Mercurial > hg > nginx-tests

annotate stream_proxy_ssl_name_complex.t @ 1974:b5036a0f9ae0 default tip

Find changesets by keywords (author, files, the commit message), revision number or hash, or revset expression.
Tests: improved compatibility when using recent "openssl" app. Starting with OpenSSL 3.0, "openssl genrsa" generates encrypted keys in PKCS#8 format instead of previously used PKCS#1 format. Further, since OpenSSL 1.1.0 such keys are using PBKDF2 hmacWithSHA256. Such keys are not supported by old SSL libraries, notably by OpenSSL before 1.0.0 (OpenSSL 0.9.8 only supports hmacWithSHA1) and by BoringSSL before May 21, 2019 (support for hmacWithSHA256 was added in 302a4dee6c), and trying to load such keys into nginx compiled with an old SSL library results in "unsupported prf" errors. To facilitate testing with old SSL libraries, keys are now generated with "openssl genrsa -traditional" if the flag is available.
author Maxim Dounin <mdounin@mdounin.ru>
date Mon, 06 May 2024 00:04:26 +0300
parents f3ba4c74de31
children
Ignore whitespace changes - Everywhere: Within whitespace: At end of lines:
rev   line source
989
98546e08521f Tests: stream tests for proxy_ssl_name with complex value.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff changeset
1 #!/usr/bin/perl
98546e08521f Tests: stream tests for proxy_ssl_name with complex value.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff changeset
2
98546e08521f Tests: stream tests for proxy_ssl_name with complex value.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff changeset
3 # (C) Sergey Kandaurov
98546e08521f Tests: stream tests for proxy_ssl_name with complex value.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff changeset
4 # (C) Nginx, Inc.
98546e08521f Tests: stream tests for proxy_ssl_name with complex value.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff changeset
5
98546e08521f Tests: stream tests for proxy_ssl_name with complex value.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff changeset
6 # Stream tests for proxy to ssl backend, use of Server Name Indication
98546e08521f Tests: stream tests for proxy_ssl_name with complex value.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff changeset
7 # (proxy_ssl_name, proxy_ssl_server_name directives) with complex value.
98546e08521f Tests: stream tests for proxy_ssl_name with complex value.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff changeset
8
98546e08521f Tests: stream tests for proxy_ssl_name with complex value.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff changeset
9 ###############################################################################
98546e08521f Tests: stream tests for proxy_ssl_name with complex value.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff changeset
10
98546e08521f Tests: stream tests for proxy_ssl_name with complex value.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff changeset
11 use warnings;
98546e08521f Tests: stream tests for proxy_ssl_name with complex value.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff changeset
12 use strict;
98546e08521f Tests: stream tests for proxy_ssl_name with complex value.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff changeset
13
98546e08521f Tests: stream tests for proxy_ssl_name with complex value.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff changeset
14 use Test::More;
98546e08521f Tests: stream tests for proxy_ssl_name with complex value.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff changeset
15
98546e08521f Tests: stream tests for proxy_ssl_name with complex value.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff changeset
16 BEGIN { use FindBin; chdir($FindBin::Bin); }
98546e08521f Tests: stream tests for proxy_ssl_name with complex value.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff changeset
17
98546e08521f Tests: stream tests for proxy_ssl_name with complex value.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff changeset
18 use lib 'lib';
98546e08521f Tests: stream tests for proxy_ssl_name with complex value.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff changeset
19 use Test::Nginx;
98546e08521f Tests: stream tests for proxy_ssl_name with complex value.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff changeset
20 use Test::Nginx::Stream qw/ stream /;
98546e08521f Tests: stream tests for proxy_ssl_name with complex value.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff changeset
21
98546e08521f Tests: stream tests for proxy_ssl_name with complex value.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff changeset
22 ###############################################################################
98546e08521f Tests: stream tests for proxy_ssl_name with complex value.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff changeset
23
98546e08521f Tests: stream tests for proxy_ssl_name with complex value.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff changeset
24 select STDERR; $| = 1;
98546e08521f Tests: stream tests for proxy_ssl_name with complex value.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff changeset
25 select STDOUT; $| = 1;
98546e08521f Tests: stream tests for proxy_ssl_name with complex value.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff changeset
26
98546e08521f Tests: stream tests for proxy_ssl_name with complex value.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff changeset
27 my $t = Test::Nginx->new()->has(qw/stream stream_ssl stream_return sni/)
98546e08521f Tests: stream tests for proxy_ssl_name with complex value.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff changeset
28 ->has_daemon('openssl');
98546e08521f Tests: stream tests for proxy_ssl_name with complex value.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff changeset
