Mercurial > hg > nginx-tests
comparison stream_ssl_preread_alpn.t @ 1306:5e9695bd370a
Tests: stream_ssl_preread module tests, ALPN preread.
author | Sergey Kandaurov <pluknet@nginx.com> |
---|---|
date | Wed, 21 Mar 2018 20:11:41 +0300 |
parents | |
children | 23026106e439 |
comparison
equal
deleted
inserted
replaced
1305:8e593b068fc0 | 1306:5e9695bd370a |
---|---|
1 #!/usr/bin/perl | |
2 | |
3 # (C) Sergey Kandaurov | |
4 # (C) Nginx, Inc. | |
5 | |
6 # Tests for stream_ssl_preread module, ALPN preread. | |
7 | |
8 ############################################################################### | |
9 | |
10 use warnings; | |
11 use strict; | |
12 | |
13 use Test::More; | |
14 | |
15 BEGIN { use FindBin; chdir($FindBin::Bin); } | |
16 | |
17 use lib 'lib'; | |
18 use Test::Nginx; | |
19 use Test::Nginx::Stream qw/ stream /; | |
20 | |
21 ############################################################################### | |
22 | |
23 select STDERR; $| = 1; | |
24 select STDOUT; $| = 1; | |
25 | |
26 my $t = Test::Nginx->new()->has(qw/stream stream_map stream_ssl_preread/) | |
27 ->has(qw/stream_ssl stream_return/)->has_daemon('openssl') | |
28 ->write_file_expand('nginx.conf', <<'EOF'); | |
29 | |
30 %%TEST_GLOBALS%% | |
31 | |
32 daemon off; | |
33 | |
34 events { | |
35 } | |
36 | |
37 stream { | |
38 map $ssl_preread_alpn_protocols $name { | |
39 "" 127.0.0.1:8093; | |
40 default $ssl_preread_alpn_protocols; | |
41 } | |
42 | |
43 upstream foo { | |
44 server 127.0.0.1:8091; | |
45 } | |
46 | |
47 upstream bar { | |
48 server 127.0.0.1:8092; | |
49 } | |
50 | |
51 upstream foo,bar { | |
52 server 127.0.0.1:8093; | |
53 } | |
54 | |
55 ssl_preread on; | |
56 | |
57 server { | |
58 listen 127.0.0.1:8081; | |
59 proxy_pass $name; | |
60 } | |
61 | |
62 ssl_certificate_key localhost.key; | |
63 ssl_certificate localhost.crt; | |
64 | |
65 server { | |
66 listen 127.0.0.1:8091 ssl; | |
67 listen 127.0.0.1:8092 ssl; | |
68 listen 127.0.0.1:8093 ssl; | |
69 ssl_preread off; | |
70 return $server_port; | |
71 } | |
72 } | |
73 | |
74 EOF | |
75 | |
76 eval { require IO::Socket::SSL; die if $IO::Socket::SSL::VERSION < 1.56; }; | |
77 plan(skip_all => 'IO::Socket::SSL version >= 1.56 required') if $@; | |
78 | |
79 eval { IO::Socket::SSL->can_alpn() or die; }; | |
80 plan(skip_all => 'IO::Socket::SSL with OpenSSL ALPN support required') if $@; | |
81 | |
82 eval { exists &Net::SSLeay::P_alpn_selected or die; }; | |
83 plan(skip_all => 'Net::SSLeay with OpenSSL ALPN support required') if $@; | |
84 | |
85 $t->write_file('openssl.conf', <<EOF); | |
86 [ req ] | |
87 default_bits = 1024 | |
88 encrypt_key = no | |
89 distinguished_name = req_distinguished_name | |
90 [ req_distinguished_name ] | |
91 EOF | |
92 | |
93 my $d = $t->testdir(); | |
94 | |
95 foreach my $name ('localhost') { | |
96 system('openssl req -x509 -new ' | |
97 . "-config $d/openssl.conf -subj /CN=$name/ " | |
98 . "-out $d/$name.crt -keyout $d/$name.key " | |
99 . ">>$d/openssl.out 2>&1") == 0 | |
100 or die "Can't create certificate for $name: $!\n"; | |
101 } | |
102 | |
103 $t->try_run('no ssl_preread_alpn_protocols')->plan(6); | |
104 | |
105 ############################################################################### | |
106 | |
107 my ($p1, $p2, $p3) = (port(8091), port(8092), port(8093)); | |
108 | |
109 is(get_ssl(8081, 'foo'), $p1, 'alpn'); | |
110 is(get_ssl(8081, 'foo'), $p1, 'alpn again'); | |
111 | |
112 is(get_ssl(8081, 'bar'), $p2, 'alpn 2'); | |
113 is(get_ssl(8081, 'bar'), $p2, 'alpn 2 again'); | |
114 | |
115 is(get_ssl(8081, 'foo', 'bar'), $p3, 'alpn many'); | |
116 | |
117 # fallback to an empty value | |
118 | |
119 ok(!get_ssl(8081, ''), 'alpn empty'); | |
120 | |
121 ############################################################################### | |
122 | |
123 sub get_ssl { | |
124 my ($port, @alpn) = @_; | |
125 my $s = stream('127.0.0.1:' . port($port)); | |
126 | |
127 eval { | |
128 local $SIG{ALRM} = sub { die "timeout\n" }; | |
129 local $SIG{PIPE} = sub { die "sigpipe\n" }; | |
130 alarm(2); | |
131 IO::Socket::SSL->start_SSL($s->{_socket}, | |
132 SSL_alpn_protocols => [ @alpn ], | |
133 SSL_verify_mode => IO::Socket::SSL::SSL_VERIFY_NONE(), | |
134 SSL_error_trap => sub { die $_[1] } | |
135 ); | |
136 alarm(0); | |
137 }; | |
138 alarm(0); | |
139 | |
140 if ($@) { | |
141 log_in("died: $@"); | |
142 return undef; | |
143 } | |
144 | |
145 return $s->read(); | |
146 } | |
147 | |
148 ############################################################################### |