Mercurial > hg > nginx-tests
annotate ssl_crl.t @ 1982:fb25cbe9d4ec default tip
Tests: explicit Valgrind support.
Valgrind logging is done to a separate file, as it is not able to
follow stderr redirection within nginx or append to a file without
corrupting it. Further, Valgrind logging seems to interfere with
error suppression in tests, and catches various startup errors and
warnings, so the log is additionally filtered.
Since startup under Valgrind can be really slow, timeout in waitforfile()
was changed to 10 seconds.
Prodded by Robert Mueller.
| author | Maxim Dounin <mdounin@mdounin.ru> |
|---|---|
| date | Fri, 31 May 2024 06:23:00 +0300 |
| parents | 0b5ec15c62ed |
| children |
| rev | line source |
|---|---|
|
1125
97a6cb846926
Tests: basic ssl_crl tests.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
1 #!/usr/bin/perl |
|
97a6cb846926
Tests: basic ssl_crl tests.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
2 |
|
97a6cb846926
Tests: basic ssl_crl tests.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
3 # (C) Sergey Kandaurov |
|
97a6cb846926
Tests: basic ssl_crl tests.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
4 # (C) Nginx, Inc. |
|
97a6cb846926
Tests: basic ssl_crl tests.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
5 |
|
97a6cb846926
Tests: basic ssl_crl tests.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
6 # Tests for http ssl module, ssl_crl directive. |
|
97a6cb846926
Tests: basic ssl_crl tests.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
7 |
|
97a6cb846926
Tests: basic ssl_crl tests.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
8 ############################################################################### |
|
97a6cb846926
Tests: basic ssl_crl tests.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
9 |
|
97a6cb846926
Tests: basic ssl_crl tests.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
10 use warnings; |
|
97a6cb846926
Tests: basic ssl_crl tests.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
11 use strict; |
|
97a6cb846926
Tests: basic ssl_crl tests.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
12 |
|
97a6cb846926
Tests: basic ssl_crl tests.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
13 use Test::More; |
|
97a6cb846926
Tests: basic ssl_crl tests.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
14 |
|
97a6cb846926
Tests: basic ssl_crl tests.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
15 BEGIN { use FindBin; chdir($FindBin::Bin); } |
|
97a6cb846926
Tests: basic ssl_crl tests.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
16 |
|
97a6cb846926
Tests: basic ssl_crl tests.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
17 use lib 'lib'; |
|
97a6cb846926
Tests: basic ssl_crl tests.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
18 use Test::Nginx; |
|
97a6cb846926
Tests: basic ssl_crl tests.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
19 |
|
97a6cb846926
Tests: basic ssl_crl tests.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
20 ############################################################################### |
|
97a6cb846926
Tests: basic ssl_crl tests.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
21 |
|
97a6cb846926
Tests: basic ssl_crl tests.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
22 select STDERR; $| = 1; |
|
97a6cb846926
Tests: basic ssl_crl tests.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
23 select STDOUT; $| = 1; |
|
97a6cb846926
Tests: basic ssl_crl tests.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
24 |
|
1858
cdcd75657e52
Tests: added has_feature() tests for IO::Socket::SSL.
Maxim Dounin <mdounin@mdounin.ru>
parents:
1488
diff
changeset
|
25 my $t = Test::Nginx->new()->has(qw/http http_ssl socket_ssl/) |
|
1125
97a6cb846926
Tests: basic ssl_crl tests.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
26 ->has_daemon('openssl')->plan(3); |
|
97a6cb846926
Tests: basic ssl_crl tests.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
27 |
|
97a6cb846926
Tests: basic ssl_crl tests.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
28 $t->write_file_expand('nginx.conf', <<'EOF'); |
|
97a6cb846926
Tests: basic ssl_crl tests.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
29 |
|
97a6cb846926
Tests: basic ssl_crl tests.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
30 %%TEST_GLOBALS%% |
|
97a6cb846926
Tests: basic ssl_crl tests.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
31 |
|
97a6cb846926
Tests: basic ssl_crl tests.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
32 daemon off; |
|
97a6cb846926
Tests: basic ssl_crl tests.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
33 |
|
97a6cb846926
Tests: basic ssl_crl tests.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
34 events { |
|
97a6cb846926
Tests: basic ssl_crl tests.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
35 } |
|
97a6cb846926
Tests: basic ssl_crl tests.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
36 |
|
97a6cb846926
Tests: basic ssl_crl tests.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
37 http { |
|
97a6cb846926
Tests: basic ssl_crl tests.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
