Mercurial > hg > nginx-tests
comparison stream_ssl_preread.t @ 1099:dd3031bbc705
Tests: various stream_ssl_preread tests with ill-formed records.
author | Sergey Kandaurov <pluknet@nginx.com> |
---|---|
date | Mon, 19 Dec 2016 14:38:56 +0300 |
parents | 679cefd5896b |
children | 8ef51dbb5d69 |
comparison
equal
deleted
inserted
replaced
1098:bb1974010d0a | 1099:dd3031bbc705 |
---|---|
21 | 21 |
22 select STDERR; $| = 1; | 22 select STDERR; $| = 1; |
23 select STDOUT; $| = 1; | 23 select STDOUT; $| = 1; |
24 | 24 |
25 my $t = Test::Nginx->new()->has(qw/stream stream_map stream_ssl_preread/) | 25 my $t = Test::Nginx->new()->has(qw/stream stream_map stream_ssl_preread/) |
26 ->has(qw/http http_ssl stream_ssl/)->has_daemon('openssl') | 26 ->has(qw/http http_ssl stream_ssl stream_return/)->has_daemon('openssl') |
27 ->write_file_expand('nginx.conf', <<'EOF'); | 27 ->write_file_expand('nginx.conf', <<'EOF'); |
28 | 28 |
29 %%TEST_GLOBALS%% | 29 %%TEST_GLOBALS%% |
30 | 30 |
31 daemon off; | 31 daemon off; |
77 | 77 |
78 preread_timeout 2s; | 78 preread_timeout 2s; |
79 preread_buffer_size 42; | 79 preread_buffer_size 42; |
80 | 80 |
81 access_log %%TESTDIR%%/status.log status; | 81 access_log %%TESTDIR%%/status.log status; |
82 } | |
83 | |
84 server { | |
85 listen 127.0.0.1:8084; | |
86 return $ssl_preread_server_name; | |
82 } | 87 } |
83 } | 88 } |
84 | 89 |
85 http { | 90 http { |
86 %%TEST_GLOBALS_HTTP%% | 91 %%TEST_GLOBALS_HTTP%% |
117 my $ssl = Net::SSLeay::new($ctx) or die; | 122 my $ssl = Net::SSLeay::new($ctx) or die; |
118 Net::SSLeay::set_tlsext_host_name($ssl, 'example.org') == 1 or die; | 123 Net::SSLeay::set_tlsext_host_name($ssl, 'example.org') == 1 or die; |
119 }; | 124 }; |
120 plan(skip_all => 'Net::SSLeay with OpenSSL SNI support required') if $@; | 125 plan(skip_all => 'Net::SSLeay with OpenSSL SNI support required') if $@; |
121 | 126 |
122 $t->plan(9); | 127 $t->plan(11); |
123 | 128 |
124 $t->write_file('openssl.conf', <<EOF); | 129 $t->write_file('openssl.conf', <<EOF); |
125 [ req ] | 130 [ req ] |
126 default_bits = 2048 | 131 default_bits = 2048 |
127 encrypt_key = no | 132 encrypt_key = no |
157 like(https_get_host('foo', 'foo', 8081), qr/$p3/, 'no preread'); | 162 like(https_get_host('foo', 'foo', 8081), qr/$p3/, 'no preread'); |
158 like(https_get_host('foo', 'foo', 8082), qr/$p3/, 'no handshake'); | 163 like(https_get_host('foo', 'foo', 8082), qr/$p3/, 'no handshake'); |
159 | 164 |
160 is(https_get_host('foo', 'foo', 8083), undef, 'preread buffer full'); | 165 is(https_get_host('foo', 'foo', 8083), undef, 'preread buffer full'); |
161 | 166 |
167 # no junk in variable due to short ClientHello length value | |
168 | |
169 is(get_short(), '', 'short client hello'); | |
170 | |
171 # allow record with older SSL version, such as 3.0 | |
172 | |
173 is(get_oldver(), 'foo', 'older version in ssl record'); | |
174 | |
162 $t->stop(); | 175 $t->stop(); |
163 | 176 |
164 is($t->read_file('status.log'), "400\n", 'preread buffer full - log'); | 177 is($t->read_file('status.log'), "400\n", 'preread buffer full - log'); |
165 | 178 |
166 ############################################################################### | 179 ############################################################################### |
180 | |
181 sub get_short { | |
182 my $s; | |
183 | |
184 eval { | |
185 local $SIG{ALRM} = sub { die "timeout\n" }; | |
186 local $SIG{PIPE} = sub { die "sigpipe\n" }; | |
187 alarm(2); | |
188 $s = IO::Socket::INET->new( | |
189 Proto => 'tcp', | |
190 PeerAddr => '127.0.0.1:' . port(8084), | |
191 ); | |
192 alarm(0); | |
193 }; | |
194 alarm(0); | |
195 | |
196 if ($@) { | |
197 log_in("died: $@"); | |
198 return undef; | |
199 } | |
200 | |
201 my $r = pack("N*", 0x16030100, 0x38010000, 0x330303eb); | |
202 $r .= pack("N*", 0x6357cdba, 0xa6b8d853, 0xf1f6ac0f); | |
203 $r .= pack("N*", 0xdf03178c, 0x0ae41824, 0xe7643682); | |
204 $r .= pack("N*", 0x3c1b273f, 0xbfde4b00, 0x00000000); | |
205 $r .= pack("CN3", 0x0c, 0x00000008, 0x00060000, 0x03666f6f); | |
206 | |
207 http($r, socket => $s); | |
208 } | |
209 | |
210 sub get_oldver { | |
211 my $s; | |
212 | |
213 eval { | |
214 local $SIG{ALRM} = sub { die "timeout\n" }; | |
215 local $SIG{PIPE} = sub { die "sigpipe\n" }; | |
216 alarm(2); | |
217 $s = IO::Socket::INET->new( | |
218 Proto => 'tcp', | |
219 PeerAddr => '127.0.0.1:' . port(8084), | |
220 ); | |
221 alarm(0); | |
222 }; | |
223 alarm(0); | |
224 | |
225 if ($@) { | |
226 log_in("died: $@"); | |
227 return undef; | |
228 } | |
229 | |
230 my $r = pack("N*", 0x16030000, 0x38010000, 0x340303eb); | |
231 $r .= pack("N*", 0x6357cdba, 0xa6b8d853, 0xf1f6ac0f); | |
232 $r .= pack("N*", 0xdf03178c, 0x0ae41824, 0xe7643682); | |
233 $r .= pack("N*", 0x3c1b273f, 0xbfde4b00, 0x00000000); | |
234 $r .= pack("CN3", 0x0c, 0x00000008, 0x00060000, 0x03666f6f); | |
235 | |
236 http($r, socket => $s); | |
237 } | |
167 | 238 |
168 sub get_ssl_socket { | 239 sub get_ssl_socket { |
169 my ($host, $port) = @_; | 240 my ($host, $port) = @_; |
170 my $s; | 241 my $s; |
171 | 242 |