Mercurial > hg > nginx-tests
comparison stream_ssl_preread.t @ 1198:cd153f1bbaad
Tests: simplified stream_ssl_preread.t by not using http backends.
| author | Sergey Kandaurov <pluknet@nginx.com> |
|---|---|
| date | Mon, 31 Jul 2017 14:24:38 +0300 |
| parents | 6c27d5cab1d7 |
| children | 08f6eacf1cfe |
comparison
equal
deleted
inserted
replaced
| 1197:155573499f20 | 1198:cd153f1bbaad |
|---|---|
| 14 | 14 |
| 15 BEGIN { use FindBin; chdir($FindBin::Bin); } | 15 BEGIN { use FindBin; chdir($FindBin::Bin); } |
| 16 | 16 |
| 17 use lib 'lib'; | 17 use lib 'lib'; |
| 18 use Test::Nginx; | 18 use Test::Nginx; |
| 19 use Test::Nginx::Stream qw/ stream /; | |
| 19 | 20 |
| 20 ############################################################################### | 21 ############################################################################### |
| 21 | 22 |
| 22 select STDERR; $| = 1; | 23 select STDERR; $| = 1; |
| 23 select STDOUT; $| = 1; | 24 select STDOUT; $| = 1; |
| 24 | 25 |
| 25 my $t = Test::Nginx->new()->has(qw/stream stream_map stream_ssl_preread/) | 26 my $t = Test::Nginx->new()->has(qw/stream stream_map stream_ssl_preread/) |
| 26 ->has(qw/http http_ssl stream_ssl stream_return/)->has_daemon('openssl') | 27 ->has(qw/stream_ssl stream_return/)->has_daemon('openssl') |
| 27 ->write_file_expand('nginx.conf', <<'EOF'); | 28 ->write_file_expand('nginx.conf', <<'EOF'); |
| 28 | 29 |
| 29 %%TEST_GLOBALS%% | 30 %%TEST_GLOBALS%% |
| 30 | 31 |
| 31 daemon off; | 32 daemon off; |
| 51 | 52 |
| 52 ssl_preread on; | 53 ssl_preread on; |
| 53 | 54 |
| 54 server { | 55 server { |
| 55 listen 127.0.0.1:8080; | 56 listen 127.0.0.1:8080; |
| 56 proxy_pass $name; | 57 return $name; |
| 57 } | 58 } |
| 58 | 59 |
| 59 server { | 60 server { |
| 60 listen 127.0.0.1:8081; | 61 listen 127.0.0.1:8081; |
| 61 proxy_pass $name; | 62 proxy_pass $name; |
| 63 } | |
| 64 | |
| 65 server { | |
| 66 listen 127.0.0.1:8082; | |
| 67 proxy_pass $name; | |
| 62 ssl_preread off; | 68 ssl_preread off; |
| 63 } | |
| 64 | |
| 65 ssl_certificate_key localhost.key; | |
| 66 ssl_certificate localhost.crt; | |
| 67 | |
| 68 server { | |
| 69 listen 127.0.0.1:8082 ssl; | |
| 70 proxy_pass $name; | |
| 71 proxy_ssl on; | |
| 72 } | 69 } |
| 73 | 70 |
| 74 server { | 71 server { |
| 75 listen 127.0.0.1:8083; | 72 listen 127.0.0.1:8083; |
| 76 proxy_pass $name; | 73 proxy_pass $name; |
| 78 preread_timeout 2s; | 75 preread_timeout 2s; |
| 79 preread_buffer_size 42; | 76 preread_buffer_size 42; |
| 80 | 77 |
| 81 access_log %%TESTDIR%%/status.log status; | 78 access_log %%TESTDIR%%/status.log status; |
| 82 } | 79 } |
| 83 | |
| 84 server { | |
| 85 listen 127.0.0.1:8084; | |
| 86 return $ssl_preread_server_name; | |
| 87 } | |
| 88 } | |
| 89 | |
| 90 http { | |
| 91 %%TEST_GLOBALS_HTTP%% | |
| 92 | 80 |
| 93 ssl_certificate_key localhost.key; | 81 ssl_certificate_key localhost.key; |
| 94 ssl_certificate localhost.crt; | 82 ssl_certificate localhost.crt; |
| 95 | 83 |
| 96 server { | 84 server { |
| 97 listen 127.0.0.1:8091 ssl; | 85 listen 127.0.0.1:8091 ssl; |
| 98 listen 127.0.0.1:8092 ssl; | 86 listen 127.0.0.1:8092 ssl; |
| 99 listen 127.0.0.1:8093 ssl; | 87 listen 127.0.0.1:8093 ssl; |
| 100 server_name localhost; | 88 ssl_preread off; |
| 101 | 89 return $server_port; |
| 102 location / { | |
