Mercurial > hg > nginx-tests
comparison ssl_verify_depth.t @ 1117:3e2af4dedd9c
Tests: ssl_verify_depth.t cleanup.
Run only basic tests that don't depend on OpenSSL error codes or version.
author | Sergey Kandaurov <pluknet@nginx.com> |
---|---|
date | Mon, 23 Jan 2017 17:29:35 +0300 |
parents | 54e07593713a |
children | 5b22e2014f76 |
comparison
equal
deleted
inserted
replaced
1116:8ef51dbb5d69 | 1117:3e2af4dedd9c |
---|---|
26 plan(skip_all => 'IO::Socket::SSL not installed') if $@; | 26 plan(skip_all => 'IO::Socket::SSL not installed') if $@; |
27 eval { IO::Socket::SSL::SSL_VERIFY_NONE(); }; | 27 eval { IO::Socket::SSL::SSL_VERIFY_NONE(); }; |
28 plan(skip_all => 'IO::Socket::SSL too old') if $@; | 28 plan(skip_all => 'IO::Socket::SSL too old') if $@; |
29 | 29 |
30 my $t = Test::Nginx->new()->has(qw/http http_ssl/) | 30 my $t = Test::Nginx->new()->has(qw/http http_ssl/) |
31 ->has_daemon('openssl')->plan(7); | 31 ->has_daemon('openssl')->plan(2); |
32 | 32 |
33 $t->write_file_expand('nginx.conf', <<'EOF'); | 33 $t->write_file_expand('nginx.conf', <<'EOF'); |
34 | 34 |
35 %%TEST_GLOBALS%% | 35 %%TEST_GLOBALS%% |
36 | 36 |
43 %%TEST_GLOBALS_HTTP%% | 43 %%TEST_GLOBALS_HTTP%% |
44 | 44 |
45 ssl_certificate_key localhost.key; | 45 ssl_certificate_key localhost.key; |
46 ssl_certificate localhost.crt; | 46 ssl_certificate localhost.crt; |
47 | 47 |
48 ssl_verify_client optional_no_ca; | 48 ssl_verify_client on; |
49 ssl_client_certificate int-root.crt; | 49 ssl_client_certificate int-root.crt; |
50 | 50 |
51 add_header X-Verify $ssl_client_verify; | 51 add_header X-Verify $ssl_client_verify; |
52 | 52 |
53 server { | 53 server { |
54 listen 127.0.0.1:8080 ssl; | 54 listen 127.0.0.1:8080 ssl; |
55 server_name localhost; | 55 server_name localhost; |
56 ssl_verify_depth 0; | 56 ssl_verify_depth 0; |
57 } | |
58 | |
59 server { | |
60 listen 127.0.0.1:8081 ssl; | |
61 server_name localhost; | |
62 ssl_verify_depth 1; | |
63 } | |
64 | |
65 server { | |
66 listen 127.0.0.1:8082 ssl; | |
67 server_name localhost; | |
68 ssl_verify_depth 2; | |
69 } | 57 } |
70 } | 58 } |
71 | 59 |
72 EOF | 60 EOF |
73 | 61 |
138 $t->write_file('t', ''); | 126 $t->write_file('t', ''); |
139 $t->run(); | 127 $t->run(); |
140 | 128 |
141 ############################################################################### | 129 ############################################################################### |
142 | 130 |
143 like(get(8080, 'end'), qr/FAILED/, 'verify depth 2 max 0'); | 131 like(get(8080, 'root'), qr/SUCCESS/, 'verify depth'); |
144 | 132 like(get(8080, 'end'), qr/400 Bad Request/, 'verify depth limited'); |
145 TODO: { | |
146 local $TODO = 'not yet'; | |
147 | |
148 like(get(8081, 'end'), qr/FAILED/, 'verify depth 2 max 1'); | |
149 | |
150 } | |
151 | |
152 like(get(8082, 'end'), qr/SUCCESS/, 'verify depth 2 max 2'); | |
153 | |
154 like(get(8080, 'int'), qr/FAILED/, 'verify depth 1 max 0'); | |
155 like(get(8081, 'int'), qr/SUCCESS/, 'verify depth 1 max 1'); | |
156 like(get(8082, 'int'), qr/SUCCESS/, 'verify depth 1 max 2'); | |
157 | |
158 like(get(8080, 'root'), qr/SUCCESS/, 'verify depth 0 max 0'); | |
159 | 133 |
160 ############################################################################### | 134 ############################################################################### |
161 | 135 |
162 sub get { | 136 sub get { |
163 my ($port, $cert) = @_; | 137 my ($port, $cert) = @_; |