Mercurial > hg > nginx-tests
comparison ssl_curve.t @ 1749:34fc85598287
Tests: $ssl_curve.
| author | Sergey Kandaurov <pluknet@nginx.com> |
|---|---|
| date | Wed, 24 Nov 2021 19:28:03 +0300 |
| parents | |
| children | cdcd75657e52 |
comparison
equal
deleted
inserted
replaced
| 1748:b27bcded6449 | 1749:34fc85598287 |
|---|---|
| 1 #!/usr/bin/perl | |
| 2 | |
| 3 # (C) Sergey Kandaurov | |
| 4 # (C) Nginx, Inc. | |
| 5 | |
| 6 # Tests for http ssl module, $ssl_curve variable. | |
| 7 | |
| 8 ############################################################################### | |
| 9 | |
| 10 use warnings; | |
| 11 use strict; | |
| 12 | |
| 13 use Test::More; | |
| 14 | |
| 15 BEGIN { use FindBin; chdir($FindBin::Bin); } | |
| 16 | |
| 17 use lib 'lib'; | |
| 18 use Test::Nginx; | |
| 19 | |
| 20 ############################################################################### | |
| 21 | |
| 22 select STDERR; $| = 1; | |
| 23 select STDOUT; $| = 1; | |
| 24 | |
| 25 eval { require IO::Socket::SSL; }; | |
| 26 plan(skip_all => 'IO::Socket::SSL not installed') if $@; | |
| 27 eval { IO::Socket::SSL::SSL_VERIFY_NONE(); }; | |
| 28 plan(skip_all => 'IO::Socket::SSL too old') if $@; | |
| 29 | |
| 30 my $t = Test::Nginx->new()->has(qw/http http_ssl rewrite/) | |
| 31 ->has_daemon('openssl'); | |
| 32 | |
| 33 $t->{_configure_args} =~ /OpenSSL (\d+)/; | |
| 34 plan(skip_all => 'OpenSSL too old') unless defined $1 and $1 >= 3; | |
| 35 | |
| 36 $t->write_file_expand('nginx.conf', <<'EOF'); | |
| 37 | |
| 38 %%TEST_GLOBALS%% | |
| 39 | |
| 40 daemon off; | |
| 41 | |
| 42 events { | |
| 43 } | |
| 44 | |
| 45 http { | |
| 46 %%TEST_GLOBALS_HTTP%% | |
| 47 | |
| 48 ssl_certificate_key localhost.key; | |
| 49 ssl_certificate localhost.crt; | |
| 50 | |
| 51 ssl_ecdh_curve prime256v1; | |
| 52 | |
| 53 server { | |
| 54 listen 127.0.0.1:8443 ssl; | |
| 55 server_name localhost; | |
| 56 | |
| 57 return 200 "$ssl_curve $ssl_curves"; | |
| 58 } | |
| 59 } | |
| 60 | |
| 61 EOF | |
| 62 | |
| 63 $t->write_file('openssl.conf', <<EOF); | |
| 64 [ req ] | |
| 65 default_bits = 2048 | |
| 66 encrypt_key = no | |
| 67 distinguished_name = req_distinguished_name | |
| 68 [ req_distinguished_name ] | |
| 69 EOF | |
| 70 | |
| 71 my $d = $t->testdir(); | |
| 72 | |
| 73 foreach my $name ('localhost') { | |
| 74 system('openssl req -x509 -new ' | |
| 75 . "-config $d/openssl.conf -subj /CN=$name/ " | |
| 76 . "-out $d/$name.crt -keyout $d/$name.key " | |
| 77 . ">>$d/openssl.out 2>&1") == 0 | |
| 78 or die "Can't create certificate for $name: $!\n"; | |
| 79 } | |
| 80 | |
| 81 $t->try_run('no $ssl_curve')->plan(1); | |
| 82 | |
| 83 ############################################################################### | |
| 84 | |
| 85 like(get('/curve'), qr/^prime256v1 /m, 'ssl curve'); | |
| 86 | |
| 87 ############################################################################### | |
| 88 | |
| 89 sub get { | |
| 90 my ($uri, $port, $ctx) = @_; | |
| 91 my $s = get_ssl_socket($port) or return; | |
| 92 my $r = http_get($uri, socket => $s); | |
| 93 $s->close(); | |
| 94 return $r; | |
| 95 } | |
| 96 | |
| 97 sub get_ssl_socket { | |
| 98 my ($port, $ctx) = @_; | |
| 99 my $s; | |
| 100 | |
| 101 eval { | |
| 102 local $SIG{ALRM} = sub { die "timeout\n" }; | |
| 103 local $SIG{PIPE} = sub { die "sigpipe\n" }; | |
| 104 alarm(8); | |
| 105 $s = IO::Socket::SSL->new( | |
| 106 Proto => 'tcp', | |
| 107 PeerAddr => '127.0.0.1', | |
| 108 PeerPort => port(8443), | |
| 109 SSL_verify_mode => IO::Socket::SSL::SSL_VERIFY_NONE(), | |
| 110 SSL_error_trap => sub { die $_[1] }, | |
| 111 ); | |
| 112 alarm(0); | |
| 113 }; | |
| 114 alarm(0); | |
| 115 | |
| 116 if ($@) { | |
| 117 log_in("died: $@"); | |
| 118 return undef; | |
| 119 } | |
| 120 | |
| 121 return $s; | |
| 122 } | |
| 123 | |
| 124 ############################################################################### |