Mercurial > hg > nginx-tests
annotate proxy_ssl_certificate.t @ 1961:fe6f22da53ec default tip
Tests: tests for usage of discarded body.
The client_max_body_size limit should be ignored when the request body
is already discarded. In HTTP/1.x, this is done by checking the
r->discard_body flag when the body is being discarded, and because
r->headers_in.content_length_n is 0 when it's already discarded. This,
however, does not happen with HTTP/2 and HTTP/3, and therefore
"error_page 413" does not work without relaxing the limit.
Further, with proxy_pass, r->headers_in.content_length_n is used to determine
length of the request body, and therefore is not correct if discarding of
the request body isn't yet complete. While discarding the request body,
r->headers_in.content_length_n contains the rest of the body to discard
(or, in case of chunked request body, the rest of the current chunk to
discard).
Similarly, the $content_length variable uses r->headers_in.content_length
if available, and also incorrect. The $content_length variable is used
when proxying with fastcgi_pass, grpc_pass, and uwsgi_pass (scgi_pass uses
the value calculated based on the actual request body buffers, and therefore
works correctly).
| author | Maxim Dounin <mdounin@mdounin.ru> |
|---|---|
| date | Sat, 27 Apr 2024 18:55:50 +0300 |
| parents | dbce8fb5f5f8 |
| children |
| rev | line source |
|---|---|
|
497
d4330871bfb0
Tests: proxy_ssl_certificate, proxy_ssl_password_file tests.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
1 #!/usr/bin/perl |
|
d4330871bfb0
Tests: proxy_ssl_certificate, proxy_ssl_password_file tests.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
2 |
|
d4330871bfb0
Tests: proxy_ssl_certificate, proxy_ssl_password_file tests.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
3 # (C) Sergey Kandaurov |
|
d4330871bfb0
Tests: proxy_ssl_certificate, proxy_ssl_password_file tests.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
4 # (C) Nginx, Inc. |
|
d4330871bfb0
Tests: proxy_ssl_certificate, proxy_ssl_password_file tests.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
5 |
|
643
02bb93aebaa5
Tests: minor cleanup, no functional changes.
Sergey Kandaurov <pluknet@nginx.com>
parents:
568
diff
changeset
|
6 # Tests for http proxy module with proxy certificate to ssl backend. |
|
497
d4330871bfb0
Tests: proxy_ssl_certificate, proxy_ssl_password_file tests.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
7 # The proxy_ssl_certificate and proxy_ssl_password_file directives. |
|
d4330871bfb0
Tests: proxy_ssl_certificate, proxy_ssl_password_file tests.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
8 |
|
d4330871bfb0
Tests: proxy_ssl_certificate, proxy_ssl_password_file tests.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
9 ############################################################################### |
|
d4330871bfb0
Tests: proxy_ssl_certificate, proxy_ssl_password_file tests.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
10 |
|
d4330871bfb0
Tests: proxy_ssl_certificate, proxy_ssl_password_file tests.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
11 use warnings; |
|
d4330871bfb0
Tests: proxy_ssl_certificate, proxy_ssl_password_file tests.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
12 use strict; |
|
d4330871bfb0
Tests: proxy_ssl_certificate, proxy_ssl_password_file tests.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
13 |
|
d4330871bfb0
Tests: proxy_ssl_certificate, proxy_ssl_password_file tests.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
14 use Test::More; |
|
d4330871bfb0
Tests: proxy_ssl_certificate, proxy_ssl_password_file tests.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
15 |
|
d4330871bfb0
Tests: proxy_ssl_certificate, proxy_ssl_password_file tests.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
16 BEGIN { use FindBin; chdir($FindBin::Bin); } |
|
d4330871bfb0
Tests: proxy_ssl_certificate, proxy_ssl_password_file tests.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
17 |
|
d4330871bfb0
Tests: proxy_ssl_certificate, proxy_ssl_password_file tests.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
18 use lib 'lib'; |
|
d4330871bfb0
Tests: proxy_ssl_certificate, proxy_ssl_password_file tests.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
19 use Test::Nginx; |
|
d4330871bfb0
Tests: proxy_ssl_certificate, proxy_ssl_password_file tests.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
20 |
|
d4330871bfb0
Tests: proxy_ssl_certificate, proxy_ssl_password_file tests.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
21 ############################################################################### |
|
d4330871bfb0
Tests: proxy_ssl_certificate, proxy_ssl_password_file tests.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
22 |
|
d4330871bfb0
Tests: proxy_ssl_certificate, proxy_ssl_password_file tests.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
23 select STDERR; $| = 1; |
|
d4330871bfb0
Tests: proxy_ssl_certificate, proxy_ssl_password_file tests.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
24 select STDOUT; $| = 1; |
|
d4330871bfb0
Tests: proxy_ssl_certificate, proxy_ssl_password_file tests.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
25 |
|
d4330871bfb0
Tests: proxy_ssl_certificate, proxy_ssl_password_file tests.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
26 my $t = Test::Nginx->new()->has(qw/http http_ssl proxy/) |
|
568
907e89fba9c3
Tests: removed TODO and try_run() checks for legacy versions.
