Mercurial > hg > nginx-tests
comparison stream_ssl_preread.t @ 1198:cd153f1bbaad
Tests: simplified stream_ssl_preread.t by not using http backends.
author | Sergey Kandaurov <pluknet@nginx.com> |
---|---|
date | Mon, 31 Jul 2017 14:24:38 +0300 |
parents | 6c27d5cab1d7 |
children | 08f6eacf1cfe |
comparison
equal
deleted
inserted
replaced
1197:155573499f20 | 1198:cd153f1bbaad |
---|---|
14 | 14 |
15 BEGIN { use FindBin; chdir($FindBin::Bin); } | 15 BEGIN { use FindBin; chdir($FindBin::Bin); } |
16 | 16 |
17 use lib 'lib'; | 17 use lib 'lib'; |
18 use Test::Nginx; | 18 use Test::Nginx; |
19 use Test::Nginx::Stream qw/ stream /; | |
19 | 20 |
20 ############################################################################### | 21 ############################################################################### |
21 | 22 |
22 select STDERR; $| = 1; | 23 select STDERR; $| = 1; |
23 select STDOUT; $| = 1; | 24 select STDOUT; $| = 1; |
24 | 25 |
25 my $t = Test::Nginx->new()->has(qw/stream stream_map stream_ssl_preread/) | 26 my $t = Test::Nginx->new()->has(qw/stream stream_map stream_ssl_preread/) |
26 ->has(qw/http http_ssl stream_ssl stream_return/)->has_daemon('openssl') | 27 ->has(qw/stream_ssl stream_return/)->has_daemon('openssl') |
27 ->write_file_expand('nginx.conf', <<'EOF'); | 28 ->write_file_expand('nginx.conf', <<'EOF'); |
28 | 29 |
29 %%TEST_GLOBALS%% | 30 %%TEST_GLOBALS%% |
30 | 31 |
31 daemon off; | 32 daemon off; |
51 | 52 |
52 ssl_preread on; | 53 ssl_preread on; |
53 | 54 |
54 server { | 55 server { |
55 listen 127.0.0.1:8080; | 56 listen 127.0.0.1:8080; |
56 proxy_pass $name; | 57 return $name; |
57 } | 58 } |
58 | 59 |
59 server { | 60 server { |
60 listen 127.0.0.1:8081; | 61 listen 127.0.0.1:8081; |
61 proxy_pass $name; | 62 proxy_pass $name; |
63 } | |
64 | |
65 server { | |
66 listen 127.0.0.1:8082; | |
67 proxy_pass $name; | |
62 ssl_preread off; | 68 ssl_preread off; |
63 } | |
64 | |
65 ssl_certificate_key localhost.key; | |
66 ssl_certificate localhost.crt; | |
67 | |
68 server { | |
69 listen 127.0.0.1:8082 ssl; | |
70 proxy_pass $name; | |
71 proxy_ssl on; | |
72 } | 69 } |
73 | 70 |
74 server { | 71 server { |
75 listen 127.0.0.1:8083; | 72 listen 127.0.0.1:8083; |
76 proxy_pass $name; | 73 proxy_pass $name; |
78 preread_timeout 2s; | 75 preread_timeout 2s; |
79 preread_buffer_size 42; | 76 preread_buffer_size 42; |
80 | 77 |
81 access_log %%TESTDIR%%/status.log status; | 78 access_log %%TESTDIR%%/status.log status; |
82 } | 79 } |
83 | |
84 server { | |
85 listen 127.0.0.1:8084; | |
86 return $ssl_preread_server_name; | |
87 } | |
88 } | |
89 | |
90 http { | |
91 %%TEST_GLOBALS_HTTP%% | |
92 | 80 |
93 ssl_certificate_key localhost.key; | 81 ssl_certificate_key localhost.key; |
94 ssl_certificate localhost.crt; | 82 ssl_certificate localhost.crt; |
95 | 83 |
96 server { | 84 server { |
97 listen 127.0.0.1:8091 ssl; | 85 listen 127.0.0.1:8091 ssl; |
98 listen 127.0.0.1:8092 ssl; | 86 listen 127.0.0.1:8092 ssl; |
99 listen 127.0.0.1:8093 ssl; | 87 listen 127.0.0.1:8093 ssl; |
100 server_name localhost; | 88 ssl_preread off; |
101 | 89 return $server_port; |
102 location / { | |
