Mercurial > hg > nginx-tests
comparison lib/Test/Nginx.pm @ 1865:0e1865aa9b33
Tests: reworked http SSL tests to use IO::Socket::SSL.
Relevant infrastructure is provided in Test::Nginx http() functions.
This also ensures that SSL handshake and various read and write operations
are guarded with timeouts.
The ssl_sni_reneg.t test uses IO::Socket::SSL::_get_ssl_object() to access
the Net::SSLeay object directly and trigger renegotation. While
not exactly correct, this seems to be good enough for tests.
Similarly, IO::Socket::SSL::_get_ssl_object() is used in ssl_stapling.t,
since SSL_ocsp_staple_callback is called with the socket instead of the
Net::SSLeay object.
Similarly, IO::Socket::SSL::_get_ssl_object() is used in ssl_verify_client.t,
since there seems to be no way to obtain CA list with IO::Socket::SSL.
Notable change to http() request interface is that http_end() now closes
the socket. This is to make sure that SSL connections are properly
closed and SSL sessions are not removed from the IO::Socket::SSL session
cache. This affected access_log.t, which was modified accordingly.
author | Maxim Dounin <mdounin@mdounin.ru> |
---|---|
date | Thu, 18 May 2023 18:07:17 +0300 |
parents | 58951cf933e1 |
children | 8b74936ff2ac |
comparison
equal
deleted
inserted
replaced
1864:46351d990aee | 1865:0e1865aa9b33 |
---|---|
836 my ($request, %extra) = @_; | 836 my ($request, %extra) = @_; |
837 | 837 |
838 my $s = http_start($request, %extra); | 838 my $s = http_start($request, %extra); |
839 | 839 |
840 return $s if $extra{start} or !defined $s; | 840 return $s if $extra{start} or !defined $s; |
841 return http_end($s); | 841 return http_end($s, %extra); |
842 } | 842 } |
843 | 843 |
844 sub http_start($;%) { | 844 sub http_start($;%) { |
845 my ($request, %extra) = @_; | 845 my ($request, %extra) = @_; |
846 my $s; | 846 my $s; |
847 | |
848 my $port = $extra{SSL} ? 8443 : 8080; | |
847 | 849 |
848 eval { | 850 eval { |
849 local $SIG{ALRM} = sub { die "timeout\n" }; | 851 local $SIG{ALRM} = sub { die "timeout\n" }; |
850 local $SIG{PIPE} = sub { die "sigpipe\n" }; | 852 local $SIG{PIPE} = sub { die "sigpipe\n" }; |
851 alarm(8); | 853 alarm(8); |
852 | 854 |
853 $s = $extra{socket} || IO::Socket::INET->new( | 855 $s = $extra{socket} || IO::Socket::INET->new( |
854 Proto => 'tcp', | 856 Proto => 'tcp', |
855 PeerAddr => '127.0.0.1:' . port(8080) | 857 PeerAddr => '127.0.0.1:' . port($port), |
858 %extra | |
856 ) | 859 ) |
857 or die "Can't connect to nginx: $!\n"; | 860 or die "Can't connect to nginx: $!\n"; |
861 | |
862 if ($extra{SSL}) { | |
863 require IO::Socket::SSL; | |
864 IO::Socket::SSL->start_SSL( | |
865 $s, | |
866 SSL_verify_mode => | |
867 IO::Socket::SSL::SSL_VERIFY_NONE(), | |
868 %extra | |
869 ) | |
870 or die $IO::Socket::SSL::SSL_ERROR . "\n"; | |
871 | |
872 log_in("ssl cipher: " . $s->get_cipher()); | |
873 log_in("ssl cert: " . $s->peer_certificate('issuer')); | |
874 } | |
858 | 875 |
859 log_out($request); | 876 log_out($request); |
860 $s->print($request); | 877 $s->print($request); |
861 | 878 |
862 select undef, undef, undef, $extra{sleep} if $extra{sleep}; | 879 select undef, undef, undef, $extra{sleep} if $extra{sleep}; |
887 local $SIG{PIPE} = sub { die "sigpipe\n" }; | 904 local $SIG{PIPE} = sub { die "sigpipe\n" }; |
888 alarm(8); | 905 alarm(8); |
889 | 906 |
890 local $/; | 907 local $/; |
891 $reply = $s->getline(); | 908 $reply = $s->getline(); |
909 | |
910 $s->close(); | |
892 | 911 |
893 alarm(0); | 912 alarm(0); |
894 }; | 913 }; |
895 alarm(0); | 914 alarm(0); |
896 if ($@) { | 915 if ($@) { |