Mercurial > hg > nginx-tests
annotate ssl_certificates.t @ 1999:15f538440a77 default tip
Tests: adjusted proxy_cache_use_stale.t cache validity.
At least the "s-w-r - updating stale" test sometimes fails on slow
hosts due to "stale-while-revalidate=4" being not enough, so the request
returns with the EXPIRED cache status instead of STALE.
Fix is to use larger "stale-while-revalidate=" times where it is not
significant.
author | Maxim Dounin <mdounin@mdounin.ru> |
---|---|
date | Fri, 09 Aug 2024 18:37:25 +0300 |
parents | 94e0390dc64f |
children |
rev | line source |
---|---|
930
183a6b1f3fa5
Tests: http ssl tests with multiple certificates (ticket #814).
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
1 #!/usr/bin/perl |
183a6b1f3fa5
Tests: http ssl tests with multiple certificates (ticket #814).
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
2 |
183a6b1f3fa5
Tests: http ssl tests with multiple certificates (ticket #814).
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
3 # (C) Sergey Kandaurov |
183a6b1f3fa5
Tests: http ssl tests with multiple certificates (ticket #814).
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
4 # (C) Nginx, Inc. |
183a6b1f3fa5
Tests: http ssl tests with multiple certificates (ticket #814).
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
5 |
183a6b1f3fa5
Tests: http ssl tests with multiple certificates (ticket #814).
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
6 # Tests for http ssl module with multiple certificates. |
183a6b1f3fa5
Tests: http ssl tests with multiple certificates (ticket #814).
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
7 |
183a6b1f3fa5
Tests: http ssl tests with multiple certificates (ticket #814).
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
8 ############################################################################### |
183a6b1f3fa5
Tests: http ssl tests with multiple certificates (ticket #814).
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
9 |
183a6b1f3fa5
Tests: http ssl tests with multiple certificates (ticket #814).
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
10 use warnings; |
183a6b1f3fa5
Tests: http ssl tests with multiple certificates (ticket #814).
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
11 use strict; |
183a6b1f3fa5
Tests: http ssl tests with multiple certificates (ticket #814).
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
12 |
183a6b1f3fa5
Tests: http ssl tests with multiple certificates (ticket #814).
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
13 use Test::More; |
183a6b1f3fa5
Tests: http ssl tests with multiple certificates (ticket #814).
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
14 |
183a6b1f3fa5
Tests: http ssl tests with multiple certificates (ticket #814).
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
15 BEGIN { use FindBin; chdir($FindBin::Bin); } |
183a6b1f3fa5
Tests: http ssl tests with multiple certificates (ticket #814).
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
16 |
183a6b1f3fa5
Tests: http ssl tests with multiple certificates (ticket #814).
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
17 use lib 'lib'; |
183a6b1f3fa5
Tests: http ssl tests with multiple certificates (ticket #814).
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
18 use Test::Nginx; |
183a6b1f3fa5
Tests: http ssl tests with multiple certificates (ticket #814).
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
19 |
183a6b1f3fa5
Tests: http ssl tests with multiple certificates (ticket #814).
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
20 ############################################################################### |
183a6b1f3fa5
Tests: http ssl tests with multiple certificates (ticket #814).
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
21 |
183a6b1f3fa5
Tests: http ssl tests with multiple certificates (ticket #814).
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
22 select STDERR; $| = 1; |
183a6b1f3fa5
Tests: http ssl tests with multiple certificates (ticket #814).
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
23 select STDOUT; $| = 1; |
183a6b1f3fa5
Tests: http ssl tests with multiple certificates (ticket #814).
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
24 |
1865
0e1865aa9b33
Tests: reworked http SSL tests to use IO::Socket::SSL.
Maxim Dounin <mdounin@mdounin.ru>
parents:
1488
diff
changeset
|
25 my $t = Test::Nginx->new()->has(qw/http http_ssl socket_ssl/) |
0e1865aa9b33
Tests: reworked http SSL tests to use IO::Socket::SSL.