| 103 add_header X-Port $server_port always; | |
| 104 } | |
| 105 } | 90 } |
| 106 } | 91 } |
| 107 | 92 |
| 108 EOF | 93 EOF |
| 109 | 94 |
| 148 | 133 |
| 149 ############################################################################### | 134 ############################################################################### |
| 150 | 135 |
| 151 my ($p1, $p2, $p3) = (port(8091), port(8092), port(8093)); | 136 my ($p1, $p2, $p3) = (port(8091), port(8092), port(8093)); |
| 152 | 137 |
| 153 like(https_get_host('foo'), qr/$p1/, 'sni'); | 138 is(get_ssl('foo', 8081), $p1, 'sni'); |
| 154 like(https_get_host('foo'), qr/$p1/, 'sni again'); | 139 is(get_ssl('foo', 8081), $p1, 'sni again'); |
| 155 | 140 |
| 156 like(https_get_host('bar'), qr/$p2/, 'sni 2'); | 141 is(get_ssl('bar', 8081), $p2, 'sni 2'); |
| 157 like(https_get_host('bar'), qr/$p2/, 'sni 2 again'); | 142 is(get_ssl('bar', 8081), $p2, 'sni 2 again'); |
| 158 | 143 |
| 159 # fallback to an empty value for some reason | 144 # fallback to an empty value for some reason |
| 160 | 145 |
| 161 like(https_get_host('foo', ''), qr/$p3/, 'no sni'); | 146 is(get_ssl('', 8081), $p3, 'no sni'); |
| 162 like(https_get_host('foo', 'foo', 8081), qr/$p3/, 'no preread'); | 147 is(get_ssl('foo', 8082), $p3, 'preread off'); |
| 163 like(https_get_host('foo', 'foo', 8082), qr/$p3/, 'no handshake'); | 148 is(get_ssl('foo', 8083), undef, 'preread buffer full'); |
| 164 | 149 is(stream()->io('x' x 1000), "127.0.0.1:$p3", 'not a handshake'); |
| 165 is(https_get_host('foo', 'foo', 8083), undef, 'preread buffer full'); | |
| 166 | 150 |
| 167 # no junk in variable due to short ClientHello length value | 151 # no junk in variable due to short ClientHello length value |
| 168 | 152 |
| 169 is(get_short(), '', 'short client hello'); | 153 is(get_short(), "127.0.0.1:$p3", 'short client hello'); |
| 170 | 154 |
| 171 # allow record with older SSL version, such as 3.0 | 155 # allow record with older SSL version, such as 3.0 |
| 172 | 156 |
| 173 TODO: { | 157 TODO: { |
| 174 local $TODO = 'not yet' unless $t->has_version('1.11.8'); | 158 local $TODO = 'not yet' unless $t->has_version('1.11.8'); |
| 182 is($t->read_file('status.log'), "400\n", 'preread buffer full - log'); | 166 is($t->read_file('status.log'), "400\n", 'preread buffer full - log'); |
| 183 | 167 |
| 184 ############################################################################### | 168 ############################################################################### |
| 185 | 169 |
| 186 sub get_short { | 170 sub get_short { |
| 187 my $s; | |
| 188 | |
| 189 eval { | |
| 190 local $SIG{ALRM} = sub { die "timeout\n" }; | |
| 191 local $SIG{PIPE} = sub { die "sigpipe\n" }; | |
| 192 alarm(2); | |
| 193 $s = IO::Socket::INET->new( | |
| 194 Proto => 'tcp', | |
| 195 PeerAddr => '127.0.0.1:' . port(8084), | |
| 196 ); | |
| 197 alarm(0); | |
| 198 }; | |
| 199 alarm(0); | |
| 200 | |
| 201 if ($@) { | |
| 202 log_in("died: $@"); | |
| 203 return undef; | |
| 204 } | |
| 205 | |
| 206 my $r = pack("N*", 0x16030100, 0x38010000, 0x330303eb); | 171 my $r = pack("N*", 0x16030100, 0x38010000, 0x330303eb); |
| 207 $r .= pack("N*", 0x6357cdba, 0xa6b8d853, 0xf1f6ac0f); | 172 $r .= pack("N*", 0x6357cdba, 0xa6b8d853, 0xf1f6ac0f); |