103 add_header X-Port $server_port always; | |
104 } | |
105 } | 90 } |
106 } | 91 } |
107 | 92 |
108 EOF | 93 EOF |
109 | 94 |
148 | 133 |
149 ############################################################################### | 134 ############################################################################### |
150 | 135 |
151 my ($p1, $p2, $p3) = (port(8091), port(8092), port(8093)); | 136 my ($p1, $p2, $p3) = (port(8091), port(8092), port(8093)); |
152 | 137 |
153 like(https_get_host('foo'), qr/$p1/, 'sni'); | 138 is(get_ssl('foo', 8081), $p1, 'sni'); |
154 like(https_get_host('foo'), qr/$p1/, 'sni again'); | 139 is(get_ssl('foo', 8081), $p1, 'sni again'); |
155 | 140 |
156 like(https_get_host('bar'), qr/$p2/, 'sni 2'); | 141 is(get_ssl('bar', 8081), $p2, 'sni 2'); |
157 like(https_get_host('bar'), qr/$p2/, 'sni 2 again'); | 142 is(get_ssl('bar', 8081), $p2, 'sni 2 again'); |
158 | 143 |
159 # fallback to an empty value for some reason | 144 # fallback to an empty value for some reason |
160 | 145 |
161 like(https_get_host('foo', ''), qr/$p3/, 'no sni'); | 146 is(get_ssl('', 8081), $p3, 'no sni'); |
162 like(https_get_host('foo', 'foo', 8081), qr/$p3/, 'no preread'); | 147 is(get_ssl('foo', 8082), $p3, 'preread off'); |
163 like(https_get_host('foo', 'foo', 8082), qr/$p3/, 'no handshake'); | 148 is(get_ssl('foo', 8083), undef, 'preread buffer full'); |
164 | 149 is(stream()->io('x' x 1000), "127.0.0.1:$p3", 'not a handshake'); |
165 is(https_get_host('foo', 'foo', 8083), undef, 'preread buffer full'); | |
166 | 150 |
167 # no junk in variable due to short ClientHello length value | 151 # no junk in variable due to short ClientHello length value |
168 | 152 |
169 is(get_short(), '', 'short client hello'); | 153 is(get_short(), "127.0.0.1:$p3", 'short client hello'); |
170 | 154 |
171 # allow record with older SSL version, such as 3.0 | 155 # allow record with older SSL version, such as 3.0 |
172 | 156 |
173 TODO: { | 157 TODO: { |
174 local $TODO = 'not yet' unless $t->has_version('1.11.8'); | 158 local $TODO = 'not yet' unless $t->has_version('1.11.8'); |
182 is($t->read_file('status.log'), "400\n", 'preread buffer full - log'); | 166 is($t->read_file('status.log'), "400\n", 'preread buffer full - log'); |
183 | 167 |
184 ############################################################################### | 168 ############################################################################### |
185 | 169 |
186 sub get_short { | 170 sub get_short { |
187 my $s; | |
188 | |
189 eval { | |
190 local $SIG{ALRM} = sub { die "timeout\n" }; | |
191 local $SIG{PIPE} = sub { die "sigpipe\n" }; | |
192 alarm(2); | |
193 $s = IO::Socket::INET->new( | |
194 Proto => 'tcp', | |
195 PeerAddr => '127.0.0.1:' . port(8084), | |
196 ); | |
197 alarm(0); | |
198 }; | |
199 alarm(0); | |
200 | |
201 if ($@) { | |
202 log_in("died: $@"); | |
203 return undef; | |
204 } | |
205 | |
206 my $r = pack("N*", 0x16030100, 0x38010000, 0x330303eb); | 171 my $r = pack("N*", 0x16030100, 0x38010000, 0x330303eb); |
207 $r .= pack("N*", 0x6357cdba, 0xa6b8d853, 0xf1f6ac0f); | 172 $r .= pack("N*", 0x6357cdba, 0xa6b8d853, 0xf1f6ac0f); |
