Mercurial > hg > nginx-tests

comparison proxy_ssl_certificate_vars.t @ 1674:55816c5fc861

Find changesets by keywords (author, files, the commit message), revision number or hash, or revset expression.
Tests: variables support in certificates to upstream.
author Sergey Kandaurov <pluknet@nginx.com>
date Thu, 06 May 2021 13:52:37 +0300
parents
children 2a0a6035a1af
comparison
equal deleted inserted replaced
1673:7d40f2557a45 1674:55816c5fc861
1 #!/usr/bin/perl
2
3 # (C) Sergey Kandaurov
4 # (C) Nginx, Inc.
5
6 # Tests for http proxy module with variables in ssl certificates.
7
8 ###############################################################################
9
10 use warnings;
11 use strict;
12
13 use Test::More;
14
15 BEGIN { use FindBin; chdir($FindBin::Bin); }
16
17 use lib 'lib';
18 use Test::Nginx;
19
20 ###############################################################################
21
22 select STDERR; $| = 1;
23 select STDOUT; $| = 1;
24
25 my $t = Test::Nginx->new()->has(qw/http http_ssl proxy/)
26 ->has_daemon('openssl');
27
28 $t->write_file_expand('nginx.conf', <<'EOF');
29
30 %%TEST_GLOBALS%%
31
32 daemon off;
33
34 events {
35 }
36
37 http {
38 %%TEST_GLOBALS_HTTP%%
39
40 server {
41 listen 127.0.0.1:8080;
42 server_name localhost;
43
44 proxy_ssl_session_reuse off;
45
46 location / {
47 proxy_pass https://127.0.0.1:8081/;
48 proxy_ssl_certificate $arg_cert.example.com.crt;
49 proxy_ssl_certificate_key $arg_cert.example.com.key;
50 }
51
52 location /encrypted {
53 proxy_pass https://127.0.0.1:8082/;
54 proxy_ssl_certificate $arg_cert.example.com.crt;
55 proxy_ssl_certificate_key $arg_cert.example.com.key;
56 proxy_ssl_password_file password;
57 }
58
59 location /none {
60 proxy_pass https://127.0.0.1:8082/;
61 proxy_ssl_certificate $arg_cert;
62 proxy_ssl_certificate_key $arg_cert;
63 }
64 }
65
66 server {
67 listen 127.0.0.1:8081 ssl;
68 server_name localhost;
69
70 ssl_certificate 2.example.com.crt;
71 ssl_certificate_key 2.example.com.key;
72
73 ssl_verify_client optional_no_ca;
74 ssl_trusted_certificate 1.example.com.crt;
75
76 location / {
77 add_header X-Verify $ssl_client_verify;
78 add_header X-Name $ssl_client_s_dn;
79 }
80 }
81
82 server {
83 listen 127.0.0.1:8082 ssl;
84 server_name localhost;
85
86 ssl_certificate 1.example.com.crt;
87 ssl_certificate_key 1.example.com.key;
88
89 ssl_verify_client optional_no_ca;
90 ssl_trusted_certificate 3.example.com.crt;
91
92 location / {
93 add_header X-Verify $ssl_client_verify;
94 }
95 }
96 }
97
98 EOF
99
100 $t->write_file('openssl.conf', <<EOF);
101 [ req ]
102 default_bits = 2048
103 encrypt_key = no
104 distinguished_name = req_distinguished_name
105 [ req_distinguished_name ]
106 EOF
107
108 my $d = $t->testdir();
109
110 foreach my $name ('1.example.com', '2.example.com') {
111 system('openssl req -x509 -new '
112 . "-config $d/openssl.conf -subj /CN=$name/ "
113 . "-out $d/$name.crt -keyout $d/$name.key "
114 . ">>$d/openssl.out 2>&1") == 0
115 or die "Can't create certificate for $name: $!\n";
116 }
117
118 foreach my $name ('3.example.com') {
119 system("openssl genrsa -out $d/$name.key -passout pass:$name "
120 . "-aes128 2048 >>$d/openssl.out 2>&1") == 0
121 or die "Can't create private key: $!\n";
122 system('openssl req -x509 -new '
123 . "-config $d/openssl.conf -subj /CN=$name/ "
124 . "-out $d/$name.crt "
125 . "-key $d/$name.key -passin pass:$name"
126 . ">>$d/openssl.out 2>&1") == 0
127 or die "Can't create certificate for $name: $!\n";
128 }
129
130 sleep 1 if $^O eq 'MSWin32';
131
132 $t->write_file('password', '3.example.com');
133 $t->write_file('index.html', '');
134
135 $t->try_run('no upstream ssl_certificate variables')->plan(4);
136
137 ###############################################################################
138
139 like(http_get('/?cert=1'),
140 qr/X-Verify: SUCCESS/ms, 'variable - verify certificate');
141 like(http_get('/?cert=2'),
142 qr/X-Verify: FAILED/ms, 'variable - fail certificate');
143 like(http_get('/encrypted?cert=3'),
144 qr/X-Verify: SUCCESS/ms, 'variable - with encrypted key');
145 like(http_get('/none'),
146 qr/X-Verify: NONE/ms, 'variable - no certificate');
147
148 ###############################################################################