Mercurial > hg > nginx-tests
comparison proxy_ssl_conf_command.t @ 1697:5386f4328b90
Tests: added OpenSSL command tests for uwsgi and grpc backends.
| author | Sergey Kandaurov <pluknet@nginx.com> |
|---|---|
| date | Wed, 02 Jun 2021 15:51:29 +0300 |
| parents | 4baeba0e0da2 |
| children | 58951cf933e1 |
comparison
equal
deleted
inserted
replaced
| 1696:4baeba0e0da2 | 1697:5386f4328b90 |
|---|---|
| 1 #!/usr/bin/perl | 1 #!/usr/bin/perl |
| 2 | 2 |
| 3 # (C) Sergey Kandaurov | 3 # (C) Sergey Kandaurov |
| 4 # (C) Nginx, Inc. | 4 # (C) Nginx, Inc. |
| 5 | 5 |
| 6 # Tests for http proxy to ssl backend, proxy_ssl_conf_command. | 6 # Tests for proxy_ssl_conf_command and friends. |
| 7 | 7 |
| 8 ############################################################################### | 8 ############################################################################### |
| 9 | 9 |
| 10 use warnings; | 10 use warnings; |
| 11 use strict; | 11 use strict; |
| 20 ############################################################################### | 20 ############################################################################### |
| 21 | 21 |
| 22 select STDERR; $| = 1; | 22 select STDERR; $| = 1; |
| 23 select STDOUT; $| = 1; | 23 select STDOUT; $| = 1; |
| 24 | 24 |
| 25 my $t = Test::Nginx->new()->has(qw/http http_ssl proxy/) | 25 my $t = Test::Nginx->new()->has(qw/http http_ssl proxy uwsgi http_v2 grpc/) |
| 26 ->has_daemon('openssl'); | 26 ->has_daemon('openssl'); |
| 27 | 27 |
| 28 $t->{_configure_args} =~ /OpenSSL ([\d\.]+)/; | 28 $t->{_configure_args} =~ /OpenSSL ([\d\.]+)/; |
| 29 plan(skip_all => 'OpenSSL too old') unless defined $1 and $1 ge '1.0.2'; | 29 plan(skip_all => 'OpenSSL too old') unless defined $1 and $1 ge '1.0.2'; |
| 30 plan(skip_all => 'no ssl_conf_command') if $t->has_module('BoringSSL'); | 30 plan(skip_all => 'no ssl_conf_command') if $t->has_module('BoringSSL'); |
| 43 | 43 |
| 44 server { | 44 server { |
| 45 listen 127.0.0.1:8080; | 45 listen 127.0.0.1:8080; |
| 46 server_name localhost; | 46 server_name localhost; |
| 47 | 47 |
| 48 proxy_ssl_certificate localhost.crt; | 48 location / { |
| 49 proxy_ssl_certificate_key localhost.key; | 49 proxy_ssl_certificate localhost.crt; |
| 50 proxy_ssl_conf_command Certificate override.crt; | 50 proxy_ssl_certificate_key localhost.key; |
| 51 proxy_ssl_conf_command PrivateKey override.key; | 51 proxy_ssl_conf_command Certificate override.crt; |
| 52 proxy_ssl_conf_command PrivateKey override.key; | |
| 53 proxy_pass https://127.0.0.1:8081; | |
| 54 } | |
| 52 | 55 |
| 53 location / { | 56 location /uwsgi { |
| 54 proxy_pass https://127.0.0.1:8081/; | 57 uwsgi_ssl_certificate localhost.crt; |
| 58 uwsgi_ssl_certificate_key localhost.key; | |
| 59 uwsgi_ssl_conf_command Certificate override.crt; | |
| 60 uwsgi_ssl_conf_command PrivateKey override.key; | |
| 61 uwsgi_ssl_session_reuse off; | |
| 62 uwsgi_pass suwsgi://127.0.0.1:8081; | |
| 63 } | |
| 64 | |
| 65 location /grpc { | |
| 66 grpc_ssl_certificate localhost.crt; | |
| 67 grpc_ssl_certificate_key localhost.key; | |
| 68 grpc_ssl_conf_command Certificate override.crt; | |
| 69 grpc_ssl_conf_command PrivateKey override.key; | |
| 70 grpc_pass grpcs://127.0.0.1:8082; | |
| 55 } | 71 } |
| 56 } | 72 } |
| 57 | 73 |
| 58 server { | 74 server { |
| 59 listen 127.0.0.1:8081 ssl; | 75 listen 127.0.0.1:8081 ssl; |
| 76 listen 127.0.0.1:8082 ssl http2; | |
| 60 server_name localhost; | 77 server_name localhost; |
| 61 | 78 |
| 62 ssl_certificate localhost.crt; | 79 ssl_certificate localhost.crt; |
| 63 ssl_certificate_key localhost.key; | 80 ssl_certificate_key localhost.key; |
| 64 ssl_verify_client optional_no_ca; | 81 ssl_verify_client optional_no_ca; |
| 65 | 82 |
| 66 location / { | 83 # stub to implement SSL logic for tests |
| 67 add_header X-Cert $ssl_client_s_dn; | 84 |
| 68 } | 85 add_header X-Cert $ssl_client_s_dn always; |
| 69 } | 86 } |
| 70 } | 87 } |
| 71 | 88 |
| 72 EOF | 89 EOF |
| 73 | 90 |
| 88 . ">>$d/openssl.out 2>&1") == 0 | 105 . ">>$d/openssl.out 2>&1") == 0 |
| 89 or die "Can't create certificate for $name: $!\n"; | 106 or die "Can't create certificate for $name: $!\n"; |
| 90 } | 107 } |
| 91 | 108 |
| 92 $t->write_file('index.html', ''); | 109 $t->write_file('index.html', ''); |
| 93 $t->run()->plan(1); | 110 $t->run()->plan(3); |
| 94 | 111 |
| 95 ############################################################################### | 112 ############################################################################### |
| 96 | 113 |
| 97 like(http_get('/'), qr/CN=override/, 'Certificate'); | 114 like(http_get('/'), qr/CN=override/, 'proxy_ssl_conf_command'); |
| 115 like(http_get('/uwsgi'), qr/CN=override/, 'uwsgi_ssl_conf_command'); | |
| 116 like(http_get('/grpc'), qr/CN=override/, 'grpc_ssl_conf_command'); | |
| 98 | 117 |
| 99 ############################################################################### | 118 ############################################################################### |