Sergey Kandaurov <pluknet@nginx.com>
parents:
497
diff
changeset
|
27 ->has_daemon('openssl')->plan(5); |
|
497
d4330871bfb0
Tests: proxy_ssl_certificate, proxy_ssl_password_file tests.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
28 |
|
568
907e89fba9c3
Tests: removed TODO and try_run() checks for legacy versions.
Sergey Kandaurov <pluknet@nginx.com>
parents:
497
diff
changeset
|
29 $t->write_file_expand('nginx.conf', <<'EOF'); |
|
497
d4330871bfb0
Tests: proxy_ssl_certificate, proxy_ssl_password_file tests.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
30 |
|
d4330871bfb0
Tests: proxy_ssl_certificate, proxy_ssl_password_file tests.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
31 %%TEST_GLOBALS%% |
|
d4330871bfb0
Tests: proxy_ssl_certificate, proxy_ssl_password_file tests.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
32 |
|
d4330871bfb0
Tests: proxy_ssl_certificate, proxy_ssl_password_file tests.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
33 daemon off; |
|
d4330871bfb0
Tests: proxy_ssl_certificate, proxy_ssl_password_file tests.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
34 |
|
d4330871bfb0
Tests: proxy_ssl_certificate, proxy_ssl_password_file tests.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
35 events { |
|
d4330871bfb0
Tests: proxy_ssl_certificate, proxy_ssl_password_file tests.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
36 } |
|
d4330871bfb0
Tests: proxy_ssl_certificate, proxy_ssl_password_file tests.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
37 |
|
d4330871bfb0
Tests: proxy_ssl_certificate, proxy_ssl_password_file tests.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
38 http { |
|
d4330871bfb0
Tests: proxy_ssl_certificate, proxy_ssl_password_file tests.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
39 %%TEST_GLOBALS_HTTP%% |
|
d4330871bfb0
Tests: proxy_ssl_certificate, proxy_ssl_password_file tests.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
40 |
|
d4330871bfb0
Tests: proxy_ssl_certificate, proxy_ssl_password_file tests.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
41 server { |
|
974
882267679006
Tests: simplified parallel modifications in tests.
Andrey Zelenkov <zelenkov@nginx.com>
parents:
952
diff
changeset
|
42 listen 127.0.0.1:8080; |
|
497
d4330871bfb0
Tests: proxy_ssl_certificate, proxy_ssl_password_file tests.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
43 server_name localhost; |
|
d4330871bfb0
Tests: proxy_ssl_certificate, proxy_ssl_password_file tests.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
44 |
|
d4330871bfb0
Tests: proxy_ssl_certificate, proxy_ssl_password_file tests.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
45 proxy_ssl_session_reuse off; |
|
d4330871bfb0
Tests: proxy_ssl_certificate, proxy_ssl_password_file tests.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
46 |
|
d4330871bfb0
Tests: proxy_ssl_certificate, proxy_ssl_password_file tests.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
47 location /verify { |
|
974
882267679006
Tests: simplified parallel modifications in tests.