Maxim Dounin <mdounin@mdounin.ru>
parents:
1488
diff
changeset
|
26 ->has_daemon('openssl'); |
930
183a6b1f3fa5
Tests: http ssl tests with multiple certificates (ticket #814).
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
27 |
1973
94e0390dc64f
Tests: guarded ssl_certificates.t for old OpenSSL versions.
Maxim Dounin <mdounin@mdounin.ru>
parents:
1967
diff
changeset
|
28 plan(skip_all => 'no multiple certificates') |
94e0390dc64f
Tests: guarded ssl_certificates.t for old OpenSSL versions.
Maxim Dounin <mdounin@mdounin.ru>
parents:
1967
diff
changeset
|
29 if $t->has_module('BoringSSL'); |
94e0390dc64f
Tests: guarded ssl_certificates.t for old OpenSSL versions.
Maxim Dounin <mdounin@mdounin.ru>
parents:
1967
diff
changeset
|
30 plan(skip_all => 'no ECDSA support') |
94e0390dc64f
Tests: guarded ssl_certificates.t for old OpenSSL versions.
Maxim Dounin <mdounin@mdounin.ru>
parents:
1967
diff
changeset
|
31 if $t->has_module('OpenSSL') and not $t->has_feature('openssl:0.9.8b'); |
1400
94bcad5611af
Tests: skip OCSP stapling and multiple cert tests with BoringSSL.
Sergey Kandaurov <pluknet@nginx.com>
parents:
1397
diff
changeset
|
32 |
930
183a6b1f3fa5
Tests: http ssl tests with multiple certificates (ticket #814).
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
33 $t->write_file_expand('nginx.conf', <<'EOF'); |
183a6b1f3fa5
Tests: http ssl tests with multiple certificates (ticket #814).
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
34 |
183a6b1f3fa5
Tests: http ssl tests with multiple certificates (ticket #814).
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
35 %%TEST_GLOBALS%% |
183a6b1f3fa5
Tests: http ssl tests with multiple certificates (ticket #814).
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
36 |
183a6b1f3fa5
Tests: http ssl tests with multiple certificates (ticket #814).
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
37 daemon off; |
183a6b1f3fa5
Tests: http ssl tests with multiple certificates (ticket #814).
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
38 |
183a6b1f3fa5
Tests: http ssl tests with multiple certificates (ticket #814).
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
39 events { |
183a6b1f3fa5
Tests: http ssl tests with multiple certificates (ticket #814).
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
40 } |
183a6b1f3fa5
Tests: http ssl tests with multiple certificates (ticket #814).
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
41 |
183a6b1f3fa5
Tests: http ssl tests with multiple certificates (ticket #814).
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
42 http { |
183a6b1f3fa5
Tests: http ssl tests with multiple certificates (ticket #814).
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
43 %%TEST_GLOBALS_HTTP%% |
183a6b1f3fa5
Tests: http ssl tests with multiple certificates (ticket #814).
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
44 |
183a6b1f3fa5
Tests: http ssl tests with multiple certificates (ticket #814).
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
45 ssl_certificate_key rsa.key; |
183a6b1f3fa5
Tests: http ssl tests with multiple certificates (ticket #814).
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
46 ssl_certificate rsa.crt; |
1224
2ec9ce1bc820
Tests: fixed ssl_certificates.t for nginx built with OpenSSL 0.9.8.
Sergey Kandaurov <pluknet@nginx.com>
parents:
1220
diff
changeset
|
47 ssl_ciphers DEFAULT:ECCdraft; |
930
183a6b1f3fa5
Tests: http ssl tests with multiple certificates (ticket #814).
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
48 |
1865
0e1865aa9b33
Tests: reworked http SSL tests to use IO::Socket::SSL.
