Mercurial > hg > nginx-tests
comparison proxy_ssl_name.t @ 393:3c9aeeb09ac8
Tests: proxy_ssl_name and proxy_ssl_verify tests.
author | Maxim Dounin <mdounin@mdounin.ru> |
---|---|
date | Fri, 18 Apr 2014 18:42:33 +0400 |
parents | |
children | 907e89fba9c3 |
comparison
equal
deleted
inserted
replaced
392:c28ecaef065f | 393:3c9aeeb09ac8 |
---|---|
1 #!/usr/bin/perl | |
2 | |
3 # (C) Maxim Dounin | |
4 # (C) Nginx, Inc. | |
5 | |
6 # Tests for proxy to ssl backend, use of Server Name Indication | |
7 # (proxy_ssl_name, proxy_ssl_server_name directives). | |
8 | |
9 ############################################################################### | |
10 | |
11 use warnings; | |
12 use strict; | |
13 | |
14 use Test::More; | |
15 | |
16 BEGIN { use FindBin; chdir($FindBin::Bin); } | |
17 | |
18 use lib 'lib'; | |
19 use Test::Nginx; | |
20 | |
21 ############################################################################### | |
22 | |
23 select STDERR; $| = 1; | |
24 select STDOUT; $| = 1; | |
25 | |
26 my $t = Test::Nginx->new()->has(qw/http http_ssl sni proxy/) | |
27 ->has_daemon('openssl') | |
28 ->write_file_expand('nginx.conf', <<'EOF'); | |
29 | |
30 %%TEST_GLOBALS%% | |
31 | |
32 daemon off; | |
33 | |
34 events { | |
35 } | |
36 | |
37 http { | |
38 %%TEST_GLOBALS_HTTP%% | |
39 | |
40 upstream backend { | |
41 server 127.0.0.1:8081; | |
42 } | |
43 | |
44 upstream backend2 { | |
45 server 127.0.0.1:8081; | |
46 } | |
47 | |
48 server { | |
49 listen 127.0.0.1:8080; | |
50 server_name localhost; | |
51 | |
52 # session reuse is off, as sessions are cached | |
53 # for a particular upstream, and resumed session | |
54 # will use server name previously negotiated | |
55 | |
56 proxy_ssl_session_reuse off; | |
57 | |
58 location /1 { | |
59 proxy_pass https://127.0.0.1:8081/; | |
60 proxy_ssl_name 1.example.com; | |
61 proxy_ssl_server_name on; | |
62 } | |
63 | |
64 location /2 { | |
65 proxy_pass https://127.0.0.1:8081/; | |
66 proxy_ssl_name 2.example.com; | |
67 proxy_ssl_server_name on; | |
68 | |
69 } | |
70 | |
71 location /off { | |
72 proxy_pass https://backend/; | |
73 proxy_ssl_server_name off; | |
74 } | |
75 | |
76 location /default { | |
77 proxy_pass https://backend/; | |
78 proxy_ssl_server_name on; | |
79 } | |
80 | |
81 location /default2 { | |
82 proxy_pass https://backend2/; | |
83 proxy_ssl_server_name on; | |
84 } | |
85 | |
86 location /port { | |
87 proxy_pass https://backend/; | |
88 proxy_ssl_server_name on; | |
89 proxy_ssl_name backend:123; | |
90 } | |
91 | |
92 location /ip { | |
93 proxy_pass https://127.0.0.1:8081/; | |
94 proxy_ssl_server_name on; | |
95 } | |
96 | |
97 #location /ip6 { | |
98 # proxy_pass https://[::1]:8081/; | |
99 # proxy_ssl_server_name on; | |
100 #} | |
101 } | |
102 | |
103 server { | |
104 listen 127.0.0.1:8081 ssl; | |
105 #listen [::1]:8081 ssl; | |
106 server_name 1.example.com; | |
107 | |
108 ssl_certificate localhost.crt; | |
109 ssl_certificate_key localhost.key; | |
110 | |
111 add_header X-Name $ssl_server_name,; | |
112 } | |
113 } | |
114 | |
115 EOF | |
116 | |
117 $t->write_file('openssl.conf', <<EOF); | |
118 [ req ] | |
119 default_bits = 1024 | |
120 encrypt_key = no | |
121 distinguished_name = req_distinguished_name | |
122 [ req_distinguished_name ] | |
123 EOF | |
124 | |
125 my $d = $t->testdir(); | |
126 | |
127 foreach my $name ('localhost') { | |
128 system('openssl req -x509 -new ' | |
129 . "-config '$d/openssl.conf' -subj '/commonName=$name/' " | |
130 . "-out '$d/$name.crt' -keyout '$d/$name.key' " | |
131 . ">>$d/openssl.out 2>&1") == 0 | |
132 or die "Can't create certificate for $name: $!\n"; | |
133 } | |
134 | |
135 $t->write_file('index.html', ''); | |
136 | |
137 $t->try_run('no proxy_ssl_name')->plan(8); | |
138 | |
139 ############################################################################### | |
140 | |
141 like(http_get('/1'), qr/200 OK.*X-Name: 1.example.com,/ms, 'name 1'); | |
142 like(http_get('/2'), qr/200 OK.*X-Name: 2.example.com,/ms, 'name 2'); | |
143 like(http_get('/off'), qr/200 OK.*X-Name: ,/ms, 'no name'); | |
144 | |
145 like(http_get('/default'), qr/200 OK.*X-Name: backend,/ms, 'default'); | |
146 like(http_get('/default2'), qr/200 OK.*X-Name: backend2,/ms, 'default2'); | |
147 like(http_get('/default'), qr/200 OK.*X-Name: backend,/ms, 'default again'); | |
148 | |
149 like(http_get('/port'), qr/200 OK.*X-Name: backend,/ms, 'no port in name'); | |
150 like(http_get('/ip'), qr/200 OK.*X-Name: ,/ms, 'no ip'); | |
151 #like(http_get('/ip6'), qr/200 OK.*X-Name: ,/ms, 'no ipv6'); | |
152 | |
153 ############################################################################### |