Mercurial > hg > nginx-tests
comparison ssl.t @ 1139:e7e968e3eb74
Tests: split ssl.t to run relevant tests on stable versions again.
| author | Sergey Kandaurov <pluknet@nginx.com> |
|---|---|
| date | Wed, 01 Mar 2017 18:04:25 +0300 |
| parents | 3d312b6a1a19 |
| children | 0af58b78df35 |
comparison
equal
deleted
inserted
replaced
| 1138:d6acd17ca4e3 | 1139:e7e968e3eb74 |
|---|---|
| 27 plan(skip_all => 'IO::Socket::SSL not installed') if $@; | 27 plan(skip_all => 'IO::Socket::SSL not installed') if $@; |
| 28 eval { IO::Socket::SSL::SSL_VERIFY_NONE(); }; | 28 eval { IO::Socket::SSL::SSL_VERIFY_NONE(); }; |
| 29 plan(skip_all => 'IO::Socket::SSL too old') if $@; | 29 plan(skip_all => 'IO::Socket::SSL too old') if $@; |
| 30 | 30 |
| 31 my $t = Test::Nginx->new()->has(qw/http http_ssl rewrite/) | 31 my $t = Test::Nginx->new()->has(qw/http http_ssl rewrite/) |
| 32 ->has_daemon('openssl'); | 32 ->has_daemon('openssl')->plan(20); |
| 33 | 33 |
| 34 $t->write_file_expand('nginx.conf', <<'EOF'); | 34 $t->write_file_expand('nginx.conf', <<'EOF'); |
| 35 | 35 |
| 36 %%TEST_GLOBALS%% | 36 %%TEST_GLOBALS%% |
| 37 | 37 |
| 64 return 200 "body $ssl_session_id"; | 64 return 200 "body $ssl_session_id"; |
| 65 } | 65 } |
| 66 location /cipher { | 66 location /cipher { |
| 67 return 200 "body $ssl_cipher"; | 67 return 200 "body $ssl_cipher"; |
| 68 } | 68 } |
| 69 location /ciphers { | |
| 70 return 200 "body $ssl_ciphers"; | |
| 71 } | |
| 72 location /client_verify { | 69 location /client_verify { |
| 73 return 200 "body $ssl_client_verify"; | 70 return 200 "body $ssl_client_verify"; |
| 74 } | 71 } |
| 75 location /protocol { | 72 location /protocol { |
| 76 return 200 "body $ssl_protocol"; | 73 return 200 "body $ssl_protocol"; |
| 77 } | 74 } |
| 78 location /issuer { | 75 location /issuer { |
| 79 return 200 "body $ssl_client_i_dn:$ssl_client_i_dn_legacy"; | 76 return 200 "body $ssl_client_i_dn"; |
| 80 } | 77 } |
| 81 location /subject { | 78 location /subject { |
| 82 return 200 "body $ssl_client_s_dn:$ssl_client_s_dn_legacy"; | 79 return 200 "body $ssl_client_s_dn"; |
| 83 } | |
| 84 location /time { | |
| 85 return 200 "body $ssl_client_v_start!$ssl_client_v_end!$ssl_client_v_remain"; | |
| 86 } | 80 } |
| 87 } | 81 } |
| 88 | 82 |
| 89 server { | 83 server { |
| 90 listen 127.0.0.1:8081; | 84 listen 127.0.0.1:8081; |
| 194 | 188 |
| 195 my $ctx = new IO::Socket::SSL::SSL_Context( | 189 my $ctx = new IO::Socket::SSL::SSL_Context( |
| 196 SSL_verify_mode => IO::Socket::SSL::SSL_VERIFY_NONE(), | 190 SSL_verify_mode => IO::Socket::SSL::SSL_VERIFY_NONE(), |
| 197 SSL_session_cache_size => 100); | 191 SSL_session_cache_size => 100); |
| 198 | 192 |
| 199 $t->try_run('no ssl_ciphers')->plan(22); | 193 $t->run(); |
| 200 | 194 |
| 201 ############################################################################### | 195 ############################################################################### |
| 202 | 196 |
| 203 like(get('/reuse', 8085), qr/^body \.$/m, 'shared initial session'); | 197 like(get('/reuse', 8085), qr/^body \.$/m, 'shared initial session'); |
| 204 like(get('/reuse', 8085), qr/^body r$/m, 'shared session reused'); | 198 like(get('/reuse', 8085), qr/^body r$/m, 'shared session reused'); |
| 236 # embedded variables | 230 # embedded variables |
| 237 | 231 |
| 238 like(get('/id', 8085), qr/^body \w{64}$/m, 'session id'); | 232 like(get('/id', 8085), qr/^body \w{64}$/m, 'session id'); |
| 239 unlike(http_get('/id'), qr/body \w/, 'session id no ssl'); | 233 unlike(http_get('/id'), qr/body \w/, 'session id no ssl'); |
| 240 like(get('/cipher', 8085), qr/^body [\w-]+$/m, 'cipher'); | 234 like(get('/cipher', 8085), qr/^body [\w-]+$/m, 'cipher'); |
| 241 | |
| 242 $s = get_ssl_socket(undef, port(8085)); | |
| 243 like(http_get('/ciphers', socket => $s), qr/^body [:\w-]+$/m, 'ciphers'); | |
| 244 | |
| 245 like(get('/client_verify', 8085), qr/^body NONE$/m, 'client verify'); | 235 like(get('/client_verify', 8085), qr/^body NONE$/m, 'client verify'); |
| 246 like(get('/protocol', 8085), qr/^body (TLS|SSL)v(\d|\.)+$/m, 'protocol'); | 236 like(get('/protocol', 8085), qr/^body (TLS|SSL)v(\d|\.)+$/m, 'protocol'); |
| 247 like(cert('/issuer', 8085), qr!^body CN=issuer:/CN=issuer$!m, 'issuer'); | 237 |
| 248 like(cert('/subject', 8085), qr!^body CN=subject:/CN=subject$!m, 'subject'); | 238 TODO: { |
| 249 like(cert('/time', 8085), qr/^body [:\s\w]+![:\s\w]+![23]$/m, 'time'); | 239 local $TODO = 'not yet' unless $t->has_version('1.11.6'); |
| 240 | |
| 241 like(cert('/issuer', 8085), qr!^body CN=issuer$!m, 'issuer'); | |
| 242 like(cert('/subject', 8085), qr!^body CN=subject$!m, 'subject'); | |
| 243 | |
| 244 } | |
| 250 | 245 |
| 251 ############################################################################### | 246 ############################################################################### |
| 252 | 247 |
| 253 sub get { | 248 sub get { |
| 254 my ($uri, $port) = @_; | 249 my ($uri, $port) = @_; |