Mercurial > hg > nginx-tests
comparison ssl_certificates.t @ 1216:de7d3e249b35
Tests: switch from DSS to ECDSA in ssl_certificates.t.
All known supported platforms are shipped with OpenSSL version that supports
ECDSA certificates so it's safe for a switch. Besides that, as an additional
demand to switch, LibreSSL removed DSS/DSA support in 2.6.0 and nginx breaks
here with such cert which is covered under try_run() which is still there.
While here, now that DSS is no more, remove henceforth unneeded try_run().
author | Sergey Kandaurov <pluknet@nginx.com> |
---|---|
date | Thu, 07 Sep 2017 15:09:03 +0300 |
parents | 778eae8230e4 |
children | 0af58b78df35 |
comparison
equal
deleted
inserted
replaced
1215:26884729e06b | 1216:de7d3e249b35 |
---|---|
39 } | 39 } |
40 | 40 |
41 http { | 41 http { |
42 %%TEST_GLOBALS_HTTP%% | 42 %%TEST_GLOBALS_HTTP%% |
43 | 43 |
44 ssl_dhparam dhparam.pem; | |
45 | |
46 ssl_certificate_key rsa.key; | 44 ssl_certificate_key rsa.key; |
47 ssl_certificate rsa.crt; | 45 ssl_certificate rsa.crt; |
48 | 46 |
49 server { | 47 server { |
50 listen 127.0.0.1:8080 ssl; | 48 listen 127.0.0.1:8080 ssl; |
51 server_name localhost; | 49 server_name localhost; |
52 | 50 |
53 ssl_certificate_key dsa.key; | 51 ssl_certificate_key ec.key; |
54 ssl_certificate dsa.crt; | 52 ssl_certificate ec.crt; |
55 | 53 |
56 ssl_certificate_key rsa.key; | 54 ssl_certificate_key rsa.key; |
57 ssl_certificate rsa.crt; | 55 ssl_certificate rsa.crt; |
58 | 56 |
59 ssl_certificate_key rsa.key; | 57 ssl_certificate_key rsa.key; |
71 [ req_distinguished_name ] | 69 [ req_distinguished_name ] |
72 EOF | 70 EOF |
73 | 71 |
74 my $d = $t->testdir(); | 72 my $d = $t->testdir(); |
75 | 73 |
76 system("openssl dhparam -dsaparam -out '$d/dhparam.pem' 1024 " | 74 system("openssl ecparam -genkey -out '$d/ec.key' -name prime256v1 " |
77 . ">>$d/openssl.out 2>&1") == 0 or die "Can't create DH param: $!\n"; | 75 . ">>$d/openssl.out 2>&1") == 0 or die "Can't create EC pem: $!\n"; |
78 system("openssl genrsa -out '$d/rsa.key' 1024 >>$d/openssl.out 2>&1") == 0 | 76 system("openssl genrsa -out '$d/rsa.key' 1024 >>$d/openssl.out 2>&1") == 0 |
79 or die "Can't create RSA pem: $!\n"; | 77 or die "Can't create RSA pem: $!\n"; |
80 system("openssl dsaparam -genkey -out '$d/dsa.key' 1024 >>$d/openssl 2>&1") == 0 | |
81 or die "Can't create DSA pem: $!\n"; | |
82 | 78 |
83 foreach my $name ('dsa', 'rsa') { | 79 foreach my $name ('ec', 'rsa') { |
84 system("openssl req -x509 -new -key '$d/$name.key' " | 80 system("openssl req -x509 -new -key '$d/$name.key' " |
85 . "-config '$d/openssl.conf' -subj '/CN=$name/' " | 81 . "-config '$d/openssl.conf' -subj '/CN=$name/' " |
86 . "-out '$d/$name.crt' -keyout '$d/$name.key' " | 82 . "-out '$d/$name.crt' -keyout '$d/$name.key' " |
87 . ">>$d/openssl.out 2>&1") == 0 | 83 . ">>$d/openssl.out 2>&1") == 0 |
88 or die "Can't create certificate for $name: $!\n"; | 84 or die "Can't create certificate for $name: $!\n"; |
89 } | 85 } |
90 | 86 |
91 $t->try_run('no multiple certificates')->plan(2); | 87 $t->run()->plan(2); |
92 | 88 |
93 ############################################################################### | 89 ############################################################################### |
94 | 90 |
95 like(get_cert('RSA'), qr/CN=rsa/, 'ssl cert RSA'); | 91 like(get_cert('RSA'), qr/CN=rsa/, 'ssl cert RSA'); |
96 like(get_cert('DSS'), qr/CN=dsa/, 'ssl cert DSA'); | 92 like(get_cert('ECDSA'), qr/CN=ec/, 'ssl cert ECDSA'); |
97 | 93 |
98 ############################################################################### | 94 ############################################################################### |
99 | 95 |
100 sub get_cert { | 96 sub get_cert { |
101 my ($ciphers) = @_; | 97 my ($ciphers) = @_; |