Andrey Zelenkov <zelenkov@nginx.com>
parents:
952
diff
changeset
|
48 proxy_pass https://127.0.0.1:8081/; |
|
497
d4330871bfb0
Tests: proxy_ssl_certificate, proxy_ssl_password_file tests.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
49 proxy_ssl_certificate 1.example.com.crt; |
|
d4330871bfb0
Tests: proxy_ssl_certificate, proxy_ssl_password_file tests.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
50 proxy_ssl_certificate_key 1.example.com.key; |
|
d4330871bfb0
Tests: proxy_ssl_certificate, proxy_ssl_password_file tests.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
51 } |
|
d4330871bfb0
Tests: proxy_ssl_certificate, proxy_ssl_password_file tests.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
52 |
|
d4330871bfb0
Tests: proxy_ssl_certificate, proxy_ssl_password_file tests.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
53 location /fail { |
|
974
882267679006
Tests: simplified parallel modifications in tests.
Andrey Zelenkov <zelenkov@nginx.com>
parents:
952
diff
changeset
|
54 proxy_pass https://127.0.0.1:8081/; |
|
497
d4330871bfb0
Tests: proxy_ssl_certificate, proxy_ssl_password_file tests.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
55 proxy_ssl_certificate 2.example.com.crt; |
|
d4330871bfb0
Tests: proxy_ssl_certificate, proxy_ssl_password_file tests.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
56 proxy_ssl_certificate_key 2.example.com.key; |
|
d4330871bfb0
Tests: proxy_ssl_certificate, proxy_ssl_password_file tests.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
57 } |
|
d4330871bfb0
Tests: proxy_ssl_certificate, proxy_ssl_password_file tests.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
58 |
|
d4330871bfb0
Tests: proxy_ssl_certificate, proxy_ssl_password_file tests.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
59 location /encrypted { |
|
974
882267679006
Tests: simplified parallel modifications in tests.
Andrey Zelenkov <zelenkov@nginx.com>
parents:
952
diff
changeset
|
60 proxy_pass https://127.0.0.1:8082/; |
|
497
d4330871bfb0
Tests: proxy_ssl_certificate, proxy_ssl_password_file tests.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
61 proxy_ssl_certificate 3.example.com.crt; |
|
d4330871bfb0
Tests: proxy_ssl_certificate, proxy_ssl_password_file tests.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
62 proxy_ssl_certificate_key 3.example.com.key; |
|
d4330871bfb0
Tests: proxy_ssl_certificate, proxy_ssl_password_file tests.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
63 proxy_ssl_password_file password; |
|
d4330871bfb0
Tests: proxy_ssl_certificate, proxy_ssl_password_file tests.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
64 } |
|
d4330871bfb0
Tests: proxy_ssl_certificate, proxy_ssl_password_file tests.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
65 } |
|
d4330871bfb0
Tests: proxy_ssl_certificate, proxy_ssl_password_file tests.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
66 |
|
d4330871bfb0
Tests: proxy_ssl_certificate, proxy_ssl_password_file tests.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
67 server { |
|
974
882267679006
Tests: simplified parallel modifications in tests.