38 %%TEST_GLOBALS_HTTP%% |
|
97a6cb846926
Tests: basic ssl_crl tests.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
39 |
|
97a6cb846926
Tests: basic ssl_crl tests.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
40 ssl_certificate_key localhost.key; |
|
97a6cb846926
Tests: basic ssl_crl tests.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
41 ssl_certificate localhost.crt; |
|
97a6cb846926
Tests: basic ssl_crl tests.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
42 |
|
97a6cb846926
Tests: basic ssl_crl tests.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
43 ssl_verify_client on; |
|
97a6cb846926
Tests: basic ssl_crl tests.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
44 ssl_client_certificate int-root.crt; |
|
97a6cb846926
Tests: basic ssl_crl tests.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
45 |
|
97a6cb846926
Tests: basic ssl_crl tests.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
46 add_header X-Verify $ssl_client_verify always; |
|
97a6cb846926
Tests: basic ssl_crl tests.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
47 |
|
97a6cb846926
Tests: basic ssl_crl tests.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
48 server { |
|
97a6cb846926
Tests: basic ssl_crl tests.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
49 listen 127.0.0.1:8080 ssl; |
|
97a6cb846926
Tests: basic ssl_crl tests.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
50 server_name localhost; |
|
97a6cb846926
Tests: basic ssl_crl tests.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
51 |
|
97a6cb846926
Tests: basic ssl_crl tests.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
52 ssl_client_certificate root.crt; |
|
97a6cb846926
Tests: basic ssl_crl tests.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
53 ssl_crl empty.crl; |
|
97a6cb846926
Tests: basic ssl_crl tests.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
54 } |
|
97a6cb846926
Tests: basic ssl_crl tests.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
55 |
|
97a6cb846926
Tests: basic ssl_crl tests.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
56 server { |
|
97a6cb846926
Tests: basic ssl_crl tests.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
57 listen 127.0.0.1:8081 ssl; |
|
97a6cb846926
Tests: basic ssl_crl tests.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
58 server_name localhost; |
|
97a6cb846926
Tests: basic ssl_crl tests.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
59 |
|
97a6cb846926
Tests: basic ssl_crl tests.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
60 ssl_client_certificate root.crt; |
|
97a6cb846926
Tests: basic ssl_crl tests.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
61 ssl_crl root.crl; |
|
97a6cb846926
Tests: basic ssl_crl tests.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
62 } |
|
97a6cb846926
Tests: basic ssl_crl tests.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
63 |
|
97a6cb846926
Tests: basic ssl_crl tests.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
64 server { |
|
97a6cb846926
Tests: basic ssl_crl tests.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
65 listen 127.0.0.1:8082 ssl; |
|
97a6cb846926
Tests: basic ssl_crl tests.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
66 server_name localhost; |
|
97a6cb846926
Tests: basic ssl_crl tests.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
67 |
|
97a6cb846926
Tests: basic ssl_crl tests.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
68 ssl_verify_depth 2; |
|
97a6cb846926
Tests: basic ssl_crl tests.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
69 ssl_crl root.crl; |
|
97a6cb846926
Tests: basic ssl_crl tests.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
70 } |
|
97a6cb846926
Tests: basic ssl_crl tests.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
71 } |
|
97a6cb846926
Tests: basic ssl_crl tests.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
72 |
|
97a6cb846926
Tests: basic ssl_crl tests.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
73 EOF |
|
97a6cb846926
Tests: basic ssl_crl tests.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
74 |
|
97a6cb846926
Tests: basic ssl_crl tests.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
75 my $d = $t->testdir(); |
|
97a6cb846926
Tests: basic ssl_crl tests.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
76 |
|
97a6cb846926
Tests: basic ssl_crl tests.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
77 $t->write_file('openssl.conf', <<EOF); |
|
97a6cb846926
Tests: basic ssl_crl tests.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
78 [ req ] |
|
1488
dbce8fb5f5f8
Tests: align with OpenSSL security level 2.
Sergey Kandaurov <pluknet@nginx.com>
parents:
1421
diff
changeset
|
79 default_bits = 2048 |
|
1125
97a6cb846926
Tests: basic ssl_crl tests.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
80 encrypt_key = no |
|
97a6cb846926
Tests: basic ssl_crl tests.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
81 distinguished_name = req_distinguished_name |
|
1945
0b5ec15c62ed
Tests: compatibility with "openssl" app from OpenSSL 3.2.0.