| 208 $r .= pack("N*", 0xdf03178c, 0x0ae41824, 0xe7643682); | 173 $r .= pack("N*", 0xdf03178c, 0x0ae41824, 0xe7643682); |
| 209 $r .= pack("N*", 0x3c1b273f, 0xbfde4b00, 0x00000000); | 174 $r .= pack("N*", 0x3c1b273f, 0xbfde4b00, 0x00000000); |
| 210 $r .= pack("CN3", 0x0c, 0x00000008, 0x00060000, 0x03666f6f); | 175 $r .= pack("CN3", 0x0c, 0x00000008, 0x00060000, 0x03666f6f); |
| 211 | 176 |
| 212 http($r, socket => $s); | 177 http($r); |
| 213 } | 178 } |
| 214 | 179 |
| 215 sub get_oldver { | 180 sub get_oldver { |
| 216 my $s; | |
| 217 | |
| 218 eval { | |
| 219 local $SIG{ALRM} = sub { die "timeout\n" }; | |
| 220 local $SIG{PIPE} = sub { die "sigpipe\n" }; | |
| 221 alarm(2); | |
| 222 $s = IO::Socket::INET->new( | |
| 223 Proto => 'tcp', | |
| 224 PeerAddr => '127.0.0.1:' . port(8084), | |
| 225 ); | |
| 226 alarm(0); | |
| 227 }; | |
| 228 alarm(0); | |
| 229 | |
| 230 if ($@) { | |
| 231 log_in("died: $@"); | |
| 232 return undef; | |
| 233 } | |
| 234 | |
| 235 my $r = pack("N*", 0x16030000, 0x38010000, 0x340303eb); | 181 my $r = pack("N*", 0x16030000, 0x38010000, 0x340303eb); |
| 236 $r .= pack("N*", 0x6357cdba, 0xa6b8d853, 0xf1f6ac0f); | 182 $r .= pack("N*", 0x6357cdba, 0xa6b8d853, 0xf1f6ac0f); |
| 237 $r .= pack("N*", 0xdf03178c, 0x0ae41824, 0xe7643682); | 183 $r .= pack("N*", 0xdf03178c, 0x0ae41824, 0xe7643682); |
| 238 $r .= pack("N*", 0x3c1b273f, 0xbfde4b00, 0x00000000); | 184 $r .= pack("N*", 0x3c1b273f, 0xbfde4b00, 0x00000000); |
| 239 $r .= pack("CN3", 0x0c, 0x00000008, 0x00060000, 0x03666f6f); | 185 $r .= pack("CN3", 0x0c, 0x00000008, 0x00060000, 0x03666f6f); |
| 240 | 186 |
| 241 http($r, socket => $s); | 187 http($r); |
| 242 } | 188 } |
| 243 | 189 |
| 244 sub get_ssl_socket { | 190 sub get_ssl { |
| 245 my ($host, $port) = @_; | 191 my ($host, $port) = @_; |
| 246 my $s; | 192 my $s = stream("127.0.0.1:$port"); |
| 247 | 193 |
| 248 eval { | 194 eval { |
| 249 local $SIG{ALRM} = sub { die "timeout\n" }; | 195 local $SIG{ALRM} = sub { die "timeout\n" }; |
| 250 local $SIG{PIPE} = sub { die "sigpipe\n" }; | 196 local $SIG{PIPE} = sub { die "sigpipe\n" }; |
| 251 alarm(2); | 197 alarm(2); |
| 252 $s = IO::Socket::SSL->new( | 198 IO::Socket::SSL->start_SSL($s->{_socket}, |
| 253 Proto => 'tcp', | |
| 254 PeerAddr => '127.0.0.1:' . port($port || 8080), | |
| 255 SSL_hostname => $host, | 199 SSL_hostname => $host, |
| 256 SSL_verify_mode => IO::Socket::SSL::SSL_VERIFY_NONE(), | 200 SSL_verify_mode => IO::Socket::SSL::SSL_VERIFY_NONE(), |
| 257 SSL_error_trap => sub { die $_[1] } | 201 SSL_error_trap => sub { die $_[1] } |
| 258 ); | 202 ); |
| 259 alarm(0); | 203 alarm(0); |
| 263 if ($@) { | 207 if ($@) { |
| 264 log_in("died: $@"); | 208 log_in("died: $@"); |
| 265 return undef; | 209 return undef; |
| 266 } | 210 } |
| 267 | 211 |
| 268 return $s; | 212 return $s->read(); |
| 269 } | 213 } |
| 270 | 214 |
| 271 sub https_get_host { | 215 ############################################################################### |
| 272 my ($host, $sni, $port) = @_; | |
| 273 my $s = get_ssl_socket(defined $sni ? $sni : $host, $port) or return; | |
| 274 | |
| 275 return http(<<EOF, socket => $s); | |
| 276 GET / HTTP/1.0 | |
| 277 Host: $host | |
| 278 | |
| 279 EOF | |
| 280 } | |
| 281 | |
| 282 ############################################################################### |