Maxim Dounin <mdounin@mdounin.ru>
parents:
1488
diff
changeset
|
49 add_header X-SSL-Protocol $ssl_protocol; |
0e1865aa9b33
Tests: reworked http SSL tests to use IO::Socket::SSL.
Maxim Dounin <mdounin@mdounin.ru>
parents:
1488
diff
changeset
|
50 |
930
183a6b1f3fa5
Tests: http ssl tests with multiple certificates (ticket #814).
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
51 server { |
1865
0e1865aa9b33
Tests: reworked http SSL tests to use IO::Socket::SSL.
Maxim Dounin <mdounin@mdounin.ru>
parents:
1488
diff
changeset
|
52 listen 127.0.0.1:8443 ssl; |
930
183a6b1f3fa5
Tests: http ssl tests with multiple certificates (ticket #814).
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
53 server_name localhost; |
183a6b1f3fa5
Tests: http ssl tests with multiple certificates (ticket #814).
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
54 |
1216
de7d3e249b35
Tests: switch from DSS to ECDSA in ssl_certificates.t.
Sergey Kandaurov <pluknet@nginx.com>
parents:
1140
diff
changeset
|
55 ssl_certificate_key ec.key; |
de7d3e249b35
Tests: switch from DSS to ECDSA in ssl_certificates.t.
Sergey Kandaurov <pluknet@nginx.com>
parents:
1140
diff
changeset
|
56 ssl_certificate ec.crt; |
930
183a6b1f3fa5
Tests: http ssl tests with multiple certificates (ticket #814).
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
57 |
183a6b1f3fa5
Tests: http ssl tests with multiple certificates (ticket #814).
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
58 ssl_certificate_key rsa.key; |
183a6b1f3fa5
Tests: http ssl tests with multiple certificates (ticket #814).
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
59 ssl_certificate rsa.crt; |
183a6b1f3fa5
Tests: http ssl tests with multiple certificates (ticket #814).
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
60 |
183a6b1f3fa5
Tests: http ssl tests with multiple certificates (ticket #814).
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
61 ssl_certificate_key rsa.key; |
183a6b1f3fa5
Tests: http ssl tests with multiple certificates (ticket #814).
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
62 ssl_certificate rsa.crt; |
183a6b1f3fa5
Tests: http ssl tests with multiple certificates (ticket #814).
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
63 } |
183a6b1f3fa5
Tests: http ssl tests with multiple certificates (ticket #814).
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
64 } |
183a6b1f3fa5
Tests: http ssl tests with multiple certificates (ticket #814).
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
65 |
183a6b1f3fa5
Tests: http ssl tests with multiple certificates (ticket #814).
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
66 EOF |
183a6b1f3fa5
Tests: http ssl tests with multiple certificates (ticket #814).
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
67 |
183a6b1f3fa5
Tests: http ssl tests with multiple certificates (ticket #814).
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
68 $t->write_file('openssl.conf', <<EOF); |
183a6b1f3fa5
Tests: http ssl tests with multiple certificates (ticket #814).
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
69 [ req ] |
1488
dbce8fb5f5f8
Tests: align with OpenSSL security level 2.
Sergey Kandaurov <pluknet@nginx.com>
parents:
1421
diff
changeset
|
70 default_bits = 2048 |
930
183a6b1f3fa5
Tests: http ssl tests with multiple certificates (ticket #814).
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
71 encrypt_key = no |
183a6b1f3fa5
Tests: http ssl tests with multiple certificates (ticket #814).
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
72 distinguished_name = req_distinguished_name |
183a6b1f3fa5
Tests: http ssl tests with multiple certificates (ticket #814).
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
73 [ req_distinguished_name ] |
183a6b1f3fa5
Tests: http ssl tests with multiple certificates (ticket #814).
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
74 EOF |
183a6b1f3fa5
Tests: http ssl tests with multiple certificates (ticket #814).
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
75 |
183a6b1f3fa5
Tests: http ssl tests with multiple certificates (ticket #814).
