Mercurial > hg > nginx-tests
annotate stream_proxy_protocol.t @ 1974:b5036a0f9ae0 default tip
Tests: improved compatibility when using recent "openssl" app.
Starting with OpenSSL 3.0, "openssl genrsa" generates encrypted keys
in PKCS#8 format instead of previously used PKCS#1 format. Further,
since OpenSSL 1.1.0 such keys are using PBKDF2 hmacWithSHA256.
Such keys are not supported by old SSL libraries, notably by OpenSSL
before 1.0.0 (OpenSSL 0.9.8 only supports hmacWithSHA1) and by BoringSSL
before May 21, 2019 (support for hmacWithSHA256 was added in 302a4dee6c),
and trying to load such keys into nginx compiled with an old SSL library
results in "unsupported prf" errors.
To facilitate testing with old SSL libraries, keys are now generated
with "openssl genrsa -traditional" if the flag is available.
| author | Maxim Dounin <mdounin@mdounin.ru> |
|---|---|
| date | Mon, 06 May 2024 00:04:26 +0300 |
| parents | f3ba4c74de31 |
| children |
| rev | line source |
|---|---|
|
612
bae9850e566c
Tests: some stream haproxy protocol tests.
Andrey Zelenkov <zelenkov@nginx.com>
parents:
diff
changeset
|
1 #!/usr/bin/perl |
|
bae9850e566c
Tests: some stream haproxy protocol tests.
Andrey Zelenkov <zelenkov@nginx.com>
parents:
diff
changeset
|
2 |
|
bae9850e566c
Tests: some stream haproxy protocol tests.
Andrey Zelenkov <zelenkov@nginx.com>
parents:
diff
changeset
|
3 # (C) Andrey Zelenkov |
|
bae9850e566c
Tests: some stream haproxy protocol tests.
Andrey Zelenkov <zelenkov@nginx.com>
parents:
diff
changeset
|
4 # (C) Nginx, Inc. |
|
bae9850e566c
Tests: some stream haproxy protocol tests.
Andrey Zelenkov <zelenkov@nginx.com>
parents:
diff
changeset
|
5 |
|
bae9850e566c
Tests: some stream haproxy protocol tests.
Andrey Zelenkov <zelenkov@nginx.com>
parents:
diff
changeset
|
6 # Tests for stream proxy module with haproxy protocol. |
|
bae9850e566c
Tests: some stream haproxy protocol tests.
Andrey Zelenkov <zelenkov@nginx.com>
parents:
diff
changeset
|
7 |
|
bae9850e566c
Tests: some stream haproxy protocol tests.
Andrey Zelenkov <zelenkov@nginx.com>
parents:
diff
changeset
|
8 ############################################################################### |
|
bae9850e566c
Tests: some stream haproxy protocol tests.
Andrey Zelenkov <zelenkov@nginx.com>
parents:
diff
changeset
|
9 |
|
bae9850e566c
Tests: some stream haproxy protocol tests.
Andrey Zelenkov <zelenkov@nginx.com>
parents:
diff
changeset
|
10 use warnings; |
|
bae9850e566c
Tests: some stream haproxy protocol tests.
Andrey Zelenkov <zelenkov@nginx.com>
parents:
diff
changeset
|
11 use strict; |
|
bae9850e566c
Tests: some stream haproxy protocol tests.
Andrey Zelenkov <zelenkov@nginx.com>
parents:
diff
changeset
|
12 |
|
bae9850e566c
Tests: some stream haproxy protocol tests.
Andrey Zelenkov <zelenkov@nginx.com>
parents:
diff
changeset
|
13 use Test::More; |
|
bae9850e566c
Tests: some stream haproxy protocol tests.
Andrey Zelenkov <zelenkov@nginx.com>
parents:
diff
changeset
|
14 |
|
bae9850e566c
Tests: some stream haproxy protocol tests.
Andrey Zelenkov <zelenkov@nginx.com>
parents:
diff
changeset
|
15 use IO::Select; |
|
816
77359b849cd5
Tests: stream package.
Andrey Zelenkov <zelenkov@nginx.com>
parents:
711
diff
changeset
|
16 use Socket qw/ $CRLF /; |
|
612
bae9850e566c
Tests: some stream haproxy protocol tests.
