssl_name and proxy_ssl_verify tests.
Maxim Dounin <mdounin@mdounin.ru>
parents:
diff
changeset
|
22 select STDERR; $| = 1; |
|
3c9aeeb09ac8
Tests: proxy_ssl_name and proxy_ssl_verify tests.
Maxim Dounin <mdounin@mdounin.ru>
parents:
diff
changeset
|
23 select STDOUT; $| = 1; |
|
3c9aeeb09ac8
Tests: proxy_ssl_name and proxy_ssl_verify tests.
Maxim Dounin <mdounin@mdounin.ru>
parents:
diff
changeset
|
24 |
|
3c9aeeb09ac8
Tests: proxy_ssl_name and proxy_ssl_verify tests.
Maxim Dounin <mdounin@mdounin.ru>
parents:
diff
changeset
|
25 my $t = Test::Nginx->new()->has(qw/http http_ssl proxy/) |
|
568
907e89fba9c3
Tests: removed TODO and try_run() checks for legacy versions.
Sergey Kandaurov <pluknet@nginx.com>
parents:
393
diff
changeset
|
26 ->has_daemon('openssl')->plan(6) |
|
393
3c9aeeb09ac8
Tests: proxy_ssl_name and proxy_ssl_verify tests.
Maxim Dounin <mdounin@mdounin.ru>
parents:
diff
changeset
|
27 ->write_file_expand('nginx.conf', <<'EOF'); |
|
3c9aeeb09ac8
Tests: proxy_ssl_name and proxy_ssl_verify tests.
Maxim Dounin <mdounin@mdounin.ru>
parents:
diff
changeset
|
28 |
|
3c9aeeb09ac8
Tests: proxy_ssl_name and proxy_ssl_verify tests.
Maxim Dounin <mdounin@mdounin.ru>
parents:
diff
changeset
|
29 %%TEST_GLOBALS%% |
|
3c9aeeb09ac8
Tests: proxy_ssl_name and proxy_ssl_verify tests.
Maxim Dounin <mdounin@mdounin.ru>
parents:
diff
changeset
|
30 |
|
3c9aeeb09ac8
Tests: proxy_ssl_name and proxy_ssl_verify tests.
Maxim Dounin <mdounin@mdounin.ru>
parents:
diff
changeset
|
31 daemon off; |
|
3c9aeeb09ac8
Tests: proxy_ssl_name and proxy_ssl_verify tests.
Maxim Dounin <mdounin@mdounin.ru>
parents:
diff
changeset
|
32 |
|
3c9aeeb09ac8
Tests: proxy_ssl_name and proxy_ssl_verify tests.
Maxim Dounin <mdounin@mdounin.ru>
parents:
diff
changeset
|
33 events { |
|
3c9aeeb09ac8
Tests: proxy_ssl_name and proxy_ssl_verify tests.
Maxim Dounin <mdounin@mdounin.ru>
parents:
diff
changeset
|
34 } |
|
3c9aeeb09ac8
Tests: proxy_ssl_name and proxy_ssl_verify tests.
Maxim Dounin <mdounin@mdounin.ru>
parents:
diff
changeset
|
35 |
|
3c9aeeb09ac8
Tests: proxy_ssl_name and proxy_ssl_verify tests.
Maxim Dounin <mdounin@mdounin.ru>
parents:
diff
changeset
|
36 http { |
|
3c9aeeb09ac8
Tests: proxy_ssl_name and proxy_ssl_verify tests.
Maxim Dounin <mdounin@mdounin.ru>
parents:
diff
changeset
|
37 %%TEST_GLOBALS_HTTP%% |
|
3c9aeeb09ac8
Tests: proxy_ssl_name and proxy_ssl_verify tests.
Maxim Dounin <mdounin@mdounin.ru>
parents:
diff
changeset
|
38 |
|
3c9aeeb09ac8
Tests: proxy_ssl_name and proxy_ssl_verify tests.
Maxim Dounin <mdounin@mdounin.ru>
parents:
diff
changeset
|
39 server { |
|
974
882267679006
Tests: simplified parallel modifications in tests.