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
76 my $d = $t->testdir(); |
183a6b1f3fa5
Tests: http ssl tests with multiple certificates (ticket #814).
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
77 |
1220
0af58b78df35
Tests: removed single quotes from system() calls.
Sergey Kandaurov <pluknet@nginx.com>
parents:
1216
diff
changeset
|
78 system("openssl ecparam -genkey -out $d/ec.key -name prime256v1 " |
1216
de7d3e249b35
Tests: switch from DSS to ECDSA in ssl_certificates.t.
Sergey Kandaurov <pluknet@nginx.com>
parents:
1140
diff
changeset
|
79 . ">>$d/openssl.out 2>&1") == 0 or die "Can't create EC pem: $!\n"; |
1488
dbce8fb5f5f8
Tests: align with OpenSSL security level 2.
Sergey Kandaurov <pluknet@nginx.com>
parents:
1421
diff
changeset
|
80 system("openssl genrsa -out $d/rsa.key 2048 >>$d/openssl.out 2>&1") == 0 |
930
183a6b1f3fa5
Tests: http ssl tests with multiple certificates (ticket #814).
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
81 or die "Can't create RSA pem: $!\n"; |
183a6b1f3fa5
Tests: http ssl tests with multiple certificates (ticket #814).
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
82 |
1216
de7d3e249b35
Tests: switch from DSS to ECDSA in ssl_certificates.t.
Sergey Kandaurov <pluknet@nginx.com>
parents:
1140
diff
changeset
|
83 foreach my $name ('ec', 'rsa') { |
1220
0af58b78df35
Tests: removed single quotes from system() calls.
Sergey Kandaurov <pluknet@nginx.com>
parents:
1216
diff
changeset
|
84 system("openssl req -x509 -new -key $d/$name.key " |
0af58b78df35
Tests: removed single quotes from system() calls.
Sergey Kandaurov <pluknet@nginx.com>
parents:
1216
diff
changeset
|
85 . "-config $d/openssl.conf -subj /CN=$name/ " |
0af58b78df35
Tests: removed single quotes from system() calls.
Sergey Kandaurov <pluknet@nginx.com>
parents:
1216
diff
changeset
|
86 . "-out $d/$name.crt -keyout $d/$name.key " |
930
183a6b1f3fa5
Tests: http ssl tests with multiple certificates (ticket #814).
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
87 . ">>$d/openssl.out 2>&1") == 0 |
183a6b1f3fa5
Tests: http ssl tests with multiple certificates (ticket #814).
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
88 or die "Can't create certificate for $name: $!\n"; |
183a6b1f3fa5
Tests: http ssl tests with multiple certificates (ticket #814).
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
89 } |
183a6b1f3fa5
Tests: http ssl tests with multiple certificates (ticket #814).
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
90 |
1865
0e1865aa9b33
Tests: reworked http SSL tests to use IO::Socket::SSL.
Maxim Dounin <mdounin@mdounin.ru>
parents:
1488
diff
changeset
|
91 $t->write_file('index.html', ''); |
0e1865aa9b33
Tests: reworked http SSL tests to use IO::Socket::SSL.
Maxim Dounin <mdounin@mdounin.ru>
parents:
1488
diff
changeset
|
92 |
1216
de7d3e249b35
Tests: switch from DSS to ECDSA in ssl_certificates.t.
Sergey Kandaurov <pluknet@nginx.com>
parents:
1140
diff
changeset
|
93 $t->run()->plan(2); |
930
183a6b1f3fa5
Tests: http ssl tests with multiple certificates (ticket #814).
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
94 |
183a6b1f3fa5
Tests: http ssl tests with multiple certificates (ticket #814).
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
95 ############################################################################### |
183a6b1f3fa5
Tests: http ssl tests with multiple certificates (ticket #814).
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
96 |
1865
0e1865aa9b33
Tests: reworked http SSL tests to use IO::Socket::SSL.
