Mercurial > hg > nginx-tests
comparison ssl_client_escaped_cert.t @ 1209:0d9df274e3a3
Tests: ssl_client_escaped_cert variable tests.
author | Sergey Kandaurov <pluknet@nginx.com> |
---|---|
date | Tue, 22 Aug 2017 17:14:43 +0300 |
parents | |
children | 97c8280de681 |
comparison
equal
deleted
inserted
replaced
1208:a6453cf5786a | 1209:0d9df274e3a3 |
---|---|
1 #!/usr/bin/perl | |
2 | |
3 # (C) Sergey Kandaurov | |
4 # (C) Nginx, Inc. | |
5 | |
6 # Tests for http ssl module, $ssl_client_escaped_cert variable. | |
7 | |
8 ############################################################################### | |
9 | |
10 use warnings; | |
11 use strict; | |
12 | |
13 use Test::More; | |
14 | |
15 BEGIN { use FindBin; chdir($FindBin::Bin); } | |
16 | |
17 use lib 'lib'; | |
18 use Test::Nginx; | |
19 | |
20 ############################################################################### | |
21 | |
22 select STDERR; $| = 1; | |
23 select STDOUT; $| = 1; | |
24 | |
25 eval { require IO::Socket::SSL; }; | |
26 plan(skip_all => 'IO::Socket::SSL not installed') if $@; | |
27 eval { IO::Socket::SSL::SSL_VERIFY_NONE(); }; | |
28 plan(skip_all => 'IO::Socket::SSL too old') if $@; | |
29 | |
30 my $t = Test::Nginx->new()->has(qw/http http_ssl rewrite/) | |
31 ->has_daemon('openssl'); | |
32 | |
33 $t->write_file_expand('nginx.conf', <<'EOF'); | |
34 | |
35 %%TEST_GLOBALS%% | |
36 | |
37 daemon off; | |
38 | |
39 events { | |
40 } | |
41 | |
42 http { | |
43 %%TEST_GLOBALS_HTTP%% | |
44 | |
45 ssl_certificate_key localhost.key; | |
46 ssl_certificate localhost.crt; | |
47 ssl_verify_client optional_no_ca; | |
48 | |
49 server { | |
50 listen 127.0.0.1:8443 ssl; | |
51 server_name localhost; | |
52 | |
53 location /cert { | |
54 return 200 $ssl_client_raw_cert; | |
55 } | |
56 location /escaped { | |
57 return 200 $ssl_client_escaped_cert; | |
58 } | |
59 } | |
60 } | |
61 | |
62 EOF | |
63 | |
64 $t->write_file('openssl.conf', <<EOF); | |
65 [ req ] | |
66 default_bits = 1024 | |
67 encrypt_key = no | |
68 distinguished_name = req_distinguished_name | |
69 [ req_distinguished_name ] | |
70 EOF | |
71 | |
72 my $d = $t->testdir(); | |
73 | |
74 foreach my $name ('localhost') { | |
75 system('openssl req -x509 -new ' | |
76 . "-config $d/openssl.conf -subj /CN=$name/ " | |
77 . "-out $d/$name.crt -keyout $d/$name.key " | |
78 . ">>$d/openssl.out 2>&1") == 0 | |
79 or die "Can't create certificate for $name: $!\n"; | |
80 } | |
81 | |
82 $t->try_run('no ssl_client_escaped_cert')->plan(3); | |
83 | |
84 ############################################################################### | |
85 | |
86 my ($cert) = cert('/cert') =~ /\x0d\x0a?\x0d\x0a?(.*)/ms; | |
87 my ($escaped) = cert('/escaped') =~ /\x0d\x0a?\x0d\x0a?(.*)/ms; | |
88 | |
89 ok($cert, 'ssl_client_raw_cert'); | |
90 ok($escaped, 'ssl_client_escaped_cert'); | |
91 | |
92 $escaped =~ s/%([0-9A-Fa-f]{2})/chr(hex($1))/eg; | |
93 is($escaped, $cert, 'ssl_client_escaped_cert unescape match'); | |
94 | |
95 ############################################################################### | |
96 | |
97 sub cert { | |
98 my ($uri) = @_; | |
99 my $s; | |
100 | |
101 eval { | |
102 local $SIG{ALRM} = sub { die "timeout\n" }; | |
103 local $SIG{PIPE} = sub { die "sigpipe\n" }; | |
104 alarm(2); | |
105 $s = IO::Socket::SSL->new( | |
106 Proto => 'tcp', | |
107 PeerAddr => '127.0.0.1', | |
108 PeerPort => port(8443), | |
109 SSL_verify_mode => IO::Socket::SSL::SSL_VERIFY_NONE(), | |
110 SSL_cert_file => "$d/localhost.crt", | |
111 SSL_key_file => "$d/localhost.key", | |
112 SSL_error_trap => sub { die $_[1] }, | |
113 ); | |
114 alarm(0); | |
115 }; | |
116 alarm(0); | |
117 | |
118 if ($@) { | |
119 log_in("died: $@"); | |
120 return undef; | |
121 } | |
122 | |
123 http_get($uri, socket => $s); | |
124 } | |
125 | |
126 ############################################################################### |