Andrey Zelenkov <zelenkov@nginx.com>
parents:
952
diff
changeset
|
40 listen 127.0.0.1:8080; |
|
393
3c9aeeb09ac8
Tests: proxy_ssl_name and proxy_ssl_verify tests.
Maxim Dounin <mdounin@mdounin.ru>
parents:
diff
changeset
|
41 server_name localhost; |
|
3c9aeeb09ac8
Tests: proxy_ssl_name and proxy_ssl_verify tests.
Maxim Dounin <mdounin@mdounin.ru>
parents:
diff
changeset
|
42 |
|
3c9aeeb09ac8
Tests: proxy_ssl_name and proxy_ssl_verify tests.
Maxim Dounin <mdounin@mdounin.ru>
parents:
diff
changeset
|
43 location /verify { |
|
974
882267679006
Tests: simplified parallel modifications in tests.
Andrey Zelenkov <zelenkov@nginx.com>
parents:
952
diff
changeset
|
44 proxy_pass https://127.0.0.1:8081/; |
|
393
3c9aeeb09ac8
Tests: proxy_ssl_name and proxy_ssl_verify tests.
Maxim Dounin <mdounin@mdounin.ru>
parents:
diff
changeset
|
45 proxy_ssl_name example.com; |
|
3c9aeeb09ac8
Tests: proxy_ssl_name and proxy_ssl_verify tests.
Maxim Dounin <mdounin@mdounin.ru>
parents:
diff
changeset
|
46 proxy_ssl_verify on; |
|
3c9aeeb09ac8
Tests: proxy_ssl_name and proxy_ssl_verify tests.
Maxim Dounin <mdounin@mdounin.ru>
parents:
diff
changeset
|
47 proxy_ssl_trusted_certificate 1.example.com.crt; |
|
3c9aeeb09ac8
Tests: proxy_ssl_name and proxy_ssl_verify tests.
Maxim Dounin <mdounin@mdounin.ru>
parents:
diff
changeset
|
48 } |
|
3c9aeeb09ac8
Tests: proxy_ssl_name and proxy_ssl_verify tests.
Maxim Dounin <mdounin@mdounin.ru>
parents:
diff
changeset
|
49 |
|
3c9aeeb09ac8
Tests: proxy_ssl_name and proxy_ssl_verify tests.
Maxim Dounin <mdounin@mdounin.ru>
parents:
diff
changeset
|
50 location /wildcard { |
|
974
882267679006
Tests: simplified parallel modifications in tests.
Andrey Zelenkov <zelenkov@nginx.com>
parents:
952
diff
changeset
|
51 proxy_pass https://127.0.0.1:8081/; |
|
393
3c9aeeb09ac8
Tests: proxy_ssl_name and proxy_ssl_verify tests.
Maxim Dounin <mdounin@mdounin.ru>
parents:
diff
changeset
|
52 proxy_ssl_name foo.example.com; |
|
3c9aeeb09ac8
Tests: proxy_ssl_name and proxy_ssl_verify tests.
Maxim Dounin <mdounin@mdounin.ru>
parents:
diff
changeset
|
53 proxy_ssl_verify on; |
|
3c9aeeb09ac8
Tests: proxy_ssl_name and proxy_ssl_verify tests.
Maxim Dounin <mdounin@mdounin.ru>
parents:
diff
changeset
|
54 proxy_ssl_trusted_certificate 1.example.com.crt; |
|
3c9aeeb09ac8
Tests: proxy_ssl_name and proxy_ssl_verify tests.
Maxim Dounin <mdounin@mdounin.ru>
parents:
diff
changeset
|
55 } |
|
3c9aeeb09ac8
Tests: proxy_ssl_name and proxy_ssl_verify tests.
Maxim Dounin <mdounin@mdounin.ru>
parents:
diff
changeset
|
56 |
|
3c9aeeb09ac8
Tests: proxy_ssl_name and proxy_ssl_verify tests.
Maxim Dounin <mdounin@mdounin.ru>
parents:
diff
changeset
|
57 location /fail { |
|
974
882267679006
Tests: simplified parallel modifications in tests.
