Mercurial > hg > nginx-tests
comparison stream_proxy_ssl_verify.t @ 1453:6f53ec0cf591
Tests: simplified stream_proxy_ssl_verify.t using return directive.
Due to changed connection processing, it no longer triggers "phantom event"
alerts previously seen with Solaris devpoll on connections closed by client
in test cases with failed verification of the proxied server certificate.
| author | Sergey Kandaurov <pluknet@nginx.com> |
|---|---|
| date | Mon, 25 Mar 2019 19:11:11 +0300 |
| parents | eadd24ccfda1 |
| children | dbce8fb5f5f8 |
comparison
equal
deleted
inserted
replaced
| 1452:eda1878cf015 | 1453:6f53ec0cf591 |
|---|---|
| 14 | 14 |
| 15 BEGIN { use FindBin; chdir($FindBin::Bin); } | 15 BEGIN { use FindBin; chdir($FindBin::Bin); } |
| 16 | 16 |
| 17 use lib 'lib'; | 17 use lib 'lib'; |
| 18 use Test::Nginx; | 18 use Test::Nginx; |
| 19 use Test::Nginx::Stream qw/ stream /; | |
| 19 | 20 |
| 20 ############################################################################### | 21 ############################################################################### |
| 21 | 22 |
| 22 select STDERR; $| = 1; | 23 select STDERR; $| = 1; |
| 23 select STDOUT; $| = 1; | 24 select STDOUT; $| = 1; |
| 24 | 25 |
| 25 my $t = Test::Nginx->new()->has(qw/stream stream_ssl/)->has_daemon('openssl'); | 26 my $t = Test::Nginx->new()->has(qw/stream stream_ssl stream_return/) |
| 27 ->has_daemon('openssl')->plan(6); | |
| 26 | 28 |
| 27 $t->write_file_expand('nginx.conf', <<'EOF')->plan(6); | 29 $t->write_file_expand('nginx.conf', <<'EOF'); |
| 28 | 30 |
| 29 %%TEST_GLOBALS%% | 31 %%TEST_GLOBALS%% |
| 30 | 32 |
| 31 daemon off; | 33 daemon off; |
| 32 | 34 |
| 85 proxy_ssl_session_reuse off; | 87 proxy_ssl_session_reuse off; |
| 86 } | 88 } |
| 87 | 89 |
| 88 server { | 90 server { |
| 89 listen 127.0.0.1:8086 ssl; | 91 listen 127.0.0.1:8086 ssl; |
| 90 proxy_pass 127.0.0.1:8088; | |
| 91 proxy_ssl off; | 92 proxy_ssl off; |
| 93 return OK; | |
| 92 | 94 |
| 93 ssl_certificate 1.example.com.crt; | 95 ssl_certificate 1.example.com.crt; |
| 94 ssl_certificate_key 1.example.com.key; | 96 ssl_certificate_key 1.example.com.key; |
| 95 } | 97 } |
| 96 | 98 |
| 97 server { | 99 server { |
| 98 listen 127.0.0.1:8087 ssl; | 100 listen 127.0.0.1:8087 ssl; |
| 99 proxy_pass 127.0.0.1:8088; | |
| 100 proxy_ssl off; | 101 proxy_ssl off; |
| 102 return OK; | |
| 101 | 103 |
| 102 ssl_certificate 2.example.com.crt; | 104 ssl_certificate 2.example.com.crt; |
| 103 ssl_certificate_key 2.example.com.key; | 105 ssl_certificate_key 2.example.com.key; |
| 104 } | 106 } |
| 105 } | 107 } |
| 142 or die "Can't create certificate for $name: $!\n"; | 144 or die "Can't create certificate for $name: $!\n"; |
| 143 } | 145 } |
| 144 | 146 |
| 145 sleep 1 if $^O eq 'MSWin32'; | 147 sleep 1 if $^O eq 'MSWin32'; |
| 146 | 148 |
| 147 $t->write_file('index.html', ''); | |
| 148 | |
| 149 $t->run_daemon(\&http_daemon); | |
| 150 $t->run(); | 149 $t->run(); |
| 151 | |
| 152 $t->waitforsocket('127.0.0.1:' . port(8088)); | |
| 153 | 150 |
| 154 ############################################################################### | 151 ############################################################################### |
| 155 | 152 |
| 156 # subjectAltName | 153 # subjectAltName |
| 157 | 154 |
| 158 like(get('/', '127.0.0.1:' . port(8080)), qr/200 OK/, 'verify'); | 155 is(get(8080), 'OK', 'verify'); |
| 159 like(get('/', '127.0.0.1:' . port(8081)), qr/200 OK/, 'verify wildcard'); | 156 is(get(8081), 'OK', 'verify wildcard'); |
| 160 unlike(get('/', '127.0.0.1:' . port(8082)), qr/200 OK/, 'verify fail'); | 157 isnt(get(8082), 'OK', 'verify fail'); |
| 161 | 158 |
| 162 # commonName | 159 # commonName |
| 163 | 160 |
| 164 like(get('/', '127.0.0.1:' . port(8083)), qr/200 OK/, 'verify cn'); | 161 is(get(8083), 'OK', 'verify cn'); |
| 165 unlike(get('/', '127.0.0.1:' . port(8084)), qr/200 OK/, 'verify cn fail'); | 162 isnt(get(8084), 'OK', 'verify cn fail'); |
| 166 | 163 |
| 167 # untrusted | 164 # untrusted |
| 168 | 165 |
| 169 unlike(get('/', '127.0.0.1:' . port(8085)), qr/200 OK/, 'untrusted'); | 166 isnt(get(8085), 'OK', 'untrusted'); |
| 170 | 167 |
| 171 ############################################################################### | 168 ############################################################################### |
| 172 | 169 |
| 173 sub get { | 170 sub get { |
| 174 my ($uri, $peer) = @_; | 171 stream('127.0.0.1:' . port(shift))->read(); |
| 175 | |
| 176 my $s = IO::Socket::INET->new( | |
| 177 Proto => 'tcp', | |
| 178 PeerAddr => $peer | |
| 179 ) | |
| 180 or die "Can't connect to nginx: $!\n"; | |
| 181 | |
| 182 my $r = http_get($uri, socket => $s); | |
| 183 return defined $r ? $r : ''; | |
| 184 } | 172 } |
| 185 | 173 |
| 186 ############################################################################### | 174 ############################################################################### |
| 187 | |
| 188 sub http_daemon { | |
| 189 my $server = IO::Socket::INET->new( | |
| 190 Proto => 'tcp', | |
| 191 LocalHost => '127.0.0.1:' . port(8088), | |
| 192 Listen => 5, | |
| 193 Reuse => 1 | |
| 194 ) | |
| 195 or die "Can't create listening socket: $!\n"; | |
| 196 | |
| 197 local $SIG{PIPE} = 'IGNORE'; | |
| 198 | |
| 199 while (my $client = $server->accept()) { | |
| 200 $client->autoflush(1); | |
| 201 | |
| 202 while (<$client>) { | |
| 203 last if (/^\x0d?\x0a?$/); | |
| 204 } | |
| 205 | |
| 206 print $client <<EOF; | |
| 207 HTTP/1.1 200 OK | |
| 208 Connection: close | |
| 209 | |
| 210 EOF | |
| 211 | |
| 212 close $client; | |
| 213 } | |
| 214 } | |
| 215 | |
| 216 ############################################################################### |