Mercurial > hg > nginx-tests
comparison stream_proxy_ssl_conf_command.t @ 1759:8f13779e2cde
Tests: fixed stream_proxy_ssl_conf_command.t on win32.
The backend is adjusted to always emit "subject DN" of the client certificate,
same as in proxy_ssl_conf_command.t. This eliminates occasional test failures
seen due to SSL verification errors for the reason outlined in eadd24ccfda1,
while avoiding to insert an extra startup delay.
| author | Sergey Kandaurov <pluknet@nginx.com> |
|---|---|
| date | Tue, 24 May 2022 15:28:21 +0400 |
| parents | 4baeba0e0da2 |
| children | 58951cf933e1 |
comparison
equal
deleted
inserted
replaced
| 1758:7c727869aeda | 1759:8f13779e2cde |
|---|---|
| 14 | 14 |
| 15 BEGIN { use FindBin; chdir($FindBin::Bin); } | 15 BEGIN { use FindBin; chdir($FindBin::Bin); } |
| 16 | 16 |
| 17 use lib 'lib'; | 17 use lib 'lib'; |
| 18 use Test::Nginx; | 18 use Test::Nginx; |
| 19 use Test::Nginx::Stream qw/ stream /; | |
| 20 | 19 |
| 21 ############################################################################### | 20 ############################################################################### |
| 22 | 21 |
| 23 select STDERR; $| = 1; | 22 select STDERR; $| = 1; |
| 24 select STDOUT; $| = 1; | 23 select STDOUT; $| = 1; |
| 25 | 24 |
| 26 my $t = Test::Nginx->new()->has(qw/stream stream_ssl stream_return/) | 25 my $t = Test::Nginx->new()->has(qw/stream stream_ssl http http_ssl/) |
| 27 ->has_daemon('openssl'); | 26 ->has_daemon('openssl'); |
| 28 | 27 |
| 29 $t->{_configure_args} =~ /OpenSSL ([\d\.]+)/; | 28 $t->{_configure_args} =~ /OpenSSL ([\d\.]+)/; |
| 30 plan(skip_all => 'OpenSSL too old') unless defined $1 and $1 ge '1.0.2'; | 29 plan(skip_all => 'OpenSSL too old') unless defined $1 and $1 ge '1.0.2'; |
| 31 plan(skip_all => 'no ssl_conf_command') if $t->has_module('BoringSSL'); | 30 plan(skip_all => 'no ssl_conf_command') if $t->has_module('BoringSSL'); |
| 50 proxy_ssl_certificate localhost.crt; | 49 proxy_ssl_certificate localhost.crt; |
| 51 proxy_ssl_certificate_key localhost.key; | 50 proxy_ssl_certificate_key localhost.key; |
| 52 proxy_ssl_conf_command Certificate override.crt; | 51 proxy_ssl_conf_command Certificate override.crt; |
| 53 proxy_ssl_conf_command PrivateKey override.key; | 52 proxy_ssl_conf_command PrivateKey override.key; |
| 54 } | 53 } |
| 54 } | |
| 55 | |
| 56 http { | |
| 57 %%TEST_GLOBALS_HTTP%% | |
| 55 | 58 |
| 56 server { | 59 server { |
| 57 listen 127.0.0.1:8081 ssl; | 60 listen 127.0.0.1:8081 ssl; |
| 58 return $ssl_client_s_dn; | 61 server_name localhost; |
| 59 | 62 |
| 60 ssl_certificate localhost.crt; | 63 ssl_certificate localhost.crt; |
| 61 ssl_certificate_key localhost.key; | 64 ssl_certificate_key localhost.key; |
| 62 ssl_verify_client optional_no_ca; | 65 ssl_verify_client optional_no_ca; |
| 66 | |
| 67 add_header X-Cert $ssl_client_s_dn always; | |
| 63 } | 68 } |
| 64 } | 69 } |
| 65 | 70 |
| 66 EOF | 71 EOF |
| 67 | 72 |
| 86 $t->write_file('index.html', ''); | 91 $t->write_file('index.html', ''); |
| 87 $t->run()->plan(1); | 92 $t->run()->plan(1); |
| 88 | 93 |
| 89 ############################################################################### | 94 ############################################################################### |
| 90 | 95 |
| 91 like(stream('127.0.0.1:' . port(8080))->read(), qr/CN=override/, | 96 like(http_get('/'), qr/CN=override/, 'proxy_ssl_conf_command'); |
| 92 'Certificate'); | |
| 93 | 97 |
| 94 ############################################################################### | 98 ############################################################################### |