Mercurial > hg > nginx-tests

comparison ssl.t @ 1447:e1c64ee44212

Find changesets by keywords (author, files, the commit message), revision number or hash, or revset expression.
Tests: added $ssl_server_name tests with SSL session reuse.
author Sergey Kandaurov <pluknet@nginx.com>
date Mon, 04 Mar 2019 13:02:36 +0300
parents 4e48bf51714f
children eeababfd8726
comparison
equal deleted inserted replaced
1446:44973a23b031 1447:e1c64ee44212
29 plan(skip_all => 'IO::Socket::SSL not installed') if $@; 29 plan(skip_all => 'IO::Socket::SSL not installed') if $@;
30 eval { IO::Socket::SSL::SSL_VERIFY_NONE(); }; 30 eval { IO::Socket::SSL::SSL_VERIFY_NONE(); };
31 plan(skip_all => 'IO::Socket::SSL too old') if $@; 31 plan(skip_all => 'IO::Socket::SSL too old') if $@;
32 32
33 my $t = Test::Nginx->new()->has(qw/http http_ssl rewrite proxy/) 33 my $t = Test::Nginx->new()->has(qw/http http_ssl rewrite proxy/)
34 ->has_daemon('openssl')->plan(23); 34 ->has_daemon('openssl')->plan(25);
35 35
36 $t->write_file_expand('nginx.conf', <<'EOF'); 36 $t->write_file_expand('nginx.conf', <<'EOF');
37 37
38 %%TEST_GLOBALS%% 38 %%TEST_GLOBALS%%
39 39
59 ssl_session_cache shared:SSL:1m; 59 ssl_session_cache shared:SSL:1m;
60 ssl_verify_client optional_no_ca; 60 ssl_verify_client optional_no_ca;
61 61
62 location /reuse { 62 location /reuse {
63 return 200 "body $ssl_session_reused"; 63 return 200 "body $ssl_session_reused";
64 }
65 location /sni {
66 return 200 "body $ssl_session_reused:$ssl_server_name";
64 } 67 }
65 location /id { 68 location /id {
66 return 200 "body $ssl_session_id"; 69 return 200 "body $ssl_session_id";
67 } 70 }
68 location /cipher { 71 location /cipher {
221 like(get('/', 8083), qr/^body \.$/m, 'reused none initial session'); 224 like(get('/', 8083), qr/^body \.$/m, 'reused none initial session');
222 like(get('/', 8083), qr/^body \.$/m, 'session not reused 1'); 225 like(get('/', 8083), qr/^body \.$/m, 'session not reused 1');
223 226
224 like(get('/', 8084), qr/^body \.$/m, 'reused off initial session'); 227 like(get('/', 8084), qr/^body \.$/m, 'reused off initial session');
225 like(get('/', 8084), qr/^body \.$/m, 'session not reused 2'); 228 like(get('/', 8084), qr/^body \.$/m, 'session not reused 2');
229
230 # ssl_server_name
231
232 SKIP: {
233 skip 'no sni', 2 unless $t->has_module('sni');
234
235 $ctx = new IO::Socket::SSL::SSL_Context(
236 SSL_verify_mode => IO::Socket::SSL::SSL_VERIFY_NONE(),
237 SSL_session_cache_size => 100);
238
239 like(get('/sni', 8085), qr/^body \.:localhost$/m, 'ssl server name');
240
241 TODO: {
242 local $TODO = 'not yet' if $t->has_module('OpenSSL (1.1.1|3)')
243 && !$t->has_version('1.15.10');
244
245 like(get('/sni', 8085), qr/^body r:localhost$/m, 'ssl server name - reused');
246
247 }
248
249 }
226 250
227 # ssl certificate inheritance 251 # ssl certificate inheritance
228 252
229 my $s = get_ssl_socket($ctx, port(8081)); 253 my $s = get_ssl_socket($ctx, port(8081));
230 like($s->dump_peer_certificate(), qr/CN=localhost/, 'CN'); 254 like($s->dump_peer_certificate(), qr/CN=localhost/, 'CN');
305 Proto => 'tcp', 329 Proto => 'tcp',
306 PeerAddr => '127.0.0.1', 330 PeerAddr => '127.0.0.1',
307 PeerPort => $port, 331 PeerPort => $port,
308 SSL_verify_mode => IO::Socket::SSL::SSL_VERIFY_NONE(), 332 SSL_verify_mode => IO::Socket::SSL::SSL_VERIFY_NONE(),
309 SSL_reuse_ctx => $ctx, 333 SSL_reuse_ctx => $ctx,
334 SSL_hostname => 'localhost',
310 SSL_error_trap => sub { die $_[1] }, 335 SSL_error_trap => sub { die $_[1] },
311 %extra 336 %extra
312 ); 337 );
313 alarm(0); 338 alarm(0);
314 }; 339 };