Maxim Dounin <mdounin@mdounin.ru>
parents:
1866
diff
changeset
|
82 x509_extensions = myca_extensions |
|
1125
97a6cb846926
Tests: basic ssl_crl tests.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
83 [ req_distinguished_name ] |
|
1945
0b5ec15c62ed
Tests: compatibility with "openssl" app from OpenSSL 3.2.0.
Maxim Dounin <mdounin@mdounin.ru>
parents:
1866
diff
changeset
|
84 [ myca_extensions ] |
|
0b5ec15c62ed
Tests: compatibility with "openssl" app from OpenSSL 3.2.0.
Maxim Dounin <mdounin@mdounin.ru>
parents:
1866
diff
changeset
|
85 basicConstraints = critical,CA:TRUE |
|
1125
97a6cb846926
Tests: basic ssl_crl tests.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
86 EOF |
|
97a6cb846926
Tests: basic ssl_crl tests.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
87 |
|
97a6cb846926
Tests: basic ssl_crl tests.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
88 $t->write_file('ca.conf', <<EOF); |
|
97a6cb846926
Tests: basic ssl_crl tests.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
89 [ ca ] |
|
97a6cb846926
Tests: basic ssl_crl tests.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
90 default_ca = myca |
|
97a6cb846926
Tests: basic ssl_crl tests.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
91 |
|
97a6cb846926
Tests: basic ssl_crl tests.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
92 [ myca ] |
|
97a6cb846926
Tests: basic ssl_crl tests.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
93 new_certs_dir = $d |
|
97a6cb846926
Tests: basic ssl_crl tests.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
94 database = $d/certindex |
|
1488
dbce8fb5f5f8
Tests: align with OpenSSL security level 2.
Sergey Kandaurov <pluknet@nginx.com>
parents:
1421
diff
changeset
|
95 default_md = sha256 |
|
1125
97a6cb846926
Tests: basic ssl_crl tests.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
96 policy = myca_policy |
|
97a6cb846926
Tests: basic ssl_crl tests.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
97 serial = $d/certserial |
|
97a6cb846926
Tests: basic ssl_crl tests.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
98 default_days = 1 |
|
97a6cb846926
Tests: basic ssl_crl tests.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
99 |
|
97a6cb846926
Tests: basic ssl_crl tests.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
100 [ myca_policy ] |
|
97a6cb846926
Tests: basic ssl_crl tests.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
101 commonName = supplied |
|
97a6cb846926
Tests: basic ssl_crl tests.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
102 EOF |
|
97a6cb846926
Tests: basic ssl_crl tests.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
103 |
|
97a6cb846926
Tests: basic ssl_crl tests.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
104 foreach my $name ('root', 'localhost') { |
|
97a6cb846926
Tests: basic ssl_crl tests.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
105 system('openssl req -x509 -new ' |
|
1220
0af58b78df35
Tests: removed single quotes from system() calls.
Sergey Kandaurov <pluknet@nginx.com>
parents:
1125
diff
changeset
|
106 . "-config $d/openssl.conf -subj /CN=$name/ " |
|
0af58b78df35
Tests: removed single quotes from system() calls.
Sergey Kandaurov <pluknet@nginx.com>
parents:
1125
diff
changeset
|
107 . "-out $d/$name.crt -keyout $d/$name.key " |
|
1125
97a6cb846926
Tests: basic ssl_crl tests.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
108 . ">>$d/openssl.out 2>&1") == 0 |
|
97a6cb846926
Tests: basic ssl_crl tests.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
109 or die "Can't create certificate for $name: $!\n"; |
|
97a6cb846926
Tests: basic ssl_crl tests.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
110 } |
|
97a6cb846926
Tests: basic ssl_crl tests.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
111 |
|
97a6cb846926
Tests: basic ssl_crl tests.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
112 foreach my $name ('int', 'end') { |
|
97a6cb846926
Tests: basic ssl_crl tests.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
113 system("openssl req -new " |
|
1220
0af58b78df35
Tests: removed single quotes from system() calls.
Sergey Kandaurov <pluknet@nginx.com>
parents:
1125
diff
changeset
|
114 . "-config $d/openssl.conf -subj /CN=$name/ " |
|
0af58b78df35
Tests: removed single quotes from system() calls.