Andrey Zelenkov <zelenkov@nginx.com>
parents:
952
diff
changeset
|
68 listen 127.0.0.1:8081 ssl; |
|
497
d4330871bfb0
Tests: proxy_ssl_certificate, proxy_ssl_password_file tests.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
69 server_name localhost; |
|
d4330871bfb0
Tests: proxy_ssl_certificate, proxy_ssl_password_file tests.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
70 |
|
d4330871bfb0
Tests: proxy_ssl_certificate, proxy_ssl_password_file tests.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
71 ssl_certificate 2.example.com.crt; |
|
d4330871bfb0
Tests: proxy_ssl_certificate, proxy_ssl_password_file tests.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
72 ssl_certificate_key 2.example.com.key; |
|
d4330871bfb0
Tests: proxy_ssl_certificate, proxy_ssl_password_file tests.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
73 |
|
d4330871bfb0
Tests: proxy_ssl_certificate, proxy_ssl_password_file tests.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
74 ssl_verify_client optional_no_ca; |
|
d4330871bfb0
Tests: proxy_ssl_certificate, proxy_ssl_password_file tests.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
75 ssl_trusted_certificate 1.example.com.crt; |
|
d4330871bfb0
Tests: proxy_ssl_certificate, proxy_ssl_password_file tests.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
76 |
|
d4330871bfb0
Tests: proxy_ssl_certificate, proxy_ssl_password_file tests.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
77 location / { |
|
d4330871bfb0
Tests: proxy_ssl_certificate, proxy_ssl_password_file tests.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
78 add_header X-Verify $ssl_client_verify; |
|
d4330871bfb0
Tests: proxy_ssl_certificate, proxy_ssl_password_file tests.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
79 add_header X-Name $ssl_client_s_dn; |
|
d4330871bfb0
Tests: proxy_ssl_certificate, proxy_ssl_password_file tests.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
80 } |
|
d4330871bfb0
Tests: proxy_ssl_certificate, proxy_ssl_password_file tests.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
81 } |
|
d4330871bfb0
Tests: proxy_ssl_certificate, proxy_ssl_password_file tests.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
82 |
|
d4330871bfb0
Tests: proxy_ssl_certificate, proxy_ssl_password_file tests.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
83 server { |
|
974
882267679006
Tests: simplified parallel modifications in tests.
Andrey Zelenkov <zelenkov@nginx.com>
parents:
952
diff
changeset
|
84 listen 127.0.0.1:8082 ssl; |
|
497
d4330871bfb0
Tests: proxy_ssl_certificate, proxy_ssl_password_file tests.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
85 server_name localhost; |
|
d4330871bfb0
Tests: proxy_ssl_certificate, proxy_ssl_password_file tests.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
86 |
|
d4330871bfb0
Tests: proxy_ssl_certificate, proxy_ssl_password_file tests.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
87 ssl_certificate 1.example.com.crt; |
|
d4330871bfb0
Tests: proxy_ssl_certificate, proxy_ssl_password_file tests.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
88 ssl_certificate_key 1.example.com.key; |
|
d4330871bfb0
Tests: proxy_ssl_certificate, proxy_ssl_password_file tests.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
89 |
|
d4330871bfb0
Tests: proxy_ssl_certificate, proxy_ssl_password_file tests.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
90 ssl_verify_client optional_no_ca; |
|
d4330871bfb0
Tests: proxy_ssl_certificate, proxy_ssl_password_file tests.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
91 ssl_trusted_certificate 3.example.com.crt; |
|
d4330871bfb0
Tests: proxy_ssl_certificate, proxy_ssl_password_file tests.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
92 |
|
d4330871bfb0
Tests: proxy_ssl_certificate, proxy_ssl_password_file tests.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
93 location / { |
|
d4330871bfb0
Tests: proxy_ssl_certificate, proxy_ssl_password_file tests.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
94 add_header X-Verify $ssl_client_verify; |
|
d4330871bfb0
Tests: proxy_ssl_certificate, proxy_ssl_password_file tests.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
95 } |
|
d4330871bfb0
Tests: proxy_ssl_certificate, proxy_ssl_password_file tests.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
96 } |
|
d4330871bfb0
Tests: proxy_ssl_certificate, proxy_ssl_password_file tests.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
97 } |
|
d4330871bfb0
Tests: proxy_ssl_certificate, proxy_ssl_password_file tests.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
98 |
|
d4330871bfb0
Tests: proxy_ssl_certificate, proxy_ssl_password_file tests.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
99 EOF |
|
d4330871bfb0
Tests: proxy_ssl_certificate, proxy_ssl_password_file tests.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
100 |
|
d4330871bfb0
Tests: proxy_ssl_certificate, proxy_ssl_password_file tests.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
101 $t->write_file('openssl.conf', <<EOF); |
|
d4330871bfb0
Tests: proxy_ssl_certificate, proxy_ssl_password_file tests.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
102 [ req ] |
|
1488
dbce8fb5f5f8
Tests: align with OpenSSL security level 2.