Maxim Dounin <mdounin@mdounin.ru>
parents:
1488
diff
changeset
|
97 TODO: { |
0e1865aa9b33
Tests: reworked http SSL tests to use IO::Socket::SSL.
Maxim Dounin <mdounin@mdounin.ru>
parents:
1488
diff
changeset
|
98 local $TODO = 'broken TLSv1.3 sigalgs in LibreSSL' |
0e1865aa9b33
Tests: reworked http SSL tests to use IO::Socket::SSL.
Maxim Dounin <mdounin@mdounin.ru>
parents:
1488
diff
changeset
|
99 if $t->has_module('LibreSSL') && test_tls13(); |
0e1865aa9b33
Tests: reworked http SSL tests to use IO::Socket::SSL.
Maxim Dounin <mdounin@mdounin.ru>
parents:
1488
diff
changeset
|
100 |
0e1865aa9b33
Tests: reworked http SSL tests to use IO::Socket::SSL.
Maxim Dounin <mdounin@mdounin.ru>
parents:
1488
diff
changeset
|
101 like(cert('RSA'), qr/CN=rsa/, 'ssl cert RSA'); |
0e1865aa9b33
Tests: reworked http SSL tests to use IO::Socket::SSL.
Maxim Dounin <mdounin@mdounin.ru>
parents:
1488
diff
changeset
|
102 |
0e1865aa9b33
Tests: reworked http SSL tests to use IO::Socket::SSL.
Maxim Dounin <mdounin@mdounin.ru>
parents:
1488
diff
changeset
|
103 } |
0e1865aa9b33
Tests: reworked http SSL tests to use IO::Socket::SSL.
Maxim Dounin <mdounin@mdounin.ru>
parents:
1488
diff
changeset
|
104 |
1967
0a93f101925a
Tests: sigalgs handling with Net::SSLeay with LibreSSL.
Maxim Dounin <mdounin@mdounin.ru>
parents:
1871
diff
changeset
|
105 TODO: { |
0a93f101925a
Tests: sigalgs handling with Net::SSLeay with LibreSSL.
Maxim Dounin <mdounin@mdounin.ru>
parents:
1871
diff
changeset
|
106 local $TODO = 'no TLSv1.3 sigalgs in Net::SSLeay (LibreSSL)' |
0a93f101925a
Tests: sigalgs handling with Net::SSLeay with LibreSSL.
Maxim Dounin <mdounin@mdounin.ru>
parents:
1871
diff
changeset
|
107 if Net::SSLeay::constant("LIBRESSL_VERSION_NUMBER") |
0a93f101925a
Tests: sigalgs handling with Net::SSLeay with LibreSSL.
Maxim Dounin <mdounin@mdounin.ru>
parents:
1871
diff
changeset
|
108 && !$t->has_module('LibreSSL') |
0a93f101925a
Tests: sigalgs handling with Net::SSLeay with LibreSSL.
Maxim Dounin <mdounin@mdounin.ru>
parents:
1871
diff
changeset
|
109 && test_tls13(); |
0a93f101925a
Tests: sigalgs handling with Net::SSLeay with LibreSSL.
Maxim Dounin <mdounin@mdounin.ru>
parents:
1871
diff
changeset
|
110 |
1865
0e1865aa9b33
Tests: reworked http SSL tests to use IO::Socket::SSL.
Maxim Dounin <mdounin@mdounin.ru>
parents:
1488
diff
changeset
|
111 like(cert('ECDSA'), qr/CN=ec/, 'ssl cert ECDSA'); |
930
183a6b1f3fa5
Tests: http ssl tests with multiple certificates (ticket #814).
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
112 |
1967
0a93f101925a
Tests: sigalgs handling with Net::SSLeay with LibreSSL.
Maxim Dounin <mdounin@mdounin.ru>
parents:
1871
diff
changeset
|
113 } |
0a93f101925a
Tests: sigalgs handling with Net::SSLeay with LibreSSL.