Andrey Zelenkov <zelenkov@nginx.com>
parents:
diff
changeset
|
17 |
|
bae9850e566c
Tests: some stream haproxy protocol tests.
Andrey Zelenkov <zelenkov@nginx.com>
parents:
diff
changeset
|
18 BEGIN { use FindBin; chdir($FindBin::Bin); } |
|
bae9850e566c
Tests: some stream haproxy protocol tests.
Andrey Zelenkov <zelenkov@nginx.com>
parents:
diff
changeset
|
19 |
|
bae9850e566c
Tests: some stream haproxy protocol tests.
Andrey Zelenkov <zelenkov@nginx.com>
parents:
diff
changeset
|
20 use lib 'lib'; |
|
bae9850e566c
Tests: some stream haproxy protocol tests.
Andrey Zelenkov <zelenkov@nginx.com>
parents:
diff
changeset
|
21 use Test::Nginx; |
|
816
77359b849cd5
Tests: stream package.
Andrey Zelenkov <zelenkov@nginx.com>
parents:
711
diff
changeset
|
22 use Test::Nginx::Stream qw/ stream /; |
|
612
bae9850e566c
Tests: some stream haproxy protocol tests.
Andrey Zelenkov <zelenkov@nginx.com>
parents:
diff
changeset
|
23 |
|
bae9850e566c
Tests: some stream haproxy protocol tests.
Andrey Zelenkov <zelenkov@nginx.com>
parents:
diff
changeset
|
24 ############################################################################### |
|
bae9850e566c
Tests: some stream haproxy protocol tests.
Andrey Zelenkov <zelenkov@nginx.com>
parents:
diff
changeset
|
25 |
|
bae9850e566c
Tests: some stream haproxy protocol tests.
Andrey Zelenkov <zelenkov@nginx.com>
parents:
diff
changeset
|
26 select STDERR; $| = 1; |
|
bae9850e566c
Tests: some stream haproxy protocol tests.
Andrey Zelenkov <zelenkov@nginx.com>
parents:
diff
changeset
|
27 select STDOUT; $| = 1; |
|
bae9850e566c
Tests: some stream haproxy protocol tests.
Andrey Zelenkov <zelenkov@nginx.com>
parents:
diff
changeset
|
28 |
|
1020
196d33c2bb45
Tests: removed TODO and try_run() checks for legacy versions.
Andrey Zelenkov <zelenkov@nginx.com>
parents:
974
diff
changeset
|
29 my $t = Test::Nginx->new()->has(qw/stream/)->plan(2) |
|
612
bae9850e566c
Tests: some stream haproxy protocol tests.
Andrey Zelenkov <zelenkov@nginx.com>
parents:
diff
changeset
|
30 ->write_file_expand('nginx.conf', <<'EOF'); |
|
bae9850e566c
Tests: some stream haproxy protocol tests.
Andrey Zelenkov <zelenkov@nginx.com>
parents:
diff
changeset
|
31 |
|
bae9850e566c
Tests: some stream haproxy protocol tests.
Andrey Zelenkov <zelenkov@nginx.com>
parents:
diff
changeset
|
32 %%TEST_GLOBALS%% |
|
bae9850e566c
Tests: some stream haproxy protocol tests.
Andrey Zelenkov <zelenkov@nginx.com>
parents:
diff
changeset
|
33 |
|
bae9850e566c
Tests: some stream haproxy protocol tests.
Andrey Zelenkov <zelenkov@nginx.com>
parents:
diff
changeset
|
34 daemon off; |
|
bae9850e566c
Tests: some stream haproxy protocol tests.
Andrey Zelenkov <zelenkov@nginx.com>
parents:
diff
changeset
|
35 |
|
bae9850e566c
Tests: some stream haproxy protocol tests.
Andrey Zelenkov <zelenkov@nginx.com>
parents:
diff
changeset
|
36 events { |
|
bae9850e566c
Tests: some stream haproxy protocol tests.
Andrey Zelenkov <zelenkov@nginx.com>
parents:
diff
changeset
|
37 } |
|
bae9850e566c
Tests: some stream haproxy protocol tests.
