Mercurial > hg > nginx-tests

comparison ssl.t @ 952:e9064d691790

Find changesets by keywords (author, files, the commit message), revision number or hash, or revset expression.
Tests: converted tests to run in parallel.
author Andrey Zelenkov <zelenkov@nginx.com>
date Tue, 21 Jun 2016 16:39:13 +0300
parents 97660514e518
children 882267679006
comparison
equal deleted inserted replaced
951:9361c7eddfc1 952:e9064d691790
46 ssl_certificate_key localhost.key; 46 ssl_certificate_key localhost.key;
47 ssl_certificate localhost.crt; 47 ssl_certificate localhost.crt;
48 ssl_session_tickets off; 48 ssl_session_tickets off;
49 49
50 server { 50 server {
51 listen 127.0.0.1:8443 ssl; 51 listen 127.0.0.1:%%PORT_5%% ssl;
52 listen 127.0.0.1:8080; 52 listen 127.0.0.1:%%PORT_0%%;
53 server_name localhost; 53 server_name localhost;
54 54
55 ssl_certificate_key inner.key; 55 ssl_certificate_key inner.key;
56 ssl_certificate inner.crt; 56 ssl_certificate inner.crt;
57 ssl_session_cache shared:SSL:1m; 57 ssl_session_cache shared:SSL:1m;
72 return 200 "body $ssl_protocol"; 72 return 200 "body $ssl_protocol";
73 } 73 }
74 } 74 }
75 75
76 server { 76 server {
77 listen 127.0.0.1:8081; 77 listen 127.0.0.1:%%PORT_1%%;
78 server_name localhost; 78 server_name localhost;
79 79
80 # Special case for enabled "ssl" directive. 80 # Special case for enabled "ssl" directive.
81 81
82 ssl on; 82 ssl on;
87 return 200 "body $ssl_session_reused"; 87 return 200 "body $ssl_session_reused";
88 } 88 }
89 } 89 }
90 90
91 server { 91 server {
92 listen 127.0.0.1:8082 ssl; 92 listen 127.0.0.1:%%PORT_2%% ssl;
93 server_name localhost; 93 server_name localhost;
94 94
95 ssl_session_cache builtin:1000; 95 ssl_session_cache builtin:1000;
96 96
97 location / { 97 location / {
98 return 200 "body $ssl_session_reused"; 98 return 200 "body $ssl_session_reused";
99 } 99 }
100 } 100 }
101 101
102 server { 102 server {
103 listen 127.0.0.1:8083 ssl; 103 listen 127.0.0.1:%%PORT_3%% ssl;
104 server_name localhost; 104 server_name localhost;
105 105
106 ssl_session_cache none; 106 ssl_session_cache none;
107 107
108 location / { 108 location / {
109 return 200 "body $ssl_session_reused"; 109 return 200 "body $ssl_session_reused";
110 } 110 }
111 } 111 }
112 112
113 server { 113 server {
114 listen 127.0.0.1:8084 ssl; 114 listen 127.0.0.1:%%PORT_4%% ssl;
115 server_name localhost; 115 server_name localhost;
116 116
117 ssl_session_cache off; 117 ssl_session_cache off;
118 118
119 location / { 119 location / {
148 148
149 $t->run(); 149 $t->run();
150 150
151 ############################################################################### 151 ###############################################################################
152 152
153 like(http_get('/reuse', socket => get_ssl_socket($ctx)), qr/^body \.$/m, 153 like(http_get('/reuse', socket => get_ssl_socket($ctx, port(5))),
154 'shared initial session'); 154 qr/^body \.$/m, 'shared initial session');
155 like(http_get('/reuse', socket => get_ssl_socket($ctx)), qr/^body r$/m, 155 like(http_get('/reuse', socket => get_ssl_socket($ctx, port(5))),
156 'shared session reused'); 156 qr/^body r$/m, 'shared session reused');
157 157
158 like(http_get('/', socket => get_ssl_socket($ctx, 8081)), qr/^body \.$/m, 158 like(http_get('/', socket => get_ssl_socket($ctx, port(1))), qr/^body \.$/m,
159 'builtin initial session'); 159 'builtin initial session');
160 like(http_get('/', socket => get_ssl_socket($ctx, 8081)), qr/^body r$/m, 160 like(http_get('/', socket => get_ssl_socket($ctx, port(1))), qr/^body r$/m,
161 'builtin session reused'); 161 'builtin session reused');
162 162
163 like(http_get('/', socket => get_ssl_socket($ctx, 8082)), qr/^body \.$/m, 163 like(http_get('/', socket => get_ssl_socket($ctx, port(2))), qr/^body \.$/m,
164 'builtin size initial session'); 164 'builtin size initial session');
165 like(http_get('/', socket => get_ssl_socket($ctx, 8082)), qr/^body r$/m, 165 like(http_get('/', socket => get_ssl_socket($ctx, port(2))), qr/^body r$/m,