Andrey Zelenkov <zelenkov@nginx.com>
parents:
952
diff
changeset
|
58 proxy_pass https://127.0.0.1:8081/; |
|
393
3c9aeeb09ac8
Tests: proxy_ssl_name and proxy_ssl_verify tests.
Maxim Dounin <mdounin@mdounin.ru>
parents:
diff
changeset
|
59 proxy_ssl_name no.match.example.com; |
|
3c9aeeb09ac8
Tests: proxy_ssl_name and proxy_ssl_verify tests.
Maxim Dounin <mdounin@mdounin.ru>
parents:
diff
changeset
|
60 proxy_ssl_verify on; |
|
3c9aeeb09ac8
Tests: proxy_ssl_name and proxy_ssl_verify tests.
Maxim Dounin <mdounin@mdounin.ru>
parents:
diff
changeset
|
61 proxy_ssl_trusted_certificate 1.example.com.crt; |
|
3c9aeeb09ac8
Tests: proxy_ssl_name and proxy_ssl_verify tests.
Maxim Dounin <mdounin@mdounin.ru>
parents:
diff
changeset
|
62 } |
|
3c9aeeb09ac8
Tests: proxy_ssl_name and proxy_ssl_verify tests.
Maxim Dounin <mdounin@mdounin.ru>
parents:
diff
changeset
|
63 |
|
3c9aeeb09ac8
Tests: proxy_ssl_name and proxy_ssl_verify tests.
Maxim Dounin <mdounin@mdounin.ru>
parents:
diff
changeset
|
64 location /cn { |
|
974
882267679006
Tests: simplified parallel modifications in tests.
Andrey Zelenkov <zelenkov@nginx.com>
parents:
952
diff
changeset
|
65 proxy_pass https://127.0.0.1:8082/; |
|
393
3c9aeeb09ac8
Tests: proxy_ssl_name and proxy_ssl_verify tests.
Maxim Dounin <mdounin@mdounin.ru>
parents:
diff
changeset
|
66 proxy_ssl_name 2.example.com; |
|
3c9aeeb09ac8
Tests: proxy_ssl_name and proxy_ssl_verify tests.
Maxim Dounin <mdounin@mdounin.ru>
parents:
diff
changeset
|
67 proxy_ssl_verify on; |
|
3c9aeeb09ac8
Tests: proxy_ssl_name and proxy_ssl_verify tests.
Maxim Dounin <mdounin@mdounin.ru>
parents:
diff
changeset
|
68 proxy_ssl_trusted_certificate 2.example.com.crt; |
|
3c9aeeb09ac8
Tests: proxy_ssl_name and proxy_ssl_verify tests.
Maxim Dounin <mdounin@mdounin.ru>
parents:
diff
changeset
|
69 } |
|
3c9aeeb09ac8
Tests: proxy_ssl_name and proxy_ssl_verify tests.
Maxim Dounin <mdounin@mdounin.ru>
parents:
diff
changeset
|
70 |
|
3c9aeeb09ac8
Tests: proxy_ssl_name and proxy_ssl_verify tests.
Maxim Dounin <mdounin@mdounin.ru>
parents:
diff
changeset
|
71 location /cn/fail { |
|
974
882267679006
Tests: simplified parallel modifications in tests.
Andrey Zelenkov <zelenkov@nginx.com>
parents:
952
diff
changeset
|
72 proxy_pass https://127.0.0.1:8082/; |
|
393
3c9aeeb09ac8
Tests: proxy_ssl_name and proxy_ssl_verify tests.
Maxim Dounin <mdounin@mdounin.ru>
parents:
diff
changeset
|
73 proxy_ssl_name bad.example.com; |
|
3c9aeeb09ac8
Tests: proxy_ssl_name and proxy_ssl_verify tests.
Maxim Dounin <mdounin@mdounin.ru>
parents:
diff
changeset
|
74 proxy_ssl_verify on; |
|
3c9aeeb09ac8
Tests: proxy_ssl_name and proxy_ssl_verify tests.
Maxim Dounin <mdounin@mdounin.ru>
parents:
diff
changeset
|
75 proxy_ssl_trusted_certificate 2.example.com.crt; |
|
3c9aeeb09ac8
Tests: proxy_ssl_name and proxy_ssl_verify tests.
