Mercurial > hg > nginx-tests
comparison stream_ssl_preread.t @ 1099:dd3031bbc705
Tests: various stream_ssl_preread tests with ill-formed records.
| author | Sergey Kandaurov <pluknet@nginx.com> |
|---|---|
| date | Mon, 19 Dec 2016 14:38:56 +0300 |
| parents | 679cefd5896b |
| children | 8ef51dbb5d69 |
comparison
equal
deleted
inserted
replaced
| 1098:bb1974010d0a | 1099:dd3031bbc705 |
|---|---|
| 21 | 21 |
| 22 select STDERR; $| = 1; | 22 select STDERR; $| = 1; |
| 23 select STDOUT; $| = 1; | 23 select STDOUT; $| = 1; |
| 24 | 24 |
| 25 my $t = Test::Nginx->new()->has(qw/stream stream_map stream_ssl_preread/) | 25 my $t = Test::Nginx->new()->has(qw/stream stream_map stream_ssl_preread/) |
| 26 ->has(qw/http http_ssl stream_ssl/)->has_daemon('openssl') | 26 ->has(qw/http http_ssl stream_ssl stream_return/)->has_daemon('openssl') |
| 27 ->write_file_expand('nginx.conf', <<'EOF'); | 27 ->write_file_expand('nginx.conf', <<'EOF'); |
| 28 | 28 |
| 29 %%TEST_GLOBALS%% | 29 %%TEST_GLOBALS%% |
| 30 | 30 |
| 31 daemon off; | 31 daemon off; |
| 77 | 77 |
| 78 preread_timeout 2s; | 78 preread_timeout 2s; |
| 79 preread_buffer_size 42; | 79 preread_buffer_size 42; |
| 80 | 80 |
| 81 access_log %%TESTDIR%%/status.log status; | 81 access_log %%TESTDIR%%/status.log status; |
| 82 } | |
| 83 | |
| 84 server { | |
| 85 listen 127.0.0.1:8084; | |
| 86 return $ssl_preread_server_name; | |
| 82 } | 87 } |
| 83 } | 88 } |
| 84 | 89 |
| 85 http { | 90 http { |
| 86 %%TEST_GLOBALS_HTTP%% | 91 %%TEST_GLOBALS_HTTP%% |
| 117 my $ssl = Net::SSLeay::new($ctx) or die; | 122 my $ssl = Net::SSLeay::new($ctx) or die; |
| 118 Net::SSLeay::set_tlsext_host_name($ssl, 'example.org') == 1 or die; | 123 Net::SSLeay::set_tlsext_host_name($ssl, 'example.org') == 1 or die; |
| 119 }; | 124 }; |
| 120 plan(skip_all => 'Net::SSLeay with OpenSSL SNI support required') if $@; | 125 plan(skip_all => 'Net::SSLeay with OpenSSL SNI support required') if $@; |
| 121 | 126 |
| 122 $t->plan(9); | 127 $t->plan(11); |
| 123 | 128 |
| 124 $t->write_file('openssl.conf', <<EOF); | 129 $t->write_file('openssl.conf', <<EOF); |
| 125 [ req ] | 130 [ req ] |
| 126 default_bits = 2048 | 131 default_bits = 2048 |
| 127 encrypt_key = no | 132 encrypt_key = no |
| 157 like(https_get_host('foo', 'foo', 8081), qr/$p3/, 'no preread'); | 162 like(https_get_host('foo', 'foo', 8081), qr/$p3/, 'no preread'); |
| 158 like(https_get_host('foo', 'foo', 8082), qr/$p3/, 'no handshake'); | 163 like(https_get_host('foo', 'foo', 8082), qr/$p3/, 'no handshake'); |
| 159 | 164 |
| 160 is(https_get_host('foo', 'foo', 8083), undef, 'preread buffer full'); | 165 is(https_get_host('foo', 'foo', 8083), undef, 'preread buffer full'); |
| 161 | 166 |
| 167 # no junk in variable due to short ClientHello length value | |
| 168 | |
| 169 is(get_short(), '', 'short client hello'); | |
| 170 | |
| 171 # allow record with older SSL version, such as 3.0 | |
| 172 | |
| 173 is(get_oldver(), 'foo', 'older version in ssl record'); | |
| 174 | |
| 162 $t->stop(); | 175 $t->stop(); |
| 163 | 176 |
| 164 is($t->read_file('status.log'), "400\n", 'preread buffer full - log'); | 177 is($t->read_file('status.log'), "400\n", 'preread buffer full - log'); |
| 165 | 178 |
| 166 ############################################################################### | 179 ############################################################################### |
| 180 | |
| 181 sub get_short { | |
| 182 my $s; | |
| 183 | |
| 184 eval { | |
| 185 local $SIG{ALRM} = sub { die "timeout\n" }; | |
| 186 local $SIG{PIPE} = sub { die "sigpipe\n" }; | |
| 187 alarm(2); | |
| 188 $s = IO::Socket::INET->new( | |
| 189 Proto => 'tcp', | |
| 190 PeerAddr => '127.0.0.1:' . port(8084), | |
| 191 ); | |
| 192 alarm(0); | |
| 193 }; | |
| 194 alarm(0); | |
| 195 | |
| 196 if ($@) { | |
| 197 log_in("died: $@"); | |
| 198 return undef; | |
| 199 } | |
| 200 | |
| 201 my $r = pack("N*", 0x16030100, 0x38010000, 0x330303eb); | |
| 202 $r .= pack("N*", 0x6357cdba, 0xa6b8d853, 0xf1f6ac0f); | |
| 203 $r .= pack("N*", 0xdf03178c, 0x0ae41824, 0xe7643682); | |
| 204 $r .= pack("N*", 0x3c1b273f, 0xbfde4b00, 0x00000000); | |
| 205 $r .= pack("CN3", 0x0c, 0x00000008, 0x00060000, 0x03666f6f); | |
| 206 | |
| 207 http($r, socket => $s); | |
| 208 } | |
| 209 | |
| 210 sub get_oldver { | |
| 211 my $s; | |
| 212 | |
| 213 eval { | |
| 214 local $SIG{ALRM} = sub { die "timeout\n" }; | |
| 215 local $SIG{PIPE} = sub { die "sigpipe\n" }; | |
| 216 alarm(2); | |
| 217 $s = IO::Socket::INET->new( | |
| 218 Proto => 'tcp', | |
| 219 PeerAddr => '127.0.0.1:' . port(8084), | |
| 220 ); | |
| 221 alarm(0); | |
| 222 }; | |
| 223 alarm(0); | |
| 224 | |
| 225 if ($@) { | |
| 226 log_in("died: $@"); | |
| 227 return undef; | |
| 228 } | |
| 229 | |
| 230 my $r = pack("N*", 0x16030000, 0x38010000, 0x340303eb); | |
| 231 $r .= pack("N*", 0x6357cdba, 0xa6b8d853, 0xf1f6ac0f); | |
| 232 $r .= pack("N*", 0xdf03178c, 0x0ae41824, 0xe7643682); | |
| 233 $r .= pack("N*", 0x3c1b273f, 0xbfde4b00, 0x00000000); | |
| 234 $r .= pack("CN3", 0x0c, 0x00000008, 0x00060000, 0x03666f6f); | |
| 235 | |
| 236 http($r, socket => $s); | |
| 237 } | |
| 167 | 238 |
| 168 sub get_ssl_socket { | 239 sub get_ssl_socket { |
| 169 my ($host, $port) = @_; | 240 my ($host, $port) = @_; |
| 170 my $s; | 241 my $s; |
| 171 | 242 |