Mercurial > hg > nginx-tests
comparison stream_proxy_ssl_conf_command.t @ 1759:8f13779e2cde
Tests: fixed stream_proxy_ssl_conf_command.t on win32.
The backend is adjusted to always emit "subject DN" of the client certificate,
same as in proxy_ssl_conf_command.t. This eliminates occasional test failures
seen due to SSL verification errors for the reason outlined in eadd24ccfda1,
while avoiding to insert an extra startup delay.
author | Sergey Kandaurov <pluknet@nginx.com> |
---|---|
date | Tue, 24 May 2022 15:28:21 +0400 |
parents | 4baeba0e0da2 |
children | 58951cf933e1 |
comparison
equal
deleted
inserted
replaced
1758:7c727869aeda | 1759:8f13779e2cde |
---|---|
14 | 14 |
15 BEGIN { use FindBin; chdir($FindBin::Bin); } | 15 BEGIN { use FindBin; chdir($FindBin::Bin); } |
16 | 16 |
17 use lib 'lib'; | 17 use lib 'lib'; |
18 use Test::Nginx; | 18 use Test::Nginx; |
19 use Test::Nginx::Stream qw/ stream /; | |
20 | 19 |
21 ############################################################################### | 20 ############################################################################### |
22 | 21 |
23 select STDERR; $| = 1; | 22 select STDERR; $| = 1; |
24 select STDOUT; $| = 1; | 23 select STDOUT; $| = 1; |
25 | 24 |
26 my $t = Test::Nginx->new()->has(qw/stream stream_ssl stream_return/) | 25 my $t = Test::Nginx->new()->has(qw/stream stream_ssl http http_ssl/) |
27 ->has_daemon('openssl'); | 26 ->has_daemon('openssl'); |
28 | 27 |
29 $t->{_configure_args} =~ /OpenSSL ([\d\.]+)/; | 28 $t->{_configure_args} =~ /OpenSSL ([\d\.]+)/; |
30 plan(skip_all => 'OpenSSL too old') unless defined $1 and $1 ge '1.0.2'; | 29 plan(skip_all => 'OpenSSL too old') unless defined $1 and $1 ge '1.0.2'; |
31 plan(skip_all => 'no ssl_conf_command') if $t->has_module('BoringSSL'); | 30 plan(skip_all => 'no ssl_conf_command') if $t->has_module('BoringSSL'); |
50 proxy_ssl_certificate localhost.crt; | 49 proxy_ssl_certificate localhost.crt; |
51 proxy_ssl_certificate_key localhost.key; | 50 proxy_ssl_certificate_key localhost.key; |
52 proxy_ssl_conf_command Certificate override.crt; | 51 proxy_ssl_conf_command Certificate override.crt; |
53 proxy_ssl_conf_command PrivateKey override.key; | 52 proxy_ssl_conf_command PrivateKey override.key; |
54 } | 53 } |
54 } | |
55 | |
56 http { | |
57 %%TEST_GLOBALS_HTTP%% | |
55 | 58 |
56 server { | 59 server { |
57 listen 127.0.0.1:8081 ssl; | 60 listen 127.0.0.1:8081 ssl; |
58 return $ssl_client_s_dn; | 61 server_name localhost; |
59 | 62 |
60 ssl_certificate localhost.crt; | 63 ssl_certificate localhost.crt; |
61 ssl_certificate_key localhost.key; | 64 ssl_certificate_key localhost.key; |
62 ssl_verify_client optional_no_ca; | 65 ssl_verify_client optional_no_ca; |
66 | |
67 add_header X-Cert $ssl_client_s_dn always; | |
63 } | 68 } |
64 } | 69 } |
65 | 70 |
66 EOF | 71 EOF |
67 | 72 |
86 $t->write_file('index.html', ''); | 91 $t->write_file('index.html', ''); |
87 $t->run()->plan(1); | 92 $t->run()->plan(1); |
88 | 93 |
89 ############################################################################### | 94 ############################################################################### |
90 | 95 |
91 like(stream('127.0.0.1:' . port(8080))->read(), qr/CN=override/, | 96 like(http_get('/'), qr/CN=override/, 'proxy_ssl_conf_command'); |
92 'Certificate'); | |
93 | 97 |
94 ############################################################################### | 98 ############################################################################### |