Andrey Zelenkov <zelenkov@nginx.com>
parents:
diff
changeset
|
38 |
|
bae9850e566c
Tests: some stream haproxy protocol tests.
Andrey Zelenkov <zelenkov@nginx.com>
parents:
diff
changeset
|
39 stream { |
|
1609
f3ba4c74de31
Tests: added TEST_GLOBALS_STREAM variable support.
Andrei Belov <defan@nginx.com>
parents:
1020
diff
changeset
|
40 %%TEST_GLOBALS_STREAM%% |
|
f3ba4c74de31
Tests: added TEST_GLOBALS_STREAM variable support.
Andrei Belov <defan@nginx.com>
parents:
1020
diff
changeset
|
41 |
|
612
bae9850e566c
Tests: some stream haproxy protocol tests.
Andrey Zelenkov <zelenkov@nginx.com>
parents:
diff
changeset
|
42 proxy_protocol on; |
|
bae9850e566c
Tests: some stream haproxy protocol tests.
Andrey Zelenkov <zelenkov@nginx.com>
parents:
diff
changeset
|
43 |
|
bae9850e566c
Tests: some stream haproxy protocol tests.
Andrey Zelenkov <zelenkov@nginx.com>
parents:
diff
changeset
|
44 server { |
|
974
882267679006
Tests: simplified parallel modifications in tests.
Andrey Zelenkov <zelenkov@nginx.com>
parents:
952
diff
changeset
|
45 listen 127.0.0.1:8080; |
|
882267679006
Tests: simplified parallel modifications in tests.
Andrey Zelenkov <zelenkov@nginx.com>
parents:
952
diff
changeset
|
46 proxy_pass 127.0.0.1:8081; |
|
612
bae9850e566c
Tests: some stream haproxy protocol tests.
Andrey Zelenkov <zelenkov@nginx.com>
parents:
diff
changeset
|
47 } |
|
bae9850e566c
Tests: some stream haproxy protocol tests.
Andrey Zelenkov <zelenkov@nginx.com>
parents:
diff
changeset
|
48 |
|
bae9850e566c
Tests: some stream haproxy protocol tests.
Andrey Zelenkov <zelenkov@nginx.com>
parents:
diff
changeset
|
49 server { |
|
974
882267679006
Tests: simplified parallel modifications in tests.
Andrey Zelenkov <zelenkov@nginx.com>
parents:
952
diff
changeset
|
50 listen 127.0.0.1:8082; |
|
882267679006
Tests: simplified parallel modifications in tests.
Andrey Zelenkov <zelenkov@nginx.com>
parents:
952
diff
changeset
|
51 proxy_pass 127.0.0.1:8081; |
|
612
bae9850e566c
Tests: some stream haproxy protocol tests.
Andrey Zelenkov <zelenkov@nginx.com>
parents:
diff
changeset
|
52 proxy_protocol off; |
|
bae9850e566c
Tests: some stream haproxy protocol tests.
Andrey Zelenkov <zelenkov@nginx.com>
parents:
diff
changeset
|
53 } |
|
bae9850e566c
Tests: some stream haproxy protocol tests.
Andrey Zelenkov <zelenkov@nginx.com>
parents:
diff
changeset
|
54 } |
|
bae9850e566c
Tests: some stream haproxy protocol tests.
Andrey Zelenkov <zelenkov@nginx.com>
parents:
diff
changeset
|
55 |
|
bae9850e566c
Tests: some stream haproxy protocol tests.
Andrey Zelenkov <zelenkov@nginx.com>
parents:
diff
changeset
|
56 EOF |
|
bae9850e566c
Tests: some stream haproxy protocol tests.
Andrey Zelenkov <zelenkov@nginx.com>
parents:
diff
changeset
|
57 |
|
bae9850e566c
Tests: some stream haproxy protocol tests.
Andrey Zelenkov <zelenkov@nginx.com>
parents:
diff
changeset
|
58 $t->run_daemon(\&stream_daemon); |
|
1020
196d33c2bb45
Tests: removed TODO and try_run() checks for legacy versions.
