Mercurial > hg > nginx-tests
comparison ssl_certificates.t @ 930:183a6b1f3fa5
Tests: http ssl tests with multiple certificates (ticket #814).
author | Sergey Kandaurov <pluknet@nginx.com> |
---|---|
date | Thu, 19 May 2016 19:03:51 +0300 |
parents | |
children | e9064d691790 |
comparison
equal
deleted
inserted
replaced
929:15abee29016e | 930:183a6b1f3fa5 |
---|---|
1 #!/usr/bin/perl | |
2 | |
3 # (C) Sergey Kandaurov | |
4 # (C) Nginx, Inc. | |
5 | |
6 # Tests for http ssl module with multiple certificates. | |
7 | |
8 ############################################################################### | |
9 | |
10 use warnings; | |
11 use strict; | |
12 | |
13 use Test::More; | |
14 | |
15 BEGIN { use FindBin; chdir($FindBin::Bin); } | |
16 | |
17 use lib 'lib'; | |
18 use Test::Nginx; | |
19 | |
20 ############################################################################### | |
21 | |
22 select STDERR; $| = 1; | |
23 select STDOUT; $| = 1; | |
24 | |
25 eval { require IO::Socket::SSL; }; | |
26 plan(skip_all => 'IO::Socket::SSL not installed') if $@; | |
27 eval { IO::Socket::SSL::SSL_VERIFY_NONE(); }; | |
28 plan(skip_all => 'IO::Socket::SSL too old') if $@; | |
29 | |
30 my $t = Test::Nginx->new()->has(qw/http http_ssl/)->has_daemon('openssl'); | |
31 | |
32 $t->write_file_expand('nginx.conf', <<'EOF'); | |
33 | |
34 %%TEST_GLOBALS%% | |
35 | |
36 daemon off; | |
37 | |
38 events { | |
39 } | |
40 | |
41 http { | |
42 %%TEST_GLOBALS_HTTP%% | |
43 | |
44 ssl_dhparam dhparam.pem; | |
45 | |
46 ssl_certificate_key rsa.key; | |
47 ssl_certificate rsa.crt; | |
48 | |
49 server { | |
50 listen 127.0.0.1:8443 ssl; | |
51 server_name localhost; | |
52 | |
53 ssl_certificate_key dsa.key; | |
54 ssl_certificate dsa.crt; | |
55 | |
56 ssl_certificate_key rsa.key; | |
57 ssl_certificate rsa.crt; | |
58 | |
59 ssl_certificate_key rsa.key; | |
60 ssl_certificate rsa.crt; | |
61 } | |
62 } | |
63 | |
64 EOF | |
65 | |
66 $t->write_file('openssl.conf', <<EOF); | |
67 [ req ] | |
68 default_bits = 2048 | |
69 encrypt_key = no | |
70 distinguished_name = req_distinguished_name | |
71 [ req_distinguished_name ] | |
72 EOF | |
73 | |
74 my $d = $t->testdir(); | |
75 | |
76 system("openssl dhparam -dsaparam 1024 -out '$d/dhparam.pem' " | |
77 . ">>$d/openssl.out 2>&1") == 0 or die "Can't create DH param: $!\n"; | |
78 system("openssl genrsa -out '$d/rsa.key' >>$d/openssl.out 2>&1") == 0 | |
79 or die "Can't create RSA pem: $!\n"; | |
80 system("openssl dsaparam -genkey 1024 -out '$d/dsa.key' >>$d/openssl 2>&1") == 0 | |
81 or die "Can't create DSA pem: $!\n"; | |
82 | |
83 foreach my $name ('dsa', 'rsa') { | |
84 system("openssl req -x509 -new -key '$d/$name.key' " | |
85 . "-config '$d/openssl.conf' -subj '/CN=$name/' " | |
86 . "-out '$d/$name.crt' -keyout '$d/$name.key' " | |
87 . ">>$d/openssl.out 2>&1") == 0 | |
88 or die "Can't create certificate for $name: $!\n"; | |
89 } | |
90 | |
91 $t->try_run('no multiple certificates')->plan(2); | |
92 | |
93 ############################################################################### | |
94 | |
95 like(get_cert('RSA'), qr/CN=rsa/, 'ssl cert RSA'); | |
96 like(get_cert('DSS'), qr/CN=dsa/, 'ssl cert DSA'); | |
97 | |
98 ############################################################################### | |
99 | |
100 sub get_cert { | |
101 my ($ciphers) = @_; | |
102 my $s; | |
103 | |
104 eval { | |
105 local $SIG{ALRM} = sub { die "timeout\n" }; | |
106 local $SIG{PIPE} = sub { die "sigpipe\n" }; | |
107 alarm(2); | |
108 $s = IO::Socket::SSL->new( | |
109 Proto => 'tcp', | |
110 PeerAddr => '127.0.0.1', | |
111 PeerPort => '8443', | |
112 SSL_verify_mode => IO::Socket::SSL::SSL_VERIFY_NONE(), | |
113 SSL_cipher_list => $ciphers, | |
114 SSL_error_trap => sub { die $_[1] } | |
115 ); | |
116 alarm(0); | |
117 }; | |
118 alarm(0); | |
119 | |
120 if ($@) { | |
121 log_in("died: $@"); | |
122 return undef; | |
123 } | |
124 | |
125 my $cipher = $s->get_cipher(); | |
126 | |
127 Test::Nginx::log_core('||', "cipher: $cipher"); | |
128 | |
129 return $s->dump_peer_certificate; | |
130 } | |
131 | |
132 ############################################################################### |