166 'builtin size session reused'); 166 'builtin size session reused');
167 167
168 like(http_get('/', socket => get_ssl_socket($ctx, 8083)), qr/^body \.$/m, 168 like(http_get('/', socket => get_ssl_socket($ctx, port(3))), qr/^body \.$/m,
169 'reused none initial session'); 169 'reused none initial session');
170 like(http_get('/', socket => get_ssl_socket($ctx, 8083)), qr/^body \.$/m, 170 like(http_get('/', socket => get_ssl_socket($ctx, port(3))), qr/^body \.$/m,
171 'session not reused 1'); 171 'session not reused 1');
172 172
173 like(http_get('/', socket => get_ssl_socket($ctx, 8084)), qr/^body \.$/m, 173 like(http_get('/', socket => get_ssl_socket($ctx, port(4))), qr/^body \.$/m,
174 'reused off initial session'); 174 'reused off initial session');
175 like(http_get('/', socket => get_ssl_socket($ctx, 8084)), qr/^body \.$/m, 175 like(http_get('/', socket => get_ssl_socket($ctx, port(4))), qr/^body \.$/m,
176 'session not reused 2'); 176 'session not reused 2');
177 177
178 # ssl certificate inheritance 178 # ssl certificate inheritance
179 179
180 my $s = get_ssl_socket($ctx, 8081); 180 my $s = get_ssl_socket($ctx, port(1));
181 like($s->dump_peer_certificate(), qr/CN=localhost/, 'CN'); 181 like($s->dump_peer_certificate(), qr/CN=localhost/, 'CN');
182 182
183 $s->close(); 183 $s->close();
184 184
185 $s = get_ssl_socket($ctx); 185 $s = get_ssl_socket($ctx, port(5));
186 like($s->dump_peer_certificate(), qr/CN=inner/, 'CN inner'); 186 like($s->dump_peer_certificate(), qr/CN=inner/, 'CN inner');
187 187
188 $s->close(); 188 $s->close();
189 189
190 # session timeout 190 # session timeout
191 191
192 select undef, undef, undef, 2.1; 192 select undef, undef, undef, 2.1;
193 193
194 like(http_get('/', socket => get_ssl_socket($ctx, 8081)), qr/^body \.$/m, 194 like(http_get('/', socket => get_ssl_socket($ctx, port(1))), qr/^body \.$/m,
195 'session timeout'); 195 'session timeout');
196 196
197 # embedded variables 197 # embedded variables
198 198
199 my ($sid) = http_get('/id', socket => get_ssl_socket($ctx)) =~ /^body (\w+)$/m; 199 my ($sid) = http_get('/id',
200 socket => get_ssl_socket($ctx, port(5))) =~ /^body (\w+)$/m;
200 is(length $sid, 64, 'session id'); 201 is(length $sid, 64, 'session id');
201 202
202 unlike(http_get('/id'), qr/body \w/, 'session id no ssl'); 203 unlike(http_get('/id'), qr/body \w/, 'session id no ssl');
203 204
204 like(http_get('/cipher', socket => get_ssl_socket($ctx)), 205 like(http_get('/cipher', socket => get_ssl_socket($ctx, port(5))),
205 qr/^body [\w-]+$/m, 'cipher'); 206 qr/^body [\w-]+$/m, 'cipher');
206 207
207 like(http_get('/client_verify', socket => get_ssl_socket($ctx)), 208 like(http_get('/client_verify', socket => get_ssl_socket($ctx, port(5))),
208 qr/^body NONE$/m, 'client verify'); 209 qr/^body NONE$/m, 'client verify');
209 210
210 like(http_get('/protocol', socket => get_ssl_socket($ctx)), 211 like(http_get('/protocol', socket => get_ssl_socket($ctx, port(5))),
211 qr/^body (TLS|SSL)v(\d|\.)+$/m, 'protocol'); 212 qr/^body (TLS|SSL)v(\d|\.)+$/m, 'protocol');
212 213
213 ############################################################################### 214 ###############################################################################
214 215
215 sub get_ssl_socket { 216 sub get_ssl_socket {
221 local $SIG{PIPE} = sub { die "sigpipe\n" }; 222 local $SIG{PIPE} = sub { die "sigpipe\n" };
222 alarm(2); 223 alarm(2);
223 $s = IO::Socket::SSL->new( 224 $s = IO::Socket::SSL->new(
224 Proto => 'tcp', 225 Proto => 'tcp',
225 PeerAddr => '127.0.0.1', 226 PeerAddr => '127.0.0.1',
226 PeerPort => $port || '8443', 227 PeerPort => $port,
227 SSL_verify_mode => IO::Socket::SSL::SSL_VERIFY_NONE(), 228 SSL_verify_mode => IO::Socket::SSL::SSL_VERIFY_NONE(),
228 SSL_reuse_ctx => $ctx, 229 SSL_reuse_ctx => $ctx,
229 SSL_error_trap => sub { die $_[1] } 230 SSL_error_trap => sub { die $_[1] }
230 ); 231 );
231 alarm(0); 232 alarm(0);