208 $r .= pack("N*", 0xdf03178c, 0x0ae41824, 0xe7643682); | 173 $r .= pack("N*", 0xdf03178c, 0x0ae41824, 0xe7643682); |
209 $r .= pack("N*", 0x3c1b273f, 0xbfde4b00, 0x00000000); | 174 $r .= pack("N*", 0x3c1b273f, 0xbfde4b00, 0x00000000); |
210 $r .= pack("CN3", 0x0c, 0x00000008, 0x00060000, 0x03666f6f); | 175 $r .= pack("CN3", 0x0c, 0x00000008, 0x00060000, 0x03666f6f); |
211 | 176 |
212 http($r, socket => $s); | 177 http($r); |
213 } | 178 } |
214 | 179 |
215 sub get_oldver { | 180 sub get_oldver { |
216 my $s; | |
217 | |
218 eval { | |
219 local $SIG{ALRM} = sub { die "timeout\n" }; | |
220 local $SIG{PIPE} = sub { die "sigpipe\n" }; | |
221 alarm(2); | |
222 $s = IO::Socket::INET->new( | |
223 Proto => 'tcp', | |
224 PeerAddr => '127.0.0.1:' . port(8084), | |
225 ); | |
226 alarm(0); | |
227 }; | |
228 alarm(0); | |
229 | |
230 if ($@) { | |
231 log_in("died: $@"); | |
232 return undef; | |
233 } | |
234 | |
235 my $r = pack("N*", 0x16030000, 0x38010000, 0x340303eb); | 181 my $r = pack("N*", 0x16030000, 0x38010000, 0x340303eb); |
236 $r .= pack("N*", 0x6357cdba, 0xa6b8d853, 0xf1f6ac0f); | 182 $r .= pack("N*", 0x6357cdba, 0xa6b8d853, 0xf1f6ac0f); |
237 $r .= pack("N*", 0xdf03178c, 0x0ae41824, 0xe7643682); | 183 $r .= pack("N*", 0xdf03178c, 0x0ae41824, 0xe7643682); |
238 $r .= pack("N*", 0x3c1b273f, 0xbfde4b00, 0x00000000); | 184 $r .= pack("N*", 0x3c1b273f, 0xbfde4b00, 0x00000000); |
239 $r .= pack("CN3", 0x0c, 0x00000008, 0x00060000, 0x03666f6f); | 185 $r .= pack("CN3", 0x0c, 0x00000008, 0x00060000, 0x03666f6f); |
240 | 186 |
241 http($r, socket => $s); | 187 http($r); |
242 } | 188 } |
243 | 189 |
244 sub get_ssl_socket { | 190 sub get_ssl { |
245 my ($host, $port) = @_; | 191 my ($host, $port) = @_; |
246 my $s; | 192 my $s = stream("127.0.0.1:$port"); |
247 | 193 |
248 eval { | 194 eval { |
249 local $SIG{ALRM} = sub { die "timeout\n" }; | 195 local $SIG{ALRM} = sub { die "timeout\n" }; |
250 local $SIG{PIPE} = sub { die "sigpipe\n" }; | 196 local $SIG{PIPE} = sub { die "sigpipe\n" }; |
251 alarm(2); | 197 alarm(2); |
252 $s = IO::Socket::SSL->new( | 198 IO::Socket::SSL->start_SSL($s->{_socket}, |
253 Proto => 'tcp', | |
254 PeerAddr => '127.0.0.1:' . port($port || 8080), | |
255 SSL_hostname => $host, | 199 SSL_hostname => $host, |
256 SSL_verify_mode => IO::Socket::SSL::SSL_VERIFY_NONE(), | 200 SSL_verify_mode => IO::Socket::SSL::SSL_VERIFY_NONE(), |
257 SSL_error_trap => sub { die $_[1] } | 201 SSL_error_trap => sub { die $_[1] } |
258 ); | 202 ); |
259 alarm(0); | 203 alarm(0); |
263 if ($@) { | 207 if ($@) { |
264 log_in("died: $@"); | 208 log_in("died: $@"); |
265 return undef; | 209 return undef; |
266 } | 210 } |
267 | 211 |
268 return $s; | 212 return $s->read(); |
269 } | 213 } |
270 | 214 |
271 sub https_get_host { | 215 ############################################################################### |
272 my ($host, $sni, $port) = @_; | |
273 my $s = get_ssl_socket(defined $sni ? $sni : $host, $port) or return; | |
274 | |
275 return http(<<EOF, socket => $s); | |
276 GET / HTTP/1.0 | |
277 Host: $host | |
278 | |
279 EOF | |
280 } | |
281 | |
282 ############################################################################### |