Andrey Zelenkov <zelenkov@nginx.com>
parents:
974
diff
changeset
|
59 $t->run(); |
|
974
882267679006
Tests: simplified parallel modifications in tests.
Andrey Zelenkov <zelenkov@nginx.com>
parents:
952
diff
changeset
|
60 $t->waitforsocket('127.0.0.1:' . port(8081)); |
|
612
bae9850e566c
Tests: some stream haproxy protocol tests.
Andrey Zelenkov <zelenkov@nginx.com>
parents:
diff
changeset
|
61 |
|
bae9850e566c
Tests: some stream haproxy protocol tests.
Andrey Zelenkov <zelenkov@nginx.com>
parents:
diff
changeset
|
62 ############################################################################### |
|
bae9850e566c
Tests: some stream haproxy protocol tests.
Andrey Zelenkov <zelenkov@nginx.com>
parents:
diff
changeset
|
63 |
|
974
882267679006
Tests: simplified parallel modifications in tests.
Andrey Zelenkov <zelenkov@nginx.com>
parents:
952
diff
changeset
|
64 my $dp = port(8080); |
|
952
e9064d691790
Tests: converted tests to run in parallel.
Andrey Zelenkov <zelenkov@nginx.com>
parents:
816
diff
changeset
|
65 my $s = stream('127.0.0.1:' . $dp); |
|
816
77359b849cd5
Tests: stream package.
Andrey Zelenkov <zelenkov@nginx.com>
parents:
711
diff
changeset
|
66 my $data = $s->io('close'); |
|
77359b849cd5
Tests: stream package.
Andrey Zelenkov <zelenkov@nginx.com>
parents:
711
diff
changeset
|
67 my $sp = $s->sockport(); |
|
952
e9064d691790
Tests: converted tests to run in parallel.
Andrey Zelenkov <zelenkov@nginx.com>
parents:
816
diff
changeset
|
68 is($data, "PROXY TCP4 127.0.0.1 127.0.0.1 $sp $dp${CRLF}close", 'protocol on'); |
|
612
bae9850e566c
Tests: some stream haproxy protocol tests.
Andrey Zelenkov <zelenkov@nginx.com>
parents:
diff
changeset
|
69 |
|
974
882267679006
Tests: simplified parallel modifications in tests.
Andrey Zelenkov <zelenkov@nginx.com>
parents:
952
diff
changeset
|
70 is(stream('127.0.0.1:' . port(8082))->io('close'), 'close', 'protocol off'); |
|
612
bae9850e566c
Tests: some stream haproxy protocol tests.
Andrey Zelenkov <zelenkov@nginx.com>
parents:
diff
changeset
|
71 |
|
bae9850e566c
Tests: some stream haproxy protocol tests.
Andrey Zelenkov <zelenkov@nginx.com>
parents:
diff
changeset
|
72 ############################################################################### |
|
bae9850e566c
Tests: some stream haproxy protocol tests.
Andrey Zelenkov <zelenkov@nginx.com>
parents:
diff
changeset
|
73 |
|
bae9850e566c
Tests: some stream haproxy protocol tests.
Andrey Zelenkov <zelenkov@nginx.com>
parents:
diff
changeset
|
74 sub stream_daemon { |
|
bae9850e566c
Tests: some stream haproxy protocol tests.
Andrey Zelenkov <zelenkov@nginx.com>
parents:
diff
changeset
|
75 my $server = IO::Socket::INET->new( |
|
bae9850e566c
Tests: some stream haproxy protocol tests.
Andrey Zelenkov <zelenkov@nginx.com>
parents:
diff
changeset
|
76 Proto => 'tcp', |
|
974
882267679006
Tests: simplified parallel modifications in tests.
Andrey Zelenkov <zelenkov@nginx.com>
parents:
952
diff
changeset
|
77 LocalAddr => '127.0.0.1:' . port(8081), |
|
612
bae9850e566c
Tests: some stream haproxy protocol tests.
Andrey Zelenkov <zelenkov@nginx.com>
parents:
diff
changeset
|
78 Listen => 5, |
|
bae9850e566c
Tests: some stream haproxy protocol tests.
Andrey Zelenkov <zelenkov@nginx.com>
parents:
diff
changeset
|
79 Reuse => 1 |
|
bae9850e566c
Tests: some stream haproxy protocol tests.