Maxim Dounin <mdounin@mdounin.ru>
parents:
diff
changeset
|
76 } |
|
3c9aeeb09ac8
Tests: proxy_ssl_name and proxy_ssl_verify tests.
Maxim Dounin <mdounin@mdounin.ru>
parents:
diff
changeset
|
77 |
|
3c9aeeb09ac8
Tests: proxy_ssl_name and proxy_ssl_verify tests.
Maxim Dounin <mdounin@mdounin.ru>
parents:
diff
changeset
|
78 location /untrusted { |
|
974
882267679006
Tests: simplified parallel modifications in tests.
Andrey Zelenkov <zelenkov@nginx.com>
parents:
952
diff
changeset
|
79 proxy_pass https://127.0.0.1:8082/; |
|
393
3c9aeeb09ac8
Tests: proxy_ssl_name and proxy_ssl_verify tests.
Maxim Dounin <mdounin@mdounin.ru>
parents:
diff
changeset
|
80 proxy_ssl_verify on; |
|
3c9aeeb09ac8
Tests: proxy_ssl_name and proxy_ssl_verify tests.
Maxim Dounin <mdounin@mdounin.ru>
parents:
diff
changeset
|
81 proxy_ssl_trusted_certificate 1.example.com.crt; |
|
3c9aeeb09ac8
Tests: proxy_ssl_name and proxy_ssl_verify tests.
Maxim Dounin <mdounin@mdounin.ru>
parents:
diff
changeset
|
82 proxy_ssl_session_reuse off; |
|
3c9aeeb09ac8
Tests: proxy_ssl_name and proxy_ssl_verify tests.
Maxim Dounin <mdounin@mdounin.ru>
parents:
diff
changeset
|
83 } |
|
3c9aeeb09ac8
Tests: proxy_ssl_name and proxy_ssl_verify tests.
Maxim Dounin <mdounin@mdounin.ru>
parents:
diff
changeset
|
84 } |
|
3c9aeeb09ac8
Tests: proxy_ssl_name and proxy_ssl_verify tests.
Maxim Dounin <mdounin@mdounin.ru>
parents:
diff
changeset
|
85 |
|
3c9aeeb09ac8
Tests: proxy_ssl_name and proxy_ssl_verify tests.
Maxim Dounin <mdounin@mdounin.ru>
parents:
diff
changeset
|
86 server { |
|
974
882267679006
Tests: simplified parallel modifications in tests.
Andrey Zelenkov <zelenkov@nginx.com>
parents:
952
diff
changeset
|
87 listen 127.0.0.1:8081 ssl; |
|
393
3c9aeeb09ac8
Tests: proxy_ssl_name and proxy_ssl_verify tests.
Maxim Dounin <mdounin@mdounin.ru>
parents:
diff
changeset
|
88 server_name 1.example.com; |
|
3c9aeeb09ac8
Tests: proxy_ssl_name and proxy_ssl_verify tests.
Maxim Dounin <mdounin@mdounin.ru>
parents:
diff
changeset
|
89 |
|
3c9aeeb09ac8
Tests: proxy_ssl_name and proxy_ssl_verify tests.
Maxim Dounin <mdounin@mdounin.ru>
parents:
diff
changeset
|
90 ssl_certificate 1.example.com.crt; |
|
3c9aeeb09ac8
Tests: proxy_ssl_name and proxy_ssl_verify tests.
Maxim Dounin <mdounin@mdounin.ru>
parents:
diff
changeset
|
91 ssl_certificate_key 1.example.com.key; |
|
3c9aeeb09ac8
Tests: proxy_ssl_name and proxy_ssl_verify tests.
Maxim Dounin <mdounin@mdounin.ru>
parents:
diff
changeset
|
92 |
|
3c9aeeb09ac8
Tests: proxy_ssl_name and proxy_ssl_verify tests.
Maxim Dounin <mdounin@mdounin.ru>
parents:
diff
changeset
|
93 add_header X-Name $ssl_server_name; |
|
3c9aeeb09ac8
Tests: proxy_ssl_name and proxy_ssl_verify tests.