29
98546e08521f Tests: stream tests for proxy_ssl_name with complex value.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff changeset
30 $t->write_file_expand('nginx.conf', <<'EOF');
98546e08521f Tests: stream tests for proxy_ssl_name with complex value.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff changeset
31
98546e08521f Tests: stream tests for proxy_ssl_name with complex value.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff changeset
32 %%TEST_GLOBALS%%
98546e08521f Tests: stream tests for proxy_ssl_name with complex value.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff changeset
33
98546e08521f Tests: stream tests for proxy_ssl_name with complex value.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff changeset
34 daemon off;
98546e08521f Tests: stream tests for proxy_ssl_name with complex value.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff changeset
35
98546e08521f Tests: stream tests for proxy_ssl_name with complex value.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff changeset
36 events {
98546e08521f Tests: stream tests for proxy_ssl_name with complex value.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff changeset
37 }
98546e08521f Tests: stream tests for proxy_ssl_name with complex value.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff changeset
38
98546e08521f Tests: stream tests for proxy_ssl_name with complex value.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff changeset
39 stream {
1609
f3ba4c74de31 Tests: added TEST_GLOBALS_STREAM variable support.
Andrei Belov <defan@nginx.com>
parents: 1488
diff changeset
40 %%TEST_GLOBALS_STREAM%%
f3ba4c74de31 Tests: added TEST_GLOBALS_STREAM variable support.
Andrei Belov <defan@nginx.com>
parents: 1488
diff changeset
41
989
98546e08521f Tests: stream tests for proxy_ssl_name with complex value.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff changeset
42 proxy_ssl on;
98546e08521f Tests: stream tests for proxy_ssl_name with complex value.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff changeset
43 proxy_ssl_session_reuse off;
98546e08521f Tests: stream tests for proxy_ssl_name with complex value.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff changeset
44
98546e08521f Tests: stream tests for proxy_ssl_name with complex value.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff changeset
45 server {
98546e08521f Tests: stream tests for proxy_ssl_name with complex value.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff changeset
46 listen 127.0.0.1:8081;
98546e08521f Tests: stream tests for proxy_ssl_name with complex value.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff changeset
47 listen 127.0.0.1:8082;
98546e08521f Tests: stream tests for proxy_ssl_name with complex value.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff changeset
48 proxy_pass 127.0.0.1:8085;
98546e08521f Tests: stream tests for proxy_ssl_name with complex value.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff changeset
49
98546e08521f Tests: stream tests for proxy_ssl_name with complex value.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff changeset
50 proxy_ssl_server_name on;
98546e08521f Tests: stream tests for proxy_ssl_name with complex value.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff changeset
51 proxy_ssl_name x${server_port}x;
98546e08521f Tests: stream tests for proxy_ssl_name with complex value.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff changeset
52 }
98546e08521f Tests: stream tests for proxy_ssl_name with complex value.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff changeset
53
98546e08521f Tests: stream tests for proxy_ssl_name with complex value.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff changeset
54 server {
98546e08521f Tests: stream tests for proxy_ssl_name with complex value.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff changeset
55 ssl_certificate_key localhost.key;
98546e08521f Tests: stream tests for proxy_ssl_name with complex value.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff changeset
56 ssl_certificate localhost.crt;
98546e08521f Tests: stream tests for proxy_ssl_name with complex value.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff changeset
57
98546e08521f Tests: stream tests for proxy_ssl_name with complex value.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff changeset
58 listen 127.0.0.1:8085 ssl;
98546e08521f Tests: stream tests for proxy_ssl_name with complex value.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff changeset
59 return $ssl_server_name;
98546e08521f Tests: stream tests for proxy_ssl_name with complex value.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff changeset
60 }
98546e08521f Tests: stream tests for proxy_ssl_name with complex value.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff changeset
61 }
98546e08521f Tests: stream tests for proxy_ssl_name with complex value.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff changeset
62
98546e08521f Tests: stream tests for proxy_ssl_name with complex value.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff changeset
63 EOF
98546e08521f Tests: stream tests for proxy_ssl_name with complex value.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff changeset
64
98546e08521f Tests: stream tests for proxy_ssl_name with complex value.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff changeset
65 $t->write_file('openssl.conf', <<EOF);
98546e08521f Tests: stream tests for proxy_ssl_name with complex value.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff changeset
66 [ req ]
1488
dbce8fb5f5f8 Tests: align with OpenSSL security level 2.
