Mercurial > hg > nginx-tests
comparison ssl.t @ 1866:a797d7428fa5
Tests: simplified http SSL tests with IO::Socket::SSL.
The http SSL tests which previously used IO::Socket::SSL were converted
to use improved IO::Socket::SSL infrastructure in Test::Nginx.
author | Maxim Dounin <mdounin@mdounin.ru> |
---|---|
date | Thu, 18 May 2023 18:07:19 +0300 |
parents | cdcd75657e52 |
children | 0b5ec15c62ed |
comparison
equal
deleted
inserted
replaced
1865:0e1865aa9b33 | 1866:a797d7428fa5 |
---|---|
12 use strict; | 12 use strict; |
13 | 13 |
14 use Test::More; | 14 use Test::More; |
15 | 15 |
16 use Socket qw/ CRLF /; | 16 use Socket qw/ CRLF /; |
17 use IO::Select; | |
17 | 18 |
18 BEGIN { use FindBin; chdir($FindBin::Bin); } | 19 BEGIN { use FindBin; chdir($FindBin::Bin); } |
19 | 20 |
20 use lib 'lib'; | 21 use lib 'lib'; |
21 use Test::Nginx; | 22 use Test::Nginx; |
276 sub test_tls13 { | 277 sub test_tls13 { |
277 return get('/protocol', 8085) =~ /TLSv1.3/; | 278 return get('/protocol', 8085) =~ /TLSv1.3/; |
278 } | 279 } |
279 | 280 |
280 sub get { | 281 sub get { |
281 my ($uri, $port, $ctx) = @_; | 282 my ($uri, $port, $ctx, %extra) = @_; |
282 my $s = get_ssl_socket($port, $ctx) or return; | 283 my $s = get_ssl_socket($port, $ctx, %extra) or return; |
283 my $r = http_get($uri, socket => $s); | 284 return http_get($uri, socket => $s); |
284 $s->close(); | |
285 return $r; | |
286 } | 285 } |
287 | 286 |
288 sub get_body { | 287 sub get_body { |
289 my ($uri, $body, $len, $n) = @_; | 288 my ($uri, $body, $len, $n) = @_; |
290 my $s = get_ssl_socket(8085) or return; | 289 my $s = get_ssl_socket(8085) or return; |
295 socket => $s, start => 1); | 294 socket => $s, start => 1); |
296 my $chs = unpack("H*", pack("C", length($body) * $len)); | 295 my $chs = unpack("H*", pack("C", length($body) * $len)); |
297 http($chs . CRLF . $body x $len . CRLF, socket => $s, start => 1) | 296 http($chs . CRLF . $body x $len . CRLF, socket => $s, start => 1) |
298 for 1 .. $n; | 297 for 1 .. $n; |
299 my $r = http("0" . CRLF . CRLF, socket => $s); | 298 my $r = http("0" . CRLF . CRLF, socket => $s); |
300 $s->close(); | |
301 return $r; | 299 return $r; |
302 } | 300 } |
303 | 301 |
304 sub cert { | 302 sub cert { |
305 my ($uri, $port) = @_; | 303 my ($uri, $port) = @_; |
306 my $s = get_ssl_socket($port, undef, | 304 return get( |
305 $uri, $port, undef, | |
307 SSL_cert_file => "$d/subject.crt", | 306 SSL_cert_file => "$d/subject.crt", |
308 SSL_key_file => "$d/subject.key") or return; | 307 SSL_key_file => "$d/subject.key" |
309 http_get($uri, socket => $s); | 308 ); |
310 } | 309 } |
311 | 310 |
312 sub get_ssl_context { | 311 sub get_ssl_context { |
313 return IO::Socket::SSL::SSL_Context->new( | 312 return IO::Socket::SSL::SSL_Context->new( |
314 SSL_verify_mode => IO::Socket::SSL::SSL_VERIFY_NONE(), | 313 SSL_verify_mode => IO::Socket::SSL::SSL_VERIFY_NONE(), |
316 ); | 315 ); |
317 } | 316 } |
318 | 317 |
319 sub get_ssl_socket { | 318 sub get_ssl_socket { |
320 my ($port, $ctx, %extra) = @_; | 319 my ($port, $ctx, %extra) = @_; |
321 my $s; | 320 return http( |
322 | 321 '', PeerAddr => '127.0.0.1:' . port($port), start => 1, |
323 eval { | 322 SSL => 1, |
324 local $SIG{ALRM} = sub { die "timeout\n" }; | 323 SSL_reuse_ctx => $ctx, |
325 local $SIG{PIPE} = sub { die "sigpipe\n" }; | 324 %extra |
326 alarm(8); | 325 ); |
327 $s = IO::Socket::SSL->new( | |
328 Proto => 'tcp', | |
329 PeerAddr => '127.0.0.1', | |
330 PeerPort => port($port), | |
331 SSL_verify_mode => IO::Socket::SSL::SSL_VERIFY_NONE(), | |
332 SSL_reuse_ctx => $ctx, | |
333 SSL_error_trap => sub { die $_[1] }, | |
334 %extra | |
335 ); | |
336 alarm(0); | |
337 }; | |
338 alarm(0); | |
339 | |
340 if ($@) { | |
341 log_in("died: $@"); | |
342 return undef; | |
343 } | |
344 | |
345 return $s; | |
346 } | 326 } |
347 | 327 |
348 sub get_ssl_shutdown { | 328 sub get_ssl_shutdown { |
349 my ($port) = @_; | 329 my ($port) = @_; |
350 | 330 |
351 my $s = IO::Socket::INET->new('127.0.0.1:' . port($port)); | 331 my $s = http( |
352 my $ctx = Net::SSLeay::CTX_new() or die("Failed to create SSL_CTX $!"); | 332 'GET /' . CRLF . 'extra', |
353 my $ssl = Net::SSLeay::new($ctx) or die("Failed to create SSL $!"); | 333 PeerAddr => '127.0.0.1:' . port($port), start => 1, |
354 Net::SSLeay::set_fd($ssl, fileno($s)); | 334 SSL => 1 |
355 Net::SSLeay::connect($ssl) or die("ssl connect"); | 335 ); |
356 Net::SSLeay::write($ssl, 'GET /' . CRLF . 'extra'); | 336 |
357 Net::SSLeay::read($ssl); | 337 $s->blocking(0); |
358 Net::SSLeay::set_shutdown($ssl, 1); | 338 while (IO::Select->new($s)->can_read(8)) { |
359 Net::SSLeay::shutdown($ssl); | 339 my $n = $s->sysread(my $buf, 16384); |
360 } | 340 next if !defined $n && $!{EWOULDBLOCK}; |
361 | 341 last; |
362 ############################################################################### | 342 } |
343 $s->blocking(1); | |
344 | |
345 return $s->stop_SSL(); | |
346 } | |
347 | |
348 ############################################################################### |