Sergey Kandaurov <pluknet@nginx.com>
parents:
1125
diff
changeset
|
115 . "-out $d/$name.csr -keyout $d/$name.key " |
|
1125
97a6cb846926
Tests: basic ssl_crl tests.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
116 . ">>$d/openssl.out 2>&1") == 0 |
|
97a6cb846926
Tests: basic ssl_crl tests.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
117 or die "Can't create certificate for $name: $!\n"; |
|
97a6cb846926
Tests: basic ssl_crl tests.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
118 } |
|
97a6cb846926
Tests: basic ssl_crl tests.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
119 |
|
97a6cb846926
Tests: basic ssl_crl tests.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
120 $t->write_file('certserial', '1000'); |
|
97a6cb846926
Tests: basic ssl_crl tests.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
121 $t->write_file('certindex', ''); |
|
97a6cb846926
Tests: basic ssl_crl tests.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
122 |
|
1220
0af58b78df35
Tests: removed single quotes from system() calls.
Sergey Kandaurov <pluknet@nginx.com>
parents:
1125
diff
changeset
|
123 system("openssl ca -batch -config $d/ca.conf " |
|
0af58b78df35
Tests: removed single quotes from system() calls.
Sergey Kandaurov <pluknet@nginx.com>
parents:
1125
diff
changeset
|
124 . "-keyfile $d/root.key -cert $d/root.crt " |
|
0af58b78df35
Tests: removed single quotes from system() calls.
Sergey Kandaurov <pluknet@nginx.com>
parents:
1125
diff
changeset
|
125 . "-subj /CN=int/ -in $d/int.csr -out $d/int.crt " |
|
1125
97a6cb846926
Tests: basic ssl_crl tests.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
126 . ">>$d/openssl.out 2>&1") == 0 |
|
97a6cb846926
Tests: basic ssl_crl tests.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
127 or die "Can't sign certificate for int: $!\n"; |
|
97a6cb846926
Tests: basic ssl_crl tests.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
128 |
|
1220
0af58b78df35
Tests: removed single quotes from system() calls.
Sergey Kandaurov <pluknet@nginx.com>
parents:
1125
diff
changeset
|
129 system("openssl ca -batch -config $d/ca.conf " |
|
0af58b78df35
Tests: removed single quotes from system() calls.
Sergey Kandaurov <pluknet@nginx.com>
parents:
1125
diff
changeset
|
130 . "-keyfile $d/int.key -cert $d/int.crt " |
|
0af58b78df35
Tests: removed single quotes from system() calls.
Sergey Kandaurov <pluknet@nginx.com>
parents:
1125
diff
changeset
|
131 . "-subj /CN=end/ -in $d/end.csr -out $d/end.crt " |
|
1125
97a6cb846926
Tests: basic ssl_crl tests.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
132 . ">>$d/openssl.out 2>&1") == 0 |
|
97a6cb846926
Tests: basic ssl_crl tests.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
133 or die "Can't sign certificate for end: $!\n"; |
|
97a6cb846926
Tests: basic ssl_crl tests.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
134 |
|
1220
0af58b78df35
Tests: removed single quotes from system() calls.
Sergey Kandaurov <pluknet@nginx.com>
parents:
1125
diff
changeset
|
135 system("openssl ca -gencrl -config $d/ca.conf " |
|
0af58b78df35
Tests: removed single quotes from system() calls.
Sergey Kandaurov <pluknet@nginx.com>
parents:
1125
diff
changeset
|
136 . "-keyfile $d/root.key -cert $d/root.crt " |
|
0af58b78df35
Tests: removed single quotes from system() calls.
Sergey Kandaurov <pluknet@nginx.com>
parents:
1125
diff
changeset
|
137 . "-out $d/empty.crl -crldays 1 " |
|
1125
97a6cb846926
Tests: basic ssl_crl tests.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
138 . ">>$d/openssl.out 2>&1") == 0 |
|
97a6cb846926
Tests: basic ssl_crl tests.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
139 or die "Can't create empty crl: $!\n"; |
|
97a6cb846926
Tests: basic ssl_crl tests.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
140 |
|
1220
0af58b78df35
Tests: removed single quotes from system() calls.
Sergey Kandaurov <pluknet@nginx.com>
parents:
1125
diff
changeset
|
141 system("openssl ca -config $d/ca.conf -revoke $d/int.crt " |
|
0af58b78df35
Tests: removed single quotes from system() calls.
Sergey Kandaurov <pluknet@nginx.com>
parents:
1125
diff
changeset
|
142 . "-keyfile $d/root.key -cert $d/root.crt " |
|
1125
97a6cb846926
Tests: basic ssl_crl tests.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
143 . ">>$d/openssl.out 2>&1") == 0 |
|
97a6cb846926
Tests: basic ssl_crl tests.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
144 or die "Can't revoke int.crt: $!\n"; |
|
97a6cb846926
Tests: basic ssl_crl tests.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
145 |
|
1220
0af58b78df35
Tests: removed single quotes from system() calls.
