Mercurial > hg > nginx-tests
comparison lib/Test/Nginx.pm @ 1865:0e1865aa9b33
Tests: reworked http SSL tests to use IO::Socket::SSL.
Relevant infrastructure is provided in Test::Nginx http() functions.
This also ensures that SSL handshake and various read and write operations
are guarded with timeouts.
The ssl_sni_reneg.t test uses IO::Socket::SSL::_get_ssl_object() to access
the Net::SSLeay object directly and trigger renegotation. While
not exactly correct, this seems to be good enough for tests.
Similarly, IO::Socket::SSL::_get_ssl_object() is used in ssl_stapling.t,
since SSL_ocsp_staple_callback is called with the socket instead of the
Net::SSLeay object.
Similarly, IO::Socket::SSL::_get_ssl_object() is used in ssl_verify_client.t,
since there seems to be no way to obtain CA list with IO::Socket::SSL.
Notable change to http() request interface is that http_end() now closes
the socket. This is to make sure that SSL connections are properly
closed and SSL sessions are not removed from the IO::Socket::SSL session
cache. This affected access_log.t, which was modified accordingly.
| author | Maxim Dounin <mdounin@mdounin.ru> |
|---|---|
| date | Thu, 18 May 2023 18:07:17 +0300 |
| parents | 58951cf933e1 |
| children | 8b74936ff2ac |
comparison
equal
deleted
inserted
replaced
| 1864:46351d990aee | 1865:0e1865aa9b33 |
|---|---|
| 836 my ($request, %extra) = @_; | 836 my ($request, %extra) = @_; |
| 837 | 837 |
| 838 my $s = http_start($request, %extra); | 838 my $s = http_start($request, %extra); |
| 839 | 839 |
| 840 return $s if $extra{start} or !defined $s; | 840 return $s if $extra{start} or !defined $s; |
| 841 return http_end($s); | 841 return http_end($s, %extra); |
| 842 } | 842 } |
| 843 | 843 |
| 844 sub http_start($;%) { | 844 sub http_start($;%) { |
| 845 my ($request, %extra) = @_; | 845 my ($request, %extra) = @_; |
| 846 my $s; | 846 my $s; |
| 847 | |
| 848 my $port = $extra{SSL} ? 8443 : 8080; | |
| 847 | 849 |
| 848 eval { | 850 eval { |
| 849 local $SIG{ALRM} = sub { die "timeout\n" }; | 851 local $SIG{ALRM} = sub { die "timeout\n" }; |
| 850 local $SIG{PIPE} = sub { die "sigpipe\n" }; | 852 local $SIG{PIPE} = sub { die "sigpipe\n" }; |
| 851 alarm(8); | 853 alarm(8); |
| 852 | 854 |
| 853 $s = $extra{socket} || IO::Socket::INET->new( | 855 $s = $extra{socket} || IO::Socket::INET->new( |
| 854 Proto => 'tcp', | 856 Proto => 'tcp', |
| 855 PeerAddr => '127.0.0.1:' . port(8080) | 857 PeerAddr => '127.0.0.1:' . port($port), |
| 858 %extra | |
| 856 ) | 859 ) |
| 857 or die "Can't connect to nginx: $!\n"; | 860 or die "Can't connect to nginx: $!\n"; |
| 861 | |
| 862 if ($extra{SSL}) { | |
| 863 require IO::Socket::SSL; | |
| 864 IO::Socket::SSL->start_SSL( | |
| 865 $s, | |
| 866 SSL_verify_mode => | |
| 867 IO::Socket::SSL::SSL_VERIFY_NONE(), | |
| 868 %extra | |
| 869 ) | |
| 870 or die $IO::Socket::SSL::SSL_ERROR . "\n"; | |
| 871 | |
| 872 log_in("ssl cipher: " . $s->get_cipher()); | |
| 873 log_in("ssl cert: " . $s->peer_certificate('issuer')); | |
| 874 } | |
| 858 | 875 |
| 859 log_out($request); | 876 log_out($request); |
| 860 $s->print($request); | 877 $s->print($request); |
| 861 | 878 |
| 862 select undef, undef, undef, $extra{sleep} if $extra{sleep}; | 879 select undef, undef, undef, $extra{sleep} if $extra{sleep}; |
| 887 local $SIG{PIPE} = sub { die "sigpipe\n" }; | 904 local $SIG{PIPE} = sub { die "sigpipe\n" }; |
| 888 alarm(8); | 905 alarm(8); |
| 889 | 906 |
| 890 local $/; | 907 local $/; |
| 891 $reply = $s->getline(); | 908 $reply = $s->getline(); |
| 909 | |
| 910 $s->close(); | |
| 892 | 911 |
| 893 alarm(0); | 912 alarm(0); |
| 894 }; | 913 }; |
| 895 alarm(0); | 914 alarm(0); |
| 896 if ($@) { | 915 if ($@) { |