Mercurial > hg > nginx-tests
comparison ssl.t @ 1447:e1c64ee44212
Tests: added $ssl_server_name tests with SSL session reuse.
author | Sergey Kandaurov <pluknet@nginx.com> |
---|---|
date | Mon, 04 Mar 2019 13:02:36 +0300 |
parents | 4e48bf51714f |
children | eeababfd8726 |
comparison
equal
deleted
inserted
replaced
1446:44973a23b031 | 1447:e1c64ee44212 |
---|---|
29 plan(skip_all => 'IO::Socket::SSL not installed') if $@; | 29 plan(skip_all => 'IO::Socket::SSL not installed') if $@; |
30 eval { IO::Socket::SSL::SSL_VERIFY_NONE(); }; | 30 eval { IO::Socket::SSL::SSL_VERIFY_NONE(); }; |
31 plan(skip_all => 'IO::Socket::SSL too old') if $@; | 31 plan(skip_all => 'IO::Socket::SSL too old') if $@; |
32 | 32 |
33 my $t = Test::Nginx->new()->has(qw/http http_ssl rewrite proxy/) | 33 my $t = Test::Nginx->new()->has(qw/http http_ssl rewrite proxy/) |
34 ->has_daemon('openssl')->plan(23); | 34 ->has_daemon('openssl')->plan(25); |
35 | 35 |
36 $t->write_file_expand('nginx.conf', <<'EOF'); | 36 $t->write_file_expand('nginx.conf', <<'EOF'); |
37 | 37 |
38 %%TEST_GLOBALS%% | 38 %%TEST_GLOBALS%% |
39 | 39 |
59 ssl_session_cache shared:SSL:1m; | 59 ssl_session_cache shared:SSL:1m; |
60 ssl_verify_client optional_no_ca; | 60 ssl_verify_client optional_no_ca; |
61 | 61 |
62 location /reuse { | 62 location /reuse { |
63 return 200 "body $ssl_session_reused"; | 63 return 200 "body $ssl_session_reused"; |
64 } | |
65 location /sni { | |
66 return 200 "body $ssl_session_reused:$ssl_server_name"; | |
64 } | 67 } |
65 location /id { | 68 location /id { |
66 return 200 "body $ssl_session_id"; | 69 return 200 "body $ssl_session_id"; |
67 } | 70 } |
68 location /cipher { | 71 location /cipher { |
221 like(get('/', 8083), qr/^body \.$/m, 'reused none initial session'); | 224 like(get('/', 8083), qr/^body \.$/m, 'reused none initial session'); |
222 like(get('/', 8083), qr/^body \.$/m, 'session not reused 1'); | 225 like(get('/', 8083), qr/^body \.$/m, 'session not reused 1'); |
223 | 226 |
224 like(get('/', 8084), qr/^body \.$/m, 'reused off initial session'); | 227 like(get('/', 8084), qr/^body \.$/m, 'reused off initial session'); |
225 like(get('/', 8084), qr/^body \.$/m, 'session not reused 2'); | 228 like(get('/', 8084), qr/^body \.$/m, 'session not reused 2'); |
229 | |
230 # ssl_server_name | |
231 | |
232 SKIP: { | |
233 skip 'no sni', 2 unless $t->has_module('sni'); | |
234 | |
235 $ctx = new IO::Socket::SSL::SSL_Context( | |
236 SSL_verify_mode => IO::Socket::SSL::SSL_VERIFY_NONE(), | |
237 SSL_session_cache_size => 100); | |
238 | |
239 like(get('/sni', 8085), qr/^body \.:localhost$/m, 'ssl server name'); | |
240 | |
241 TODO: { | |
242 local $TODO = 'not yet' if $t->has_module('OpenSSL (1.1.1|3)') | |
243 && !$t->has_version('1.15.10'); | |
244 | |
245 like(get('/sni', 8085), qr/^body r:localhost$/m, 'ssl server name - reused'); | |
246 | |
247 } | |
248 | |
249 } | |
226 | 250 |
227 # ssl certificate inheritance | 251 # ssl certificate inheritance |
228 | 252 |
229 my $s = get_ssl_socket($ctx, port(8081)); | 253 my $s = get_ssl_socket($ctx, port(8081)); |
230 like($s->dump_peer_certificate(), qr/CN=localhost/, 'CN'); | 254 like($s->dump_peer_certificate(), qr/CN=localhost/, 'CN'); |
305 Proto => 'tcp', | 329 Proto => 'tcp', |
306 PeerAddr => '127.0.0.1', | 330 PeerAddr => '127.0.0.1', |
307 PeerPort => $port, | 331 PeerPort => $port, |
308 SSL_verify_mode => IO::Socket::SSL::SSL_VERIFY_NONE(), | 332 SSL_verify_mode => IO::Socket::SSL::SSL_VERIFY_NONE(), |
309 SSL_reuse_ctx => $ctx, | 333 SSL_reuse_ctx => $ctx, |
334 SSL_hostname => 'localhost', | |
310 SSL_error_trap => sub { die $_[1] }, | 335 SSL_error_trap => sub { die $_[1] }, |
311 %extra | 336 %extra |
312 ); | 337 ); |
313 alarm(0); | 338 alarm(0); |
314 }; | 339 }; |