Maxim Dounin <mdounin@mdounin.ru>
parents:
diff
changeset
|
94 } |
|
3c9aeeb09ac8
Tests: proxy_ssl_name and proxy_ssl_verify tests.
Maxim Dounin <mdounin@mdounin.ru>
parents:
diff
changeset
|
95 |
|
3c9aeeb09ac8
Tests: proxy_ssl_name and proxy_ssl_verify tests.
Maxim Dounin <mdounin@mdounin.ru>
parents:
diff
changeset
|
96 server { |
|
974
882267679006
Tests: simplified parallel modifications in tests.
Andrey Zelenkov <zelenkov@nginx.com>
parents:
952
diff
changeset
|
97 listen 127.0.0.1:8082 ssl; |
|
393
3c9aeeb09ac8
Tests: proxy_ssl_name and proxy_ssl_verify tests.
Maxim Dounin <mdounin@mdounin.ru>
parents:
diff
changeset
|
98 server_name 2.example.com; |
|
3c9aeeb09ac8
Tests: proxy_ssl_name and proxy_ssl_verify tests.
Maxim Dounin <mdounin@mdounin.ru>
parents:
diff
changeset
|
99 |
|
3c9aeeb09ac8
Tests: proxy_ssl_name and proxy_ssl_verify tests.
Maxim Dounin <mdounin@mdounin.ru>
parents:
diff
changeset
|
100 ssl_certificate 2.example.com.crt; |
|
3c9aeeb09ac8
Tests: proxy_ssl_name and proxy_ssl_verify tests.
Maxim Dounin <mdounin@mdounin.ru>
parents:
diff
changeset
|
101 ssl_certificate_key 2.example.com.key; |
|
3c9aeeb09ac8
Tests: proxy_ssl_name and proxy_ssl_verify tests.
Maxim Dounin <mdounin@mdounin.ru>
parents:
diff
changeset
|
102 |
|
3c9aeeb09ac8
Tests: proxy_ssl_name and proxy_ssl_verify tests.
Maxim Dounin <mdounin@mdounin.ru>
parents:
diff
changeset
|
103 add_header X-Name $ssl_server_name; |
|
3c9aeeb09ac8
Tests: proxy_ssl_name and proxy_ssl_verify tests.
Maxim Dounin <mdounin@mdounin.ru>
parents:
diff
changeset
|
104 } |
|
3c9aeeb09ac8
Tests: proxy_ssl_name and proxy_ssl_verify tests.
Maxim Dounin <mdounin@mdounin.ru>
parents:
diff
changeset
|
105 } |
|
3c9aeeb09ac8
Tests: proxy_ssl_name and proxy_ssl_verify tests.
Maxim Dounin <mdounin@mdounin.ru>
parents:
diff
changeset
|
106 |
|
3c9aeeb09ac8
Tests: proxy_ssl_name and proxy_ssl_verify tests.
Maxim Dounin <mdounin@mdounin.ru>
parents:
diff
changeset
|
107 EOF |
|
3c9aeeb09ac8
Tests: proxy_ssl_name and proxy_ssl_verify tests.
Maxim Dounin <mdounin@mdounin.ru>
parents:
diff
changeset
|
108 |
|
3c9aeeb09ac8
Tests: proxy_ssl_name and proxy_ssl_verify tests.
Maxim Dounin <mdounin@mdounin.ru>
parents:
diff
changeset
|
109 $t->write_file('openssl.1.example.com.conf', <<EOF); |
|
3c9aeeb09ac8
Tests: proxy_ssl_name and proxy_ssl_verify tests.
Maxim Dounin <mdounin@mdounin.ru>
parents:
diff
changeset
|
110 [ req ] |
|
3c9aeeb09ac8
Tests: proxy_ssl_name and proxy_ssl_verify tests.
Maxim Dounin <mdounin@mdounin.ru>
parents:
diff
changeset
|
111 prompt = no |
|
3c9aeeb09ac8
Tests: proxy_ssl_name and proxy_ssl_verify tests.
Maxim Dounin <mdounin@mdounin.ru>
parents:
diff
changeset
|
112 default_bits = 1024 |
|
3c9aeeb09ac8
Tests: proxy_ssl_name and proxy_ssl_verify tests.
