Mercurial > hg > nginx-tests

comparison ssl_certificates.t @ 930:183a6b1f3fa5

Find changesets by keywords (author, files, the commit message), revision number or hash, or revset expression.
Tests: http ssl tests with multiple certificates (ticket #814).
author Sergey Kandaurov <pluknet@nginx.com>
date Thu, 19 May 2016 19:03:51 +0300
parents
children e9064d691790
comparison
equal deleted inserted replaced
929:15abee29016e 930:183a6b1f3fa5
1 #!/usr/bin/perl
2
3 # (C) Sergey Kandaurov
4 # (C) Nginx, Inc.
5
6 # Tests for http ssl module with multiple certificates.
7
8 ###############################################################################
9
10 use warnings;
11 use strict;
12
13 use Test::More;
14
15 BEGIN { use FindBin; chdir($FindBin::Bin); }
16
17 use lib 'lib';
18 use Test::Nginx;
19
20 ###############################################################################
21
22 select STDERR; $| = 1;
23 select STDOUT; $| = 1;
24
25 eval { require IO::Socket::SSL; };
26 plan(skip_all => 'IO::Socket::SSL not installed') if $@;
27 eval { IO::Socket::SSL::SSL_VERIFY_NONE(); };
28 plan(skip_all => 'IO::Socket::SSL too old') if $@;
29
30 my $t = Test::Nginx->new()->has(qw/http http_ssl/)->has_daemon('openssl');
31
32 $t->write_file_expand('nginx.conf', <<'EOF');
33
34 %%TEST_GLOBALS%%
35
36 daemon off;
37
38 events {
39 }
40
41 http {
42 %%TEST_GLOBALS_HTTP%%
43
44 ssl_dhparam dhparam.pem;
45
46 ssl_certificate_key rsa.key;
47 ssl_certificate rsa.crt;
48
49 server {
50 listen 127.0.0.1:8443 ssl;
51 server_name localhost;
52
53 ssl_certificate_key dsa.key;
54 ssl_certificate dsa.crt;
55
56 ssl_certificate_key rsa.key;
57 ssl_certificate rsa.crt;
58
59 ssl_certificate_key rsa.key;
60 ssl_certificate rsa.crt;
61 }
62 }
63
64 EOF
65
66 $t->write_file('openssl.conf', <<EOF);
67 [ req ]
68 default_bits = 2048
69 encrypt_key = no
70 distinguished_name = req_distinguished_name
71 [ req_distinguished_name ]
72 EOF
73
74 my $d = $t->testdir();
75
76 system("openssl dhparam -dsaparam 1024 -out '$d/dhparam.pem' "
77 . ">>$d/openssl.out 2>&1") == 0 or die "Can't create DH param: $!\n";
78 system("openssl genrsa -out '$d/rsa.key' >>$d/openssl.out 2>&1") == 0
79 or die "Can't create RSA pem: $!\n";
80 system("openssl dsaparam -genkey 1024 -out '$d/dsa.key' >>$d/openssl 2>&1") == 0
81 or die "Can't create DSA pem: $!\n";
82
83 foreach my $name ('dsa', 'rsa') {
84 system("openssl req -x509 -new -key '$d/$name.key' "
85 . "-config '$d/openssl.conf' -subj '/CN=$name/' "
86 . "-out '$d/$name.crt' -keyout '$d/$name.key' "
87 . ">>$d/openssl.out 2>&1") == 0
88 or die "Can't create certificate for $name: $!\n";
89 }
90
91 $t->try_run('no multiple certificates')->plan(2);
92
93 ###############################################################################
94
95 like(get_cert('RSA'), qr/CN=rsa/, 'ssl cert RSA');
96 like(get_cert('DSS'), qr/CN=dsa/, 'ssl cert DSA');
97
98 ###############################################################################
99
100 sub get_cert {
101 my ($ciphers) = @_;
102 my $s;
103
104 eval {
105 local $SIG{ALRM} = sub { die "timeout\n" };
106 local $SIG{PIPE} = sub { die "sigpipe\n" };
107 alarm(2);
108 $s = IO::Socket::SSL->new(
109 Proto => 'tcp',
110 PeerAddr => '127.0.0.1',
111 PeerPort => '8443',
112 SSL_verify_mode => IO::Socket::SSL::SSL_VERIFY_NONE(),
113 SSL_cipher_list => $ciphers,
114 SSL_error_trap => sub { die $_[1] }
115 );
116 alarm(0);
117 };
118 alarm(0);
119
120 if ($@) {
121 log_in("died: $@");
122 return undef;
123 }
124
125 my $cipher = $s->get_cipher();
126
127 Test::Nginx::log_core('||', "cipher: $cipher");
128
129 return $s->dump_peer_certificate;
130 }
131
132 ###############################################################################