Sergey Kandaurov <pluknet@nginx.com>
parents:
1260
diff
changeset
|
103 default_bits = 2048 |
|
497
d4330871bfb0
Tests: proxy_ssl_certificate, proxy_ssl_password_file tests.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
104 encrypt_key = no |
|
d4330871bfb0
Tests: proxy_ssl_certificate, proxy_ssl_password_file tests.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
105 distinguished_name = req_distinguished_name |
|
d4330871bfb0
Tests: proxy_ssl_certificate, proxy_ssl_password_file tests.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
106 [ req_distinguished_name ] |
|
d4330871bfb0
Tests: proxy_ssl_certificate, proxy_ssl_password_file tests.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
107 EOF |
|
d4330871bfb0
Tests: proxy_ssl_certificate, proxy_ssl_password_file tests.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
108 |
|
d4330871bfb0
Tests: proxy_ssl_certificate, proxy_ssl_password_file tests.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
109 my $d = $t->testdir(); |
|
d4330871bfb0
Tests: proxy_ssl_certificate, proxy_ssl_password_file tests.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
110 |
|
d4330871bfb0
Tests: proxy_ssl_certificate, proxy_ssl_password_file tests.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
111 foreach my $name ('1.example.com', '2.example.com') { |
|
d4330871bfb0
Tests: proxy_ssl_certificate, proxy_ssl_password_file tests.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
112 system('openssl req -x509 -new ' |
|
1220
0af58b78df35
Tests: removed single quotes from system() calls.
Sergey Kandaurov <pluknet@nginx.com>
parents:
1140
diff
changeset
|
113 . "-config $d/openssl.conf -subj /CN=$name/ " |
|
0af58b78df35
Tests: removed single quotes from system() calls.
Sergey Kandaurov <pluknet@nginx.com>
parents:
1140
diff
changeset
|
114 . "-out $d/$name.crt -keyout $d/$name.key " |
|
497
d4330871bfb0
Tests: proxy_ssl_certificate, proxy_ssl_password_file tests.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
115 . ">>$d/openssl.out 2>&1") == 0 |
|
d4330871bfb0
Tests: proxy_ssl_certificate, proxy_ssl_password_file tests.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
116 or die "Can't create certificate for $name: $!\n"; |
|
d4330871bfb0
Tests: proxy_ssl_certificate, proxy_ssl_password_file tests.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
117 } |
|
d4330871bfb0
Tests: proxy_ssl_certificate, proxy_ssl_password_file tests.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
118 |
|
d4330871bfb0
Tests: proxy_ssl_certificate, proxy_ssl_password_file tests.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
119 foreach my $name ('3.example.com') { |
|
1220
0af58b78df35
Tests: removed single quotes from system() calls.
Sergey Kandaurov <pluknet@nginx.com>
parents:
1140
diff
changeset
|
120 system("openssl genrsa -out $d/$name.key -passout pass:$name " |
|
1488
dbce8fb5f5f8
Tests: align with OpenSSL security level 2.
Sergey Kandaurov <pluknet@nginx.com>
parents:
1260
diff
changeset
|
121 . "-aes128 2048 >>$d/openssl.out 2>&1") == 0 |
|
497
d4330871bfb0
Tests: proxy_ssl_certificate, proxy_ssl_password_file tests.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
122 or die "Can't create private key: $!\n"; |
|
d4330871bfb0
Tests: proxy_ssl_certificate, proxy_ssl_password_file tests.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
123 system('openssl req -x509 -new ' |
|
1220
0af58b78df35
Tests: removed single quotes from system() calls.
Sergey Kandaurov <pluknet@nginx.com>
parents:
1140
diff
changeset
|
124 . "-config $d/openssl.conf -subj /CN=$name/ " |
|
0af58b78df35
Tests: removed single quotes from system() calls.