Andrey Zelenkov <zelenkov@nginx.com>
parents:
diff
changeset
|
80 ) |
|
bae9850e566c
Tests: some stream haproxy protocol tests.
Andrey Zelenkov <zelenkov@nginx.com>
parents:
diff
changeset
|
81 or die "Can't create listening socket: $!\n"; |
|
bae9850e566c
Tests: some stream haproxy protocol tests.
Andrey Zelenkov <zelenkov@nginx.com>
parents:
diff
changeset
|
82 |
|
bae9850e566c
Tests: some stream haproxy protocol tests.
Andrey Zelenkov <zelenkov@nginx.com>
parents:
diff
changeset
|
83 my $sel = IO::Select->new($server); |
|
bae9850e566c
Tests: some stream haproxy protocol tests.
Andrey Zelenkov <zelenkov@nginx.com>
parents:
diff
changeset
|
84 |
|
bae9850e566c
Tests: some stream haproxy protocol tests.
Andrey Zelenkov <zelenkov@nginx.com>
parents:
diff
changeset
|
85 local $SIG{PIPE} = 'IGNORE'; |
|
bae9850e566c
Tests: some stream haproxy protocol tests.
Andrey Zelenkov <zelenkov@nginx.com>
parents:
diff
changeset
|
86 |
|
bae9850e566c
Tests: some stream haproxy protocol tests.
Andrey Zelenkov <zelenkov@nginx.com>
parents:
diff
changeset
|
87 while (my @ready = $sel->can_read) { |
|
bae9850e566c
Tests: some stream haproxy protocol tests.
Andrey Zelenkov <zelenkov@nginx.com>
parents:
diff
changeset
|
88 foreach my $fh (@ready) { |
|
bae9850e566c
Tests: some stream haproxy protocol tests.
Andrey Zelenkov <zelenkov@nginx.com>
parents:
diff
changeset
|
89 if ($server == $fh) { |
|
bae9850e566c
Tests: some stream haproxy protocol tests.
Andrey Zelenkov <zelenkov@nginx.com>
parents:
diff
changeset
|
90 my $new = $fh->accept; |
|
bae9850e566c
Tests: some stream haproxy protocol tests.
Andrey Zelenkov <zelenkov@nginx.com>
parents:
diff
changeset
|
91 $new->autoflush(1); |
|
bae9850e566c
Tests: some stream haproxy protocol tests.
Andrey Zelenkov <zelenkov@nginx.com>
parents:
diff
changeset
|
92 $sel->add($new); |
|
bae9850e566c
Tests: some stream haproxy protocol tests.
Andrey Zelenkov <zelenkov@nginx.com>
parents:
diff
changeset
|
93 |
|
bae9850e566c
Tests: some stream haproxy protocol tests.
Andrey Zelenkov <zelenkov@nginx.com>
parents:
diff
changeset
|
94 } elsif (stream_handle_client($fh)) { |
|
bae9850e566c
Tests: some stream haproxy protocol tests.
Andrey Zelenkov <zelenkov@nginx.com>
parents:
diff
changeset
|
95 $sel->remove($fh); |
|
bae9850e566c
Tests: some stream haproxy protocol tests.
Andrey Zelenkov <zelenkov@nginx.com>
parents:
diff
changeset
|
96 $fh->close; |
|
bae9850e566c
Tests: some stream haproxy protocol tests.
Andrey Zelenkov <zelenkov@nginx.com>
parents:
diff
changeset
|
97 } |
|
bae9850e566c
Tests: some stream haproxy protocol tests.
Andrey Zelenkov <zelenkov@nginx.com>
parents:
diff
changeset
|
98 } |
|
bae9850e566c
Tests: some stream haproxy protocol tests.
Andrey Zelenkov <zelenkov@nginx.com>
parents:
diff
changeset
|
99 } |
|
bae9850e566c
Tests: some stream haproxy protocol tests.
Andrey Zelenkov <zelenkov@nginx.com>
parents:
diff
changeset
|
100 } |
|
bae9850e566c
Tests: some stream haproxy protocol tests.