Maxim Dounin <mdounin@mdounin.ru>
parents:
diff
changeset
|
113 encrypt_key = no |
|
3c9aeeb09ac8
Tests: proxy_ssl_name and proxy_ssl_verify tests.
Maxim Dounin <mdounin@mdounin.ru>
parents:
diff
changeset
|
114 distinguished_name = req_distinguished_name |
|
3c9aeeb09ac8
Tests: proxy_ssl_name and proxy_ssl_verify tests.
Maxim Dounin <mdounin@mdounin.ru>
parents:
diff
changeset
|
115 x509_extensions = v3_req |
|
3c9aeeb09ac8
Tests: proxy_ssl_name and proxy_ssl_verify tests.
Maxim Dounin <mdounin@mdounin.ru>
parents:
diff
changeset
|
116 |
|
3c9aeeb09ac8
Tests: proxy_ssl_name and proxy_ssl_verify tests.
Maxim Dounin <mdounin@mdounin.ru>
parents:
diff
changeset
|
117 [ req_distinguished_name ] |
|
3c9aeeb09ac8
Tests: proxy_ssl_name and proxy_ssl_verify tests.
Maxim Dounin <mdounin@mdounin.ru>
parents:
diff
changeset
|
118 commonName=no.match.example.com |
|
3c9aeeb09ac8
Tests: proxy_ssl_name and proxy_ssl_verify tests.
Maxim Dounin <mdounin@mdounin.ru>
parents:
diff
changeset
|
119 |
|
3c9aeeb09ac8
Tests: proxy_ssl_name and proxy_ssl_verify tests.
Maxim Dounin <mdounin@mdounin.ru>
parents:
diff
changeset
|
120 [ v3_req ] |
|
3c9aeeb09ac8
Tests: proxy_ssl_name and proxy_ssl_verify tests.
Maxim Dounin <mdounin@mdounin.ru>
parents:
diff
changeset
|
121 subjectAltName = DNS:example.com,DNS:*.example.com |
|
3c9aeeb09ac8
Tests: proxy_ssl_name and proxy_ssl_verify tests.
Maxim Dounin <mdounin@mdounin.ru>
parents:
diff
changeset
|
122 EOF |
|
3c9aeeb09ac8
Tests: proxy_ssl_name and proxy_ssl_verify tests.
Maxim Dounin <mdounin@mdounin.ru>
parents:
diff
changeset
|
123 |
|
3c9aeeb09ac8
Tests: proxy_ssl_name and proxy_ssl_verify tests.
Maxim Dounin <mdounin@mdounin.ru>
parents:
diff
changeset
|
124 $t->write_file('openssl.2.example.com.conf', <<EOF); |
|
3c9aeeb09ac8
Tests: proxy_ssl_name and proxy_ssl_verify tests.
Maxim Dounin <mdounin@mdounin.ru>
parents:
diff
changeset
|
125 [ req ] |
|
3c9aeeb09ac8
Tests: proxy_ssl_name and proxy_ssl_verify tests.
Maxim Dounin <mdounin@mdounin.ru>
parents:
diff
changeset
|
126 prompt = no |
|
3c9aeeb09ac8
Tests: proxy_ssl_name and proxy_ssl_verify tests.
Maxim Dounin <mdounin@mdounin.ru>
parents:
diff
changeset
|
127 default_bits = 1024 |
|
3c9aeeb09ac8
Tests: proxy_ssl_name and proxy_ssl_verify tests.
Maxim Dounin <mdounin@mdounin.ru>
parents:
diff
changeset
|
128 encrypt_key = no |
|
3c9aeeb09ac8
Tests: proxy_ssl_name and proxy_ssl_verify tests.
Maxim Dounin <mdounin@mdounin.ru>
parents:
diff
changeset
|
129 distinguished_name = req_distinguished_name |
|
3c9aeeb09ac8
Tests: proxy_ssl_name and proxy_ssl_verify tests.
Maxim Dounin <mdounin@mdounin.ru>
parents:
diff
changeset
|
130 |
|
3c9aeeb09ac8
Tests: proxy_ssl_name and proxy_ssl_verify tests.
