nginx-tests: ssl_certificate

comparison ssl_certificate_perl.t @ 1457:80911c4fe023

Tests: loading "data:..." certificates with perl module.

author	Sergey Kandaurov <pluknet@nginx.com>
date	Wed, 27 Mar 2019 15:10:50 +0300
parents
children	dbce8fb5f5f8

comparison

equal deleted inserted replaced

-:f4ae08adc23f
+:80911c4fe023
+#!/usr/bin/perl
+# (C) Sergey Kandaurov
+# (C) Nginx, Inc.
+# Tests for http ssl module, loading certificates from memory with perl module.
+###############################################################################
+use warnings;
+use strict;
+use Test::More;
+use Socket;
+BEGIN { use FindBin; chdir($FindBin::Bin); }
+use lib 'lib';
+use Test::Nginx;
+###############################################################################
+select STDERR; $| = 1;
+select STDOUT; $| = 1;
+eval {
+	require Net::SSLeay;
+	Net::SSLeay::load_error_strings();
+	Net::SSLeay::SSLeay_add_ssl_algorithms();
+	Net::SSLeay::randomize();
+};
+plan(skip_all => 'Net::SSLeay not installed') if $@;
+eval {
+	my $ctx = Net::SSLeay::CTX_new() or die;
+	my $ssl = Net::SSLeay::new($ctx) or die;
+	Net::SSLeay::set_tlsext_host_name($ssl, 'example.org') == 1 or die;
+};
+plan(skip_all => 'Net::SSLeay with OpenSSL SNI support required') if $@;
+my $t = Test::Nginx->new()->has(qw/http http_ssl perl/)->has_daemon('openssl');
+$t->{_configure_args} =~ /OpenSSL ([\d\.]+)/;
+plan(skip_all => 'OpenSSL too old') unless defined $1 and $1 ge '1.0.2';
+$t->write_file_expand('nginx.conf', <<'EOF');
+%%TEST_GLOBALS%%
+daemon off;
+events {
+}
+http {
+%%TEST_GLOBALS_HTTP%%
+perl_set $pem '
+sub {
+my $r = shift;
+local $/;
+my $sni = $r->variable("ssl_server_name");
+open my $fh, "<", "%%TESTDIR%%/$sni.crt";
+my $content = <$fh>;
+close $fh;
+return $content;
+}
+';
+server {
+listen       127.0.0.1:8080 ssl;
+server_name  localhost;
+ssl_certificate data:$pem;
+ssl_certificate_key data:$pem;
+}
+}
+EOF
+$t->write_file('openssl.conf', <<EOF);
+[ req ]
+default_bits = 1024
+encrypt_key = no
+distinguished_name = req_distinguished_name
+[ req_distinguished_name ]
+EOF
+my $d = $t->testdir();
+foreach my $name ('one', 'two') {
+	system('openssl req -x509 -new '
+		. "-config $d/openssl.conf -subj /CN=$name/ "
+		. "-out $d/$name.crt -keyout $d/$name.crt "
+		. ">>$d/openssl.out 2>&1") == 0
+		or die "Can't create certificate for $name: $!\n";
+}
+$t->try_run('no ssl_certificate variables')->plan(2);
+###############################################################################
+like(cert('one', 8080), qr/CN=one/, 'certificate');
+like(cert('two', 8080), qr/CN=two/, 'certificate 2');
+###############################################################################
+sub cert {
+	my ($host, $port) = @_;
+	my ($s, $ssl) = get_ssl_socket($host, $port) or return;
+	Net::SSLeay::dump_peer_certificate($ssl);
+}
+sub get_ssl_socket {
+	my ($host, $port) = @_;
+	my $s;
+	my $dest_ip = inet_aton('127.0.0.1');
+	$port = port($port);
+	my $dest_serv_params = sockaddr_in($port, $dest_ip);
+	socket($s, &AF_INET, &SOCK_STREAM, 0) or die "socket: $!";
+	connect($s, $dest_serv_params) or die "connect: $!";
+	my $ctx = Net::SSLeay::CTX_new() or die("Failed to create SSL_CTX $!");
+	my $ssl = Net::SSLeay::new($ctx) or die("Failed to create SSL $!");
+	Net::SSLeay::set_tlsext_host_name($ssl, $host);
+	Net::SSLeay::set_fd($ssl, fileno($s));
+	Net::SSLeay::connect($ssl) or die("ssl connect");
+	return ($s, $ssl);
+}
+###############################################################################

Mercurial > hg > nginx-tests

comparison ssl_certificate_perl.t @ 1457:80911c4fe023