Andrey Zelenkov <zelenkov@nginx.com>
parents:
diff
changeset
|
101 |
|
bae9850e566c
Tests: some stream haproxy protocol tests.
Andrey Zelenkov <zelenkov@nginx.com>
parents:
diff
changeset
|
102 sub stream_handle_client { |
|
bae9850e566c
Tests: some stream haproxy protocol tests.
Andrey Zelenkov <zelenkov@nginx.com>
parents:
diff
changeset
|
103 my ($client) = @_; |
|
bae9850e566c
Tests: some stream haproxy protocol tests.
Andrey Zelenkov <zelenkov@nginx.com>
parents:
diff
changeset
|
104 |
|
bae9850e566c
Tests: some stream haproxy protocol tests.
Andrey Zelenkov <zelenkov@nginx.com>
parents:
diff
changeset
|
105 log2c("(new connection $client)"); |
|
bae9850e566c
Tests: some stream haproxy protocol tests.
Andrey Zelenkov <zelenkov@nginx.com>
parents:
diff
changeset
|
106 |
|
bae9850e566c
Tests: some stream haproxy protocol tests.
Andrey Zelenkov <zelenkov@nginx.com>
parents:
diff
changeset
|
107 $client->sysread(my $buffer, 65536) or return 1; |
|
bae9850e566c
Tests: some stream haproxy protocol tests.
Andrey Zelenkov <zelenkov@nginx.com>
parents:
diff
changeset
|
108 |
|
bae9850e566c
Tests: some stream haproxy protocol tests.
Andrey Zelenkov <zelenkov@nginx.com>
parents:
diff
changeset
|
109 log2i("$client $buffer"); |
|
bae9850e566c
Tests: some stream haproxy protocol tests.
Andrey Zelenkov <zelenkov@nginx.com>
parents:
diff
changeset
|
110 |
|
bae9850e566c
Tests: some stream haproxy protocol tests.
Andrey Zelenkov <zelenkov@nginx.com>
parents:
diff
changeset
|
111 log2o("$client $buffer"); |
|
bae9850e566c
Tests: some stream haproxy protocol tests.
Andrey Zelenkov <zelenkov@nginx.com>
parents:
diff
changeset
|
112 |
|
bae9850e566c
Tests: some stream haproxy protocol tests.
Andrey Zelenkov <zelenkov@nginx.com>
parents:
diff
changeset
|
113 $client->syswrite($buffer); |
|
bae9850e566c
Tests: some stream haproxy protocol tests.
Andrey Zelenkov <zelenkov@nginx.com>
parents:
diff
changeset
|
114 |
|
bae9850e566c
Tests: some stream haproxy protocol tests.
Andrey Zelenkov <zelenkov@nginx.com>
parents:
diff
changeset
|
115 return $buffer =~ /close/; |
|
bae9850e566c
Tests: some stream haproxy protocol tests.
Andrey Zelenkov <zelenkov@nginx.com>
parents:
diff
changeset
|
116 } |
|
bae9850e566c
Tests: some stream haproxy protocol tests.
Andrey Zelenkov <zelenkov@nginx.com>
parents:
diff
changeset
|
117 |
|
bae9850e566c
Tests: some stream haproxy protocol tests.
Andrey Zelenkov <zelenkov@nginx.com>
parents:
diff
changeset
|
118 sub log2i { Test::Nginx::log_core('|| <<', @_); } |
|
bae9850e566c
Tests: some stream haproxy protocol tests.
Andrey Zelenkov <zelenkov@nginx.com>
parents:
diff
changeset
|
119 sub log2o { Test::Nginx::log_core('|| >>', @_); } |
|
bae9850e566c
Tests: some stream haproxy protocol tests.
Andrey Zelenkov <zelenkov@nginx.com>
parents:
diff
changeset
|
120 sub log2c { Test::Nginx::log_core('||', @_); } |
|
bae9850e566c
Tests: some stream haproxy protocol tests.
Andrey Zelenkov <zelenkov@nginx.com>
parents:
diff
changeset
|
121 |
|
bae9850e566c
Tests: some stream haproxy protocol tests.
Andrey Zelenkov <zelenkov@nginx.com>
parents:
diff
changeset
|
122 ############################################################################### |