Mercurial > hg > nginx-tests

comparison ssl_client_escaped_cert.t @ 1209:0d9df274e3a3

Find changesets by keywords (author, files, the commit message), revision number or hash, or revset expression.
Tests: ssl_client_escaped_cert variable tests.
author Sergey Kandaurov <pluknet@nginx.com>
date Tue, 22 Aug 2017 17:14:43 +0300
parents
children 97c8280de681
comparison
equal deleted inserted replaced
1208:a6453cf5786a 1209:0d9df274e3a3
1 #!/usr/bin/perl
2
3 # (C) Sergey Kandaurov
4 # (C) Nginx, Inc.
5
6 # Tests for http ssl module, $ssl_client_escaped_cert variable.
7
8 ###############################################################################
9
10 use warnings;
11 use strict;
12
13 use Test::More;
14
15 BEGIN { use FindBin; chdir($FindBin::Bin); }
16
17 use lib 'lib';
18 use Test::Nginx;
19
20 ###############################################################################
21
22 select STDERR; $| = 1;
23 select STDOUT; $| = 1;
24
25 eval { require IO::Socket::SSL; };
26 plan(skip_all => 'IO::Socket::SSL not installed') if $@;
27 eval { IO::Socket::SSL::SSL_VERIFY_NONE(); };
28 plan(skip_all => 'IO::Socket::SSL too old') if $@;
29
30 my $t = Test::Nginx->new()->has(qw/http http_ssl rewrite/)
31 ->has_daemon('openssl');
32
33 $t->write_file_expand('nginx.conf', <<'EOF');
34
35 %%TEST_GLOBALS%%
36
37 daemon off;
38
39 events {
40 }
41
42 http {
43 %%TEST_GLOBALS_HTTP%%
44
45 ssl_certificate_key localhost.key;
46 ssl_certificate localhost.crt;
47 ssl_verify_client optional_no_ca;
48
49 server {
50 listen 127.0.0.1:8443 ssl;
51 server_name localhost;
52
53 location /cert {
54 return 200 $ssl_client_raw_cert;
55 }
56 location /escaped {
57 return 200 $ssl_client_escaped_cert;
58 }
59 }
60 }
61
62 EOF
63
64 $t->write_file('openssl.conf', <<EOF);
65 [ req ]
66 default_bits = 1024
67 encrypt_key = no
68 distinguished_name = req_distinguished_name
69 [ req_distinguished_name ]
70 EOF
71
72 my $d = $t->testdir();
73
74 foreach my $name ('localhost') {
75 system('openssl req -x509 -new '
76 . "-config $d/openssl.conf -subj /CN=$name/ "
77 . "-out $d/$name.crt -keyout $d/$name.key "
78 . ">>$d/openssl.out 2>&1") == 0
79 or die "Can't create certificate for $name: $!\n";
80 }
81
82 $t->try_run('no ssl_client_escaped_cert')->plan(3);
83
84 ###############################################################################
85
86 my ($cert) = cert('/cert') =~ /\x0d\x0a?\x0d\x0a?(.*)/ms;
87 my ($escaped) = cert('/escaped') =~ /\x0d\x0a?\x0d\x0a?(.*)/ms;
88
89 ok($cert, 'ssl_client_raw_cert');
90 ok($escaped, 'ssl_client_escaped_cert');
91
92 $escaped =~ s/%([0-9A-Fa-f]{2})/chr(hex($1))/eg;
93 is($escaped, $cert, 'ssl_client_escaped_cert unescape match');
94
95 ###############################################################################
96
97 sub cert {
98 my ($uri) = @_;
99 my $s;
100
101 eval {
102 local $SIG{ALRM} = sub { die "timeout\n" };
103 local $SIG{PIPE} = sub { die "sigpipe\n" };
104 alarm(2);
105 $s = IO::Socket::SSL->new(
106 Proto => 'tcp',
107 PeerAddr => '127.0.0.1',
108 PeerPort => port(8443),
109 SSL_verify_mode => IO::Socket::SSL::SSL_VERIFY_NONE(),
110 SSL_cert_file => "$d/localhost.crt",
111 SSL_key_file => "$d/localhost.key",
112 SSL_error_trap => sub { die $_[1] },
113 );
114 alarm(0);
115 };
116 alarm(0);
117
118 if ($@) {
119 log_in("died: $@");
120 return undef;
121 }
122
123 http_get($uri, socket => $s);
124 }
125
126 ###############################################################################