Sergey Kandaurov <pluknet@nginx.com>
parents: 1251
diff changeset
67 default_bits = 2048
989
98546e08521f Tests: stream tests for proxy_ssl_name with complex value.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff changeset
68 encrypt_key = no
98546e08521f Tests: stream tests for proxy_ssl_name with complex value.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff changeset
69 distinguished_name = req_distinguished_name
98546e08521f Tests: stream tests for proxy_ssl_name with complex value.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff changeset
70 [ req_distinguished_name ]
98546e08521f Tests: stream tests for proxy_ssl_name with complex value.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff changeset
71 EOF
98546e08521f Tests: stream tests for proxy_ssl_name with complex value.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff changeset
72
98546e08521f Tests: stream tests for proxy_ssl_name with complex value.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff changeset
73 my $d = $t->testdir();
98546e08521f Tests: stream tests for proxy_ssl_name with complex value.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff changeset
74
98546e08521f Tests: stream tests for proxy_ssl_name with complex value.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff changeset
75 foreach my $name ('localhost') {
98546e08521f Tests: stream tests for proxy_ssl_name with complex value.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff changeset
76 system('openssl req -x509 -new '
1220
0af58b78df35 Tests: removed single quotes from system() calls.
Sergey Kandaurov <pluknet@nginx.com>
parents: 1116
diff changeset
77 . "-config $d/openssl.conf -subj /CN=$name/ "
0af58b78df35 Tests: removed single quotes from system() calls.
Sergey Kandaurov <pluknet@nginx.com>
parents: 1116
diff changeset
78 . "-out $d/$name.crt -keyout $d/$name.key "
989
98546e08521f Tests: stream tests for proxy_ssl_name with complex value.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff changeset
79 . ">>$d/openssl.out 2>&1") == 0
98546e08521f Tests: stream tests for proxy_ssl_name with complex value.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff changeset
80 or die "Can't create certificate for $name: $!\n";
98546e08521f Tests: stream tests for proxy_ssl_name with complex value.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff changeset
81 }
98546e08521f Tests: stream tests for proxy_ssl_name with complex value.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff changeset
82
1251
766bcbb632ee Tests: removed TODO and try_run() checks for legacy versions.
Sergey Kandaurov <pluknet@nginx.com>
parents: 1220
diff changeset
83 $t->run()->plan(2);
989
98546e08521f Tests: stream tests for proxy_ssl_name with complex value.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff changeset
84
98546e08521f Tests: stream tests for proxy_ssl_name with complex value.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff changeset
85 ###############################################################################
98546e08521f Tests: stream tests for proxy_ssl_name with complex value.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff changeset
86
98546e08521f Tests: stream tests for proxy_ssl_name with complex value.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff changeset
87 my ($p1, $p2) = (port(8081), port(8082));
98546e08521f Tests: stream tests for proxy_ssl_name with complex value.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff changeset
88
98546e08521f Tests: stream tests for proxy_ssl_name with complex value.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff changeset
89 is(stream("127.0.0.1:$p1")->read(), "x${p1}x", 'name 1');
98546e08521f Tests: stream tests for proxy_ssl_name with complex value.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff changeset
90 is(stream("127.0.0.1:$p2")->read(), "x${p2}x", 'name 2');
98546e08521f Tests: stream tests for proxy_ssl_name with complex value.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff changeset
91
98546e08521f Tests: stream tests for proxy_ssl_name with complex value.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff changeset
92 ###############################################################################