Mercurial > hg > nginx-tests
comparison ssl.t @ 1139:e7e968e3eb74
Tests: split ssl.t to run relevant tests on stable versions again.
author | Sergey Kandaurov <pluknet@nginx.com> |
---|---|
date | Wed, 01 Mar 2017 18:04:25 +0300 |
parents | 3d312b6a1a19 |
children | 0af58b78df35 |
comparison
equal
deleted
inserted
replaced
1138:d6acd17ca4e3 | 1139:e7e968e3eb74 |
---|---|
27 plan(skip_all => 'IO::Socket::SSL not installed') if $@; | 27 plan(skip_all => 'IO::Socket::SSL not installed') if $@; |
28 eval { IO::Socket::SSL::SSL_VERIFY_NONE(); }; | 28 eval { IO::Socket::SSL::SSL_VERIFY_NONE(); }; |
29 plan(skip_all => 'IO::Socket::SSL too old') if $@; | 29 plan(skip_all => 'IO::Socket::SSL too old') if $@; |
30 | 30 |
31 my $t = Test::Nginx->new()->has(qw/http http_ssl rewrite/) | 31 my $t = Test::Nginx->new()->has(qw/http http_ssl rewrite/) |
32 ->has_daemon('openssl'); | 32 ->has_daemon('openssl')->plan(20); |
33 | 33 |
34 $t->write_file_expand('nginx.conf', <<'EOF'); | 34 $t->write_file_expand('nginx.conf', <<'EOF'); |
35 | 35 |
36 %%TEST_GLOBALS%% | 36 %%TEST_GLOBALS%% |
37 | 37 |
64 return 200 "body $ssl_session_id"; | 64 return 200 "body $ssl_session_id"; |
65 } | 65 } |
66 location /cipher { | 66 location /cipher { |
67 return 200 "body $ssl_cipher"; | 67 return 200 "body $ssl_cipher"; |
68 } | 68 } |
69 location /ciphers { | |
70 return 200 "body $ssl_ciphers"; | |
71 } | |
72 location /client_verify { | 69 location /client_verify { |
73 return 200 "body $ssl_client_verify"; | 70 return 200 "body $ssl_client_verify"; |
74 } | 71 } |
75 location /protocol { | 72 location /protocol { |
76 return 200 "body $ssl_protocol"; | 73 return 200 "body $ssl_protocol"; |
77 } | 74 } |
78 location /issuer { | 75 location /issuer { |
79 return 200 "body $ssl_client_i_dn:$ssl_client_i_dn_legacy"; | 76 return 200 "body $ssl_client_i_dn"; |
80 } | 77 } |
81 location /subject { | 78 location /subject { |
82 return 200 "body $ssl_client_s_dn:$ssl_client_s_dn_legacy"; | 79 return 200 "body $ssl_client_s_dn"; |
83 } | |
84 location /time { | |
85 return 200 "body $ssl_client_v_start!$ssl_client_v_end!$ssl_client_v_remain"; | |
86 } | 80 } |
87 } | 81 } |
88 | 82 |
89 server { | 83 server { |
90 listen 127.0.0.1:8081; | 84 listen 127.0.0.1:8081; |
194 | 188 |
195 my $ctx = new IO::Socket::SSL::SSL_Context( | 189 my $ctx = new IO::Socket::SSL::SSL_Context( |
196 SSL_verify_mode => IO::Socket::SSL::SSL_VERIFY_NONE(), | 190 SSL_verify_mode => IO::Socket::SSL::SSL_VERIFY_NONE(), |
197 SSL_session_cache_size => 100); | 191 SSL_session_cache_size => 100); |
198 | 192 |
199 $t->try_run('no ssl_ciphers')->plan(22); | 193 $t->run(); |
200 | 194 |
201 ############################################################################### | 195 ############################################################################### |
202 | 196 |
203 like(get('/reuse', 8085), qr/^body \.$/m, 'shared initial session'); | 197 like(get('/reuse', 8085), qr/^body \.$/m, 'shared initial session'); |
204 like(get('/reuse', 8085), qr/^body r$/m, 'shared session reused'); | 198 like(get('/reuse', 8085), qr/^body r$/m, 'shared session reused'); |
236 # embedded variables | 230 # embedded variables |
237 | 231 |
238 like(get('/id', 8085), qr/^body \w{64}$/m, 'session id'); | 232 like(get('/id', 8085), qr/^body \w{64}$/m, 'session id'); |
239 unlike(http_get('/id'), qr/body \w/, 'session id no ssl'); | 233 unlike(http_get('/id'), qr/body \w/, 'session id no ssl'); |
240 like(get('/cipher', 8085), qr/^body [\w-]+$/m, 'cipher'); | 234 like(get('/cipher', 8085), qr/^body [\w-]+$/m, 'cipher'); |
241 | |
242 $s = get_ssl_socket(undef, port(8085)); | |
243 like(http_get('/ciphers', socket => $s), qr/^body [:\w-]+$/m, 'ciphers'); | |
244 | |
245 like(get('/client_verify', 8085), qr/^body NONE$/m, 'client verify'); | 235 like(get('/client_verify', 8085), qr/^body NONE$/m, 'client verify'); |
246 like(get('/protocol', 8085), qr/^body (TLS|SSL)v(\d|\.)+$/m, 'protocol'); | 236 like(get('/protocol', 8085), qr/^body (TLS|SSL)v(\d|\.)+$/m, 'protocol'); |
247 like(cert('/issuer', 8085), qr!^body CN=issuer:/CN=issuer$!m, 'issuer'); | 237 |
248 like(cert('/subject', 8085), qr!^body CN=subject:/CN=subject$!m, 'subject'); | 238 TODO: { |
249 like(cert('/time', 8085), qr/^body [:\s\w]+![:\s\w]+![23]$/m, 'time'); | 239 local $TODO = 'not yet' unless $t->has_version('1.11.6'); |
240 | |
241 like(cert('/issuer', 8085), qr!^body CN=issuer$!m, 'issuer'); | |
242 like(cert('/subject', 8085), qr!^body CN=subject$!m, 'subject'); | |
243 | |
244 } | |
250 | 245 |
251 ############################################################################### | 246 ############################################################################### |
252 | 247 |
253 sub get { | 248 sub get { |
254 my ($uri, $port) = @_; | 249 my ($uri, $port) = @_; |