Maxim Dounin <mdounin@mdounin.ru>
parents:
1871
diff
changeset
|
114 |
930
183a6b1f3fa5
Tests: http ssl tests with multiple certificates (ticket #814).
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
115 ############################################################################### |
183a6b1f3fa5
Tests: http ssl tests with multiple certificates (ticket #814).
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
116 |
1865
0e1865aa9b33
Tests: reworked http SSL tests to use IO::Socket::SSL.
Maxim Dounin <mdounin@mdounin.ru>
parents:
1488
diff
changeset
|
117 sub test_tls13 { |
0e1865aa9b33
Tests: reworked http SSL tests to use IO::Socket::SSL.
Maxim Dounin <mdounin@mdounin.ru>
parents:
1488
diff
changeset
|
118 return http_get('/', SSL => 1) =~ /TLSv1.3/; |
1388
0090e2476ef0
Tests: support TLS 1.3 in ssl_certificates.t by preferring sigalgs.
Sergey Kandaurov <pluknet@nginx.com>
parents:
1224
diff
changeset
|
119 } |
0090e2476ef0
Tests: support TLS 1.3 in ssl_certificates.t by preferring sigalgs.
Sergey Kandaurov <pluknet@nginx.com>
parents:
1224
diff
changeset
|
120 |
1865
0e1865aa9b33
Tests: reworked http SSL tests to use IO::Socket::SSL.
Maxim Dounin <mdounin@mdounin.ru>
parents:
1488
diff
changeset
|
121 sub cert { |
0e1865aa9b33
Tests: reworked http SSL tests to use IO::Socket::SSL.
Maxim Dounin <mdounin@mdounin.ru>
parents:
1488
diff
changeset
|
122 my $s = get_socket(@_) || return; |
0e1865aa9b33
Tests: reworked http SSL tests to use IO::Socket::SSL.
Maxim Dounin <mdounin@mdounin.ru>
parents:
1488
diff
changeset
|
123 return $s->dump_peer_certificate(); |
1388
0090e2476ef0
Tests: support TLS 1.3 in ssl_certificates.t by preferring sigalgs.
Sergey Kandaurov <pluknet@nginx.com>
parents:
1224
diff
changeset
|
124 } |
0090e2476ef0
Tests: support TLS 1.3 in ssl_certificates.t by preferring sigalgs.
Sergey Kandaurov <pluknet@nginx.com>
parents:
1224
diff
changeset
|
125 |
1865
0e1865aa9b33
Tests: reworked http SSL tests to use IO::Socket::SSL.
Maxim Dounin <mdounin@mdounin.ru>
parents:
1488
diff
changeset
|
126 sub get_socket { |
1388
0090e2476ef0
Tests: support TLS 1.3 in ssl_certificates.t by preferring sigalgs.
Sergey Kandaurov <pluknet@nginx.com>
parents:
1224
diff
changeset
|
127 my ($type) = @_; |
930
183a6b1f3fa5
Tests: http ssl tests with multiple certificates (ticket #814).
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
128 |
1865
0e1865aa9b33
Tests: reworked http SSL tests to use IO::Socket::SSL.
Maxim Dounin <mdounin@mdounin.ru>
parents:
1488
diff
changeset
|
129 my $ctx_cb = sub { |
0e1865aa9b33
Tests: reworked http SSL tests to use IO::Socket::SSL.
Maxim Dounin <mdounin@mdounin.ru>
parents:
1488
diff
changeset
|
130 my $ctx = shift; |
0e1865aa9b33
Tests: reworked http SSL tests to use IO::Socket::SSL.
Maxim Dounin <mdounin@mdounin.ru>
parents:
1488
diff
changeset
|
131 return unless defined $type; |
1397
d3d2aabe16dd
Tests: LibreSSL client detection in multiple certificate tests.
Sergey Kandaurov <pluknet@nginx.com>
parents:
1388
diff
changeset
|
132 my $ssleay = Net::SSLeay::SSLeay(); |
1865
0e1865aa9b33
Tests: reworked http SSL tests to use IO::Socket::SSL.
