Mercurial > hg > nginx-tests

comparison ssl_sni_reneg.t @ 807:5540ee8a12ce

Find changesets by keywords (author, files, the commit message), revision number or hash, or revset expression.
Tests: https sni tests with renegotiation (ticket #845).
author Sergey Kandaurov <pluknet@nginx.com>
date Wed, 16 Dec 2015 15:27:49 +0300
parents
children e9064d691790
comparison
equal deleted inserted replaced
806:ffdd33c64193 807:5540ee8a12ce
1 #!/usr/bin/perl
2
3 # (C) Sergey Kandaurov
4 # (C) Nginx, Inc.
5
6 # Tests for http ssl module with SNI and renegotiation.
7
8 ###############################################################################
9
10 use warnings;
11 use strict;
12
13 use Test::More;
14
15 use Socket qw/ :DEFAULT CRLF /;
16
17 BEGIN { use FindBin; chdir($FindBin::Bin); }
18
19 use lib 'lib';
20 use Test::Nginx;
21
22 ###############################################################################
23
24 select STDERR; $| = 1;
25 select STDOUT; $| = 1;
26
27 eval {
28 require Net::SSLeay;
29 Net::SSLeay::load_error_strings();
30 Net::SSLeay::SSLeay_add_ssl_algorithms();
31 Net::SSLeay::randomize();
32 };
33 plan(skip_all => 'Net::SSLeay not installed') if $@;
34
35 eval {
36 my $ctx = Net::SSLeay::CTX_new() or die;
37 my $ssl = Net::SSLeay::new($ctx) or die;
38 Net::SSLeay::set_tlsext_host_name($ssl, 'example.org') == 1 or die;
39 };
40 plan(skip_all => 'Net::SSLeay with OpenSSL SNI support required') if $@;
41
42 my $t = Test::Nginx->new()->has(qw/http http_ssl/)->has_daemon('openssl')
43 ->plan(4);
44
45 $t->write_file_expand('nginx.conf', <<'EOF');
46
47 %%TEST_GLOBALS%%
48
49 daemon off;
50
51 events {
52 }
53
54 http {
55 %%TEST_GLOBALS_HTTP%%
56
57 ssl_certificate_key localhost.key;
58 ssl_certificate localhost.crt;
59
60 server {
61 listen 127.0.0.1:8443 ssl;
62 server_name localhost;
63
64 location / { }
65 }
66 }
67
68 EOF
69
70 $t->write_file('openssl.conf', <<EOF);
71 [ req ]
72 default_bits = 2048
73 encrypt_key = no
74 distinguished_name = req_distinguished_name
75 [ req_distinguished_name ]
76 EOF
77
78 my $d = $t->testdir();
79
80 foreach my $name ('localhost') {
81 system('openssl req -x509 -new '
82 . "-config '$d/openssl.conf' -subj '/CN=$name/' "
83 . "-out '$d/$name.crt' -keyout '$d/$name.key' "
84 . ">>$d/openssl.out 2>&1") == 0
85 or die "Can't create certificate for $name: $!\n";
86 }
87
88 $t->run();
89
90 ###############################################################################
91
92 my ($s, $ssl) = get_ssl_socket();
93 ok($s, 'connection');
94
95 SKIP: {
96 skip 'connection failed', 3 unless $s;
97
98 Net::SSLeay::write($ssl, 'GET / HTTP/1.0' . CRLF);
99
100 ok(Net::SSLeay::renegotiate($ssl), 'renegotiation');
101 ok(Net::SSLeay::set_tlsext_host_name($ssl, 'localhost'), 'SNI');
102
103 SKIP: {
104 skip 'leaves coredump', 1 unless $t->has_version('1.9.8')
105 or $ENV{TEST_NGINX_UNSAFE};
106
107 Net::SSLeay::write($ssl, 'Host: localhost' . CRLF . CRLF);
108
109 is(Net::SSLeay::read($ssl), undef, 'response');
110
111 }
112
113 }
114
115 ###############################################################################
116
117 sub get_ssl_socket {
118 my $s;
119
120 my $dest_ip = inet_aton('127.0.0.1');
121 my $dest_serv_params = sockaddr_in(8443, $dest_ip);
122
123 eval {
124 local $SIG{ALRM} = sub { die "timeout\n" };
125 local $SIG{PIPE} = sub { die "sigpipe\n" };
126 alarm(2);
127 socket($s, &AF_INET, &SOCK_STREAM, 0) or die "socket: $!";
128 connect($s, $dest_serv_params) or die "connect: $!";
129 alarm(0);
130 };
131 alarm(0);
132
133 if ($@) {
134 log_in("died: $@");
135 return undef;
136 }
137
138 my $ctx = Net::SSLeay::CTX_new() or die("Failed to create SSL_CTX $!");
139 my $ssl = Net::SSLeay::new($ctx) or die("Failed to create SSL $!");
140 Net::SSLeay::set_fd( $ssl, fileno($s));
141 Net::SSLeay::connect($ssl) or die("ssl connect");
142
143 return ($s, $ssl);
144 }
145
146 ###############################################################################