Maxim Dounin <mdounin@mdounin.ru>
parents:
diff
changeset
|
131 [ req_distinguished_name ] |
|
3c9aeeb09ac8
Tests: proxy_ssl_name and proxy_ssl_verify tests.
Maxim Dounin <mdounin@mdounin.ru>
parents:
diff
changeset
|
132 commonName=2.example.com |
|
3c9aeeb09ac8
Tests: proxy_ssl_name and proxy_ssl_verify tests.
Maxim Dounin <mdounin@mdounin.ru>
parents:
diff
changeset
|
133 EOF |
|
3c9aeeb09ac8
Tests: proxy_ssl_name and proxy_ssl_verify tests.
Maxim Dounin <mdounin@mdounin.ru>
parents:
diff
changeset
|
134 |
|
3c9aeeb09ac8
Tests: proxy_ssl_name and proxy_ssl_verify tests.
Maxim Dounin <mdounin@mdounin.ru>
parents:
diff
changeset
|
135 my $d = $t->testdir(); |
|
3c9aeeb09ac8
Tests: proxy_ssl_name and proxy_ssl_verify tests.
Maxim Dounin <mdounin@mdounin.ru>
parents:
diff
changeset
|
136 |
|
3c9aeeb09ac8
Tests: proxy_ssl_name and proxy_ssl_verify tests.
Maxim Dounin <mdounin@mdounin.ru>
parents:
diff
changeset
|
137 foreach my $name ('1.example.com', '2.example.com') { |
|
3c9aeeb09ac8
Tests: proxy_ssl_name and proxy_ssl_verify tests.
Maxim Dounin <mdounin@mdounin.ru>
parents:
diff
changeset
|
138 system('openssl req -x509 -new ' |
|
3c9aeeb09ac8
Tests: proxy_ssl_name and proxy_ssl_verify tests.
Maxim Dounin <mdounin@mdounin.ru>
parents:
diff
changeset
|
139 . "-config '$d/openssl.$name.conf' " |
|
3c9aeeb09ac8
Tests: proxy_ssl_name and proxy_ssl_verify tests.
Maxim Dounin <mdounin@mdounin.ru>
parents:
diff
changeset
|
140 . "-out '$d/$name.crt' -keyout '$d/$name.key' " |
|
3c9aeeb09ac8
Tests: proxy_ssl_name and proxy_ssl_verify tests.
Maxim Dounin <mdounin@mdounin.ru>
parents:
diff
changeset
|
141 . ">>$d/openssl.out 2>&1") == 0 |
|
3c9aeeb09ac8
Tests: proxy_ssl_name and proxy_ssl_verify tests.
Maxim Dounin <mdounin@mdounin.ru>
parents:
diff
changeset
|
142 or die "Can't create certificate for $name: $!\n"; |
|
3c9aeeb09ac8
Tests: proxy_ssl_name and proxy_ssl_verify tests.
Maxim Dounin <mdounin@mdounin.ru>
parents:
diff
changeset
|
143 } |
|
3c9aeeb09ac8
Tests: proxy_ssl_name and proxy_ssl_verify tests.
Maxim Dounin <mdounin@mdounin.ru>
parents:
diff
changeset
|
144 |
|
3c9aeeb09ac8
Tests: proxy_ssl_name and proxy_ssl_verify tests.
Maxim Dounin <mdounin@mdounin.ru>
parents:
diff
changeset
|
145 $t->write_file('index.html', ''); |
|
3c9aeeb09ac8
Tests: proxy_ssl_name and proxy_ssl_verify tests.
Maxim Dounin <mdounin@mdounin.ru>
parents:
diff
changeset
|
146 |
|
568
907e89fba9c3
Tests: removed TODO and try_run() checks for legacy versions.
Sergey Kandaurov <pluknet@nginx.com>
parents:
393
diff
changeset
|
147 $t->run(); |
|
393
3c9aeeb09ac8
Tests: proxy_ssl_name and proxy_ssl_verify tests.
Maxim Dounin <mdounin@mdounin.ru>
parents:
diff
changeset
|
148 |
|
3c9aeeb09ac8
Tests: proxy_ssl_name and proxy_ssl_verify tests.