Maxim Dounin <mdounin@mdounin.ru>
parents:
1488
diff
changeset
|
133 return if ($ssleay < 0x1000200f || $ssleay == 0x20000000); |
1871
1ba5108b6c24
Tests: handled unsupported PSS in sigalgs.
Sergey Kandaurov <pluknet@nginx.com>
parents:
1865
diff
changeset
|
134 my @sigalgs = ('RSA+SHA256:PSS+SHA256', 'RSA+SHA256'); |
1ba5108b6c24
Tests: handled unsupported PSS in sigalgs.
Sergey Kandaurov <pluknet@nginx.com>
parents:
1865
diff
changeset
|
135 @sigalgs = ($type . '+SHA256') unless $type eq 'RSA'; |
1865
0e1865aa9b33
Tests: reworked http SSL tests to use IO::Socket::SSL.
Maxim Dounin <mdounin@mdounin.ru>
parents:
1488
diff
changeset
|
136 # SSL_CTRL_SET_SIGALGS_LIST |
1871
1ba5108b6c24
Tests: handled unsupported PSS in sigalgs.
Sergey Kandaurov <pluknet@nginx.com>
parents:
1865
diff
changeset
|
137 Net::SSLeay::CTX_ctrl($ctx, 98, 0, $sigalgs[0]) |
1ba5108b6c24
Tests: handled unsupported PSS in sigalgs.
Sergey Kandaurov <pluknet@nginx.com>
parents:
1865
diff
changeset
|
138 or Net::SSLeay::CTX_ctrl($ctx, 98, 0, $sigalgs[1]) |
1865
0e1865aa9b33
Tests: reworked http SSL tests to use IO::Socket::SSL.
Maxim Dounin <mdounin@mdounin.ru>
parents:
1488
diff
changeset
|
139 or die("Failed to set sigalgs"); |
0e1865aa9b33
Tests: reworked http SSL tests to use IO::Socket::SSL.
Maxim Dounin <mdounin@mdounin.ru>
parents:
1488
diff
changeset
|
140 }; |
930
183a6b1f3fa5
Tests: http ssl tests with multiple certificates (ticket #814).
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
141 |
1865
0e1865aa9b33
Tests: reworked http SSL tests to use IO::Socket::SSL.
Maxim Dounin <mdounin@mdounin.ru>
parents:
1488
diff
changeset
|
142 return http_get( |
0e1865aa9b33
Tests: reworked http SSL tests to use IO::Socket::SSL.
Maxim Dounin <mdounin@mdounin.ru>
parents:
1488
diff
changeset
|
143 '/', start => 1, |
0e1865aa9b33
Tests: reworked http SSL tests to use IO::Socket::SSL.
Maxim Dounin <mdounin@mdounin.ru>
parents:
1488
diff
changeset
|
144 SSL => 1, |
0e1865aa9b33
Tests: reworked http SSL tests to use IO::Socket::SSL.
Maxim Dounin <mdounin@mdounin.ru>
parents:
1488
diff
changeset
|
145 SSL_cipher_list => $type, |
0e1865aa9b33
Tests: reworked http SSL tests to use IO::Socket::SSL.
Maxim Dounin <mdounin@mdounin.ru>
parents:
1488
diff
changeset
|
146 SSL_create_ctx_callback => $ctx_cb |
0e1865aa9b33
Tests: reworked http SSL tests to use IO::Socket::SSL.
Maxim Dounin <mdounin@mdounin.ru>
parents:
1488
diff
changeset
|
147 ); |
930
183a6b1f3fa5
Tests: http ssl tests with multiple certificates (ticket #814).
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
148 } |
183a6b1f3fa5
Tests: http ssl tests with multiple certificates (ticket #814).
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
149 |
183a6b1f3fa5
Tests: http ssl tests with multiple certificates (ticket #814).
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
150 ############################################################################### |