Sergey Kandaurov <pluknet@nginx.com>
parents:
1125
diff
changeset
|
146 system("openssl ca -gencrl -config $d/ca.conf " |
|
0af58b78df35
Tests: removed single quotes from system() calls.
Sergey Kandaurov <pluknet@nginx.com>
parents:
1125
diff
changeset
|
147 . "-keyfile $d/root.key -cert $d/root.crt " |
|
0af58b78df35
Tests: removed single quotes from system() calls.
Sergey Kandaurov <pluknet@nginx.com>
parents:
1125
diff
changeset
|
148 . "-out $d/root.crl -crldays 1 " |
|
1125
97a6cb846926
Tests: basic ssl_crl tests.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
149 . ">>$d/openssl.out 2>&1") == 0 |
|
97a6cb846926
Tests: basic ssl_crl tests.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
150 or die "Can't update crl: $!\n"; |
|
97a6cb846926
Tests: basic ssl_crl tests.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
151 |
|
97a6cb846926
Tests: basic ssl_crl tests.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
152 $t->write_file('int-root.crt', |
|
97a6cb846926
Tests: basic ssl_crl tests.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
153 $t->read_file('int.crt') . $t->read_file('root.crt')); |
|
97a6cb846926
Tests: basic ssl_crl tests.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
154 |
|
97a6cb846926
Tests: basic ssl_crl tests.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
155 $t->write_file('t', ''); |
|
97a6cb846926
Tests: basic ssl_crl tests.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
156 $t->run(); |
|
97a6cb846926
Tests: basic ssl_crl tests.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
157 |
|
97a6cb846926
Tests: basic ssl_crl tests.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
158 ############################################################################### |
|
97a6cb846926
Tests: basic ssl_crl tests.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
159 |
|
97a6cb846926
Tests: basic ssl_crl tests.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
160 like(get(8080, 'int'), qr/SUCCESS/, 'crl - no revoked certs'); |
|
97a6cb846926
Tests: basic ssl_crl tests.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
161 like(get(8081, 'int'), qr/FAILED/, 'crl - client cert revoked'); |
|
97a6cb846926
Tests: basic ssl_crl tests.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
162 like(get(8082, 'end'), qr/FAILED/, 'crl - intermediate cert revoked'); |
|
97a6cb846926
Tests: basic ssl_crl tests.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
163 |
|
97a6cb846926
Tests: basic ssl_crl tests.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
164 ############################################################################### |
|
97a6cb846926
Tests: basic ssl_crl tests.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
165 |
|
97a6cb846926
Tests: basic ssl_crl tests.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
166 sub get { |
|
97a6cb846926
Tests: basic ssl_crl tests.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
167 my ($port, $cert) = @_; |
|
1866
a797d7428fa5
Tests: simplified http SSL tests with IO::Socket::SSL.
Maxim Dounin <mdounin@mdounin.ru>
parents:
1858
diff
changeset
|
168 http_get( |
|
a797d7428fa5
Tests: simplified http SSL tests with IO::Socket::SSL.
Maxim Dounin <mdounin@mdounin.ru>
parents:
1858
diff
changeset
|
169 '/t', PeerAddr => '127.0.0.1:' . port($port), |
|
a797d7428fa5
Tests: simplified http SSL tests with IO::Socket::SSL.
Maxim Dounin <mdounin@mdounin.ru>
parents:
1858
diff
changeset
|
170 SSL => 1, |
|
a797d7428fa5
Tests: simplified http SSL tests with IO::Socket::SSL.
Maxim Dounin <mdounin@mdounin.ru>
parents:
1858
diff
changeset
|
171 SSL_cert_file => "$d/$cert.crt", |
|
a797d7428fa5
Tests: simplified http SSL tests with IO::Socket::SSL.
Maxim Dounin <mdounin@mdounin.ru>
parents:
1858
diff
changeset
|
172 SSL_key_file => "$d/$cert.key" |
|
a797d7428fa5
Tests: simplified http SSL tests with IO::Socket::SSL.
Maxim Dounin <mdounin@mdounin.ru>
parents:
1858
diff
changeset
|
173 ); |
|
1125
97a6cb846926
Tests: basic ssl_crl tests.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
174 } |
|
97a6cb846926
Tests: basic ssl_crl tests.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
175 |
|
97a6cb846926
Tests: basic ssl_crl tests.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
176 ############################################################################### |