Mercurial > hg > nginx-tests
comparison ssl_password_file.t @ 420:a37ec4447597
Tests: ssl_password_file tests.
| author | Sergey Kandaurov <pluknet@nginx.com> |
|---|---|
| date | Fri, 27 Jun 2014 19:03:04 +0400 |
| parents | |
| children | e8db4355fe0b |
comparison
equal
deleted
inserted
replaced
| 419:f5f2a66853a9 | 420:a37ec4447597 |
|---|---|
| 1 #!/usr/bin/perl | |
| 2 | |
| 3 # (C) Sergey Kandaurov | |
| 4 # (C) Nginx, Inc. | |
| 5 | |
| 6 # Tests for ssl_password_file directive. | |
| 7 | |
| 8 ############################################################################### | |
| 9 | |
| 10 use warnings; | |
| 11 use strict; | |
| 12 | |
| 13 use Test::More; | |
| 14 | |
| 15 use POSIX qw/ mkfifo /; | |
| 16 use Socket qw/ $CRLF /; | |
| 17 | |
| 18 BEGIN { use FindBin; chdir($FindBin::Bin); } | |
| 19 | |
| 20 use lib 'lib'; | |
| 21 use Test::Nginx; | |
| 22 | |
| 23 ############################################################################### | |
| 24 | |
| 25 select STDERR; $| = 1; | |
| 26 select STDOUT; $| = 1; | |
| 27 | |
| 28 eval { require IO::Socket::SSL; }; | |
| 29 plan(skip_all => 'IO::Socket::SSL not installed') if $@; | |
| 30 plan(skip_all => 'win32') if $^O eq 'MSWin32'; | |
| 31 | |
| 32 my $t = Test::Nginx->new()->has(qw/http http_ssl/)->has_daemon('openssl'); | |
| 33 | |
| 34 plan(skip_all => 'no ssl_password_file') unless $t->has_version('1.7.2'); | |
| 35 | |
| 36 $t->plan(3)->write_file_expand('nginx.conf', <<'EOF'); | |
| 37 | |
| 38 %%TEST_GLOBALS%% | |
| 39 | |
| 40 daemon off; | |
| 41 | |
| 42 events { | |
| 43 } | |
| 44 | |
| 45 http { | |
| 46 %%TEST_GLOBALS_HTTP%% | |
| 47 | |
| 48 ssl_certificate_key localhost.key; | |
| 49 ssl_certificate localhost.crt; | |
| 50 | |
| 51 # inherited by server "inherits" | |
| 52 ssl_password_file password_http; | |
| 53 | |
| 54 server { | |
| 55 listen 127.0.0.1:8443 ssl; | |
| 56 listen 127.0.0.1:8080; | |
| 57 server_name localhost; | |
| 58 | |
| 59 ssl_password_file password; | |
| 60 | |
| 61 location / { | |
| 62 } | |
| 63 } | |
| 64 | |
| 65 server { | |
| 66 server_name two_entries_in_file; | |
| 67 | |
| 68 ssl_password_file password_many; | |
| 69 } | |
| 70 | |
| 71 server { | |
| 72 server_name file_is_fifo; | |
| 73 | |
| 74 ssl_password_file password_fifo; | |
| 75 } | |
| 76 | |
| 77 server { | |
| 78 server_name inherits; | |
| 79 | |
| 80 ssl_certificate_key inherits.key; | |
| 81 ssl_certificate inherits.crt; | |
| 82 } | |
| 83 } | |
| 84 | |
| 85 EOF | |
| 86 | |
| 87 $t->write_file('openssl.conf', <<EOF); | |
| 88 [ req ] | |
| 89 default_bits = 2048 | |
| 90 encrypt_key = no | |
| 91 distinguished_name = req_distinguished_name | |
| 92 [ req_distinguished_name ] | |
| 93 EOF | |
| 94 | |
| 95 my $d = $t->testdir(); | |
| 96 mkfifo("$d/password_fifo", 0700); | |
| 97 | |
| 98 foreach my $name ('localhost', 'inherits') { | |
| 99 system("openssl genrsa -out $d/$name.key -passout pass:$name " | |
| 100 . ">>$d/openssl.out 2>&1") == 0 | |
| 101 or die "Can't create private key: $!\n"; | |
| 102 system('openssl req -x509 -new ' | |
| 103 . "-config '$d/openssl.conf' -subj '/CN=$name/' " | |
| 104 . "-out '$d/$name.crt' " | |
| 105 . "-key '$d/$name.key' -passin pass:$name" | |
| 106 . ">>$d/openssl.out 2>&1") == 0 | |
| 107 or die "Can't create certificate for $name: $!\n"; | |
| 108 } | |
| 109 | |
| 110 $t->write_file('password', 'localhost'); | |
| 111 $t->write_file('password_many', "wrong$CRLF" . "localhost$CRLF"); | |
| 112 $t->write_file('password_http', 'inherits'); | |
| 113 | |
| 114 fork() || exec("echo localhost > $d/password_fifo"); | |
| 115 | |
| 116 # do not mangle with try_run() | |
| 117 # we need to distinguish ssl_password_file support vs its brokenness | |
| 118 | |
| 119 eval { | |
| 120 open OLDERR, ">&", \*STDERR; close STDERR; | |
| 121 $t->run(); | |
| 122 open STDERR, ">&", \*OLDERR; | |
| 123 }; | |
| 124 | |
| 125 ############################################################################### | |
| 126 | |
| 127 is($@, '', 'ssl_password_file works'); | |
| 128 | |
| 129 # simple tests to ensure that nothing broke with ssl_password_file directive | |
| 130 | |
| 131 like(http_get('/password'), qr/200 OK/, 'http'); | |
| 132 like(http_get('/password', socket => get_ssl_socket()), qr/200 OK/, 'https'); | |
| 133 | |
| 134 ############################################################################### | |
| 135 | |
| 136 sub get_ssl_socket { | |
| 137 my $s; | |
| 138 | |
| 139 eval { | |
| 140 local $SIG{ALRM} = sub { die "timeout\n" }; | |
| 141 local $SIG{PIPE} = sub { die "sigpipe\n" }; | |
| 142 alarm(2); | |
| 143 $s = IO::Socket::SSL->new( | |
| 144 Proto => 'tcp', | |
| 145 PeerAddr => '127.0.0.1:8443', | |
| 146 SSL_verify_mode => IO::Socket::SSL::SSL_VERIFY_NONE(), | |
| 147 SSL_error_trap => sub { die $_[1] } | |
| 148 ); | |
| 149 alarm(0); | |
| 150 }; | |
| 151 alarm(0); | |
| 152 | |
| 153 if ($@) { | |
| 154 log_in("died: $@"); | |
| 155 return undef; | |
| 156 } | |
| 157 | |
| 158 return $s; | |
| 159 } | |
| 160 | |
| 161 ############################################################################### |