Mercurial > hg > nginx-tests

comparison stream_ssl.t @ 559:9208d8243926

Find changesets by keywords (author, files, the commit message), revision number or hash, or revset expression.
Tests: stream ssl and proxy ssl tests.
author Sergey Kandaurov <pluknet@nginx.com>
date Thu, 23 Apr 2015 14:01:21 +0300
parents
children 1925b27f24b6
comparison
equal deleted inserted replaced
558:27740a2dd781 559:9208d8243926
1 #!/usr/bin/perl
2
3 # (C) Sergey Kandaurov
4 # (C) Nginx, Inc.
5
6 # Tests for stream ssl module.
7
8 ###############################################################################
9
10 use warnings;
11 use strict;
12
13 use Test::More;
14
15 use POSIX qw/ mkfifo /;
16 use Socket qw/ :DEFAULT $CRLF /;
17
18 BEGIN { use FindBin; chdir($FindBin::Bin); }
19
20 use lib 'lib';
21 use Test::Nginx;
22
23 ###############################################################################
24
25 select STDERR; $| = 1;
26 select STDOUT; $| = 1;
27
28 eval {
29 require Net::SSLeay;
30 Net::SSLeay::load_error_strings();
31 Net::SSLeay::SSLeay_add_ssl_algorithms();
32 Net::SSLeay::randomize();
33 };
34 plan(skip_all => 'Net::SSLeay not installed') if $@;
35
36 my $t = Test::Nginx->new()->has(qw/stream stream_ssl/)->has_daemon('openssl');
37
38 $t->plan(5)->write_file_expand('nginx.conf', <<'EOF');
39
40 %%TEST_GLOBALS%%
41
42 daemon off;
43
44 events {
45 }
46
47 stream {
48 ssl_certificate_key localhost.key;
49 ssl_certificate localhost.crt;
50 ssl_session_tickets off;
51
52 # inherited by server "inherits"
53 ssl_password_file password_http;
54
55 server {
56 listen 127.0.0.1:8080 ssl;
57 proxy_pass 127.0.0.1:8081;
58
59 ssl_session_cache builtin;
60 ssl_password_file password;
61 }
62
63 server {
64 listen 127.0.0.1:8082 ssl;
65 proxy_pass 127.0.0.1:8081;
66
67 ssl_session_cache off;
68 ssl_password_file password_many;
69 }
70
71 server {
72 listen 127.0.0.1:8083 ssl;
73 proxy_pass 127.0.0.1:8081;
74
75 ssl_password_file password_fifo;
76 }
77
78 server {
79 listen 127.0.0.1:8084 ssl;
80 proxy_pass 127.0.0.1:8081;
81
82 ssl_certificate_key inherits.key;
83 ssl_certificate inherits.crt;
84 }
85 }
86
87 EOF
88
89 $t->write_file('openssl.conf', <<EOF);
90 [ req ]
91 default_bits = 2048
92 encrypt_key = no
93 distinguished_name = req_distinguished_name
94 [ req_distinguished_name ]
95 EOF
96
97 my $d = $t->testdir();
98 mkfifo("$d/password_fifo", 0700);
99
100 foreach my $name ('localhost', 'inherits') {
101 system("openssl genrsa -out $d/$name.key -passout pass:$name "
102 . "-aes128 2048 >>$d/openssl.out 2>&1") == 0
103 or die "Can't create private key: $!\n";
104 system('openssl req -x509 -new '
105 . "-config '$d/openssl.conf' -subj '/CN=$name/' "
106 . "-out '$d/$name.crt' "
107 . "-key '$d/$name.key' -passin pass:$name"
108 . ">>$d/openssl.out 2>&1") == 0
109 or die "Can't create certificate for $name: $!\n";
110 }
111
112
113 my $ctx = Net::SSLeay::CTX_new() or die("Failed to create SSL_CTX $!");
114
115 $t->write_file('password', 'localhost');
116 $t->write_file('password_many', "wrong$CRLF" . "localhost$CRLF");
117 $t->write_file('password_http', 'inherits');
118
119 fork() || exec("echo localhost > $d/password_fifo");
120
121 $t->run_daemon(\&http_daemon);
122 $t->run();
123
124 $t->waitforsocket('127.0.0.1:8081');
125
126 ###############################################################################
127
128 my ($s, $ssl, $ses);
129
130 ($s, $ssl) = get_ssl_socket(8080);
131 Net::SSLeay::write($ssl, "GET / HTTP/1.0$CRLF$CRLF");
132 like(Net::SSLeay::read($ssl), qr/200 OK/, 'ssl');
133
134 # ssl_session_cache
135
136 ($s, $ssl) = get_ssl_socket(8080);
137 $ses = Net::SSLeay::get_session($ssl);
138
139 ($s, $ssl) = get_ssl_socket(8080, $ses);
140 is(Net::SSLeay::session_reused($ssl), 1, 'session reused');
141
142 ($s, $ssl) = get_ssl_socket(8082);
143 $ses = Net::SSLeay::get_session($ssl);
144
145 ($s, $ssl) = get_ssl_socket(8082, $ses);
146 isnt(Net::SSLeay::session_reused($ssl), 1, 'session not reused');
147
148 # ssl_certificate inheritance
149
150 ($s, $ssl) = get_ssl_socket(8080);
151 like(Net::SSLeay::dump_peer_certificate($ssl), qr/CN=localhost/, 'CN');
152
153 ($s, $ssl) = get_ssl_socket(8084);
154 like(Net::SSLeay::dump_peer_certificate($ssl), qr/CN=inherits/, 'CN inner');
155
156 ###############################################################################
157
158 sub get_ssl_socket {
159 my ($port, $ses) = @_;
160 my $s;
161
162 my $dest_ip = inet_aton('127.0.0.1');
163 my $dest_serv_params = sockaddr_in($port || 8080, $dest_ip);
164
165 socket($s, &AF_INET, &SOCK_STREAM, 0) or die "socket: $!";
166 connect($s, $dest_serv_params) or die "connect: $!";
167
168 my $ssl = Net::SSLeay::new($ctx) or die("Failed to create SSL $!");
169 Net::SSLeay::set_session($ssl, $ses) if defined $ses;
170 Net::SSLeay::set_fd( $ssl, fileno($s));
171 Net::SSLeay::connect($ssl) or die("ssl connect");
172 return ($s, $ssl);
173 }
174
175 ###############################################################################
176
177 sub http_daemon {
178 my $server = IO::Socket::INET->new(
179 Proto => 'tcp',
180 LocalHost => '127.0.0.1:8081',
181 Listen => 5,
182 Reuse => 1
183 )
184 or die "Can't create listening socket: $!\n";
185
186 local $SIG{PIPE} = 'IGNORE';
187
188 while (my $client = $server->accept()) {
189 $client->autoflush(1);
190
191 while (<$client>) {
192 last if (/^\x0d?\x0a?$/);
193 }
194
195 print $client <<EOF;
196 HTTP/1.1 200 OK
197 Connection: close
198
199 EOF
200
201 close $client;
202 }
203 }
204
205 ###############################################################################