Mercurial > hg > nginx-tests

comparison ssl.t @ 370:74cfe56c7b83

Find changesets by keywords (author, files, the commit message), revision number or hash, or revset expression.
Tests: simple https tests. Includes tests for $ssl_session_reused and $ssl_session_id variables.
author Sergey Kandaurov <pluknet@nginx.com>
date Wed, 12 Feb 2014 13:02:50 +0400
parents
children de2f7e86866e
comparison
equal deleted inserted replaced
369:4ac3588485f5 370:74cfe56c7b83
1 #!/usr/bin/perl
2
3 # (C) Sergey Kandaurov
4 # (C) Nginx, Inc.
5
6 # Tests for http ssl module.
7
8 ###############################################################################
9
10 use warnings;
11 use strict;
12
13 use Test::More;
14
15 BEGIN { use FindBin; chdir($FindBin::Bin); }
16
17 use lib 'lib';
18 use Test::Nginx;
19
20 ###############################################################################
21
22 select STDERR; $| = 1;
23 select STDOUT; $| = 1;
24
25 eval {
26 require IO::Socket::SSL;
27 };
28 plan(skip_all => 'IO::Socket::SSL not installed') if $@;
29
30 my $t = Test::Nginx->new()->has(qw/http http_ssl rewrite/)
31 ->has_daemon('openssl');
32
33 plan(skip_all => 'new syntax: "$ssl_session_reused"')
34 unless $t->has_version('1.5.11');
35
36 $t->plan(4)->write_file_expand('nginx.conf', <<'EOF');
37
38 %%TEST_GLOBALS%%
39
40 daemon off;
41
42 events {
43 }
44
45 http {
46 %%TEST_GLOBALS_HTTP%%
47
48 server {
49 listen 127.0.0.1:8443 ssl;
50 listen 127.0.0.1:8080;
51 server_name localhost;
52
53 ssl_certificate_key localhost.key;
54 ssl_certificate localhost.crt;
55 ssl_session_cache shared:SSL:10m;
56
57 location /reuse {
58 return 200 "body $ssl_session_reused";
59 }
60 location /id {
61 return 200 "body $ssl_session_id";
62 }
63 }
64 }
65
66 EOF
67
68 $t->write_file('openssl.conf', <<EOF);
69 [ req ]
70 default_bits = 2048
71 encrypt_key = no
72 distinguished_name = req_distinguished_name
73 [ req_distinguished_name ]
74 EOF
75
76 my $d = $t->testdir();
77
78 foreach my $name ('localhost') {
79 system('openssl req -x509 -new '
80 . "-config '$d/openssl.conf' -subj '/CN=$name/' "
81 . "-out '$d/$name.crt' -keyout '$d/$name.key' "
82 . ">>$d/openssl.out 2>&1") == 0
83 or die "Can't create certificate for $name: $!\n";
84 }
85
86 my $ctx = new IO::Socket::SSL::SSL_Context(
87 SSL_verify_mode => IO::Socket::SSL::SSL_VERIFY_NONE(),
88 SSL_session_cache_size => 100);
89
90 $t->run();
91
92 ###############################################################################
93
94 like(http_get('/reuse', socket => get_ssl_socket($ctx)), qr/^body \.$/m,
95 'initial session');
96 like(http_get('/reuse', socket => get_ssl_socket($ctx)), qr/^body r$/m,
97 'session reused');
98
99 my ($sid) = http_get('/id', socket => get_ssl_socket($ctx)) =~ /^body (\w+)$/m;
100 is(length $sid, 64, 'session id');
101
102 unlike(http_get('/id'), qr/body \w/, 'session id no ssl');
103
104 ###############################################################################
105
106 sub get_ssl_socket {
107 my ($ctx) = @_;
108 my $s;
109
110 eval {
111 local $SIG{ALRM} = sub { die "timeout\n" };
112 local $SIG{PIPE} = sub { die "sigpipe\n" };
113 alarm(2);
114 $s = IO::Socket::SSL->new(
115 Proto => 'tcp',
116 PeerAddr => '127.0.0.1:8443',
117 SSL_verify_mode => IO::Socket::SSL::SSL_VERIFY_NONE(),
118 SSL_reuse_ctx => $ctx,
119 SSL_error_trap => sub { die $_[1] }
120 );
121 alarm(0);
122 };
123 alarm(0);
124
125 if ($@) {
126 log_in("died: $@");
127 return undef;
128 }
129
130 return $s;
131 }
132
133 ###############################################################################