Maxim Dounin <mdounin@mdounin.ru>
parents:
diff
changeset
|
149 ############################################################################### |
|
3c9aeeb09ac8
Tests: proxy_ssl_name and proxy_ssl_verify tests.
Maxim Dounin <mdounin@mdounin.ru>
parents:
diff
changeset
|
150 |
|
3c9aeeb09ac8
Tests: proxy_ssl_name and proxy_ssl_verify tests.
Maxim Dounin <mdounin@mdounin.ru>
parents:
diff
changeset
|
151 # subjectAltName |
|
3c9aeeb09ac8
Tests: proxy_ssl_name and proxy_ssl_verify tests.
Maxim Dounin <mdounin@mdounin.ru>
parents:
diff
changeset
|
152 |
|
3c9aeeb09ac8
Tests: proxy_ssl_name and proxy_ssl_verify tests.
Maxim Dounin <mdounin@mdounin.ru>
parents:
diff
changeset
|
153 like(http_get('/verify'), qr/200 OK/ms, 'verify'); |
|
3c9aeeb09ac8
Tests: proxy_ssl_name and proxy_ssl_verify tests.
Maxim Dounin <mdounin@mdounin.ru>
parents:
diff
changeset
|
154 like(http_get('/wildcard'), qr/200 OK/ms, 'verify wildcard'); |
|
3c9aeeb09ac8
Tests: proxy_ssl_name and proxy_ssl_verify tests.
Maxim Dounin <mdounin@mdounin.ru>
parents:
diff
changeset
|
155 like(http_get('/fail'), qr/502 Bad/ms, 'verify fail'); |
|
3c9aeeb09ac8
Tests: proxy_ssl_name and proxy_ssl_verify tests.
Maxim Dounin <mdounin@mdounin.ru>
parents:
diff
changeset
|
156 |
|
3c9aeeb09ac8
Tests: proxy_ssl_name and proxy_ssl_verify tests.
Maxim Dounin <mdounin@mdounin.ru>
parents:
diff
changeset
|
157 # commonName |
|
3c9aeeb09ac8
Tests: proxy_ssl_name and proxy_ssl_verify tests.
Maxim Dounin <mdounin@mdounin.ru>
parents:
diff
changeset
|
158 |
|
3c9aeeb09ac8
Tests: proxy_ssl_name and proxy_ssl_verify tests.
Maxim Dounin <mdounin@mdounin.ru>
parents:
diff
changeset
|
159 like(http_get('/cn'), qr/200 OK/ms, 'verify cn'); |
|
3c9aeeb09ac8
Tests: proxy_ssl_name and proxy_ssl_verify tests.
Maxim Dounin <mdounin@mdounin.ru>
parents:
diff
changeset
|
160 like(http_get('/cn/fail'), qr/502 Bad/ms, 'verify cn fail'); |
|
3c9aeeb09ac8
Tests: proxy_ssl_name and proxy_ssl_verify tests.
Maxim Dounin <mdounin@mdounin.ru>
parents:
diff
changeset
|
161 |
|
3c9aeeb09ac8
Tests: proxy_ssl_name and proxy_ssl_verify tests.
Maxim Dounin <mdounin@mdounin.ru>
parents:
diff
changeset
|
162 # untrusted |
|
3c9aeeb09ac8
Tests: proxy_ssl_name and proxy_ssl_verify tests.
Maxim Dounin <mdounin@mdounin.ru>
parents:
diff
changeset
|
163 |
|
3c9aeeb09ac8
Tests: proxy_ssl_name and proxy_ssl_verify tests.
Maxim Dounin <mdounin@mdounin.ru>
parents:
diff
changeset
|
164 like(http_get('/untrusted'), qr/502 Bad/ms, 'untrusted'); |
|
3c9aeeb09ac8
Tests: proxy_ssl_name and proxy_ssl_verify tests.
Maxim Dounin <mdounin@mdounin.ru>
parents:
diff
changeset
|
165 |
|
3c9aeeb09ac8
Tests: proxy_ssl_name and proxy_ssl_verify tests.
Maxim Dounin <mdounin@mdounin.ru>
parents:
diff
changeset
|
166 ############################################################################### |