Sergey Kandaurov <pluknet@nginx.com>
parents:
1140
diff
changeset
|
125 . "-out $d/$name.crt " |
|
0af58b78df35
Tests: removed single quotes from system() calls.
Sergey Kandaurov <pluknet@nginx.com>
parents:
1140
diff
changeset
|
126 . "-key $d/$name.key -passin pass:$name" |
|
497
d4330871bfb0
Tests: proxy_ssl_certificate, proxy_ssl_password_file tests.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
127 . ">>$d/openssl.out 2>&1") == 0 |
|
d4330871bfb0
Tests: proxy_ssl_certificate, proxy_ssl_password_file tests.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
128 or die "Can't create certificate for $name: $!\n"; |
|
d4330871bfb0
Tests: proxy_ssl_certificate, proxy_ssl_password_file tests.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
129 } |
|
d4330871bfb0
Tests: proxy_ssl_certificate, proxy_ssl_password_file tests.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
130 |
|
1260
eadd24ccfda1
Tests: postponed startup in certain ssl certificate tests on win32.
Sergey Kandaurov <pluknet@nginx.com>
parents:
1220
diff
changeset
|
131 sleep 1 if $^O eq 'MSWin32'; |
|
eadd24ccfda1
Tests: postponed startup in certain ssl certificate tests on win32.
Sergey Kandaurov <pluknet@nginx.com>
parents:
1220
diff
changeset
|
132 |
|
497
d4330871bfb0
Tests: proxy_ssl_certificate, proxy_ssl_password_file tests.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
133 $t->write_file('password', '3.example.com'); |
|
d4330871bfb0
Tests: proxy_ssl_certificate, proxy_ssl_password_file tests.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
134 $t->write_file('index.html', ''); |
|
d4330871bfb0
Tests: proxy_ssl_certificate, proxy_ssl_password_file tests.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
135 |
|
d4330871bfb0
Tests: proxy_ssl_certificate, proxy_ssl_password_file tests.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
136 $t->run(); |
|
d4330871bfb0
Tests: proxy_ssl_certificate, proxy_ssl_password_file tests.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
137 |
|
d4330871bfb0
Tests: proxy_ssl_certificate, proxy_ssl_password_file tests.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
138 ############################################################################### |
|
d4330871bfb0
Tests: proxy_ssl_certificate, proxy_ssl_password_file tests.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
139 |
|
d4330871bfb0
Tests: proxy_ssl_certificate, proxy_ssl_password_file tests.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
140 like(http_get('/verify'), qr/X-Verify: SUCCESS/ms, 'verify certificate'); |
|
d4330871bfb0
Tests: proxy_ssl_certificate, proxy_ssl_password_file tests.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
141 like(http_get('/fail'), qr/X-Verify: FAILED/ms, 'fail certificate'); |
|
d4330871bfb0
Tests: proxy_ssl_certificate, proxy_ssl_password_file tests.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
142 like(http_get('/encrypted'), qr/X-Verify: SUCCESS/ms, 'with encrypted key'); |
|
d4330871bfb0
Tests: proxy_ssl_certificate, proxy_ssl_password_file tests.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
143 |
|
1069
1b11a12be179
Tests: pass both issuer/subject variable formats where appropriate.
Sergey Kandaurov <pluknet@nginx.com>
parents:
1039
diff
changeset
|
144 like(http_get('/verify'), qr!X-Name: /?CN=1.example!, 'valid certificate'); |
|
1b11a12be179
Tests: pass both issuer/subject variable formats where appropriate.
Sergey Kandaurov <pluknet@nginx.com>
parents:
1039
diff
changeset
|
145 unlike(http_get('/fail'), qr!X-Name: /?CN=1.example!, 'invalid certificate'); |
|
497
d4330871bfb0
Tests: proxy_ssl_certificate, proxy_ssl_password_file tests.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
146 |
|
d4330871bfb0
Tests: proxy_ssl_certificate, proxy_ssl_password_file tests.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
147 ############################################################################### |